We are anonymous, we are legion

Quantified identities as a global phenomenon: analyzing the impact of biometric systems in our societies

Admin — 2018-03-01T00:56:20Z

A session by Amber Sinha and Leandro Ucciferri of ADC, Argentina at the Internet Freedom Festival to be held in Valencia, Spain in March has been selected. Amber Sinha will make a presentation.

In the last decade, societies all around the world have seen an exponential growth in the implementation of biometric identification systems, used from the most complex to the most mundane activities that we perform in our daily lives. The research work being carried out by ADC in Argentina, and more broadly in Latin America, allowed us to reach certain observations: In general, public policies related to the use of these types of technologies are carried out with little or no transparency vis-à-vis society; the lack of precise information, which varies country to country, about the technologies and mechanisms being used for the collection, analysis and storage of the biometric data, and the use cases behind such technologies (e.g. the purpose of the data, who will have access to it, if it will be shared and transferred between different public or private bodies); and finally the lack of sufficient legal frameworks to guarantee an adequate treatment of the biometric data collected, both by the State and the private sector.

Additionally, the research by CIS in India and other jurisdictions in Asia shows that biometric identification systems are being portrayed as critical to the use of online services such as e-governance or e-commerce platforms, and facilitates the generation of enormous amounts of transactional data. In India, the biometric identity is envisioned as a ‘cradle to grave’ identity. This unique identifier is key to the integration of different government and private sector databases and poses serious risks of profiling, function creep, lack of accountability and regulation by code.

With this session we aim to address some of the more pressing issues regarding the implementation of biometric technologies in our societies, specifically: a) Threats to bodily integrity and dignity: how biometrics reduce an individual to a number represented through a biometric sequence. b) Irreversible damages in case of breach: unlike passwords, biometrics –such as our fingerprints, our faces, iris or voice– cannot be changed; so once compromised, the damage is irreversible. c) Are biometrics appropriate forms of identifiers? How can we answer questions around uniqueness, discrimination and bias, resolving false positives and false negatives, as well as the change of biometrics over time (e.g. age or medical conditions that may affect our bodies). d) How biometrics are changing our perception of public spaces, specially due to technologies such as facial recognition? e) How are biometric based identification systems reconfiguring the relationship between citizen and state? Together with CIS, we will give a brief overview of the current trends in Latin America and Asia, in order to set the context of the conversation and then allow participants to freely express their own personal/professional expertise to learn about their concerns and experiences in terms of how biometric technologies have affected their day to day lives.

For more info, click here

For more details visit https://cis-india.org/internet-governance/news/quantified-identities-as-a-global-phenomenon-analyzing-the-impact-of-biometric-systems-in-our-societies

Beyond Scale: How to make your digital development program sustainable

Admin — 2018-02-26T14:23:26Z

A dissemination workshop was organized by BBC Media Action, with support from the Digital Impact Alliance and the Bill & Melinda Gates Foundation on February 21, 2018 in Bangalore. Sunil Abraham participated in the workshop.

Agenda

9.00 to 9.45

Registration and coffee

9.50 to 10.05

Introduction to ‘Beyond Scale’, Kate Willson, CEO, Digital Impact Alliance

10.15 to 11.15

‘Surviving the Valley of Death’, panel discussion with:

Rahul Mullick, ICT lead, Bill & Melinda Gates Foundation, India,
Nehal Sanghavi, Senior Advisor for Innovation and Partnership, USAID, India
Kate Wilson, CEO, Digital Impact Alliance
Priyanka Dutt, Country Director, BBC Media Action

Moderated by Sara Chamberlain, Digital Director, BBC Media Action

11.15 to 11.30

Tea/coffee break

11.30 to 11.45

Introduction to the table workshop sessions

11.45 to 1.00

Each table works to identify solutions to some of the digital development sector’s most pressing challenges in the areas of organizational change management, regulatory compliance, legal protection and risk, public sector adoption, private sector business models, solution design, technical architecture for scale, partnerships and human capacity.

1 PM to 2.00

Lunch

2.00 to 2.30

Each table finalizes its presentation.

3.00 to 4.15

Presentations, Q&A and discussion of each table’s group work

4.15

Tea/coffee will be served at the tables

4.30 to 4.45

Introduction to the ‘Expert Bar’

4.45 to 6.00

There will be one or more ‘experts’ in specific focus areas of the guide seated at each table. Participants are free to visit the tables that interest them to discuss their challenges and share their own expertise.

6.00 – 9.00

Networking reception with open bar and snacks

For more details visit https://cis-india.org/internet-governance/news/beyond-scale-how-to-make-your-digital-development-program-sustainable

From 1 March, only registered devices to be used to authenticate Aadhaar

Admin — 2018-02-24T07:59:39Z

UIDAI directive to Aadhaar authentication agencies aims to avoid putting citizens’ biometric data at risk

The article by Komal Gupta was published in Livemint on February 8, 2018.

The Unique Identification Authority of India (UIDAI) has directed all Aadhaar authentication agencies to use only registered biometric devices from 1 March to avoid putting residents’ data at risk.

The initial deadline to upgrade these devices was 1 June 2017, but it has been extended several times. The latest is the sixth extension.

The UIDAI wants the biometric devices registered with the Aadhaar system for encryption key management. The Aadhaar authentication server can individually identify and validate these devices and manage encryption keys on each registered device.

“It is reiterated that to ensure encryption of biometrics of residents at time of capture, it is absolutely essential to use only the registered devices. Any further use of non-registered devices will be putting residents’ privacy at risk,” a UIDAI circular dated 2 February said.

In January last year, UIDAI had instructed all the authentication user agencies (AUAs) and authentication service agencies (ASAs) to adhere to its new encryption standards and accordingly upgrade the devices to the new norms.

The AUA is an entity engaged in providing Aadhaar-enabled services. It may be a government, public or a private legal agency registered in India which uses Aadhaar authentication services provided by UIDAI.

The ASA is any entity that transmits authentication requests to the Central Identities Data Repository (CIDR) on behalf of one or more AUAs.

Requests from AUAs to extend the timeline has been cited as the reason for delay by UIDAI. The last deadline was 31 January.

Still, UIDAI claims most of the entities have migrated to registered devices and “no further extension will be given in this regard.” Failure to meet the February-end deadline will lead to loss or disruption of services, the circular added.

A privacy expert called for better security in the Aadhaar system.

“The UIDAI should have gone in for smart cards, which are inherently more secure and would have proven a better basis for a national ID system. Given its choice of biometrics, UIDAI should have required hardware-level encryption — the yet-to-be-specified (Level 1) security standard— from 2010,” said Pranesh Prakash, policy director at think tank Centre for Internet and Society.

“Making the much-delayed Level 1 mandatory is what UIDAI should be focusing on; sadly, even basic registration and easily-defeated software-level encryption (Level 0) is yet to be made mandatory,” he said.

UIDAI has been under the scanner over the past few months over charges that random entities have been accessing personal information without the consent of individual Aadhaar number holders.

Last month, UIDAI put in place a two-layer security to reinforce privacy protections for Aadhaar holders—it introduced a virtual identification so that the actual number need not be shared to authenticate their identity. Simultaneously, it further regulated the storage of the Aadhaar numbers within various databases.
There are more than 1.2 billion Aadhaar holders in the country.

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-february-8-2018-from-march-1-only-registered-devices-to-be-used-to-authenticate-aadhaar

Critics of India's ID card project say they have been harassed, put under surveillance

Admin — 2018-02-24T07:50:55Z

Researchers and journalists who have identified loopholes in India’s massive national identity card project have said they have been slapped with criminal cases or harassed by government agencies because of their work.

This was published by Reuters on February 13, 2018. Reporting by Rahul Bhatia; Editing by Raju Gopalakrishnan

Last month, the Unique Identification Authority of India (UIDAI), the semi-government body responsible for the national identity project, called Aadhaar, or “Basis”, filed a criminal case against the Tribune newspaper for publishing a story that said access to the card’s database could be bought for 500 rupees ($7.82).

Reuters spoke to eight additional researchers, activists and journalists who have complained of being harassed after writing about Aadhaar. They said UIDAI and other government agencies were extremely sensitive to criticism of the Aadhaar programme.

Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users and the world’s biggest database.

Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.

The Tribune said one of its reporters purchased access to a portal that could provide data linked to any Aadhaar cardholder.

The UIDAI complaint, filed with the police cyber cell in the capital, New Delhi, accused the newspaper, the reporter, and others of cheating by impersonation, forgery and unauthorised access to a computer network.

Media associations sharply criticised the action - the Editors Guild of India said UIDAI’s move was “clearly meant to browbeat a journalist whose story was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press.”

In response, the agency said “an impression was being created in media that UIDAI is targeting the media or whistleblowers or shooting the messenger.”

“That is not at all true. It is for the act of unauthorised access, criminal proceedings have been launched,” it said in a statement.

Osama Manzar, the director of the Digital Empowerment Foundation, a New Delhi-based NGO, called the government’s prickliness “a clear sign that rather than it wanting to learn how to make Aadhaar a tool of empowerment, it actually wants to use it as a coercive tool of disempowerment”.

Data Leakage

Last May, the Centre for Internet and Society (CIS), an independent Indian advocacy group, published a report that government websites had inadvertently leaked several million identification numbers from the project.

UIDAI sent the CIS a legal notice within days, said Srinivas Kodali, one of the authors of the report.

The notice alleged that some of the data cited in the report would only be available if the site had been accessed illegally. The UIDAI wrote that the people involved had to be “brought to justice.”

According to Kodali, two more notices followed, addressed to the group’s directors and two researchers, containing more accusations. “They said it was a criminal conspiracy, and demanded that we send individual responses,” he said.

CIS then received questions about its funding from the home ministry section that grants NGOs permission to receive foreign funding, said a source in the group who saw the letter. CIS viewed this as a threat to its funding, the source said. CIS declined to comment on the notices or on the questions about funding.

UIDAI did not reply to multiple e-mails seeking comment on the accusations about CIS and similar complaints by other activists and journalists, and officials could not be reached by phone. Officials at the Ministry of Information Technology that supervises UIDAI were unreachable by phone.
In a column in the Economic Times newspaper in January, Ajay Pandey, the head of the UIDAI, wrote: “The data of all Aadhaar holders is safe and secure. One should not believe rumours or claims made on its so-called ‘breach’.”

R.S. Sharma, the head of India’s telecom regulatory body, said there was an “orchestrated campaign” against Aadhaar as it was against the interests of those who operated in the shadow economy with fictitious names, or were skimming off subsidies.

“It is going to clean up many systems,” Sharma told a television channel last month. “That’s probably one of the reasons why people realise that this is now becoming too difficult or too dangerous for them.”

That trip to Turkey

A Bangalore researcher who contributed to the CIS report said scrutiny by police and government officials was a common occurrence, but harassment was stepped up after it was published.

“Sometimes people from the police station visit you. Other times from the Home Ministry. It was intimidating,” the researcher said.

The person, who asked not to be named for fear of reprisal, said police officers asked questions like “How was that trip to Turkey?',” to make it clear the subjects were under surveillance.

When Sameer Kochhar, a social scientist and author of books on Aadhaar, demonstrated how the system’s biometrics safeguards could be bypassed last year, UIDAI filed a police report in New Delhi, a person familiar with the matter said.

Subsequently, Kochhar received at least three notices from the Delhi Police alleging that he had violated 14 sections under three separate laws, the person said.

Kochhar’s lawyer declined comment. Delhi Police officials declined comment.

Critics have warned Aadhaar could be used as an instrument of state surveillance while data security and privacy regulations are still to be framed.

Former central bank governor Raghuram Rajan said last month that the government needed to prove it would protect the privacy of Aadhaar.

“I do think that we have to assure the public that their data is safe,” Rajan said. “All these reports about easy availability of data are worrying and we have to ensure security. We cannot just say trust us, trust us, it’s all secure.”

For more details visit https://cis-india.org/internet-governance/news/reuters-february-13-2018-rahul-bhatia-critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance

The mystery of the website which published the ‘scoop’ on BJP’s Ram Madhav

Admin — 2018-02-22T14:55:33Z

The website has since been taken down, but the identity of its creators may not be very easy to find.

The blog post by Kaveesha Kohli and Talha Ashraf was published in The Print on February 13, 2018.

The BJP filed a criminal complaint Sunday against a website after it published a report about an alleged video said to show the party’s national general secretary Ram Madhav in a ‘compromising position’. However, the site no longer exists and experts say it may be difficult to find out who was behind the ‘expose’.

Congress MP from Assam, Sushmita Dev, was among those who shared the website’s report, which claimed that the senior BJP functionary and in-charge of the party’s north-east affairs, was allegedly caught in a hotel.

But soon after the Nagaland unit of the BJP vehemently denounced it as “fictitious report” and filed an FIR, the website ceased to exist. In its complaint, the BJP said the “news report is totally false and it seeks to character assassinate Ram Madhav and sabotage the election campaign of the BJP”.

However, the screenshot of the article continues to be shared on social media.

Registration details of thenewsjoint.com (now defunct) taken from The Internet Corporation for Assigned Names and Numbers (ICANN) that manages domain names says the site was created and registered on 2 January 2018. The site’s expiry date is 2 January 2019.

Since its creation, the site has published multiple stories, most of which have been published in the last two weeks.

“If we look through Google cache, it has published multiple stories about budget aftershocks, Sensex falls by record, Modi Sarkar shuts bamboo budget, etc,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

Anyone could have published the website with the domain name The News Joint, said Madhulika Srikuamar, Junior Fellow, Cyber Initiative, Observer Research Foundation.

“The buyer, for an additional fee, can opt to keep her details private and not reveal her identity online,” she said.

The domain name thenewsjoint.com is registered through a private organisation named DomainsByProxy.com. The use of the private organisation is to maintain secrecy and makes it easy to hide the owner’s actual name and address. So how can it be traced?

“In order to track the original owners of the domain name, the police will have to take the court order and ask DomainsByProxy to hand over the name and IP address of the persons who registered themselves,” said Prakash.

And there’s no way to regulate against such sites as well.

“While there are no specific domestic regulations that govern the registration, sale and purchase of domain names, most restrictions on domain name registration stem from intellectual property protections,” said Srikumar.

In this particular case, it remains unclear whether the website was taken down because of the article on Madhav.

Prakash says it is important to verify whether The News Joint was created to peddle false news, or was pretending to be a genuine news website.

“It can be compared to the broader news environment in India where very mainstream newspapers, especially their Web desks, very often end up publishing news without any regard for journalistic ethics, without verification of the facts,” he said.

For more details visit https://cis-india.org/internet-governance/news/the-print-kaveesha-kohli-and-talha-ashraf-the-vanishing-act-scoop-on-bjp-ram-madhav

CCI leaves Google searching for answers

Admin — 2018-02-19T02:26:17Z

If you go to the Google search box and type "nuance", the first result that shows up is "CCIBSE 0.00 % Judgement on Google". No, we just made that up.

The article by Nirmal John was published in the Economic Times on February 13, 2018

The Competition Commission of India's (CCI) landmark ruling enforcing a Rs 135.86-crore fine on Google for "search bias" and abusing its "dominant position" is one of the more finely considered judgements in the technology industry. According to Sunil Abraham, executive director of Bengaluru-based research organisation, the Centre for Internet and Society, "CCI is returning to the roots of the competition law, where it is as important to prevent concentration of power as it is to look at how pricing affects people. The emphasis here is now also on protecting innovation and competition itself."

To begin with, according to the CCI, the rules of engagement are different for early-stage markets and mature markets.

CCI has differentiated between early-stage markets and mature markets. In an earlier judgement when two radio cab operators, FastTrack and Meru, had accused Ola of offering discounts and predatory pricing, the CCI had ruled in favour of Ola. CCI had said a lack of market maturity in the cab-hailing space was central to its decision. "At this stage, it is difficult to determine with certainty the long-term impact of this pricing strategy, as the market is yet to mature," the CCI had ruled.

The search market is different. Google is the 800-pound gorilla and pretty much the entire zoo in this market. The Google judgement, according to a lawyer who chose to remain off the record, "is based on the principle that a higher degree of responsibility is cast on Google because it has a dominant position in the market".

The nub of the argument is that Google, by the showcasing of flights in its search page, has used its role as a gateway to offer a specific service.

As the judgement notes: "Google is leveraging its strong position in various online search markets to enter into and enhance its position in ancillary markets. Not only does that cause direct harm to competitors in vertical markets, it also causes direct harm to other website owners, since their websites are moved down on SERP [search engine results page] and hence, they receive less clicks as a result of lessened traffic. Further, this also harms consumers as they no longer receive the most relevant results at the top of SERP."

But why should the consumers care? After all they are getting the cheapest price.

This is where CCI's second important point comes in. There needs to be a balance between the short-term concerns of consumers with their long-term benefits.

Even if consumers who used Google flights to find options for firming up travel plans may have saved money, the CCI has, in this instance, taken the view that what may be of immediate benefit to the consumer may not be good for them in the long term because of the distortion of the market it creates.

Apart from prices, there is another benefit that comes from Google's search aggregation. Sid Talwar of Lightbox Ventures, a Mumbai-based VC firm, brings into light an interesting paradox: Is the addition of an extra step to the search process in consumer interest? Talwar argues that the consumer may be more interested in the most efficient way to find what he is looking for, which is the import of Google's mission. By aggregating results from various sources and offering it right at the search page, it could be fulfilling a consumer need.

This is where another facet of the judgement -- the pre-eminence of product and user-interface (UI) design and its relationship with controlling user behaviour -- establishes the anti-competitive nature of Google's search results page. The manipulation of UI design has been key to the debate on anti-competitive behaviour across the world. Europe's competition commissioner Margrethe Vestager became one of the most important proponents of this idea when the European Commission fined Google a record $2.9 billion in mid-2017 for "abusing its dominance in Europe by giving prominent placement in searches to its comparison shopping service and demoting rival offerings".

As NS Nappinai, a Mumbai-based lawyer and author of Technology Laws Decoded, points out, the ruling establishes a precedent and helps the CCI build a reputation for itself as a body that shows strength in evaluating technology. "Tech companies will now have to take cognisance of abuse of their dominant position in India," she says.

For more details visit https://cis-india.org/internet-governance/news/economic-times-february-13-2018-nirmal-john-cci-leaves-google-searching-for-answers

A Series of Op-eds on Data Protection

amber — 2018-02-19T02:08:28Z

I wrote a short series of three op-eds for Asia Times this week.

The first article "User consent is the key to data protection in India" examines the debate around consent and the arguments made to discard it. I question the premise of big data exceptionalism, particularly in the absence of any mature governance models which address use regulation.

In the second article "Robust economic argument for a sound Indian data protection law", I examine the substance of the argument of 'innovation' as a legitimate competing interest with respect to privacy, and questionthe economic arguments made in support of innovation enabled by unregulated access to data.

In the third article "India’s data protection law needs graded enforcement mechanism", I look at the two competing arms of regulation - enforcement and compliance, and how a balance of two is need in India,with an empowered regulator and drawing from the principles from responsive regulation theory.

For more details visit https://cis-india.org/internet-governance/blog/a-series-of-op-eds-on-data-protection

The Fundamental Right to Privacy - A Visual Guide

amber — 2018-02-16T05:31:37Z

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. This visual guide to the story of privacy law in India and the recent judgement of the Puttaswamy v. Union of India case is developed by Amber Sinha (research and content) and Pooja Saxena (design and conceptualisation).

The Fundamental Right to Privacy - A Visual Guide: Download (PDF)

For more details visit https://cis-india.org/internet-governance/blog/the-fundamental-right-to-privacy-a-visual-guide

Unpacking Data Protection Law: A Visual Representation

amber — 2018-02-15T13:22:00Z

This visual explainer unpacking data protection law was developed by Amber Sinha (research) and Pooja Saxena (design), and published as part of the Data Privacy Week celebrations on the Privacy International blog. Join the conversation on Twitter using #dataprivacyweek.

Cross-posted from Privacy International blog.

Credits: Flag illustrations, when not created by the authors, are from Ibrandify / Freepik.

For more details visit https://cis-india.org/internet-governance/blog/unpacking-data-protection-law-a-visual-representation

AI and Manufacturing and Services in India: Looking Forward

Shweta Mohandas and Pranav M. Bidare — 2018-02-14T11:13:56Z

This Report provides an overview of the proceedings of the Roundtable on Artificial Intelligence (AI) in Manufacturing and Services: Looking Forward (hereinafter referred to as ‘the Roundtable’), conducted at The Energy Resource Institute (TERI), in Bangalore on January 19, 2018.

Event Report: Download (PDF)

The Roundtable comprised of participants from different sides of the AI and manufacturing and services spectrum including practitioners, representatives from multinational companies, think tanks, academicians, and researchers. The Roundtable discussed various questions regarding AI in the manufacturing and services industry in India.

The round of discussions began with initial observations from the in progress research that the Centre for Internet and Society (CIS) is undertaking, on the use of AI in manufacturing and services. Some of the uses of AI that the research had thus far identified across various sectors included AI platforms in IT services for accurate forecasting for businesses, AI driven automation of routine tasks in manufacturing and production, and AI driven analytics for forecasting in the agriculture sector. The discussion then proceeded to the benefits of using AI - including efficient and effective results, precision, and automation of repetitive maintenance tasks. The draft research also acknowledges that although the use of AI is beneficial in many ways, there are also some key concerns around job displacement, privacy, lack of awareness, and a needed capacity to fully understand and use new AI technologies. The draft research also identified a few key AI initiatives in India, such as Wipro Holmes, TCS Ignio, and G.E, that were providing solutions to help automating software maintenance tasks and helping in the smooth working of SAP (Systems, Applications & Products) operations. Innovative uses of AI in areas such as crop production (M.I.T.R.A.) and dairy optimization (StellApps) were also identified.

To understand the present state of AI and impact of the same, the session was opened to discussion on the following questions: See the full report here.

For more details visit https://cis-india.org/internet-governance/blog/ai-and-manufacturing-and-services-in-india-looking-forward

Aadhaar: ‘Safety is regularly evolving‘

Admin — 2018-02-07T16:44:50Z

Experts say the new security features will significantly ensure there is no ‘large-scale theft of people‘s identity‘. Alnoor Peermohamed reports.

The blog post was published in Kaplan Herald on February 5, 2018.

While the introduction of new features such as face authentication, virtual ID, and limited know-your-customer (KYC) by the Unique Identification Authority of India are being seen as reactions to mounting public pressure over the security of Aadhaar, experts, who have helped build the citizen identity system, say these have been in the pipeline for a long time.

Pegged to be fully functional by July 1, the new features will make Aadhaar more secure, but that hasn‘t stopped the UIDAI from drawing flak over the recent issue of rogue agents selling demographic data of individuals.

Moreover, the agency‘s handling of the issue has not inspired confidence among the public and security researchers.

Experts say for a system of Aadhaar‘s size, security is continually evolving.

Lalitesh Katragadda, former head of Google‘s product centre in India and who also helped build Aadhaar, says as a country we need to understand there‘s ‘no such thing as a 100 per cent secure system‘.

While security gaps will always exist, he says it‘s the UIDAI‘s duty to ensure there‘s no ‘large-scale theft of people‘s identity‘.

According to him, the new security features will help significantly in this regard.

Face authentication will be another biometric Aadhaar will begin offering to combat the reportedly high failure rates of fingerprint authentication.

The system will use common Webcams to capture photos of individuals and match them with the existing photo on the UIDAI‘s database.

The system will not use any high-end hardware backed facial recognition like the recently launched iPhone X, which the company claims is more accurate than its previous fingerprint authentication technology.

The UIDAI will work around this issue by clubbing face authentication with other forms of authentication — fingerprint, iris scan or a one-time password sent to a user‘s mobile phone.

While it isn‘t known how exactly the feature will be built into apps relying on Aadhaar authentication, Srikanth Nadhamuni, the former chief technology officer of Aadhaar, envisions a scenario where a photo of an individual could be captured and matched when fingerprint authentication fails, in order to improve the probability of a match.

But even this isn‘t a foolproof plan, some believe.

“Your face is again a biometric, and that comes with the same host of issues that is plaguing the other biometrics that have so far been used,” says Sunil Abraham, executive director at the Bengaluru-based think-tank, Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/news/kaplan-herald-february-5-2018-aadhaar-safety-is-regularly-evolving

To protect data, don’t opt for plastic or laminated Aadhaar card: UIDAI

Admin — 2018-02-07T01:00:00Z

Unauthorized printing of Aadhaar cards could render the QR (quick response) code dysfunctional or even expose personal data without an individual’s informed consent, UIDAI says.

The article by Komal Gupta was published by Livemint on February 7, 2017

To protect information provided by holders of Aadhaar, the Unique Identification Authority of India (UIDAI) on Tuesday cautioned people against opting for plastic or laminated “smart” cards.

Unauthorized printing of the cards could render the QR (quick response) code dysfunctional or even expose personal data without an individual’s informed consent, it said in a statement on Tuesday.

Besides, opting for plastic or laminated cards opened up the possibility of Aadhaar details (personal sensitive demographic information) being shared with devious elements without the informed consent of holders, the statement added.

According to UIDAI, the Aadhaar letter sent by it, a cutaway portion or downloaded versions of Aadhaar on ordinary paper or mAadhaar are perfectly valid.

“If a person has a paper Aadhaar card, there is absolutely no need to get his/her Aadhaar card laminated or obtain a plastic Aadhaar card or so called smart Aadhaar card by paying money. There is no concept such as smart or plastic Aadhaar card,” UIDAI chief executive officer Ajay Bhushan Pandey said in a statement.

Printing Aadhaar on a plastic/PVC sheet privately can cost anywhere between Rs50 and Rs300 or more, UIDAI said. It added that a printout of the downloaded Aadhaar card, even in black and white, is as valid as the original Aadhaar letter sent by UIDAI.

It added that in case a person loses his Aadhaar card, he can download the card free from https://eaadhaar.uidai.gov.in.

Pandey asked holders not to share Aadhaar number or personal details with unauthorized agencies for getting the card laminated, or printed on plastic.

The agency also directed unauthorized agencies not to collect Aadhaar information from people, reminding them that collecting such information or unauthorized printing of Aadhaar card is a criminal offence punishable with imprisonment.

“I feel a lot more has to be done by UIDAI. Sadly, by encouraging people to rely on printed Aadhaar ‘cards’, UIDAI is ending up with the worst of both worlds with respect to personal data protection: photocopies of so-called Aadhaar cards/letter are being circulated to facilitate identity fraud as well as the kind of dangerous personal data disclosures that centralized databases enable,” said Pranesh Prakash, policy director at think tank Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-february-7-2017-to-protect-data-dont-opt-for-plastic-or-laminated-Aadhaar

CIS Submission to the Committee of Experts on a Data Protection Framework for India

amber — 2018-04-18T16:39:11Z

This submission presents comments by the Centre for Internet and Society, India (“CIS”) on the ‘White Paper of the Committee of Experts on a Data Protection Framework for India’ (“White Paper”) released by the Ministry of Electronics and Information Technology. The White paper was drafted by a Committee of Expert (“Committee”) constituted by the Ministry. CIS has conducted research on the issues of privacy, data protection and data security since 2010 and is thankful for the opportunity to put forth its views. The submission was made on January 31, 2018.

The submission is divided into four parts — I. Preliminary, II. Scope and Exemption, III. Grounds of Processing, Obligations of Entities and Individual Rights and IV. Regulation and Enforcement. The submission follows the same the order as adopted by the White Paper.

Please access the full submission here.

For more details visit https://cis-india.org/internet-governance/blog/cis-submission-to-the-committee-of-experts-on-a-data-protection-framework-for-india

Submission to the Committee of Experts on a Data Protection Framework for India

amber — 2018-02-05T13:39:00Z

For more details visit https://cis-india.org/internet-governance/submission-to-the-committee-of-experts-on-a-data-protection-framework-for-india

January 2018 Newsletter

praskrishna — 2018-03-01T01:35:56Z

January 2018 Newsletter

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
The paper titled "Patent Working Requirements and Complex Products" has been published in the latest issue of the NYU Journal of Intellectual Property and Entertainment Law. It is one of the outputs of the Pervasive Technology project and has been authored by Prof. Jorge L. Contreras, Paxton M. Lewis, and Rohini Lakshané. CIS made a submission to the Department of Industrial Planning and Promotion on mobile patents. CIS offered its assistance on matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards sustained innovation, manufacture and availability of mobile technologies in India The use of Artificial Intelligence (AI) in healthcare in India is increasing with new startups and large ICT companies offering AI solutions for healthcare challenges in the country. The report by by Yesha Paul, Elonnai Hickok, Amber Sinha and Udbhav Tiwari seeks to map the present state of AI in the healthcare sector in India. About 27% of India's population is still illiterate or barely literate. Most privacy policies and terms of services for web and mobile applications are in English and therefore it is only 10% of us who can actually read them before we provide our consent. The article by Sunil Abraham was published in Deccan Herald on January 20, 2018. CIS made a submission to TRAI Consultation on inputs to the National Telecom Policy. CIS in its submission also recommended what all should be the main objectives of TRAI while drafting the next edition of National Telecom Policy. Under a research grant from the Azim Premji University CIS has initiated a study of the ongoing updation process of the National Register of Citizens (NRC) in Assam and the resultant reform of citizen identification infrastructure in India. The 2G judgment of December 2017 provides a critique of how no proper evidence was presented on existence of an FCFS policy and its improper implementation, wrote Shyam Ponappa in his article in the Business Standard which was published on January 3, 2018.

Highlights

The paper titled "Patent Working Requirements and Complex Products" has been published in the latest issue of the NYU Journal of Intellectual Property and Entertainment Law. It is one of the outputs of the Pervasive Technology project and has been authored by Prof. Jorge L. Contreras, Paxton M. Lewis, and Rohini Lakshané.
CIS made a submission to the Department of Industrial Planning and Promotion on mobile patents. CIS offered its assistance on matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards sustained innovation, manufacture and availability of mobile technologies in India
The use of Artificial Intelligence (AI) in healthcare in India is increasing with new startups and large ICT companies offering AI solutions for healthcare challenges in the country. The report by by Yesha Paul, Elonnai Hickok, Amber Sinha and Udbhav Tiwari seeks to map the present state of AI in the healthcare sector in India.
About 27% of India's population is still illiterate or barely literate. Most privacy policies and terms of services for web and mobile applications are in English and therefore it is only 10% of us who can actually read them before we provide our consent. The article by Sunil Abraham was published in Deccan Herald on January 20, 2018.
CIS made a submission to TRAI Consultation on inputs to the National Telecom Policy. CIS in its submission also recommended what all should be the main objectives of TRAI while drafting the next edition of National Telecom Policy.
Under a research grant from the Azim Premji University CIS has initiated a study of the ongoing updation process of the National Register of Citizens (NRC) in Assam and the resultant reform of citizen identification infrastructure in India.
The 2G judgment of December 2017 provides a critique of how no proper evidence was presented on existence of an FCFS policy and its improper implementation, wrote Shyam Ponappa in his article in the Business Standard which was published on January 3, 2018.

The following articles were written by CIS members:

Digital native: Memory card is full (Nishant Shah; Indian Express; January 3, 2018).
The 2G Judgment of December 2017: What Was It About? (Shyam Ponappa; Business Standard; January 3, 2018).
Fixing Aadhaar: Security developers' task is to trim chances of data breach (Sunil Abraham; Business Standard; January 10, 2018).
Another Step towards Privacy Law (Elonnai Hickok; Governance Now; January 15, 2018).

Data Protection: We can innovate, leapfrog (Sunil Abraham; Deccan Herald; January 20, 2018).

CIS in the News:

From net neutrality to IBC & Aadhaar, how Vidhi is framing key government legislation (Surabhi Agarwal and Samanwaya Rautray; Economic Times; January 4, 2018).
UIDAI denies any breach of Aadhaar database (Komal Gupta; Livemint; January 7, 2018).
Token security or tokenized security? (Manasa Venkataraman and Ajay Patri; Livemint; January 9, 2018).
UIDAI introduces new two-layer security system to improve Aadhaar privacy (Economic Times; January 11, 2018).
Hammered government offers Virtual ID firewall to protect your Aadhaar (New Indian Express; January 11, 2018).
Virtual Aadhaar ID: too little, too late? (Yuthika Bhargava; Hindu; January 11, 2018).
India To Introduce Virtual ID For Aadhaar To Strengthen Privacy (Bloomberg Quint; January 11, 2018).
UIDAI's Virtual ID, limited KYC does little to protect Aadhaar data already collected, say critics (Business Today; January 12, 2018).
Aadhaar Body Talked About Virtual ID 7 Years Ago, Put It Off: UIDAI Chief (Sukriti Dwivedi; NDTV; January 13, 2018).
Bengaluru gives data safety tips to panel (Deccan Herald; January 14, 2018).
Is your personal information under lock and key? (Sravanthi Challapalli; Hindu Businessline; January 16, 2018).
Aadhaar-privacy debate: How the 12-digit number went from personal identifier to all pervasive transaction tool (First Post; January 18, 2018).
Paytm Payments Bank woos corporates with digital incentives (Komal Gupta and Remya Nair; Livemint; January 24, 2018).
Aadhaar's new security measures are good, it is still work in progress (Alnoor Peermohamed; Business Standard; January 25, 2018).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Wikipedia

Blog Entries

Government of Odisha adopting Creative Commons License to Promote Transparency and Access to Knowledge (Sailesh Patnaik; January 17, 2018).
Experience and Learning outcome from Wikipedia Education Program (Lakshmi Karlekar; January 30, 2018).

Events Organized

Marathi Wikipedia Workshop at Dept. of Mass Communication, Solapur University (Organized by CIS-A2K and Dept of Mass Communication, Solapur University; Solapur; January 2, 2018).
Marathi Wikipedia Workshop at Dayanand College, Solapur (Organized by CIS-A2K and Dayanand College, Solapur; Solapur; January 3, 2018).
Marathi Wikipedia Workshop at Willingdon College, Sangli (Organized by CIS-A2K and Willingdon College; Sangli; January 5, 2018).
Marathi Wikipedia Workshop at Govt.Science & Arts College, Aurangabad (Organized by CIS-A2K and Govt.Science & Arts College; Aurangabad; January 9, 2018).
Marathi Wikipedia Workshop at Dr.Babasaheb Ambedkar Marathwada Vidyapeeth (Organized by CIS-A2K and Dr. Babasaheb Ambedkar Marathwada University; Aurangabad; January 10, 2018).
Marathi Wikipedia Workshop at Shivaji University, Kolhapur (Organized by CIS-A2K and Shivaji University; Kolhapur; January 15, 2018).
Wikidata Workshop (Organized by CIS-A2K and Andhra Loyola College; Vijaywada; January 20 - 21, 2018).
Train the Trainer 2018 (Organized by CIS-A2K; Mysore; January 26 - 28, 2018).

►Pervasive Technologies

Research Paper

Patent Working Requirements and Complex Products (Jorge L. Contreras, Rohini Lakshané and Paxton M. Lewis; JIPEL NYU Journal of Intellectual Property & Entertainment Law, Vol. 7 - No.1 on January 16, 2018).

Submission

Submission to DIPP at Meeting with IP Stakeholders (Anubha Sinha; January 1, 2018). The submission was made in December 2017 but it was published on the website in January 2018.

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entry

Artificial Intelligence and the Healthcare Industry in India (Yesha Paul, Elonnai Hickok, Amber Sinha and Udbhav Tiwari (Ecosystem mapping by Shweta Mohandas, Sidharth Ray and Elonnai Hickok. Designed by Saumyaa Naidu under Creative Commons Attribution 4.0 International License; January 26, 2018).

Events Organized

Roundtable on A.I. and Manufacturing and Services (TERI, Bengaluru; January 19, 2018).

null Bangalore Meet: Special Session on Digital Identity and Privacy (CIS, Bengaluru; January 19, 2018). Sunil Abraham gave a talk.

►Free Speech and Expression

Blog Entries

Internet Governance Forum Report 2017 (Shweta Mohandas; January 11, 2018).

Mobile net ban during peaceful protest leaves farmers confused (Shruti Jain; January 19, 2018).

‘Hurt sentiments’ cost Udaipur internet access for four days (Shruti Jain; January 19, 2018).

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Submission to TRAI Consultation on "Inputs for Formulation of National Telecom Policy - 2018" (Pranesh Prakash; January 25, 2018).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entry

Life of a Tuple: National Register of Citizens (NRC) and the Reform of Citizen Identification Infrastructure in Assam (Sumandro Chattapadhyay; January 22, 2018). All posts related to the study can be found here.

-----------------------------------
About CIS
-----------------------------------

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/Qjanuary-2018-newsletter