We are anonymous, we are legion

Facebook launches India tech scholars programme for law students

praskrishna — 2021-06-26T04:55:39Z

Facebook India on Friday announced a new initiative - the Facebook India Tech Scholars (FITS) programme - for law students in the country.

The article was published in the Times of India on June 4, 2021.

The novel programme aims to provide students from select leading law schools in the country a platform for research and mentorship on topics related to technology law and policy.

The first edition, the FITS programme 2021-2022, will offer eight law students an opportunity to work on a research project with leading Indian thinktanks who will also extend mentorship support to the students. It will be open to 4th and 5th year students from the National Law School of India University, Bengaluru, the WB National University of Juridical Sciences, Kolkata, the National Law University, Delhi, and the National Law University, Jodhpur.

"With rapid advancements in technology and the evolution of technology law and policy in India, the programme is designed to encourage students to develop an independent voice on pressing topics that will have a bearing on future policy discussions in this area," the social networking giant said in a statement.

"We hope to expand the FITS programme to more students in coming years," it added.

The FITS programme 2021-2022 will see the Centre for Internet and Society, the Observer Research Foundation, the Carnegie Endowment for International Peace India, and the Software Freedom Law Center participating as mentoring institutions. Facebook is also guided by an experienced and expert Advisory Committee for the duration of the programme. Shardul Amarchand Mangaldas & Co. will be a knowledge partner.

Applications will close on June 20. The FITS programme will run for a period of nine months, commencing in Summer 2021.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-june-4-2021-facebook-launches-india-tech-scholars-programme-for-law-students

No such rule, but many vaccination centres are insisting on Aadhaar as proof

Sreedevi Jayarajan — 2021-06-26T04:43:13Z

Radhika Radhakrishnan saw three words swimming before her as she inched closer to the hospital lobby.

The blog post by Sreedevi Jayarajan was published in the News Minute on June 4, 2021. Pranesh Prakash was quoted.

The words were written on a white board inside the private hospital she had visited in Bengaluru on May 21, three weeks after the Union Government opened up COVID-19 vaccinations for the 18+ category after online registration. “I had booked a vaccine slot and visited the hospital and the words on the board read ‘Aadhaar is mandatory’, along with other dos and don’ts of the vaccination process that the hospital followed,” she tells TNM. On the morning of her vaccination date, Radhika had registered on the Union Health Ministry’s CoWin portal for a vaccine slot in the 18+ age group. She had given her PAN number when the portal asked for a government ID proof. The appointment slip on CoWin also showed her PAN, she says.

But on the day of vaccination, authorities at the private hospital refused to accept her PAN card. Radhika says that they insisted on her Aadhaar number in order to authenticate her vaccination appointment, despite her telling them that it is illegal to demand her Aadhar card. “The hospital authorities told me that they only used Aadhaar cards to register people for vaccination or authenticate CoWin appointments. They said that if I did not want to give my Aadhaar number, I would have to wait a few more hours for them to figure out a different process,” she tells TNM. By this time, Radhika had already waited three hours in the hospital queue.

Bengaluru-based journalist Biswak* too recounts a similar experience at a government run vaccination centre he had visited on May 5. The 25-year-old had registered on CoWin using his Driving License, one of five government ID proofs that the Health Ministry portal accepts for booking vaccination slots. But at the centre, Biswak says that the officials insisted on his Aadhaar number. “Thankfully I had the number despite not carrying my card. I got vaccinated and the vaccination certificate issued on my CoWin account showed the last four digits of my Aadhaar, and did not mention my driving license which was my ID proof of choice,” he says.

TNM got in touch with several people from Tamil Nadu and Karnataka among other states who confirmed that their vaccination centres refused to accept any other ID proof, and insisted on Aadhaar. This despite the Union government not making Aadhaar mandatory for CoWin registration, for on-the-spot registrations, and even for authentication of appointments at vaccination centres.

Co-Win does not insist on Aadhaar

A quick look at the CoWin portal will tell you that you can register with any of six government ID proofs other than your Aadhaar card. These are Driving License, PAN card, Passport, Pension Passbook, NPR Smart Card and Voter ID (EPIC). To the vaccine centres, registered citizens should carry the very same ID proof they have used to register on the Co-Win portal, along with a printout or screenshot of their appointment slip. This means, if a person has registered on the portal using an Aadhaar card, the vaccination centre will ask for the same for authentication.

Once vaccinated, citizens get a certificate with their vaccination status (one dose or fully vaccinated) on their phones. This certificate contains the person’s name, age, type of vaccine (Covishield or Covaxin) and the last four digits of the ID proof used for registration.

While Radhika and Biswak say that their appointment slips had their PAN and Driving License numbers respectively, after they were coerced to give their Aadhaar numbers, the vaccination certificate on the Co-Win portal showed their Aadhaar number. “This means that they have forced me to give my Aadhaar number and then used this, despite me giving a different ID proof,” Radhika says. Multiple private hospitals in Chennai too currently insist on Aadhaar card for vaccinations, while Tamil Nadu government maintains that Aadhaar is not mandatory.

TNM spoke to a senior official in the Revenue and Finance Department of the Greater Chennai Corporation who confirmed that centres, both private and government, did not have the right to demand Aadhaar for vaccination. “There is no such rule that Aadhaar has to be submitted by citizens. In fact, the Co-Win portal also has a section to register those who have no ID proof, i.e homeless persons or those from marginalised sections. The portal finds another way to register these people. So insisting on an Aadhaar number is out of the question,” he says. In the neighbouring state of Kerala, the government recently announced that persons who had to travel abroad for various reasons should register on the government portal only using their passports. This, so that their vaccination certificate would generate their passport number as ID proof.

A matter of convenience?

In the absence of a law which mandates Aadhaar to be used for the purpose of universal COVID-19 vaccination, there is no legal basis for hospitals and vaccination centres to insist on Aadhaar numbers to vaccinate people. “Unlike a law passed by the Union government which makes it compulsory for your PAN to be linked to your Aadhaar, there is no law which the government has passed to make Aadhaar compulsory for vaccination. The Union government does, however, have the legislative competence to pass such a law. Which means that if they want to make Aadhaar mandatory for vaccination, they can. So far they have not. And therefore, nobody has the right to demand Aadhaar to vaccinate people,” says Pranesh Prakash of the Centre for Internet and Society.

However, it could be a matter of convenience for hospitals to use one type of ID proof, to be able to streamline their data entry process. “As (I believe) Aadhaar is the most widespread ID card in the country right now, when compared to other ID proofs, it makes it simple for vaccination centres to ask for Aadhaar numbers and key this in," Pranesh adds.

To a query that TNM posted on Twitter, we got varied responses from people. While many said that the centres did not insist on a particular ID card, many others said they had to give their Aadhaar. The insistence for Aadhaar by vaccination centres, both private and government, seems to be random, with no proper pattern or rule in place.

System does not support other ID proofs?

From Radhika’s experience, the hospital she visited for vaccination could not support any other ID proof, as they, in their own words “followed a system of using just Aadhaar cards”. This indirectly coerces unwilling citizens to part with their Aadhaar details, and offers no choice for those who registered with other ID proofs.

“I had to finally give my Aadhaar number but it said that there was a mismatch. Later we found out that my name on my PAN was a bit different from the name on my Aadhaar card. Since I had used the PAN to register on Co-Win, the portal could not authenticate me with the Aadhaar number. Finally I had to re-register on the spot and give a different phone number as the phone number I had given was already linked to my Aadhaar and PAN,” she says, adding that all of this could have been avoided if the hospital had accepted her PAN in the first place.

However, a private hospital that has been doing vaccinations in many places across India told TNM that they had no instructions from the state or Union government to use only Aadhaar and claimed that they only asked for Aadhaar if the person had used it during registration. However, many people who responded to TNM named this private hospital and many others too as those insisting on Aadhaar as proof.

For more details visit https://cis-india.org/internet-governance/news/the-news-minute-june-4-2021-sreedevi-jayarajan-no-such-rule-but-many-vaccination-centres-are-insisting-on-aadhaar-as-proof

On the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Torsha Sarkar, Gurshabad Grover, Raghav Ahooja, Pallavi Bedi and Divyank Katira — 2021-06-21T11:52:39Z

This note examines the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The analysis is consistent with previous work carried out by CIS on issues of intermediary liability and freedom of expression.

On 25 February 2021, the Ministry of Electronics and Information Technology (Meity) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (hereinafter, ‘the rules’). In this note, we examine whether the rules meet the tests of constitutionality under Indian jurisprudence, whether they are consistent with the parent Act, and discuss potential benefits and harms that may arise from the rules as they are currently framed. Further, we make some recommendations to amend the rules so that they stay in constitutional bounds, and are consistent with a human rights based approach to content regulation. Please note that we cover some of the issues that CIS has already highlighted in comments on previous versions of the rules.

The note can be downloaded here.

For more details visit https://cis-india.org/internet-governance/blog/on-the-legality-and-constitutionality-of-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021

New rules leave social media users vulnerable: Experts

Krupa Joseph — 2021-06-14T11:27:53Z

They analyse the implications of the government vs Twitter controversy on individual privacy

The article by Krupa Joseph was published in the Deccan Herald on 10 June 2021. Torsha Sarkar has been quoted.

The government had notified the changes on February 25, and allowed social media companies three months to comply. Twitter and WhatsApp had then separately approached the Delhi High Court against the new regulations, fearing they could compromise user privacy.

On Monday, the court gave Twitter three weeks to file a response to the government’s charge that it had not appointed a grievance officer as claimed.

Vague rules

Karthik Srinivasan, communications consultant, who uses his blog Beast of Traal to comment on social media, says the new rules are “vague and open-ended”.

“Coupled with the fact that we still do not have a data protection law, the rules could be severely misused both by government and private entities,” he says.

Users are particularly vulnerable in a country where anything and everything offends a lot of people, he says.

Law overreach

Torsha Sarkar, researcher with the Centre for Internet and Society, says the rules introduce additional obligations for social media platforms and classify intermediaries.

“Intermediaries with over five million users would have obligations to introduce traceability, instal automated filtering, provide detailed grievance redressal mechanisms, and publish compliance reports detailing action taken on takedown orders,” she says.

While some of these obligations are similar to those laid down internationally, some alterations are causing concern. The traceability requirement, for example, is highly contentious as it would erode user privacy.

“It is also concerning that the user threshold, for a country like India, with such vast Internet usage, is set at a very low level. This means that even smaller social media platforms might becompelled to carry out economically crippling obligations,” she explains.

The legislative overreach is seen in how the initial draft , which only covered entities like Twitter and Facebook, now seeks to cover digital news media and content curators like Netfl ixand Hulu, she says.

Stretching the scope of the legislation this way is undemocratic since it was not subject to any public consultation, she notes.

Case in High Court

Mishi Choudhary, technology lawyer and founder of SFLC.in, a legal services organisation specialising in law, technology and policy, says the IT rules notified by the government are unconstitutional. “In the garb of addressing misinformation and regulating technology companies, the government has been exceeding the powers granted through subordinate legislation and using it for political purposes,” she says. It is on these grounds that the Free and Open Source Software community has challenged the new rules in the Kerala High Court. “Technology companies need regulation but not at the expense of user rights,” she says.

Congress ‘toolkit’ row

A few weeks after social media platforms were asked to take down posts critical of thegovernment’s management of India’s Covid-19 crisis, Twitter once again found itself at thereceiving end. Last week, Twitter labelled a tweet by BJP leader Sambit Patra, accusing theCongress of working with a ‘toolkit, as ‘manipulated media’. Twitter says it gives the label totweets that include media (videos, audio, and images) that are “deceptively altered orfabricated”. The Delhi police then sent a notice to Twitter in connection and asked the micro-blogging site to explain the reasons for assigning the tag. The police also conducted raids onTwitter offices in India. Things escalated when Twitter said the government was intimidating it. The government hit back saying law-making was its privileges, and Twitter, being a social media platform, should not dictate legal policy framework.

New rules

Under the new IT rules, social media companies like Facebook, WhatsApp and Twitter will be responsible for identifying the originator of a flagged message within 36 hours. They also have to appoint a chief compliance officer, a nodal contact person and a resident grievance officer. Failing to comply with these rules would cause the platforms to lose their status as intermediaries, and make them liable for whatever is posted on their platforms.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-krupa-joseph-june-10-2021-new-rules-leave-social-media-users-vulnerable

Beyond Public Squares, Dumb Conduits, and Gatekeepers: The Need for a New Legal Metaphor for Social Media

amber — 2021-05-31T10:23:36Z

In the past few years, social networking sites have come to play a central role in intermediating the public’s access to and deliberation of information critical to a thriving democracy. In stark contrast to early utopian visions which imagined that the internet would create a more informed public, facilitate citizen-led engagement, and democratize media, what we see now is the growing association of social media platforms with political polarization and the entrenchment of racism, homophobia, and xenophobia.

There is a dire need to think of regulatory strategies that look beyond the ‘dumb conduit’ metaphors that justify safe harbor protection to social networking sites. Alongside, it is also important to critically analyze the outcomes of regulatory steps such that they do not adversely impact free speech and privacy. By surveying the potential analogies of company towns, common carriers, and editorial functions, this essay provides a blueprint for how we may envision differentiated intermediary liability rules to govern social networking sites in a responsive manner.

Introduction

Only months after Donald Trump’s 2016 election victory — a feat mired in controversy over alleged Russian interference using social media, specifically Facebook — Mark Zuckerberg remarked that his company has grown to serve a role more akin to government, rather than a corporation. Zuckerberg argued that Facebook was responsible for creating guidelines and rules that governed the exchange of ideas of over two billion people online. Another way to look at the same argument is to acknowledge that, today, a quarter of the world’s population (and of India) are subject to the laws of Facebook’s terms and conditions and privacy policies, and public discourse around the globe is shaped within the constraints and conditions they create. Social media platforms, like Facebook, wield hitherto unimaginable power to catalyze public opinions, causing a particular narrative to gather steam — that Big Tech can pose an existential threat to democracy.

This, of course, is in absolute contrast to the early utopian visions which imagined that the internet would create a more informed public, facilitate citizen-led engagement, and democratize media. Instead, what we see now is the growing association of social media platforms with political polarization and the entrenchment of racism, homophobia, and xenophobia. The regulation of social networking sites has emerged as one of the most important and complex policy problems of this time. In this essay, I will explore the inefficacy of the existing regulatory framework, and provide a blueprint for how to think of appropriate regulatory metaphors to revisit it.

Click on to read the article published by IT for Change
Download the PDF (34,328 Kb) to read the full article, pages 126 - 138.

For more details visit https://cis-india.org/internet-governance/blog/it-for-change-amber-sinha-beyond-public-squares-dumb-conduits-and-gatekeepers

Beyond Public Squares, Dumb Conduits, and Gatekeepers: The Need for a New Legal Metaphor for Social Media

amber — 2021-05-31T10:19:33Z

For more details visit https://cis-india.org/internet-governance/files/beyond-public-squares-dumb-conduits-and-gatekeepers.pdf

Regulating Sexist Online Harassment as a Form of Censorship

amber — 2021-05-31T09:56:31Z

This paper is part of a series under IT for Change’s project, Recognize, Resist, Remedy: Combating Sexist Hate Speech Online. The series, titled Rethinking Legal-Institutional Approaches to Sexist Hate Speech in India, aims to create a space for civil society actors to proactively engage in the remaking of online governance, bringing together inputs from legal scholars, practitioners, and activists. The papers reflect upon the issue of online sexism and misogyny, proposing recommendations for appropriate legal-institutional responses. The series is funded by EdelGive Foundation, India and International Development Research Centre, Canada.

Introduction

The proliferation of internet use was expected to facilitate greater online participation of women and other marginalised groups. However, over the past few years, as more and more people have come online, it is evident that social power in online spaces mirrors offline hierarchies. While identity and security thefts may be universal experiences, women and the LGBTQ+ community continue to face barriers to safety that men often do not, aside from structural barriers to access. Sexist harassment pervades the online experience of women, be it on dating sites, online forums, or social media.

In her book, Twitter and Tear Gas: The Power and Fragility of Networked Protest, Zeynep Tufekci argues that the nature and impact of censorship on social media are very different. Earlier, censorship was enacted by restricting speech. But now, it also works in the form of organised harassment campaigns, which use the qualities of viral outrage to impose a disproportionate cost on the very act of speaking out. Therefore, censorship plays out not merely in the form of the removal of speech but through disinformation and hate speech campaigns.

In most cases, this censorship of content does not necessarily meet the threshold of hate speech, and free speech advocates have traditionally argued for counter speech as the most effective response to such speech acts. However, the structural and organised nature of harassment and extreme speech often renders counter speech ineffective. This paper will explore the nature of online sexist hate and extreme speech as a mode of censorship. Online sexualised harassment takes various forms including doxxing, cyberbullying, stalking, identity theft, incitement to violence, etc. While there are some regulatory mechanisms – either in law, or in the form of community guidelines that address them, this paper argues for the need to evolve a composite framework that looks at the impact of such censorious acts on online speech and regulatory strategies to address them.

Click on to read the full text [PDF; 495 Kb]

For more details visit https://cis-india.org/internet-governance/blog/it-for-change-amber-sinha-regulating-sexist-online-harassment

Regulating Sexist Online Harassment: A Model of Online Harassment as a Form of Censorship

amber — 2021-05-31T09:39:14Z

For more details visit https://cis-india.org/internet-governance/files/it-for-change-february-2021-amber-sinha-regulating-sexist-online-harassment.pdf

Women on Covid lists get lewd calls and messages

praskrishna — 2021-05-24T06:35:20Z

Perverts are eating into precious time in the middle of a pandemic and adding to the overall anxiety.

Women are getting lewd calls and messages when they share their phone numbers to seek and offer pandemic-related help.

On April 15, Shasvathi Siva tweeted about how her number, shared on blood donation and social media groups, received obscene photos and video calls from strangers.

When she spoke about the harassment on Instagram, she ended up receiving more abuse from men.

With the second wave of the pandemic raging, many patients and families are turning to social media to search for medicines, oxygen, and even hospital beds.

Ambika Tandon, senior researcher, Centre for Internet and Society, says, “There are many stories of how prominent and outspoken women like journalists and activists have received hate speech and messages threatening violence.” What is shocking, she says, is not the harassment, but that it is not stopping even during a medical emergency.

Click to read the complete coverage in Deccan Herald on May 21, 2022.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-may-21-2021-krupa-joseph-women-on-covid-lists-get-lewd-calls-and-messages

Comments and recommendations to the Guidelines for “Influencer Advertising on Digital Media”

Torsha Sarkar and Shweta Mohandas — 2021-04-05T09:58:12Z

In February, the Advertising Standards Council of India (ASCI) had issued draft rules for regulation of digital influencers, with an aim to "understand the peculiarities of [online] advertisements and the way consumers view them", as well as to ensure that: "consumers must be able to distinguish when something is being promoted with an intention to influence their opinion or behaviour for an immediate or eventual commercial gain". In lieu of this, we presented our responses.

The authors would like to thank Merrin Muhammed for research assistance, and Pranav MB for editorial assistance.

Introduction

The Centre for Internet and Society (CIS) is a non-profit research organisation that works extensively on policy issues relating to privacy, freedom of expression, accessibility for persons with diverse abilities, access to knowledge, intellectual property rights and openness. In the past, CIS has also engaged with and contributed to an extensive body of work in India, concerning intermediary liability, regulation of social media and platform governance. The research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

Please find below our recommendations for the Guidelines for "Influencer advertising on digital media" [“the Guidelines”]. The first section summarizes a few of our specific comments and concerns with the Guidelines, while the second section brings up a few other general observations that the ASCI ought to take into account. CIS is grateful for the opportunity to submit its views.

High-level comments

Operation of these Guidelines vis-a-vis the Consumer Protection Act, 2019

The Consumer Protection Act, 2019 [“the Act”], makes provisions for regulating ‘advertisements’ and ‘endorsements.’ For instance, section 2(1) of the Act defines advertisements as:

“[...] any audio or visual publicity, representation, endorsement or pronouncement made by means of light, sound, smoke, gas, print, electronic media, internet or website and includes any notice, circular, label, wrapper, invoice or such other documents;”

Further, section 2(18) of the Act defines endorsement, in relation to an advertisement as:

“[...] (i) any message, verbal statement, demonstration; or

(ii) depiction of the name, signature, likeness or other identifiable personal characteristics of an individual; or

(iii) depiction of the name or seal of any institution or organisation,

which makes the consumer to believe that it reflects the opinion, finding or experience of the person making such endorsement.”

Additionally the Central Consumer Protection Authority (CCPA) is vested with the power to conduct investigations in instances of false or misleading advertisements, order discontinuation or modification of advertisements, and impose penalties.

We believe these provisions are expansive enough to cover those aspects of influencer advertising that the ASCI is intending to regulate. In light of this, it is important for the ASCI to clarify how the Complaints Procedure set up in the original ‘The Code for Self Regulation’ would operate vis-a-vis the power of the CCPA.

Proposed Guidelines

Definition

More specific definitions for Digital Media

While it is commendable that the Guidelines identify a multitude of entities and services to encompass the definition for ‘Digital Media,’ we must highlight that these definitions are currently ambiguous. For instance, the Guidelines do not make it clear what Near Video on Demand, Subscription Video on Demand, Pay Per View, etc. are. These are pertinent details that would help consumers identify the nature of the viewed content, as well as allow influencers and brands to make clearer advertisement decisions.

Additionally, in light of the notification of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 [“the 2021 rules”], which encompass online curated content providers (OCCPs), it is important for the Guidelines to clarify the relationship between its identified Digital Media entities and the OCCPs under the relevant law. While we recognize that the obligations for the different entities under the Guidelines and the 2021 rules are distinct, the lack of clarification might lead to a confusing ecosystem of regulatory obligations for entities that can be assuaged at this stage.

Influencer

The Guidelines define “Influencers” as “someone who has access to an audience and the power to affect their audience's purchasing decisions or opinions about a product, service, brand or experience, because of the influencer's authority, knowledge, position, or relationship with their audience, An influencer can intervene in an editorial context or in collaboration with a brand to publish content.” Although this definition is all encompassing, it could lead to confusion among users of social media on the matter of whether they are Influencers or not, since the Guidelines don’t mention any specific audience thresholds that serve as a prerequisite for qualifying under the Guidelines. The confusion also extends to the existing definition of “Celebrities” under the ASCI Guidelines For Celebrities In Advertising.

The Guidelines For Celebrities In Advertising state that:

“Celebrities” are defined as famous and well-known people who are from the field of Entertainment and Sports and would also include other famous and well-known personalities like Doctors, Authors, Activists, Educationists, etc. who get compensated for appearing in advertising.

The definition is substantiated by an endnote which states that a celebrity is one who is

“*Compensated Rs. 20 lakhs or above as per current limit for appearing in a single advertisement or a campaign or per year, whichever is more AND / OR is listed in top 100 celebrities as per any one of the current and immediate past list of Forbes or the Times or Celebrity track report of Hansa Research or any such list which is intended to be indicative and not exhaustive.”

We believe that a more clearer definition of “Influencers” similar to the definition of “Celebrities” in the Guidelines with markers such as verification, number of followers, income from posts per year etc., could be used to highlight who these Guidelines apply to. This will benefit the Influencer, the user, and the complaint handling authority.

Details of specific media channels

In the chapter ‘Ready reckoner for specific media channels,’ the Guidelines mention a catalogue of places and instances where such disclosure ought to be made, for specific media channels. While the Guidelines mention the exact details for Facebook, and Instagram (including reels, stories, etc.), these details are missing for some of the other media channels mentioned, including Twitter, Pinterest, and Snapchat.

For Twitter, the Guidelines state: “Include the disclosure label or tag at the beginning of the body of the message as a tag.” Similar directions are given for promotions to be done via Pinterest. and Snapchat, where the disclosure is ought to be in the ‘message.’ However, the main method of communication on all these platforms is via other methods, and not ‘messages.’ Since this direction does not clarify where the disclosure ought to be, it has the potential to create confusion for both influencers, and brands on how best to comply with the Guidelines. Hence, we believe that the Guidelines should be updated to reflect the exact specifications of the media channels, and the places where the disclosures ought to be made.

Other Comments

The need for some guidelines on advertisements directed at children

It is estimated that as of February 2021, 10.6 percent of Instagram users in India are from the age group of 13-17 years. Hence there is a need to look at responsible advertising as well as think of the products that the influencers advertise. Additionally, a large number of influencers’ posts are targeted at children and teenagers, which increases their responsibility connected to advertisements. The draft Personal Data Protection Bill, 2019 prohibits guardian data fiduciaries, i.e. data fiduciaries who operate commercial websites, or online services directed at children (or process large volumes of personal data of children) from profiling, tracking, or behavioural monitoring of, or targeted advertising directed at, children and undertaking any other processing of personal data that can cause significant harm to the child. Though this is a good move, the obligation to not target advertisements at children is not extended to all data fiduciaries. While we do understand that it is difficult to gauge which posts are being viewed by children, the Guidelines could recommend that the Influencers who are aware of their main demographic being children, or teenagers, must take more care in the products they endorse, and take greater care to make the children aware that the post they are sharing is an advertisement.

Additionally we suggest that based on the control that the brands have in terms of content and decision making, and choose the influencer they want to engage with the brands could also ensure the correct audience for their product. Hencer along with the influencer the brand should also take care to ensure who the influencers main demographic are and see if the product is suited for that age group.

A PDF version of this response can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/comments-and-recommendations-to-the-guidelines-for-201cinfluencer-advertising-on-digital-media201d

New intermediary guidelines: The good and the bad

TorShark — 2021-03-15T13:52:46Z

In pursuance of the government releasing the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, this blogpost offers a quick rundown of some of the changes brought about the Rules, and how they line up with existing principles of best practices in content moderation, among others.

This article originally appeared in the Down to Earth magazine. Reposted with permission.

-------

The Government of India notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The operation of these rules would be in supersession of the existing intermediary liability rules under the Information Technology (IT) Act, made back in 2011.

These IL rules would have a significant impact on our relationships with internet ‘intermediaries’, i.e. gatekeepers and getaways to the internet, including social media platforms, communication and messaging channels.

The rules also make a bid to include entities that have not traditionally been considered ‘intermediaries’ within the law, including curated-content platforms such as Netflix and Amazon Prime as well as digital news publications.

These rules are a significant step-up from the draft version of the amendments floated by the Union government two years ago; in this period, the relationship between the government around the world and major intermediaries changed significantly.

The insistence of these entities in the past, that they are not ‘arbiters of truth’, for instance, has not always held water in their own decision-makings.

Both Twitter and Facebook, for instance, have locked the former United States president Donald Trump out of their platforms. Twitter has also resisted to fully comply with government censorship requests in India, spilling into an interesting policy tussle between the two entities. It is in the context of these changes, therefore, that we must we consider the new rules.

What changed for the good?

One of the immediate standouts of these rules is in the more granular way in which it aims to approach the problem of intermediary regulation. The previous draft — and in general the entirety of the law — had continued to treat ‘intermediaries’ as a monolithic entity, entirely definable by section 2(w) of the IT Act, which in turn derived much of its legal language from the EU E-commerce Directive of 2000.

Intermediaries in the directive were treated more like ‘simple conduits’ or dumb, passive carriers who did not play any active role in the content. While that might have been the truth of the internet when these laws and rules were first enacted, the internet today looks much different.

Not only is there a diversification of services offered by these intermediaries, there’s also a significant issue of scale, wielded by a few select players, either by centralisation or by the sheer number of user bases. A broad, general mandate would, therefore, miss out on many of these nuances, leading to imperfect regulatory outcomes.

The new rules, therefore, envisage three types of entities:

There are the ‘intermediaries’ within the traditional, section 2(w) meaning of the IT Act. This would be the broad umbrella term for all entities that would fall within the ambit of the rules.
There are the ‘social media intermediaries’ (SMI), as entities, which enable online interaction between two or more users.
The rules identify ‘significant social media intermediaries’ (SSMI), which would mean entities with user-thresholds as notified by the Central Government.

The levels of obligations vary based on these hierarchies of classification. For instance, an SSMI would be obligated with a much higher standard of transparency and accountability towards their users. They would have to fulfill by publishing six-monthly transparency reports, where they have to outline how they dealt with requests for content removal, how they deployed automated tools to filter content, and so on.

I have previously argued how transparency reports, when done well, are an excellent way of understanding the breadth of government and social media censorships. Legally mandating this is then perhaps a step in the right direction.

Some other requirements under this transparency principle include giving notice to users whose content has been disabled, allowing them to contest such removal, etc.

One of the other rules from the older draft that had raised a significant amount of concern was the proactive filtering mandate, where intermediaries were liable to basically filter for all unlawful content. This was problematic on two counts:

Developments in machine learning technologies are simply not up there to make this a possibility, which would mean that there would always be a chance that legitimate and legal content would get censored, leading to general chilling effect on digital expression
The technical and financial burden this would impose on intermediaries would have impacted the competition in the market.

The new rules seemed to have lessened this burden, by first, reducing it from being mandatory to being best endeavour-basis; and second, by reducing the ambit of ‘unlawful content’ to only include content depicting sexual abuse, child sexual abuse imagery (CSAM) and duplicating to already disabled / removed content.

This specificity would be useful for better deployment of such technologies, since previous research has shown that it’s considerably easier to train a machine learning tool on corpus of CSAM or abuse, rather than on more contextual, subjective matters such as hate speech.

What should go?

That being said, it is concerning that the new rules choose to bring online curated content platforms (OCCPs) within the ambit of the law by proposals of a three-tiered self-regulatory body and schedules outlining guidelines about the rating system these entities should deploy.

In the last two years, several attempts have been made by the Internet and Mobile Association of India (IAMAI), an industry body consisting of representatives of these OCCPs, to bring about a self-regulatory code that fills in the supposed regulatory gap in the Indian law.

It is not known if these stakeholders were consulted before the enactment of these provisions. Some of this framework would also apply to publishers of digital news portals.

Noticeably, this entire chapter was also missing from the old draft, and introducing it in the final form of the law without due public consultations is problematic.

Part III and onwards of the rules, which broadly deal with the regulation of these entities, therefore, should be put on hold and opened up for a period of public and stakeholder consultations to adhere to the true spirit of democratic participation.

The author would like to thank Gurshabad Grover for his editorial suggestions.

For more details visit https://cis-india.org/internet-governance/blog/new-intermediary-guidelines-the-good-and-the-bad

Response to the Pegasus Questionnaire issued by the SC Technical Committee

Anamika Kundu, Digvijay, Arindrajit Basu, Shweta Mohandas and Pallavi Bedi — 2022-04-13T14:45:41Z

On March 25, 2022, the Supreme Court appointed Technical Committee constituted to examine the allegations of alleged unauthorised surveillance using the Pegasus software released a questionnaire seeking responses and comments from the general public.

The questionnaire had 11 questions and the responses had to be submitted through an online form- which was available here. The last date for submitting the response was March 31, 2022. CIS had submitted the following responses to the questions in the questionnaire. Access the Response to the Questionnaire

For more details visit https://cis-india.org/internet-governance/blog/response-to-pegasus-questionnaire-issued-by-sc-technical-committee

CIS Seminar Series

Cheshta Arora — 2022-04-11T15:19:11Z

The CIS seminar series will be a venue for researchers to share works-in-progress, exchange ideas, identify avenues for collaboration, and curate research. We also seek to mitigate the impact of Covid-19 on research exchange, and foster collaborations among researchers and academics from diverse geographies. Every quarter we will be hosting a remote seminar with presentations, discussions and debate on a thematic area.

The first seminar series was held on 7th and 8th October on the theme of ‘Information Disorder: Mis-, Dis- and Malinformation’,

Theme for the Second Seminar (to be held online)

Moderating Data, Moderating Lives: Debating visions of (automated) content moderation in the contemporary

Artificial Intelligence (AI) and Machine Learning (ML) based approaches have become increasingly popular as “solutions” to curb the extent of mis-, dis- mal-information, hate speech, online violence and harassment on social media. The pandemic and the ensuing work from home policy forced many platforms to shift to automated moderation which further highlighted the inefficacy of existing models (Gillespie, 2020) to deal with the surge in misinformation and harassment. These efforts, however, raise a range of interrelated concerns such as freedom and regulation of speech on the privately public sphere of social media platforms; algorithmic governance, censorship and surveillance; the relation between virality, hate, algorithmic design and profits; and social, political and cultural implications of ordering social relations through computational logics of AI/ML.

On one hand, large-scale content moderation approaches (that include automated AI/ML-based approaches) have been deemed “necessary” given the enormity of data generated (Gillespie, 2020), on the other hand, they have been regarded as “technological fixtures” offered by the Silicon Valley (Morozov, 2013), or “tyrannical” as they erode existing democratic measures (Harari, 2018). Alternatively, decolonial, feminist and postcolonial approaches insist on designing AI/ML models that centre voices of those excluded to sustain and further civic spaces on social media (Siapera, 2022).

From the global south perspective, issues around content moderation foreground the hierarchies inbuilt in the existing knowledge infrastructures. First, platforms remain unwilling to moderate content in under-resourced languages of the global south citing technological difficulties. Second, given the scale and reach of social media platforms and inefficient moderation models, the work is outsourced to workers in the global south who are meant to do the dirty work of scavenging content off these platforms for the global north. Such concerns allow us to interrogate the techno-solutionist approaches as well as their critiques situated in the global north. These realities demand that we articulate a different relationship with AI/ML while also being critical of AI/ML as an instrument of social empowerment for those at the “bottom of the pyramid” (Arora, 2016).

The seminar invites scholars interested in articulating nuanced responses to content moderation that take into account the harms perpetrated by algorithmic governance of social relations and irresponsible intermediaries while being cognizant of the harmful effects of mis-, dis- mal-information, hate speech, online violence and harassment on social media.

We invite abstract submissions that respond to these complexities vis-a-vis content moderation models or propose provocations regarding automated moderation models and their in/efficacy in furthering egalitarian relationships on social media, especially in the global south.

Submissions can reflect on the following themes using legal, policy, social, cultural and political approaches. Also, the list is not exhaustive and abstracts addressing other ancillary concerns are most welcome:

Metaphors of (content) moderation: mediating utopia, dystopia, scepticism surrounding AI/ML approaches to moderation.
From toxic to healthy, from purity to impurity: Interrogating gendered, racist, colonial tropes used to legitimize content moderation
Negotiating the link between content moderation, censorship and surveillance in the global south
Whose values decide what is and is not harmful?
Challenges of building moderation models for under resourced languages.
Content moderation, algorithmic governance and social relations.
Communicating algorithmic governance on social media to the not so “tech-savvy” among us.
Speculative horizons of content moderation and the future of social relations on the internet.
Scavenging abuse on social media: Immaterial/invisible labour for making for-profit platforms safer to use.
Do different platforms moderate differently? Interrogating content moderation on diverse social media platforms, and multimedia content.
What should and should not be automated? Understanding prevalence of irony, sarcasm, humour, explicit language as counterspeech.
Maybe we should not automate: Alternative, bottom-up approaches to content moderation

Seminar Format

We are happy to welcome abstracts for one of two tracks:

Working paper presentation

A working paper presentation would ideally involve a working draft that is presented for about 15 minutes followed by feedback from workshop participants. Abstracts for this track should be 600-800 words in length with clear research questions, methodology, and questions for discussion at the seminar. Ideally, for this track, authors should be able to submit a draft paper two weeks before the conference for circulation to participants.

Coffee-shop conversations

In contrast to the formal paper presentation format, the point of the coffee-shop conversations is to enable an informal space for presentation and discussion of ideas. Simply put, it is an opportunity for researchers to “think out loud” and get feedback on future research agendas. Provocations for this should be 100-150 words containing a short description of the idea you want to discuss.

We will try to accommodate as many abstracts as possible given time constraints. We welcome submissions from students and early career researchers, especially those from under-represented communities.

All discussions will be private and conducted under the Chatham House Rule. Drafts will only be circulated among registered participants.

Please send your abstracts to workshops@cis-india.org.

Timeline

Abstract Submission Deadline: 18th April
Results of Abstract review: 25th April
Full submissions (of draft papers): 25th May
Seminar date: Tentative 31st May

References

Arora, P. (2016). Bottom of the Data Pyramid: Big Data and the Global South. International Journal of Communication, 10 (0), 19.

Gillespie, T. (2020). Content moderation, AI, and the question of scale. Big Data & Society, 7 (2), 2053951720943234. https://doi.org/10.1177/2053951720943234

Harari, Y. N. (2018, August 30). Why Technology Favors Tyranny. The Atlantic. https://www.theatlantic.com/magazine/archive/2018/10/yuval-noah-harari-technology-tyranny/568330/

Morozov, E. (2013). To save everything, click here: The folly of technological solutionism (First edition). PublicAffairs.

Siapera, E. (2022). AI Content Moderation, Racism and (de)Coloniality. International Journal of Bullying Prevention, 4 (1), 55–65. https://doi.org/10.1007/s42380-021-00105-7

For more details visit https://cis-india.org/internet-governance/blog/cis-seminar-series

Pandemic Technology takes its Toll on Data Privacy

Aman Nair and Pallavi Bedi — 2021-06-26T06:52:52Z

The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

The article by Aman Nair and Pallavi Bedi was published in the Deccan Herald on June 13, 2021.

People show Arogya Setu App installed in their phones while travelling by special New Delhi-Bilaspur train from New Delhi Railway Station. Credit: PTI File Photo

Jabalpur: A beneficiary shows his certificate on his mobile phone after receiving COVID-19 vaccine dose, at Gyan Ganga College in Jabalpur, Saturday, May 15, 2021. (PTI Photo)

At a time when technology is spawning smart solutions to combat Covid-19 worldwide, India’s digital response to the pandemic has stoked concerns that surveillance could pose threats to the privacy of the personal data collected. Be it apps or drones, there is widespread criticism that digital tools are being misused to share information without knowledge or consent. At the other end of the spectrum, the great urban-rural digital divide is hampering the already sluggish vaccination drive, exposing vulnerable populations to a fast-mutating virus.

Last year, the Centre, states and municipal corporations launched more than 70 apps relating to Covid-19, demonstrating the country’s digital-driven approach to handling the pandemic. Chief among these was the central government’s contact tracing app Aarogya Setu. Launched under the Digital India programme, the app quickly came under scrutiny over data privacy.

As per its privacy policy, Aarogya Setu collects personal details such as name, age, sex, profession and location. As there is no underlying legislation forming its basis, and in the absence of a personal data protection bill, serious privacy concerns regarding the collection, storage and use of personal data have been raised.

The government has attempted to mitigate these concerns with reassurances that the data will be used solely in tracing the spread of the virus. However, recent reports from the Kulgam district of Jammu and Kashmir point to the sharing of application data with police. This demonstrates how easy it is to use personal data for purposes other than which it was collected, and presents a serious threat to citizen privacy.

Though Aarogya Setu was initially launched as ‘consensual’ and ‘voluntary’, it soon became mandatory for individuals to download the app for various purposes such as air and rail travel (this order was subsequently withdrawn) and for government officials. Initially it was also mandatory for the private sector, but this was later watered down to state that employers should, on a ‘best effort basis', ensure that the app is downloaded by all employees having compatible phones. However, the ‘best effort basis’ soon translated into mandatory imposition for certain individuals, especially those working in the ‘gig economy’.

Several states had also launched apps for various purposes ranging from contact tracing of suspected Covid patients to monitoring the movement of quarantined patients. As a report by the Centre for Internet and Society observed, given the attention on Aarogya Setu, most of the apps launched by the state governments escaped scrutiny and public attention.Most of these apps either did not have a privacy policy or the policy was vague and often did not provide important details such as who was collecting the data, the time period for retaining the data and whether personal data could be shared with other departments, most notably, law enforcement.Apart from contact tracing apps, the pandemic also ushered in a wave of other apps and digital tools by the government. These include systems such as drones to check whether people are following Covid-19 norms and facial recognition cameras to report to the police whether someone has broken quarantine. Similar to Aarogya Setu, these tools have also largely been brought about in the absence of a legal and regulatory framework.
The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

The government is now planning to use facial recognition technology along with Aadhaar toauthenticate people before giving them vaccine shots.

Aarogya Setu is now linked with the vaccination process. Beneficiaries have been provided an option to register through Aarogya Setu. The pandemic has also provided a means for the government to bring in changes to health policies and introduce the National Health Data Management Policy for the creation of a Unique Health Identity Number for citizens.

Vaccination and digital platforms

The use of digital technology has extended to the vaccination process through the deployment of the Covid Vaccine Intelligence Network (Co-WIN) platform.During the first phase of inoculation, beneficiaries were required to register on the Co-WIN app while in the subsequent phases, registration was to be done on the Co-WIN website. The beneficiary is required to upload a photo identity proof.

While Aadhaar has been identified as one of the seven documents that can be uploaded for this, the Health Ministry has clarified that Aadhaar is not mandatory for registration either through Co-WIN or through Aarogya Setu. However, as per media reports, certain vaccination centres still seem to insist on Aadhaar identity even though beneficiaries may have used another identity proof to register on the Co-WIN website.

It is also pertinent to note that the website did not have a privacy policy till the Delhi High Court issued directions on June 2, 2021. The privacy policy hyperlinked on the Co-WIN app directed the user to the Health Data Policy of the National Health Data Management Policy, 2020.

The vaccination drive has been used as a means to push the health identity project forward as beneficiaries who have opted to provide Aadhaar identity proof have also been provided with a health identity number on their vaccination certificate. It is interesting to note that Co-WIN’s privacy policy now states that if the beneficiary uses Aadhaar as identity proof, it can 'opt' to get a Unique Health Id.However, as a recent report revealed, health identity numbers have already been generated for certain beneficiaries without obtaining consent from them for the purpose.

Have the apps been successful?

One could argue that privacy concerns are a worthwhile tradeoffin order to contain the spread of thepandemic. But it is worth examining how successful these technologies have been. In reality, the use of digital technology at every stage of combating the pandemic has clearly highlighted the extent of our digital divide. As per data from TRAI, there are around 750 million Internet subscribers in India,which is only a little more than half of India’s estimated 1.3 billion citizens — with this gap having a significant impact on the efficacy of the government’s strategies. Aarogya Setu has fallen far short of its goal, of having near universal adoption. It has limited adoption in much of the country. This has severely limited its efficacy in tracing the spread of the virus. Research from Maulana Azad Medical College has cited socio-economic inequalities,educational barriers and the lack of smartphone penetration as being the key causes behind the app’s limited success, pointing back to the digital divide. Moreover, the app has also brought with it a host of associated problems including lateral surveillance and function creep caused by the addition of new features. All of which, along with the previously mentioned privacy concerns, have served to hamper public trust and adoption.

A similar situation is seen in the case of vaccination and the Centre’s Co-WIN web portal. The need for registration, first on the Co-WIN app and later on the Co-WIN web portal, has disproportionately affected those who either have no or limited digital access. Many of them belong to vulnerable groups such as migrant and informal sector workers (mainly from disadvantaged castes), LGBTQIA + individuals, sex workers and both urban and rural poor. These issues have also been acknowledged by the Supreme Court, which raised serious concerns about the government being able to achieve its stated object of universal vaccination.

As the inoculation exercise opened up for the 18-45 age group, it increasingly favoured the urban population who possessed the technological and digital literacy to either create or access a host of tools. One need to only look at the wave of automated CO-WIN bots that arose as soon as the vaccination process was expanded to see how these dynamics manifested.

Ultimately, the digital-driven approach that the governments have adopted has resulted in a number of issues — most notably, data privacy and exclusion. Going forward, government strategies must actively account for these factors and ensure that citize rights are adequately protected.

For more details visit https://cis-india.org/internet-governance/blog/deccan-herald-aman-nair-and-pallavi-bedi-june-13-2021-pandemic-technology-takes-its-toll-on-data-privacy

Insult to Kannada shows Google AI in a poor light

Krupa Joseph — 2021-06-26T05:25:38Z

A Google search for ‘the ugliest language in India’ yielded ‘Kannada’ as the answer late last week, causing widespread outrage.

The article by Krupa Joseph was published in Deccan Herald on June 8, 2021. Pranesh Prakash and Shweta Mohandas have been quoted.

Google has since apologised, saying the answer does not reflect its views, but questions still remain about why this happened at all, and who drafted the answer.

“When artificial intelligence gets it wrong, things can go really wrong, says tech entrepreneur,”Hari Prasad Nadig, who has worked on Kannada in free and open source soft ware.“Usually, you would expect Google to give an answer based on citings from multiple sources,and at least one or two credible sources.

Google’s AI should be good enough not to draw answers from opinionated sources,” he says. Google shouldn’t even try to answer prejudiced questions like this in the first place, and the answer shows how flawed it is, he told Metrolife.

“Usually, you would expect Google to give an answer based on citings from multiple sources, and at least one or two credible sources. Google’s AI should be good enough not to draw answers from opinionated sources,” he says. Google shouldn’t even try to answer prejudiced questions like this in the first place, and the answer shows how flawed it is, he told Metrolife.

Fallible process

Pranesh Prakash, Centre for Internet and Society, Bengaluru, says the incident exposes the fallibility of the process by which Google selects its “featured snippets”.

“It is not an opinion that Google or its employees or its algorithms have come up with, but rather an existing opinion that Google wrongly amplified,” he says.It demonstrates that the snippets that Google features as ‘facts’ aren’t necessarily based on facts, he says.

Periodic checks

Shweta Mohandas, researcher with the Center for Internet and Society, says Google does not create content, but only provides content that is available on the Internet.

“Hence, the biases come from the tags, then used to train the AI. There should be periodic checks on the data fed into the system,” she says. Such blunders can be prevented if the tags and results are audited periodically, and a mechanism is put in place to enable people to report them, she says.

Who was upto mischief?

The answer was created on a financial services website whose owners aren’t revealing their names Pavanaja UB, CEO, Vishva Kannada Softech, says the answer was attributed to a website called debt consolidations questions.com — but he was unable to find this post anywhere on the site.“This is a website registered in Russia and it offers questions and answers on many topics. But this particular page could not be found. Maybe it was removed following the outrage,” he says. Pavanaja believes this was a deliberate attempt to upset people. “The website lists no information about the owner and gives no contact details. Even if such a question did exist on the page before, how did it get to the top of the Google search results?” he wonders.

He suggests that someone planted the answer and kept searching for it until it reached the top.“But who would take so much effort?” he says.

Furore and after

‘Kannada’ came up as an answer to a query in Google about ‘the ugliest language in India’.

Aravind Limbavali, minister for Kannada and Culture, demanded an apology from Google, and threatened legal action against the company “for maligning the image of our beautiful language.”

Google removed the answer and issued a statement:

“We know this is not ideal, but we take swift corrective action when we are made aware of an issue and are continually working to improve our algorithms. Naturally, these are not reflective of the opinions of Google, and we apologise for the misunderstanding and hurting any sentiments."

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-june-8-2021-krupa-joseph-insult-to-kannada-shows-google-ai-in-a-poor-light