We are anonymous, we are legion

DIDP #31 Diversity of employees at ICANN

Akash Sriram — 2018-08-21T09:26:48Z

We have requested ICANN to disclose information pertaining to the diversity of employees based on race and citizenship.

This data is being requested to verify ICANN’s claim of being an equal opportunities employer. ICANN’s employee handbook states that they “...provide equal opportunities and are committed to the principle of equality regardless of race, colour, ethnic or national origin, religious belief, political opinion or affiliation, sex, marital status, sexual orientation, gender reassignment, age or disability.” The data on the diversity of employees based on race and nationality of their employees will depict how much they have stuck to their commitment to delivering equal opportunities to personnel in ICANN and potential employees.

The request filed by CIS can be accessed here

For more details visit https://cis-india.org/internet-governance/blog/didp-31-diversity-of-employees-at-icann

Srikrishna panel upset at timing of Trai suggestions

Admin — 2018-07-19T14:17:19Z

The Justice BN Srikrishna Committee, which is drafting a model data protection and privacy law for India, is upset by the timing of recommendations made by the country’s telecom regulator this week, according to a senior member of the panel, as it fears this will delay the submission of its own report, due later this month.

The article by Megha Mandavia was published in Economic Times on July 19, 2018. Swaraj Paul Barooah was quoted.

On Monday, Telecom Regulatory Authority of India (Trai) in a surprise move recommended rules that give users control of their data and personal information while severely restricting ways in which telecom and internet firms can use customer data. Its rules are applicable for apps, browsers, operating systems and handset makers.

“Next week somebody will make some recommendations and that will have to be merged, then again somebody will make some other recommendations,” the person told ET. He added that the committee will look into Trai’s submissions.

On Wednesday, ET reported that officials of ministry of electronics and information technology (MeitY), besides industry groupings such as Internet and Mobile Association of India (IAMAI) and the Indian Cellular Association (ICA) were unhappy with Trai’s move.

“Like any other sector, the data protection Act will be the final thing. In respect of telecom matters, there will be a role for Trai as sectoral regulator but the basics of privacy will be governed by the data protection Act,” a MeitY official told ET.

Legal experts and industry analysts also questioned the need for the regulatory announcement just before the Justice Srikrishna committee releases its report, after a year of deliberations.

The high-powered group — consisting of jurists, academicians and policymakers — was formed last July with a brief to suggest principles for data privacy and a draft data protection bill for the country.

“Why is Trai then pre-empting the law?” said Kartik Maheshwari, leader for technology companies at law firm Nishith Desai Associates.

“Now that Trai has published its recommendations in public domain, the government may not be able to completely ignore them. But it’s so late in the day that it may not have any real impact on the final recommendations of the Justice Srikrishna committee,” he said.

The ten-member panel may incorporate some of Trai’s suggestions even as it submits its report to the union government next week. Trai chairman RS Sharma said the regulatory body has jurisdiction to tackle data protection under consumer interest, and those who feed off the industry — content providers, or apps, browsers, operating systems, and devices — were only custodians.

“We will send these recommendations to the committee, but we did not time it to coincide. We’re not dependent on the committee and we had issued this suo moto, since we felt the need to rigorously deliberate on the issue,” Sharma told ET on Tuesday.

There could be sector-specific laws within the general data protection framework for the telecom sector, he added.

Analysts say that regulators making public their recommendations before the data framework only adds to the confusion. “Industry was looking forward to a common primary framework. There are many independent suggestions coming from various regulators. It is creating confusion and chaos. I do expect considerable delay in finalising the law. Once the draft is out, there will be public consultation; all regulators will also have a say,” said Vidur Gupta, partner, government and public sector, EY India.

Others say that while there is clarity on what Trai is expecting, it has to be bound by the panel’s recommendations.

“It is good that a regulator has an eye on the market. It gives us an idea about what Trai has on its mind. The Reserve Bank of India also had not waited for Srikrishna Committee report before issuing a directive on data localisation,” said Swaraj Paul Barooah, policy director at Centre for Internet and Society.

“But the major point is that Trai’s recommendations are not binding; the data privacy law will be influenced by Justice Srikrishna committee only.”

For more details visit https://cis-india.org/internet-governance/news/economic-times-megha-mandavia-july-19-2018-srikrishna-panel-upset-at-timing-of-trai-suggestions

TRAI recommendations on data privacy raises eyebrows

Admin — 2018-07-19T13:33:44Z

The telecom regulator’s recommendations on data privacy have raised eyebrows over jurisdiction and timing, with IT ministry officials as well as companies questioning the need for it at a time when the government appointed Justice BN Srikrishna committee is in the final stages of drafting the data protection law.

The article by Surabhi Agarwal and Gulveen Aulakh was published in Economic Times on July 18, 2018. Swaraj Paul Barooah was quoted.

Telecom Regulatory Authority of India (TRAI) Chairman RS Sharma though countered that the sectoral watchdog has the jurisdiction to protect consumer interest in the sector, and those who feed off the industry - content providers, or apps, browsers, operating systems, and devices - need to be accountable as far as data protection is concerned.

TRAI Monday released its recommendations on the subject titled ‘Privacy, Security and Ownership of Data in the Telecom Sector’ which are applicable for apps, browsers, operating systems and handset makers.

An official of the Ministry of electronics and IT, which is tasked with drafting the data protection law, said that the Act will “prevail” over everything else. “Like any other sector, the data protection Act will be the final thing. In respect of telecom matters, there will be a role for TRAI as sectoral regulator but the basics of privacy will be governed by the data protection Act.”

The official also added that TRAI saying that their recommendations will be applicable till the data protection law comes into force "doesn't make sense since it won't have a legal mandate."

Industry bodies such as Internet and Mobile Association of India (IAMAI) and the Indian Cellular Association (ICA) have also criticised TRAI, saying the recommendations were “illegal” and akin to “jumping the gun” ahead of the release of the Srikrishna committee report.

Some of the clauses such as no use of metadata to identify individuals coupled with data minimisation will be detrimental to building the data business in the country, they said.

But Sharma was argued Trai was well within its rights to protect telecom consumers.

"Do I not have the jurisdiction to protect the interest of consumers in the telecom sector? I have that. And data protection of consumers in the telecom sector is an issue which is certainly related to the interest of consumers. I have deliberated on that issue, and I’m not saying that bring all those entities under my jurisdiction,” Sharma said.

He added that there is a regulatory imbalance because entities such as devices, OS, browsers and apps are not following any law. “So, the government can come up with a broad framework but till that time let the telecom rules apply on them too."

In its recommendations, TRAI said that individual users owned their data, or personal information, and entities such as devices were "mere custodians” and do not have primary rights over that information. It also said that the current framework for protection of personal information is “not sufficient” and suggested expanding the ambit of licence conditions governing telcos to all entities handling customer information.

In its statement, IAMAI, which represents companies such as Facebook and Google, called TRAI’s assertion that the existing framework is not sufficient to protect telecom consumers “contradictory.”

“The TRAI recommendations on privacy are premised on a voice and SMS regime. It is not meant for data driven business, which the app companies are. App companies use pseudo anonymous data and app companies do not give Call Detail Records. Incidentally, the Sri Krishna Committee under the Ministry of IT, which is the nodal body for apps as well as for handset manufacturers, is deeply, looking into this issue of consent, which is a fair thing to do.”

Voicing similar concerns, the ICA, which represents most of India’s top handset makers, said that the telecom watchdog has absolutely no powers to begin regulating on issues of privacy and ownership of data, leave alone having jurisdiction over devices, operating systems, browsers and applications.

“The industry rejects TRAI's attempts to expand its powers and usurp government's jurisdiction.” It added that TRAI “jumped the gun” by seeking to regulate the digital ecosystem without waiting for the data protection law under consideration by the Justice Srikrishna Committee. “This piecemeal approach is dangerous and unproductive.”

Handset makers such as Intex and Karbonn added they should be kept out of the ambit of the proposed regulations because they don't use customer data or monetise from it, which is mostly what apps do. Any additional pressure on indirect costs will lead to wafer-thin margins getting eroded further and consumers will have to bear the brunt, as it will lead to increase in prices of mobile phones.

Trai’s recommendations have been sent to the Department of Telecommunications (DoT) which has to take a final call on whether they will be adopted.

An official spokesperson for Zomato said that they have not been contacted by any of the regulatory bodies on this, as of now. “Our country is still undergoing the process of setting up a regulatory framework, and what happens between the TRAI recommendations and the B N Srikrishna's committee's draft for Data Protection bill will eventually help set up a much required benchmark.

In its suggestions, Trai said that as with telcos, all user data flows through smart devices, putting the device manufacturers, browsers, operating systems, and applications etc. in a prime position to collect and process the personal information of users. Since all user data passes through telcos and devices, appropriate steps must be taken to protect user privacy vis-a-vis these entities. “This will ensure, in prevailing circumstances, that the privacy of users is protected and maintained”.

Swaraj Paul Barooah, policy director at Center for Internet and Society, said that the recommendations is worrying at one level since “There is nothing in the telecom sector that requires interim urgent intervention and it may mean that the privacy framework maybe further delayed.”

For more details visit https://cis-india.org/internet-governance/news/economic-times-july-18-2018-surabhi-agarwal-and-gulveen-aulakh-trai-recommendations-on-data-privacy-raises-eyebrows

CIS submitted a response to a Notice of Enquiry by the US Government on International Internet Policy Priorities

Akriti Bopanna and Swagam Dasgupta — 2018-08-24T07:05:42Z

The Centre for Internet and Society drafted a response to a Notice of Inquiry (NOI) issued by the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA) on "International Internet Policy Priorities."

The notice was based on different areas and we commented on the following three areas; The Free Flow of Information and Jurisdiction, The Multi-stakeholder Approach to Internet Governance, Privacy and Security. The submission was made by Swagam Dasgupta and Akriti Bopanna. Read the submission here.

The submission broadly covered the following aspects:

The Free Flow of Information and Jurisdiction

What are the challenges to the free flow of information online?
Which foreign laws and policies restrict the free flow of information online? What is the impact on U.S companies and users in general?
Have courts in other countries issued internet-related judgments that apply national laws to the global internet? What have the effects been on users?
What are the challenges to freedom of expression online?
What should be the role of all stakeholders globally—governments, companies, technical experts, civil society and end users — in ensuring free expression online?
What role can NTIA play in helping to reduce restrictions on the free flow of information over the internet and ensuring free expression online?
In which international organizations or venues might NTIA most effectively advocate for the free flow of information and freedom of expression? What specific actions should NTIA and the U.S. Government take?

Multistakeholder Approach to Internet Governance

Does the multistakeholder approach continue to support an environment for the internet to grow and thrive? If so, why? If not, why not?
Are there public policy areas in which the multistakeholder approach works best? If yes, what are those areas and why? Are there areas in which the multistakeholder approach does not work effectively? If there are, what are those areas and why?
Should the IANA Stewardship Transition be unwound? If yes, why and how? If not, why not?
What should be NTIA’s priorities within ICANN and the GAC?
Are there barriers to engagement at the IGF? If so, how can we lower these barriers?
Are there improvements that can be made to the IGF’s structure?

Privacy and Security

In what ways are cybersecurity threats harming international commerce? In what ways are the responses to those threats harming international commerce?

For more details visit https://cis-india.org/internet-governance/blog/cis-submitted-a-response-to-a-notice-of-enquiry-by-the-us-government-on-international-internet-policy-priorities

IETF 102 Montreal

Admin — 2018-08-01T22:42:31Z

The Internet Engineering Task Force (IETF) organized IETF 102 Montreal at Fairmont Queen Elizabeth Montreal in Canada from July 14 - 20, 2018. Gurshabad Grover participated remotely in the meetings of several Working Groups.

Meeting agenda of IETF102: https://datatracker.ietf.org/meeting/agenda

On July 19, in the meeting of the Human Rights Protocol Considerations (HRPC) Research Group, Gurshabad presented a review of the human rights considerations in the drafts of the Software Update for IoT Devices (SUIT) Working Group. His presentation was based on the review written by him and Sandeep Kumar, which is archived here.

Agenda of the HRPC session @ IETF102: https://datatracker.ietf.org/meeting/102/materials/agenda-102-hrpc-05

For more details visit https://cis-india.org/internet-governance/news/ietf-102-montreal

IEEE-SA InDITA Conference 2018

Admin — 2018-08-01T23:04:18Z

Gurshabad Grover participated in the IEEE-SA InDITA Conference 2018 organized by IEEE Standards Association held IIIT-Bangalore on July 10 and 11, 2018.

Gurshabad gave a brief presentation on how we could apply or reject 'Trust Through Technology' principles in the design of public biometric authentication. The agenda for the event can be accessed here. More details on event website here.

For more details visit https://cis-india.org/internet-governance/news/ieee-sa-indita-conference-2018

ICANN Diversity Analysis

akriti — 2018-08-29T11:19:46Z

The by-laws of The Internet Corporation for Assigned Names and Numbers (ICANN) state that it is a non-profit public-benefit corporation which is responsible at the overall level, for the coordination of the “global internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the internet's unique identifier systems”. As key stakeholders of ICANN are spread across the world, much of the communication discussing the work of ICANN takes place over email. This analysis of the diversity of participation at the ICANN processes, through a study of their mailing lists, was undertaken by Paul Kurian and Akriti Bopanna.

The by-laws of The Internet Corporation for Assigned Names and Numbers (ICANN) state that it is a non-profit public-benefit corporation which is responsible at the overall level, for the coordination of the “global internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the internet's unique identifier systems”.^{^[1]}Previously, this was overseen by the Internet Assigned Number Authority (IANA) under a US Government contract but in 2016, the oversight was handed over to ICANN, as a global multi-stakeholder body.^{^[2]} Given the significance of the multistakeholder nature of ICANN, it is imperative that stakeholders continue to question and improve the inclusiveness of its processes. The current blog post seeks to focus on the diversity of participation at the ICANN process.

As stakeholders are spread across the world, much of the communication discussing the work of ICANN takes place over email. Various [or X number of ] mailing lists inform members of ICANN activities and are used for discussions between them from policy advice to organizational building matters. Many of these lists are public and hence can be subscribed to by anyone and also can be viewed by non-members through the archives.

CIS analysed the five most active mailing lists amongst the working group mailing lists from January 2016 to May 2018, namely:

Outreach & Engagement,
Technology,
At-Large Review 2015 - 2019,
IANA Transition & ICANN Accountability, and
Finance & Budget mailing lists.

We looked at the diversity among these active participants by focusing on their gender, stakeholder grouping and region. In order to arrive at the data, we referred to public records such as the Statement of Interests which members have to give to the Generic Names Supporting Organization(GNSO) Council if they want to participate in their working groups. We also used, where available, ICANN Wiki and the LinkedIn profiles of these participants. Given below are some of the observations we made subsequent to surveying the data. We acknowledge that there might be some inadvertent errors made in the categorization of these participants, but are of the opinion that our inference from the data would not be drastically affected by a few errors.

The following findings were observed:

A total of 218 participants were present on the 5 mailing lists that were looked at.
Of these,, 92 were determined to be active participants (participants who had sent more than the median number of mails in their working group) out of which 75 were non-staff members.

Among the active non-staff participants:

Out of the 75 participants, 56 (74.7%) were male and 19 (25.3%) were female.
57.3% were identified to be members of the industry and technological community and 1.3% were identified as government representatives. 8.0% were representatives from Academia, 25.3% represented civil society and the remaining 8.0% were from fields that were uncategorizable with respect to the above, but were related to law and consultancy.
Only 14.7% of the participants were from Asia while the majority belonged to Africa and then North America with 24% and 22.7% participation respectively
Within Asia, we identified only one active participant from China.

Concerns

The vast number of the people participating and as an extension, influencing ICANN work are male constituting three fourth of the participants.
The mailing list are dominated by individuals from industry.. This coupled with the relative minority presence of the other stakeholders creates an environment where concerns emanating from other sections of the society could be overshadowed.
Only 14.7% of the participants were from Asia, which is concerning since 48.7% of internet users worldwide belong to Asia.^{^[3]}
China which has the world’s largest population of internet users (700 million people)^{^[4]} had only one active participant on these mailing lists.

ICANN being a global multistakeholder organization should ideally have the number of representatives from each region be proportionate to the number of internet users in that region. In addition to this, participation of women on these mailing lists need to increase to ensure that there is inclusive contribution in the functioning of the organization. We did not come across any indication of participation of individuals of non binary genders.

^{^[1]} https://cis-india.org/telecom/knowledge-repository-on-internet-access/icann

^{^[2]} https://www.icann.org/news/announcement-2016-10-01-en

^{^[3]} https://www.internetworldstats.com/stats.htm

^{^[4]} https://www.internetworldstats.com/stats3.htm

For more details visit https://cis-india.org/internet-governance/blog/icann-diversity-analysis

Digital Native: How smart cities can make criminals out of denizens

nishant — 2018-08-01T00:19:23Z

People download information and share it without knowing about the intellectual property rights. On social media bullying, harassment and hate speech find easy avenues.

The article was published in Indian Express on July 15, 2018.

I first heard about smart cities in 2003. Sitting in India, it seemed to be a very strange concept being developed in the Netherlands, where the planners were trying to arm an entire city with smartness. The idea was that if we deploy enough cameras, devices that see, machines that hear, and data connectivity that envelopes the city in a seamless cloud, it might lead to more order, discipline, and control. To me that felt like a strange experiment because under all of those different imaginations of the city as a neat, organised, controlled environment, were assumptions that were alien to my Indian sensibilities.

It was strange to look at all the promises that “smartness” would deliver — it would make human life easier. It would increase safety and create order out of chaos. It would build new lifestyles that are filled with assistive technologies. In all of these, was the imagination of the city as a laboratory — controlled and efficient, as opposed to riotous and serendipitous. The cities were positioned as filled with intention, so that the interruptions of people, animals, festivals, traffic and crowds would be removed through the deployment of these digital devices and networks. What needed to be preserved was the city and its infrastructure, rather than the individuals and communities that make the city alive and exciting. We wanted our infrastructure to be smart, taking decisions on our behalf, and shaping our lives through the algorithmic protocols that they were coded to embody.

In that faraway time, these had felt like idle speculations. Fifteen years on, I have now come to realise that the biggest motivation for building smart cities was not really facilitating human movement, habitation and habits. Indeed, at the heart of the smart city project was the setting up of a massive surveillance apparatus that would clinically diagnose the unwanted people and processes in the city, and surgically remove them — with the assistance of predictive technologies that would be implemented in policing and planning these city spaces.

Smart cities were not constructed to make people’s lives easier. They were constructed because, increasingly, all the people in a city are imagined as “users”, who need to be instructed through terms of services, how they must behave and live in these city spaces. One of the biggest cultural turns in the massification of the digital web was that almost all users were imagined as potential criminals by the very virtue of them being connected. Internet service providers and regulators knew that if people are connected, they will be violating the law at some point or another, sometimes unknowingly. People download information and share it without knowing about the intellectual property rights. On social media bullying, harassment and hate speech find easy avenues. The largest traffic on the internet is for pornographic and often banned material which finds its audiences on the connected web. Spammers, viruses, hijacked machines, and, often, searches for unexpected items lead people onto the dark web where the questionable human interactions happen frequently.

The introduction of the digital terms of services was essentially to presume that the user was a potential criminal who leases hardware and software, and, platforms from proprietary companies and governments could then control and discipline the user through comprehensive surveillance practices. Construction of smart cities performs a similar function in the physical space. Instead of thinking about citizens as co-owners who shape city spaces, smart cities establish a service level agreement with its occupants, and reduces them to users. Any deviation results in punitive action or devaluation, often curbing the movement, and the rights of belonging to the city spaces.

While it is true that smart technologies can facilitate certain aspects of human life, they depend on unfettered data collection, predictive profiling, correlative algorithms and conditions of extreme invasion and control — which are all predicated on the idea that you will falter. And when you do, the technologies will be there to witness, record, archive, and punish you for the daily transgressions till you are wiped into becoming a predictable, controlled, cleaned up drone that travels in docility across the networked edges of the city. We will be assimilated. Resistance will be futile.

For more details visit https://cis-india.org/raw/indian-express-july-15-2018-nishant-shah-digital-native-the-citys-watching

Government Gives Nod To Bill For Building DNA Databases In India, For 'Criminal Investigation And Justice Delivery'

Admin — 2018-07-13T15:25:13Z

The bill will be introduced in Parliament in the Monsoon session.

The article was published in the Huffington Post on July 5, 2018. Elonnai Hickok was quoted.

The government has set the path for creating a DNA bank storing citizen's profiles, as the Union Cabinet cleared a bill for the regulation and use of DNA for policing. The bill is meant to regulate the use of DNA for criminal investigation and justice delivery, and has provisions for the storage of genetic information. The DNA Technology (Use and Application) Regulation Bill 2018 was passed in a cabinet meeting, chaired by Prime Minister Narendra Modi, and seeks to expand the use of DNA to help solve crimes, identify missing persons, and determine biological relationships between people. It will be introduced in Parliament during the Monsoon Session beginning July 18.

Although the bill includes safeguards on how this data is meant to be used, it's worth pointing out that India still does not have any laws regarding data protection and privacy. The Justice BN Srikrishna Committee on data protection, which was formed in August 2017, was expected to present its report months ago, and there were strong leaks that it would come out in June. However, the report remains under wraps, and there there is no clarity about its recommendations. That's also only the first step, as it has to then be taken up by the government and made into a law.

Scientists who had helped draft the DNA Technology bill told The Telegraph that expanding the use of DNA in criminal investigations could lead to higher conviction rates, especially in cases of murder, rape or human trafficking, among other crimes involving the human body.

"We rely on DNA for two things - it helps establish beyond doubt the biological identity of an individual and it helps beyond doubt to determine whether there is any biological relationship between two persons," said Jayaraman Gowrishankar, former director and now an Indian National Science Academy senior scientist at the Centre for DNA Fingerprinting and Diagnostics in Hyderabad.

According to NDTV, there is also a provision for a jail term of up to three years for anyone who leaks information from one of the DNA databases being created, along with a fine of up to Rs 1 lakh. People seeking this information through illegal means face the same punishment.

In other countries, DNA profiles are also used for a number of businesses such as health care, ancestry information, and even DNA-based custom diet plans. However, the draft DNA bill states that the data collected can only be used for the identification of a person, and not other uses.

However, the accuracy of DNA testing in crime scenes has also been called into question over time. The possibility of cross contamination is incredibly high, and has led to innocent people going to prison.

Writing on the subject for The Hindustan Times, Elonnai Hickok, Director, Internet Governance at the Centre for Internet and Society added: "Policy needs to evolve past protections that are limited to process oriented legal privacy provisions, but instead to protections that are comprehensive — accounting for process and enabling the individual to control and know how her/ his data is being used and by whom. Other countries have recognised this and are taking important steps to empower the individual. India needs to do the same for its citizens."

For more details visit https://cis-india.org/internet-governance/news/huffington-post-july-5-2018-government-gives-nod-to-bill-for-building-dna-databases-in-india-for-criminal-investigation-and-justice-delivery

India's Latest Data Leak: People's Aadhaar Number And Bank Account Are Just One Google Search Away

Admin — 2018-07-13T15:18:46Z

Even Truecaller doesn't reveal this much.

The article by Gopal Sathe was published in Huffington Post on July 12, 2018.

Imagine being able to hack someone's personal data simply by entering their mobile phone number into a Google search. There is a website of the Andhra Pradesh government that's leaking people's phone numbers, Aadhaar numbers, father's names, passbook and bank account numbers, and the district and mandal where they live - all the link to all this information is the first result you get when you search for the phone numbers of people in the database.

The Andhra government has been leaking the personal data of more than 23,000 farmers who have received subsidies from the Andhra Pradesh Medicinal and Aromatic Plants Board, and organisation that encourages the growth of Ayurvedic medicines in the state. The subsidies are offered to farmers and tribals in the state, and all their personal data is available on an open database on an Andhra Government website.

The information is not behind any access control, and you can see all the records, click on them to get the details of anyone, or download everything as an Excel sheet. But what's perhaps worse is that simply by searching for the phone numbers of many of these farmers, we were able to find the detailed information about them. HuffPost India randomly chose a dozen farmers, and in each case, this database was the first result for their phone number on Google.

That's the most concerning part - in most cases, even when the information has leaked, it isn't readily apparent to people. You have to know the website address, or at the very least spend some time poring through dashboards. In the case of this latest leak, all you need is the person's phone number, and all their information is made visible. HuffPost India has reported this issue to the AP government, much like earlier leaks, although at the time of writing the data is still available online.

Who's held responsible?

This is just the latest in a long line of leaks from AP - in just the last few months, we've reported on a website that let you geo-locate homes on the basis of caste and religion; while another tracked all the medicines people buy, such as generic viagra, along with their phone numbers; and one that tracked pregnant women in ambulances in real time.

A government official we spoke to in AP Secretariat said that while all the departments have been digitised, an understanding of security - and privacy - is yet to come. "Even if you tell them, 'this data is not something you can publish', they disagree and say that it is needed for the beneficiaries to be able to access their own information," he explained.

Karan Saini, a security analyst and consultant who writes on issues of web security and privacy, told HuffPost that the various government departments are generally unresponsive when breaches like this are brought up.

"Lack of outreach is an issue with all of these organisations," said Saini. "NCIIPC is the only one that can even be found by someone looking at the surface. [These organisations] are hard to get a response from."

One reason for this, said Srinivas Kodali, a security researcher who has revealed a tremendous amount of leaks in the AP system, is that there is no official system of accountability in the government when it comes to data leaks.

In May 2017, the AP government passed the Andhra Pradesh Core Digital Data Authority Act, under which in section 37 it states that no legal proceeding shall lie against any officer or employee for anything which is in good faith done. What this means is that leaks and breaches are not something any official in the government can be held responsible for.

This act came out less than a month after the Centre for Internet and Society in Bengaluru published a report stating that 13 crore Aadhaar numbers were leaked - of which 2 crore were from Andhra Pradesh.

A lack of (human) resources

AP officials do acknowledge the problem. "There is a major shortage of cybersecurity professionals, and hiring them is a challenge," said V Premchand, head of the Andhra Pradesh Technology Service, who is in charge of the ongoing security work in the state. AP has seen a major security audit in May this year, and a privacy audit was announced last month.

"The work is ongoing but it is not something that can happen overnight," Premchand explained. However, others argue that the government isn't doing enough to make use of existing manpower. Unlike other countries, the Indian government does not have any real bug bounty program, where security researchers are incentivised to report weaknesses to organisations for cash rewards and recognition.

Sai Krishna Kothapalli, a student at IIT Guwahati and a security researcher, told HuffPost that the government actively discourages security experts from providing their support, rather than encouraging them.

"The US Department of Defense and others have a responsible disclosure program and a lot of people from India take part in that," he said. "Our talent is being used by them instead because the government here does not reply at all."

"India's top hackers are being employed by people outside the country, even though we have the talent here, because will you spend the time and effort to be ignored here, or report issues to a US company and make thousands of dollars instead?"

However, security audits in India are only being carried out by agencies that have been empaneled, and most of the hackers active here don't have the certification, he added. "They're too busy actually doing the work, while these big companies do audits, and leave all kinds of security issues behind."

For more details visit https://cis-india.org/internet-governance/news/huffington-post-gopal-sathe-july-12-2018-indias-latest-data-leak-is-so-basic-that-peoples-aadhaar-number-bank-account-and-fathers-name-are-just-one-google-search-away

Child-lifting rumours caused 69 mob attacks, 33 deaths in last 18 months

Admin — 2018-07-13T14:53:57Z

45 persons were killed in 40 cases of mob lynching across nine states between 2014 and 3 March 2018 according to data.

The article was published in the Business Standard on July 9, 2018. Swaraj Paul Barooah was quoted.

Two incidents of mob violence reported from Dima Hasao in Assam and Mangaluru in Karnataka on July 6, 2018, take to 61 the number of mob attacks sparked by rumours of child-lifting circulated on social media since beginning of the year.

So far this year, 24 persons have been killed in such mob attacks, an IndiaSpend analysis of news reports from across India shows. This is more than 4.5 times rise in attacks and two-fold rise in deaths of this kind over 2017, when 11 persons were killed in eight separate attacks.

Between January 1, 2017, and July 5, 2018, 33 persons have been killed and at least 99 injured in 69 reported cases. In the first six days of July alone, there have been nine cases of mob violence over child lifting rumours and five deaths, which amounts to more than one attack recorded every day.

In all cases, the victims were assaulted on mere suspicion and no evidence of child lifting was found later. So far, police across states have arrested at least 181 persons in connection with 21 cases, according to information from the news reports.

On July 5, 2018, the central home ministry had directed all states and union territories to contain mob-lynchings fuelled by rumours of child-lifting on social media. Nevertheless, two attacks were reported on July 6, 2018–a father travelling with his own son in Karnataka, and three sadhus or ‘holy men’ travelling in Assam.

Prior to 2017, one mob lynching was recorded in August 2012, in which a driver was killed in Patna, Bihar, on suspicion of kidnapping a minor, according to our database.

The spike in these lynchings over the past year follows a rise in bovine-related hate violence, as recorded in IndiaSpend’s database on cow-related hate crime. Incidents of mob attacks on persons suspected of killing cows have become deadlier during this period, with more deaths reported in attacks.

Social and political commentators have blamed this violence on a rise in socio-political and religious cleavages, a rise of vigilantism and an apparent atmosphere of impunity for attackers.

“The violence started with cow-related vigilantism but it is now building up more violent behaviour–from small to big reasons anything could be the trigger,” psychologist Upneet Lalli, deputy director of the Institute of Correctional Administration in Chandigarh, told IndiaSpend.

Videos of people tied and beaten, begging mobs to spare their lives, have been circulating on WhatsApp groups and other social media, affecting people everywhere, she said, adding, “Once set off for any reason, mob hysteria is extremely difficult to control.”

Social media is aiding and abetting the process, criminologist Vijay Raghavan, dean of the social protection office at the Tata Institute of Social Sciences, told IndiaSpend, adding that the growing violence is “clearly being orchestrated by vested interests”.

“A rumour starts in one part of the country and travels to other parts like wildfire–first it was beef, now it is child lifting,” he said. In most cases, the victims and the attackers belong to communities historically pitted against each other, he said, “This changing narrative has a clear pattern of violence that is basically preying on traditional insider-outsider perceptions.”

Our analysis

To analyse instances of mob violence related to child-lifting rumours, our team collected, studied and cross-verified print and online news reports in the English media, which tend to have the widest nationwide coverage, since 2010. All reported incidents were cross-referenced to eliminate discrepancies.

The dataset thus created includes the number of mob attacks, the severity of each attack and details of the victims. Most entries include the names of districts, towns and villages.

Since each observation is based on a newspaper report of the crime, availability of details such as the severity of crime, the number of victims and their identities and ethnicities varies.

Before 2017, only one incident was reported in 2012.

Jharkhand, Maharashtra deadliest

Among all states and union territories, Jharkhand and Maharashtra, with seven and five deaths, respectively, reported the highest death toll. The chances of death in such attacks in these states stood at 350% and 167%, respectively, meaning every reported incident led to more than one death.

Odisha, under the Biju Janata Dal government, reported the most number of attacks, 15, which resulted in one death. Tamil Nadu, run by the All India Anna Dravida Munnetra Kazhagam (AIADMK), followed with nine cases and four deaths.

One-third or 30% of attacks were reported from states ruled by the Bharatiya Janata Party, which also runs the central government.

In the 19 months since January 2017, 10 districts across 16 states have reported more than one case of mob violence. Jeypore, Mayurbhanjh and Rayagada in Odisha and Visakhapatnam in Andhra Pradesh have reported three separate incidents each.

More than half or 56% of the attacked victims were men, 22% women, 3% transgender, and for the remaining 18%, the gender was not mentioned in the news reports.

Among those killed, 14 were Hindus, 3 Muslims, and in 16 cases the religious/ethnic identity was not reported.

No correlation between rise in reported child kidnappings and spread of mob violence

Except in Maharashtra, these incidents of violence do not reflect an increase in child kidnapping cases recorded in National Crime Records Bureau (NCRB) data from 2014 to 2016.

In the two years from 2014, India recorded a 41% rise in kidnapping and abduction of children–from 38,555 in 2014 to 54,328 in 2016–primarily in Uttar Pradesh (9,678), Maharashtra (8,260) and Delhi (6,254), NCRB data show.

As of 2016, Maharashtra, the second-most populous state in India, reported the second-highest number of child abductions. It has also reported the second-highest toll from mob lynchings over child-lifting rumours.

However, there was no such correlation in Uttar Pradesh and Delhi, which the NCRB ranked first and third for the number of reported child abductions and kidnappings (which are defined differently in law but basically involve seizing by force and against the victim’s will).

Jharkhand, which reported the highest death toll from mob lynchings, ranked 19 across India for reported child abductions in 2016, as per NCRB data. Tripura, where five people were killed, ranked 24.

This may suggest that fears of child lifting are unfounded and exaggerated. “There is no correlation because the instigators of this violence are not prompted by a genuine fear of kidnapping,” Raghavan said.

However, the data do not account for cases that go unreported–families are hesitant to approach the police, who are seen to be unsympathetic and intimidating–or cases lost in communication between states and NCRB.

The violence is also indicative of how people have lost faith in law enforcement and criminal justice systems to act decisively against child lifting, Lalli said, adding, “Losing faith in the law of the land is a serious threat to society.”

Mob psyche is different from individual psyche, she said, “When an individual acts, there is a sense of responsibility, but in a mob, there is a dispersion of responsibility and guilt.” The mob justifies its act as heroism to save the community, their identity, their children, themselves.

Of the children kidnapped or abducted in 2016, 73% were female and 27% male, NCRB data show. Of the total child victims, 31% (16,938) were kidnapped or abducted for the purpose of marriage, of which only one victim was male; 3% (1,562 female and 26 male) for illicit intercourse; and 1% each for other unlawful activity and adoption. No purpose was mentioned in fully 62% of cases.

77% attacks attributed to fake news

Of the 69 mob violence cases related to rumours of child lifting that have been reported, 77% were eventually attributed to fake news spread through social media. Mobile messenger application Whatsapp, in particular, featured as the rumour source in 28% or 19 of the cases.

The ministry of electronics and information technology on July 2, 2018, issued a warning to Whatsapp, observing that “instances of lynching of innocent people because of large number of irresponsible and explosive messages filled with rumours and provocation are being circulated on WhatsApp”.

“Such a platform cannot evade accountability and responsibility especially when good technological inventions are abused by some miscreants who resort to provocative messages which lead to spread of violence,” the ministry said subsequently in a press release on July 3, 2018, stating clearly that “WhatsApp must take immediate action to end this menace and ensure that their platform is not used for such malafide activities”.

About 13% or 200 million of WhatsApp’s 1.5 billion users are Indian, The Financial Express reported on February 1, 2018. This is 42% of India’s 481 million internet users recorded as of December 2017.

In a letter to the ministry shared with IndiaSpend, the WhatsApp management said it was “horrified by these terrible acts of violence” and listed out the steps it has taken to curb the spread of fake news but emphasised that the challenge “requires government, civil society and technology companies to work together”.

It maintained, however, that messages would continue to have end-to-end encryption to protect users’ privacy and security, encryption being key to WhatsApp’s messaging service. It added that no more than a quarter of WhatsApp users are part of groups; that the majority of groups are small (with fewer than 10 members); and nine in 10 messages are sent from just one person to another.

Cyber privacy experts caution against overreacting against WhatsApp and other social media platforms, arguing in favour of free speech and privacy.

In June, after two cases of mob lynching in Tripura, the government tried to control the situation by shutting down the internet in the area, reports included in our database said.

This is “a slippery slope to quell dissent”, Swaraj Barooah, director at the Centre for Internet and Society, a Bengaluru-based not-for-profit, said, adding, “There are indications that marginalised groups tend to be affected more strongly than others when there are internet shutdowns.”

Lynchings point to a much larger issue than the ubiquitous presence of social media, experts said. “Everyone is focusing on these being rumours–and of course the platform’s ability to exponentially magnify the speed and reach of a message being sent is very relevant–but when and why did we normalise vigilante justice in the first place?” said Barooah. “For instance, would this type of action be okay if these were not rumours, but had actually been true?”

“The root problem is those exploiting historical animosities between communities. We need to properly investigate on a national-level who are the instigators and what are they after–merely arresting people after an incident is not enough,” professor Raghavan said.

Barooah also warned against attempts to force WhatsApp to provide security agencies with decrypted data, as the government had forced the Canadian smartphone maker Blackberry to do in 2013.

“Given that it is already unsure of the extent to which WhatsApp shares metadata with governments, it is important to ensure that its end-to-end encryption facility is not weakened,” Barooah said. “There are certain delicate trade-offs that can be made, but if they are, they should not be made as a knee-jerk reaction to ongoing events but after careful consideration of all the pitfalls. This is especially important in India, given the lack of a privacy law as well as concerns of chilling effects on free speech that are present.”

Some solutions he suggested include making it mandatory that WhatsApp forwards and memes contain originator details, and that a “fact check this” option be inserted at the user end to allow a message to be decrypted. He also suggested that a database of ‘reported hashes’ be created, which all users could download, and which would automatically rate messages on ‘trust’.

It is also important to help people identify fake news and question the information they receive, experts say, pointing out that while India has low literacy and education levels, even highly literate people are not free from confirmation bias.

“We really need to educate people–people naively believe everything they read as true. We’re not doing anything about critical thinking and critical inquiry–we’ve stopped being questioning and that’s a very important part of countering fake news,” Lalli said, adding, “We don’t even respond to information, we’re only reacting.”

How recent attacks tie in with bovine-related vigilantism and violence

IndiaSpend has been maintaining a database of bovine-related violence since 2010, which shows a spurt in violence since the BJP and Prime Minister Narendra Modi assumed power in May 2014.

A preponderant majority of bovine-related hate crimes–98% of the 85 incidents–have occurred since May 2014, our database shows. Only one incident each was reported in 2012 and 2013.

Around 56% of the persons attacked by these groups were Muslim, who accounted for 88% of those killed in this violence. In 2018, 100% of victims attacked in these hate crimes were Muslim.

“There is a clear increase in aggression by one group against the other and a growing inability to empathise and understand those different from ourselves,” Lalli said, “This has essentially made us revert to behaving like tribalistic societies with animalistic instincts–where, when for survival, when you perceive an animal to be a threat, you attack it to kill it.”

In more than a third–28 of 85 incidents–mobs or groups of people were spurred into violence on the mere suspicion of cow slaughter.

Our database also shows that the attacks have become deadlier–the percentage chance of such mob-violence resulting in death has more than doubled from 30% in 2017–regarded as the deadliest year since 2010 (11 deaths in 37 cases)–to 66% in 2018 (four deaths in six cases).

“Society has an innate capacity for violence and it’s very easy to encourage this. Right from Twitter trolling–which is basically extreme verbal aggression–we are unleashing and encouraging violence in different ways and contexts,” Lalli said.

What the government says

Many commentators have remarked that the absence of a strict and prompt response from the government has encouraged such violence. “What action is taken when such cases occur has an important bearing on the continuation of such violence,” Raghavan said, “By not taking strong action, the state is complicit in its orchestration.”

“While we hear about more incidents of violence, we are yet to hear full recognition or condemnation of these acts from the important leaders–in a way it sends out a message that does not discourage the mob,” Lalli agreed, “When you don’t speak out about it and come down on it strongly, it sends out a signal to society that it’s alright to resort to violence for these reasons since nobody gets punished.”

The NCRB “does not maintain specific data with respect to mob lynching incidents (involving minorities) in the country”, the home ministry told Parliament on March 13, 2018.

The ministry did furnish some data on mob lynchings recorded by states from 2014 to 2017, but did not provide information on the motive–whether cow vigilantism, communal or caste hatred, or rumours of child-lifting, etc. The data also did not disclose the identity of the victims.

These data said 45 persons were killed in 40 cases of mob lynching across nine states between 2014 and March 3, 2018. At least 217 persons have been arrested.

In contrast, IndiaSpend’s two databases on mob violence–due to child-lifting rumours and bovine-related hate violence–record 80 cases and 41 deaths during the same period. This is without counting other instances of mob violence related to caste, moral policing and so on.

For more details visit https://cis-india.org/internet-governance/news/business-standard-july-9-2018-69-mob-attacks-on-child-lifting-rumours-since-jan-17-only-one-before-that

Death by Social Media

Admin — 2018-07-10T01:44:15Z

The victims of WhatsApp forwards are outsiders, the political class is silent, the state is helpless. There are clear patterns behind the recent mob lynchings.

The article by Pretika Khanna, Abhiram Ghadyalpatil and Shaswati Das was published in LiveMint on July 9, 2018. Pranesh Prakash was quoted.

The Maharashtra state administration is still trying to come to terms with the shocking lynching on 1 July in Dhule district in northern Maharashtra, where a restive mob of 3,500-plus villagers gathered outside the gram panchayat office in Rainpada village, broke open the locks, and killed five agricultural labourers on the suspicion that they were ‘child-lifters’. There have been 14 incidents of mob lynching and vigilante justice—fuelled by rumours spread on social media—in Maharashtra alone in less than a month since 8 June.

In fact, a police officer, who spoke on the condition of anonymity as he is part of the investigating team, says the police machinery was clueless as “no police station in the areas where the mob attacks have occurred has received a formal complaint about kidnappings or children missing before the attacks”. Now, of course, everybody has swung into action. In Maharashtra, at prominent public locations across cities and towns, the state government have put up large boards cautioning people against believing social media rumours.

(Right) an angry mob lynched a hawker on suspicion of being a child-lifter at the Tripura State Rifles camp in Agartala on 29 June. Photo: AFP

Over the last year, there have been a number of deaths fuelled by rumours which spread like lightning via WhatsApp, the messaging platform owned by Facebook Inc. Horrific incidents have been reported from the states of Assam, Tripura, Karnataka, Jharkhand among others. A common rumour—that gangs of children-lifters are out to pick up children—has triggered almost all of these incidents of mob frenzy. Those being targeted include migrants, mentally challenged people, nomadic and denotified tribes and other vulnerable sections of society.

“Over 20 people have been killed. It’s unprecedented not just in India but globally. It is as serious as a breakout of an epidemic. Misinformation has been weaponized to target minorities, individuals, activists…,” says Pratik Sinha co-founder AltNews, a fact-checking website.

Complicating matters is that there are multiple reasons behind this shocking breakdown in law and order. Is the villain of the piece WhatsApp, which has 200 million monthly users, and did it do enough to stop the spread of rumours? Did the all-powerful, all-seeing local administration and police do its best to catch the societal discord before it erupted? What role did an overall, environment play, at a time when society has internalized lynching to such an extent that a Harvard-educated union minister Jayant Sinha recently honoured and garlanded eight people convicted of lynching a coal trader Alimuddin Ansari in Ramgarh, Jharkhand, last June?

Over 20 people have been killed. It’s unprecedented not just in India but globally. It is as serious as a breakout of an epidemic. Misinformation has been weaponized to target minorities, individuals, activists…- Pratik Sinha, co-founder of AltNews, a fact-checking website

Fear of the outsider

Not only have most of the victims been strangers, there are clear patterns behind most mob lynchings in recent times. In 2012, for instance, a rumour that spread like wildfire on social media had the north-eastern people in Bengaluru fleeing the city overnight. “These were not just random rumours, these are targeted. For example, the messages circulated in Bengaluru targeted Hindi-speaking migrants,” said Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank.

Experts point out that victims are usually outsiders as they are not seen as being rooted in society. “There is a structural marginalization based on caste, class which is usually attributed with such rumours. Invariably the attack is against those who already have a reputation,” said T.K. Oommen, sociologist and professor emeritus at the Centre for the Study of Social Systems, JNU.

Take the Dhule incident. According to the police official cited earlier, “In Maharashtra particularly there has been a method to this madness against some tribes like the Nath Gosavi tribe, to which the victims in Dhule belonged, and the Phase Pardhis. These communities are routinely identified as of criminal bent and have been on the receiving end much before social media emerged.”

There is a structural marginalization based on caste, class which is usually attributed with such rumours. Invariably the attack is against those who already have a reputation- T.K. Oommen, sociologist and professor emeritus at the Centre for the Study of Social Systems, JNU

Changes in society

“Rumours are not a one-time event. They emerge due to unrest in society. This is usually the situation in a society characterized by fear. The general tendency in society is that they are unreliable. That leads to consequences which are usually bad,” says Oommen.

Even as the Union home ministry has no official record of mob lynching, social media has become the primary catalyst for self-styled cow vigilantes, as well, to bring to book those who have reportedly been indulging in cow slaughter. On 1 April 2017, Pehlu Khan, along with six others, was returning from Jaipur to his village in Nuh, Haryana, carrying cows and calves for the purpose of dairy farming. They were stopped at the Jaipur-Delhi national highway by 200 cow vigilantes, who beat Khan to death.

Since 2014, there have been numerous such incidents of mob violence that have normalized the brutal act. The fact that political leaders have not been openly and quickly condemning such instances sets out a signal to the administration and people at large. All this comes at a time when sociologists and mental health experts point out that there has been a change in the societal set-up. They say that unlike older times, there is no folklore anymore. There is also a breakdown of the traditional society set-up along with a speed up of technology which gives a boost to the spread of such rumours.

Social media has become the primary catalyst for self-styled cow vigilantes, as well, to bring to book those who have reportedly been indulging in cow slaughter

Mental health experts say that people tend to believe messages sent through platforms like WhatsApp as they usually are sent by a trusted source. “As a result, doubts regarding the credibility of the source of the messages tend to get diluted. And therefore, we are inherently more likely to not think of rejecting the content of the message as being false or inauthentic,” said Samir Parikh, director of department of mental health and behavioural sciences at Fortis Healthcare.

The role of WhatsApp

On 8 June, two men, who had gone to Kangthilangso waterfall in Karbi Anglong district in Assam were beaten to death by villagers at Panjuri Kachari on suspicion of being child-lifters.

While the police immediately sprung into action, they are still heavily dependent on the response mechanism of the social media companies. “WhatsApp circulation has increased exponentially and we are now thinking of ways to control the flip side of it. When we are faced with specific cases pertaining to social media we write to the platforms separately, but their response time is long,” said Pallab Bhattacharya, special director general of police (special branch), Assam.

Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank.

There is no literacy training on the fact that the platform has rumours and misinformation, how to spot them and avoid becoming a source of it
- Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank

According to Prakash, while WhatsApp keeps reminding users that their messages are encrypted, it does not remind its users to not forward unverified information or misinformation, as is prohibited by its acceptable use policy. The acceptable use policy is available only in English, and there is no user conditioning about what kind of messages aren’t acceptable. “Also, there is no literacy training on the fact that the platform has rumours and misinformation, how to spot them and avoid becoming a source of it,” he added.

For instance, Akash Tomar, superintendant of police-city (Ghaziabad) found it challenging to handle the rumours spread through social media platforms during Dera Sacha Sauda riots that took place not very far away from the state and other similar sensitive incidents. “At one point, WhatsApp can help the police in disseminating important and useful information for citizens but off late we have witnessed that such social media platforms have a potential to trigger riots, lynching and other crimes,” Tomar said.

While WhatsApp says it will take appropriate measures to curtail the spread of fake news , simply shooting the messenger is not going to be enough. These murders have not taken place in a digital vacuum.

pretika.k@livemint.com

Komal Gupta and Neetu Chandra Sharma in New Delhi contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/death-by-social-media

'Hope for such swift crackdowns for everyone'

Admin — 2018-07-07T08:52:39Z

The prompt arrest has impressed cybercrime experts, but some are sceptical whether this case will serve as a deterrent for trolls or spell hope for citizens at the receiving end of online abuse.

The article was published in the Times of India on July 6, 2018.

"I don't think this serves as sufficient deterrent for the everyday user. The victim here was a high-profile individual and action was taken after specific instructions from the Union home ministry towards both the police and Twitter," said Pranav MB of the Centre for Internet and Society, a non-profit whose focus areas include digital privacy and cybersecurity.

Pavan Duggal, chairman of the International Commission of Cyber Security Law, too felt the "high-profile stature" of the complainant means this could be an example of "customised justice" and not "generic justice". "The police invariably give step-motherly treatment to the common man whose issues are low priority to them," he said.

Duggal stressed on the need to adopt a "holistic approach" to deter anonymous trolls as a matter of "de facto routine". "We need to come up with strong legal provisions to deal with trolls," he said.

Such steps are becoming imperative given that a recent study by a global cybersecurity firm showed that eight out of 10 persons in India reported some form of online abuse. Another study by a Delhi NGO detailed how vocal women often have to deal with violent threats and sexual remarks. After the arrest, Priyanka Chaturvedi herself pointed out that "they like to target women who have a different opinion" and stressed the need to send a strong message.

"Threatening the rape of a child is the lowest thing. It's disgusting," said women's rights lawyer Flavia Agnes. Pointing out the vicious trolling of foreign minister Sushma Swaraj over her ministry's clearance to the passport of a Hindu-Muslim couple, Agnes said: "This has been happening again and again and it is getting out of hand. Arresting is one thing but we need to put an end to this menace."

The swift police action has impressed Mumbai cybercrime investigator Ritesh Bhatia. "It is not too difficult to catch trolls using fake ID these days since social media platforms are ready to provide the police with user logs that help track their IP address. I am glad Twitter responded quickly," said Bhatia. "I also hope that such speedy action is taken for all those who are threatened and abused, irrespective of their profession, status and political affiliations."

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-july-6-2018-hope-for-such-swift-crackdowns-for-everyone

CIS contributes to the Research and Advisory Group of the Global Commission on the Stability of Cyberspace (GCSC)

Arindrajit Basu — 2018-07-05T16:00:02Z

The Global Commission on the Stability of Cyberspace (GCSC) is an initiative of the Hague Centre for Strategic Studies and the East West Institute that seeks to promote mutual awareness and understanding among various cyberspace communities. It seeks to develop norms and policies that advance the stability and security of cyberspace.

Chaired by Marina Kaljurand, and Co-Chaired by Michael Chertoff and Latha Reddy, the Commission comprises 26 prominent Commissioners who are experts hailing from a wide range of geographic regions representing multiple communities including academia industry, government, technical and civil society.

As a part of their efforts, the GCSC sent out a call for proposals for papers that sought to analyze and advance various aspects of the cyber norms debate.

Elonnai Hickok and Arindrajit Basu’s paper ‘ Conceptualizing an International Security Architecture for Cyberspace’ was selected by the Commissioners and published as a part of the Briefings of the Research and Advisory Group.

Arindrajit Basu represented CIS at the Cyberstability Hearings held by the GCSC at the sidelines of the GLOBSEC forum in Bratislava-a multilateral conference seeking to advance dialogue on various issues of international peace and security.

The published paper and the Power Point may be accessed here.

The agenda for the hearings is reproduced below

GCSC HEARINGS, 19 MAY 2018

HEARINGS: TOWARDS INTERNATIONAL CYBERSTABILITY

Venue: “Habsburg” room, Grand Hotel River Park 15:00-15:15

Welcome Remarks by Marina Kaljurand, Chair of the Global Commission on the Stability of Cyberspace (GCSC) and former Foreign Minister of Estonia 15:15-16:45

Hearing I: Expert Hearing

This session focuses on the topic Cyberstability and the International Peace and Security Architecture and includes scene settings, food-for-thought presentations on the new GCSC commissioned research, briefings and open statements by government and nongovernmental speakers.

“Scene setting: ”Cyber Diplomacy in Transition” by Carl Bildt, former Prime Minister of Sweden

“Commissioned Research I: Lessons learned from three historical case studies on establishing international norms” by Arindrajit Basu, Centre for Internet and Society, India

Commission Research II: The “pre-normative” framework and options for cyber diplomacy” by Elana Broitman, New America Foundation

“Some Remarks on current thinking within the United Nations”, by Renata Dwan, Director United Nations Institute for Disarmament Research (UNIDIR) (Registered Statements by Government Advisors) (Statements by other experts)

(Open floor discussion) 16:45-17:15

Coffee Break

For more details visit https://cis-india.org/internet-governance/blog/cis-contributes-to-the-research-and-advisory-group-of-the-global-commission-on-the-stability-of-cyberspace-gcsc

Digital Native: The bigger picture

nishant — 2018-08-01T00:11:57Z

For all our sleek machines, we are slaves to the much larger Internet of Things.

The article was published in Indian Express on July 1, 2018.

There was a time, at the turn of the millennium, when we were trying to cope with the fact that we live with sapient technologies. It was new, to be thinking of cohabitation with things that speak, interact, listen, and act in tandem with us. I still remember the time when the first pagers and cellphones arrived — how difficult it was for people to figure out the social etiquette for living with these devices.

From those early days, we have come a long way. Digital things are everywhere — and we talk to them everywhere and everywhen. On a regular day, our phones are on our dining tables, our devices are buzzing with notifications silently in our pockets, and they are guiding us in our everyday practices. They are not just bringing us information but also listening to us, pre-empting our moves, doing things that we have not even imagined yet. Living with technologies is old — the new normal is living in technologies.

I was recently reminded by a research team that the cars we drive are giant super-computers with engines. That a new car on the roads has more computational processing power than the land-rover on Mars. Our cars are indeed computing devices and we sit in them, depending on a variety of computational processes to keep us safe, as we are hurled at high speeds ahead. Our smart homes, too, are slowly becoming sapient surfaces with specific functions. Microwaves that remember meal times, coffee machines that sense our proximity and start brewing or refrigerators that keep track of our expired food — they are all very basic computing devices that we are already used to.

However, our life is not just with the devices but the immense networks of other devices that they connect with. I got reminded of this very starkly on a recent trip to India, when I realised that the SIM card that I had bought the last time has been deactivated for non-use. At the same time, procuring a new SIM was going to need patience, time and Aadhaar authentication, which won’t happen at the airport. Additionally, there were no wifi hotspots to use in the middle of the night. Thus started the longest night of my life. In that four-hour digital blackout, I found myself thinking of my condition as a state of disconnectedness, of paralysis. I was surrounded by my two phones (don’t ask), my iPad, my laptop, and, armed to the teeth with charging cords and power-banks. Yet, none of them were of any use.

Once disconnected from the cloud that caters to my entertainment and the services that keep me talking, it was as if all my devices were useless. I scrolled through multiple screens and then gave up, resigning myself to looking at others with data, with malignant longing. It was with great shock that I realised that my devices are only gateway machines. Despite all the money and effort I have spent in selecting specific hardware combinations and care equipment, without their capacity to speak to other machines-servers, controllers, nodes — they are almost entirely pointless.

So used am I to instant interaction, reciprocation and feedback with my devices, I forgot that I am actually in conversation with an Internet of Things that far exceeds my immediate intimacy with my personalised screen. Somewhere in there is a powerful reminder of why data protection and security are so critical, but also fragile in the connected Web. Because we can do almost anything that we like to keep our individual devices secure, but the large networks that give them life and animate them are completely out of our control. In the face of this uncontrollable void, the best we can do is hope that things will be safe. And that illusion is not going to last long — in these moments of disconnection, one realises it. Thankfully, before the head got filled with the dark side of digital connectivity, I chanced upon an old movie I had saved on my laptop to show in a class once. It was Wall-E. I decided to just watch that film about a world where the only live thing was a robot, and in some strange way, found it very comforting.

For more details visit https://cis-india.org/raw/indian-express-july-1-2018-nishant-shah-digital-native-bigger-picture