We are anonymous, we are legion

November 2017 Newsletter

praskrishna — 2018-01-10T01:57:29Z

November 2017 Newsletter

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. She posed a question on the agenda 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on Limitations and Exceptions for Libraries and Archives and GRULAC Proposal for Analysis of Copyright in the Digital Environment. CIS-A2K signed a Memorandum of Understanding with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu. The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society gave comments on GIGW. The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in an article in the Business Standard on November 1, 2017. DataMeet and CIS have collaborated on identifying and addressing the challenges to open up and integrate data and information in the water sector. CIS commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector published by the Telecom Regulatory Authority of India on August 9, 2017. CIS published a report that compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them. CIS sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing. The submission drew on research primarily done in the Pervasive Technologies project.

Highlights

Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. She posed a question on the agenda 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on Limitations and Exceptions for Libraries and Archives and GRULAC Proposal for Analysis of Copyright in the Digital Environment.
CIS-A2K signed a Memorandum of Understanding with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu.
The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society gave comments on GIGW.
The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in an article in the Business Standard on November 1, 2017.
DataMeet and CIS have collaborated on identifying and addressing the challenges to open up and integrate data and information in the water sector.
CIS commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector published by the Telecom Regulatory Authority of India on August 9, 2017.
CIS published a report that compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them.
CIS sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing. The submission drew on research primarily done in the Pervasive Technologies project.

CIS in the News:

Big Data for governance (Alekhya Hanumanthu; Telangana Today; November 4, 2017).
How tech is making life easier for differently-abled (Shalini Umachandrani; November 7, 2017).
India Today Conclave Next 2017: Aadhaar was rushed, says MP Rajeev Chandrashekhar (Priya Pathak; India Today; November 8, 2017).
What You Need To Worry About Before Linking Your Mobile Number With Aadhaar (Roopa Raju and Shekhar Rai; Youth Ki Awaaz; November 8, 2017).
OPINION | Data is New Oil and Human Mind the New Battlefield. India Must Wake Up Now (Lt. General (Retd.) D. S. Hooda; News18.com; November 11, 2017).
Aadhaar seeding: benefits and concerns (Shaikh Zoaib Saleem; Livemint; November 14, 2017).
Privacy issues exist even without Aadhaar (Ronald Abraham; November 15, 2017).
Advocating for Openness: Nine Ways Civil Society Groups Have Mobilized to Defend Internet Freedom (Centre for International Media Assistance; November 15, 2017).
Govt working to set up financial CERT to tackle cyber threats (Komal Gupta; Livemint; November 16, 2017).
Financial CERT to combat cyber threats, says MoS home affairs (CISO MAG; November 17, 2017).
UIDAI admits 210 government websites made Aadhaar details public (Financial Express; November 20, 2017).
India’s internet missionaries: The women Google is relying on to spread its Next Billion message (Sunny Sen; Livemint; November 21, 2017).
FCC’s plan to repeal net neutrality may not impact India (Surabhi Agarwal; Economic Times; November 23, 2017).
Indian activists slam FCC decision to ditch net neutrality (Kul Bhushan; Hindustan Times; November 23, 2017).
FCC’s plan to repeal net neutrality may not impact India (Surabhi Agarwal; Economic Times; November 23, 2017).
Why should you keep a close eye on the net neutrality debate in the US (Subhrojit Mallick; Digit; November 24, 2017).
Cyberattacks a significant threat to democracy: Modi (Komal Gupta; Livemint; November 24, 2017).
Aadhaar verification at airports raises need for stricter data privacy regulations (Aman Sethi; Hindustan Times, November 27, 2017).
IDAP Interview Series: Interview with Nirmita Narasimhan (IDIA Law; November 27, 2017).
Govt releases white paper on data protection framework (Komal Gupta; Livemint; November 28, 2017).
Bengalureans to receive Helen Keller award (Deccan Herald; November 30, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Submission

Comments on Guidelines for Indian Government Websites (Nirmita Narasimhan; November 26, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright & Patent

35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; November 15, 2017).
35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; November 17, 2017).
35th SCCR: CIS' Question to Dr. Rostama on her Study on the Impact of the Digital Environment on Copyright Legislation (Anubha Sinha; November 19, 2017).

►Wikipedia

Blog Entry

CIS-A2K signs MoU with Telangana Government (Manasa Rao; November 8, 2017).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entries

A Comparison of Legal and Regulatory Approaches to Cyber Security in India and the United Kingdom (Divij Joshi; edited by Elonnai Hickok; November 12, 2017).
Counter Comments on TRAI's Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector (Amber Sinha; November 23, 2017).

Participation in Event

BIS International Seminar on Internet of Things (Organized by BIS; November 15, 2017; India Habitat Centre, New Delhi). Amber Sinha attended the event.
Internet Universality Indicators for a Safe, Secure and Inclusive Cyberspace for Sustainable Development (Organized by UNESCO in collaboration with the Ministry of Electronics and IT, Government of India; UNESCO Conference Room, Chanakyapuri, New Delhi; November 17, 2017). Amber Sinha attended the event.

Roundtable on Data Integrity and Privacy (Organized by Observer Research Foundation; November 18, 2017). The round table discussion was chaired by Shri Baijayant Panda, Hon'ble Member of Parliament.

►Cyber Security

Blog Entry

Breach Notifications: A Step towards Cyber Security for Consumers and Citizens (Amelia Andersdotter; November 14, 2017).

Event Organized

Roundtable on Enhancing Indian Cyber Security through Multi-Stakeholder Cooperation (Indian Islamic Centre; Lodhi Road; New Delhi; November 4, 2017).
Open House on Security Practices in FinTech (Organized by CIS and Has Geek; November 17, 2017).

Participation in Event

Multinational Cyber Security Forum at University of Haifa (Organized by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative; November 5 - 7, 2017). Sunil Abraham participated in the meeting held in Israel.
Global Commission on the Stability of Cyberspace (GCSC) (Organized by GCSC; November 21, 2017; New Delhi). Pranesh Prakash participated in the event.

-----------------------------------
Telecom
-----------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Nobel Laureate Richard Thaler's Views On Auctions (Shyam Ponappa; Business Standard; November 1, 2017).

Submission

Comments on TRAI Consultation Paper on Promoting Local Telecom Equipment Manufacturing (Anubha Sinha; November 26, 2017).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Articles

Digital native: Rebellion by Google Doc (Nishant Shah; Indian Express; November 4, 2017)
Digital native: Let there be life (Nishant Shah; Indian Express; November 19, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/november-2017-newsletter

FIGI Symposium 2017

Admin — 2018-01-01T16:29:42Z

Innovative Approaches to Digital Financial Inclusion Challenges.

The first edition of the Financial Inclusion Global Initiative (FIGI) Symposium was held in Bangalore, India, from 29 November to 1 December 2017. The Symposium was organized jointly by the Telecommunication Standardization Bureau (TSB) of the International Telecommunication Union (ITU), jointly with the Bill & Melinda Gates Foundation, the World Bank and the Committee on Payments and Market Infrastructure (CPMI) and the kind support of the Government of India.

Elonnai Hickok participated in the symposium and spoke in the "Security, Infrastructure, and Trust" working group on big data and privacy in DFS. For more info on the symposium, see here.

For more details visit https://cis-india.org/internet-governance/news/figi-symposium-2017

Govt releases white paper on data protection framework

Admin — 2017-11-28T14:34:09Z

Public comments are welcome till 31 December on the data protection white paper, which is aimed at securing digital transactions and addressing privacy issues.

The article by Komal Gupta was published in Livemint on November 28, 2017

A nuanced approach towards data protection will have to be followed in India, keeping in mind the fact that individual privacy is a fundamental right limited by reasonable restrictions, according to a white paper issued by the government on a data protection framework.

The government has sought public comments till 31 December on the white paper, which is aimed at securing digital transactions and addressing customer and privacy protection issues.

The white paper, drafted by the committee of experts on data protection framework, was released by the ministry of electronics and information technology on Monday.

On 31 July, the government constituted a 10-member committee of experts headed by former Supreme Court justice B.N. Srikrishna to study various issues relating to data protection and make specific suggestions on the principles to be considered for data protection as well as suggest a draft Data Protection bill.

Other members of the committee include telecom secretary Aruna Sundararajan, Unique Identification Authority of India chief executive Ajay Bhushan Pandey, and additional secretary in the information technology ministry Ajay Kumar.

The committee seeks to put the onus on stakeholders and the public through a questionnaire on issues such as collection of personal data, consent of consumers, penalties and compensation, code of conduct and an enforcement model that should be set up.

“The sensitivity of the data could also develop based on its combination with other types of information. For example, an email address taken in isolation, is not sensitive. However, if it is combined with a password, then it could become sensitive as it opens access to many other websites and systems, which may expose the individual to harm such as cyberattacks and phishing frauds,” the white paper said.

It is also possible that personal or even non-personal data, when processed using big data analytics, could be transformed into sensitive personal data. Therefore, there may be a need to create safeguards which will prevent misuse of personal information in these contexts of use, it added.

The white paper also seeks “to designate certain lawful grounds under which data can be processed, even in the absence of consent.”

In some situations, seeking consent prior to a data processing activity would not be possible, or it may defeat the purpose of the processing. For instance, where law enforcement officials need to apprehend a criminal, seeking the consent of the criminal prior to processing would defeat the purpose of the investigation, it said.

“It seems to be an eminently reasonable white paper which raises the right questions. However, it lacks analysis of data protection vis-a-vis Aadhaar,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

Safeguarding privacy rights needs much more than a data protection law; it needs a larger consultation that includes issues like surveillance as well, added Prakash.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-28-2017-komal-gupta-govt-releases-white-paper-on-data-protection-framework

Multinational Cyber Security Forum at University of Haifa

Admin — 2017-11-27T14:34:59Z

Sunil Abraham participated in a meeting in Israel on Multinational Cyber Security Forum hosted by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative.

The workshop was held from November 5 to 7, 2017. The objective of the workshop was to facilitate a free and open exchange among participants under the Chatham House Rules. The workshop sought to identify areas of agreement and dissent pertaining to cyber security regulation and to explore issues that require further research, clarification and development.

For more details visit https://cis-india.org/internet-governance/news/multinational-cyber-security-forum-at-university-of-haifa

Data Protection and Privacy in India: The (Fundamental) Right Way

Admin — 2017-11-27T14:01:02Z

Amber Sinha attended a roundtable conference on data protection and privacy on October 30, 2017 at India Habitat Centre in New Delhi. The close-door event was organised by the Indian Council for Research on International Economic Relations.

Participants at the conference discussed:

Role of consent in data protection, how it should be configured in India
Conflicts between the data minimization principle and big data
Governance approaches to data protection
Propertarian view of data
Need for capacity building in India and institutions who should be involved in the data protection regime, and
Cross border data flows and data localisation

For more details visit https://cis-india.org/internet-governance/news/data-protection-and-privacy-in-india-the-fundamental-right-way

Aadhaar verification at airports raises need for stricter data privacy regulations

Admin — 2017-11-27T13:34:35Z

The absence of legislation is letting companies compile and deploy sensitive personal information without legal oversight.

The article by Aman Sethi was published in the Hindustan Times on November 27, 2017

When Suvodeep Das, a 42-year-old marketing professional, took a Jet airways flight from Hyderabad to Mumbai in September, he said a software bug in the airline’s website wouldn’t let him check in online without first punching in his Aadhaar number.

“When I got my boarding pass, it had my Aadhaar number printed on it,” Das told HT, wondering, “Why do you need an Aadhaar number to take a flight, and why display it publicly?”

In October, another passenger found their Aadhaar number on the boarding pass: this time, it was barcoded.

HT has reviewed both boarding passes. Publishing Aadhaar numbers is an offence under the Aadhaar Act 2016.

Jet Airways did not respond to repeated requests for comment. Speaking off the record, airline executives said Jet encoded Aadhaar numbers to test the proposed Aadhaar Enabled Entry and Biometric Boarding System (AEEBBS): a complex Aadhaar-seeding project that aims to replace a passenger’s boarding pass with his/her fingerprint.

Bangalore International Airport (BIAL), which plans to install AEEBBS, says it will improve passenger security and reduce check-in time at the Kempegowda International, India’s third busiest airport.

Privacy advocates, however, say the system, which stores passenger biometrics and Aadhaar numbers on the servers of a private corporation, is an example of how the absence of a data protection law in India lets companies compile and deploy sensitive personal information without legal oversight.

Future uses of the AEEBBS, according to the BIAL website, include integrating the system with passenger blacklists, typically maintained by the ministry of home affairs, to determine who can and cannot board a flight.

“The unregulated proliferation of Aadhaar uses is compromising the digital identities of citizens and putting them at risk,” said Usha Ramanathan, a legal theorist who has written extensively on Aadhaar. ”There is a misconception that data protection is about data being at risk. It is actually about the rights of people being at risk.”

Pilot Project

In January, Bangalore International Airport Ltd (BIAL), the corporation that runs the Bengaluru terminal, and Jet Airways integrated their flight and passenger databases as part of a four-month pilot project to test the AEEBS.

“The pilot project incorporated the entire airport journey from entry right through to the boarding gate and included all security check points,” a BIAL spokesperson said in an email. “The project allowed for quicker processing time for a passenger from entry to security gate while simultaneously enabling fewer points of human interaction.”

Participation in the project was voluntary. BIAL said about 15% of passengers opted to use it. In October, BIAL called for bids for a full roll-out of the AEEBBS by December 2018.

The system, tender documents reveal, works in the following way:

First passengers enter their Aadhaar numbers when they book their flights. The airline turns this number into a QR code printed on the flight ticket. Once at the terminal, passengers bypass the standard practice of showing their ticket and ID to a security guard, and instead they enter the terminal by flashing the ticket at a QR code scanner while pressing their fingers against a biometric reader installed at the entrance.

The AEEBBS verifies the passenger’s identity by querying the UIDAI’s database, and then checks the airport’s flight information system to see if the passenger is booked to fly that day.

Thereafter, the system creates a “passenger dataset” that bundles the passenger’s biometrics and flight information into a single file unique to each passenger. This dataset is used to verify the identity of the passenger at each checkpoint, allowing the airport to track the passenger until she boards her plane.

The tender document states that the biometric data should be purged immediately after the passenger’s flight departs. If flights are rescheduled, the biometrics shall persist until the passenger finally departs.

Concerns over Bengaluru airport’s use of Aadhaar

The Aadhaar-Enabled Entry and Biometric Boarding System (AEEBBS) aims to replace boarding cards with a passenger’s fingerprint. Here is how it works.

Why Biometrics?

Bengaluru isn’t the only airport experimenting with systems like the AEEBBS.

“We have initiated trials on facial recognition, iris and finger-print scanning etc., to generate Aadhaar + Biometric enabled passenger data-sets,” said a spokesperson for the GMR Hyderabad International Airport. “We hope to complete these trials in the next two months and deploy them by June 2018 for all domestic passengers.”

Yet biometrics isn’t a fool-proof way of verifying someone’s identity. Biometric experts have maintained that fingerprints can be copied and printed onto “fake fingers” — a process known as spoofing.

At Michigan State University, biometric expert Anil Jain and his team have developed so-called fake fingers using 12 different materials, the most sophisticated of which mimics the physical properties of human skin.

“Many of the commercial systems may not have state-of-the-art spoof detection facilities,” Jain said, adding that he has advised the UIDAI on biometrics in the past.

Jain said it was important that a secured space like an airport have biometric readers that include “liveness” detection, a term that refers to a broad set of techniques that use a combination of advanced hardware and software to avoid spoof attacks.

However, it is not mandatory for UIDAI-certified biometric devices to have liveness detection features. Documents published by Standardisation Testing and Quality Certification (STQC), the agency tasked with certifying Aadhaar devices, make clear that “liveness detection” is “preferable” but not mandatory.

Some manufacturers of certified devices say their devices have liveness detection, but STQC does not include this specific feature in its testing.

Prof Jain said biometrics are harder to forge than the identity cards that are currently needed to gain access to airport terminals, suggesting that the AEEBBS could increase security only if the data that undergirds the system is properly secured.

Storage Concerns

Under regulations framed by the Unique Identification Authority of India (UIDAI), it is illegal to store biometric data captured for any Aadhaar-related transaction.

Also, UIDAI-certified biometric devices are prohibited from storing biometric data which casts a cloud over BIAL’s proposal to create passenger datasets to merge passenger flight data, biometric data and Aadhaar numbers, and store it on a local BIAL network.

While UIDAI did not respond to requests for comment on if these passenger data sets violated its regulations, BIAL said it would work around the system by capturing passenger biometric data twice — once to verify passenger identities in accordance with UIDAI regulations, and once for the purpose of creating the passenger data set.

“Our intent is to capture data and store a separate set of biometrics records (delinked from Aadhaar) that include face/iris/fingerprints for the purpose of authentication of passenger at various check points inside the airport,” the spokesperson said.

Some experts believe this may not be enough.

“The Aadhaar Act and Regulations are supposed to ensure that our biometric records are safe, and entities capturing biometrics for Aadhaar-related purposes cannot store the biometrics,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

“If biometrics collected doesn’t need to follow the Aadhaar regulations because of a technicality, how strong are the regulations?” Prakash said.

Last year, 22.18 million passengers travelled through Bengaluru airport. Once the AEEBBS is installed, the airport’s servers shall become a temporary repository of millions of fingerprints, and a lucrative target for sophisticated hackers who could capture this data by implanting malicious software in the system.

Such software has become easier to access since August 2016, when a group calling itself the “Shadow Brokers” announced it had stolen some of the world’s most advanced cyber-weapons from the vaults of the Tailored Access Operations unit of National Security Agency, which manages the cyber-arsenal of the United States of America.

Designing the system to minimise the use of biometrics could alleviate these concerns, according to Rahul Matthan, a partner at law firm Trilegal.

“If data minimisation is the principle that we keep on top of mind, Aadhaar should be used to allow entry,” Matthan said, “Then the airport must devise other methods and standards to ensure that security and passenger tracking is achieved.”

Safeguarding Aadhaar Numbers

The AEEBBS also raises questions on the manner in which airlines and airports will store non-biometric data like passenger Aadhaar numbers. UIDAI regulations published in July 2017 say companies and government departments must store Aadhaar numbers in secure, isolated, databases called ‘Aadhaar Data Vaults’.

Each Aadhaar number in these vaults must be associated with a “reference key” — which is like a nick-name for the Aadhaar number. So instead of using a citizen’s Aadhaar number for a given transaction, businesses must preserve the confidentiality of the number by using the reference key instead.

Jet Airway’s decision to print Aadhaar numbers, rather than the reference keys, on the boarding passes, suggests that the airline is not following UIDAI guidelines — a problem that is likely to multiply as more airlines start gathering this information to avail of the AEEBBS facility. Jet Airways did not respond to requests for comment.

Once the AEEBBS is in place, BIAL also intends to use passenger data, harvested during check-in and boarding, for commercial purposes, but it is unclear if and how this data will be anonymised before it is used.

“We aim to make meaning of the abundant data that will be collected,” the BIAL spokesperson said, insisting that the airport would respect traveller privacy and the data would not be sold to third parties. “In due course — and with passenger consent — we intend to use business intelligence to make the journey more impactful.”

For lawyer Matthan, the AEEBBS is an example of why India needs a comprehensive data protection law to address issues between citizens and private corporations.

“There is a need to ensure that Aadhaar is based on a sound framework of privacy protection,” he said, noting that the recent Supreme Court judgment protected citizen privacy against infringement by the government.

Data protection legislation, he said, would ensure that private corporations are held to the same standard.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-aman-sethi-november-27-2017-aadhaar-verification-at-airports-raises-need-for-stricter-data-privacy-regulations

FCC’s plan to repeal net neutrality may not impact India

Admin — 2017-11-26T11:43:59Z

India is unlikely to be impacted by the US Federal Communications Commission’s plan to repeal net neutrality regulations.

The article by Surabhi Agarwal was published in the Economic Times on November 23, 2017. Sunil Abraham quoted.

India adopted a pro-net neutrality stand by taking a tough call against zero-rated plans such as Facebook’s Free Basics and Airtel Zero last year. According to experts, the Indian telecom regulator showed great courage and conviction by battling any type of preferential treatment of internet websites. This was even after a massive campaign by Facebook in support of its Free Basics programme, which promised access to a few basic services free of cost through partnerships with selected telecom service providers.

“Our regulator now thinks of itself as a forerunner in this space, so we doubt they are going to be influenced by the American move,” said Sunil Abraham, Executive Director of the Centre for Internet and Society in Bengaluru. He called the proposal to withdraw the President Barack Obama era regulations “incredible” since they took almost a decade and lots of debate to be framed. Abraham said there is no evidence to suggest that India copies what the US does and there is a long way to go before the new regulations come in.

“The FCC is just one actor in this game — there are the Congress and the courts along with the Federal Trade Commission,” said Abraham, adding that the proposal is likely to be challenged at multiple levels. “I’m proposing to repeal the heavy-handed Internet regulations imposed by the Obama Administration and to return to the light-touch framework under which the Internet developed and thrived before 2015,” FCC chief Ajit Pai, who worked for Verizon Communications earlier, tweeted on Tuesday. The plan shared by Pai will be put to vote on December 14. Experts expect the plan to go through, given the Republican majority in the FCC and they fear it will allow internet service providers like Verizon, AT&T and Comcast to give preference to some sites and apps in return for a fee or for their own business interests.

“If it goes through, it will take control away from the user and companies will be free to make fast lanes and favour the content they like and play the gatekeepers,” said Mishi Choudhary, president at Software Freedom Law Centre.

She said the conversation has once again moved the power back to internet service providers, which will hurt small companies on the pretext of innovation and getting away from micro managing. “It is certainly not bolstering the position of the US as a leader for free and open internet,” added Choudhary. Streaming service Netflix tweeted in response saying that it supports strong net neutrality and opposes the FCC’s proposal.

The Telecom Regulatory Authority of India (Trai) fought a tough battle in 2016 against plans that promised select internet services to poor people by offering them free of cost. The regulator issued differential pricing regulations by which it banned what’s known as zerorating plans. “Trai showed immense foresight by releasing the rules and this is a good opportunity for India to occupy the vacuum of leadership in this space by providing the right regulatory environment,” said Choudhary.

For more details visit https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-november-23-2017-fcc-plan-to-repeal-net-neutrality-may-not-impact-india

India Today Conclave Next 2017: Aadhaar was rushed, says MP Rajeev Chandrashekhar

praskrishna — 2017-11-26T06:41:07Z

Talking at the ongoing India Today Conclave Next 2017, MP Rajeev Chandrashekhar said that Aadhaar was rushed and foisted on the country by authorities that fail to first create a proper ecosystem. Chandrashekhar gave his comments at a keynote titled Privacy -- The Fundamental Right for the Digital Citizen.

The article by Priya Pathak was published by India Today on November 8, 2017.

Chandrashekhar, who has been vocal on the issues like data protection, privacy and net neutrality, said that the government should have created a proper ecosystem for Aadhaar by bringing norms and laws around data protection and privacy before asking people to sign up for the unique ID.

The MP talked about India's journey from being a largest unconnected world to becoming the largest connected world. But Chandrashekhar criticised the "flawed" Aadhaar and said that it was a classic example of how a government system would push for technology in governance without addressing key bits of the ecosystem around the citizen and the consumer.

"If that (Aadhaar) wasn't enough, the IT act and section 66A and its language and its vagueness and its potential for misuse was another example of the faults of a bureaucracy or a political system trying to legislate or create solutions in the digital world, " he said.

At the same time, he lauded the recent Supreme Court order that held all Indians had fundamental right to privacy. "The latest finding of Supreme Court of Privacy as fundamental right is a big deal and it will alter number of things going forward," he said. He added that there should be more debate and discussion on data privacy as there is an attempt to characterise data privacy as some of kind of elitist issue in India which it's not.

Privacy, especially for the digital world, currently is one of the most debated topics in India. The country in the past few years has seen a number of instances where a government or a private entity has knowingly or unknowingly compromised the data of its users. Recently a study published by Centre for Internet and Society, a Bengaluru-based organisation, revealed that private data of more 130 million Aadhaar card holders were leaked from four government websites.

The Supreme Court in August this year declared privacy as a fundamental right. A nine-judge Constitution bench headed by Chief Justice J S Khehar has declared that "right to privacy is an intrinsic part of Right to Life and Personal Liberty under Article 21 and entire Part III of the Constitution".

The move has been praised by many including Rajeev Chadrashekhar who has said that it is a big welcome step. "It is clear that Aadhaar and all other legislations existing and proposed will have to meet the test of privacy being a fundamental right," he recently said.

For more details visit https://cis-india.org/internet-governance/news/india-today-priya-pathak-november-8-2017-india-today-conclave-next-2017-aadhaar-was-rushed-says-mp-rajeev-chandrashekhar

What You Need To Worry About Before Linking Your Mobile Number With Aadhaar

Admin — 2017-11-26T05:55:49Z

As part of the directive issued by the Department of Telecommunications (DoT) dated March 23, 2017, major telecom service providers have issued a deadline of February 6, 2018, for linking mobile numbers with Aadhaar as part of the E-KYC verification.

The blog post by Roopa Raju and Shekhar Rai was published in Youth Ki Awaaz on November 8, 2017

The landmark case referenced by the DoT in the circular was the order issued by the Supreme Court on February 6, 2017, delivered by Justice JS Khehar (the erstwhile Chief Justice of India) in the case of Lokniti Foundation vs Union of India. The petitioner contended that terrorists, criminals and anti-social elements frequently used SIM cards to commit atrocious, organised and unorganised crimes across the country. The petition called for ensuring 100% verification on the identity of telecom service subscribers in public interest under Article 32 of the Constitution of India. The PIL added that unverified SIM cards pose a serious threat to the country’s security as they are routinely used in criminal and terrorist activities, thereby affecting a citizen’s right (as ensured under Article 21 of the Constitution). As per the CAG report tabled at the Parliament in 2014, the identities of 4.59 crore mobile users still remained unverified.

Article 21 of the Constitution of India, 1949, states that – “No person shall be deprived of his life or personal liberty except according to procedure established by law.” While there is a threat to the common public interest through increased acts of terrorism and atrocities due to unverified SIM cards, the safety of information provided and linked to Aadhaar are increasingly being questioned.

In a study dated May 1, 2017, published by the Centre for Internet and Society (CIS), a Bangalore-based organisation, it was observed that data of over 130 million Aadhaar card-holders were leaked from just four government portals dealing with the National Social Assistance programme, the National Rural Employment Guarantee Scheme, the Chandranna Bima Scheme and the Daily Online Payment Reports of NREGA.

On October 25, 2017, the chief minister of West Bengal, Mamata Banerjee, also strongly opposed the government’s plan to link mobile numbers with Aadhaar cards. She said that it was a breach of privacy and that the ruling government was intruding upon the citizen’s right to personal freedom. However, the Supreme Court questioned the state government’s right to challenge the Centre and asked her to file a plea with the court in her individual capacity.

As per the data published by Telecom Regulatory Authority of India (TRAI) on September 14, 2017, India’s telecom subscriber base dipped by 1.3 lakh to 121.07 crore in July 2017. Moreover, only three operators – Reliance Jio, Bharti Airtel and the state-run BSNL – reported additions to their subscriber base.

Month	Telephone subscriber base (in million)	Growth rate
Mar-17	1194.58	–
Apr-17	1198.89	0.36%
May-17	1204.98	0.51%
Jun-17	1210.84	0.49%
Jul-17	1210.71	-0.01%

(Source: TRAI monthly subscription data)

The dip in the subscriber count for various telecom operators can be accredited to the phasing of registration of SIM cards through E-KYC for new mobile numbers. While there is a the possibility of addition of genuine subscribers in the following months, the direct subscriber acquisition cost (DSAC) has been significantly reduced owing to the overall reduction in subscriber addition (assuming exclusion of sunk cost).

Prior to the DoT directive, telecom service providers relied heavily on the documents provided by the subscribers for SIM registration. The two-fold impact of this was the delay in SIM activation, owing to the transfer of documents from the retailer to the distributor to the company and the possibility of documents not matching with the usage timeline of usage. Additionally, tracking the ever-changing retailers was difficult for the service providers – and with the subscriber documents being collected and stored at one location by the service providers, verification of dummy subscribers was difficult.

With the introduction of Aadhaar linkage for mobile numbers, subscribers are held accountable for its usage, thereby tagging responsibility for any acts arising as a result. Savings from the digitisation of documents and paper should also be considered.

However, an increased number of job losses is possible, owing to the ‘optimisation’ of the process by way of document verification, servicing costs and reliance on third parties (to name just a few). Increased compliance costs are also an issue of concern.

The key question that looms prominently with the approaching deadline is how secure public data will be, given that it may possibly be linked with bank account numbers and income tax returns. With retailers using fingerprints of the subscribers to validate Aadhaar numbers with the mobile numbers at the time of SIM registration, there is an increased risk of exposure to identity theft.

While the government is increasingly trying to bring in a seamless process to assimilate data for transparency in analysing consumer patterns, it is suggested that they also allocate funds for enhancing the cyber-security of the data consolidated from this directive. Furthermore, cyber security regulations can be strengthened to avoid data leakages to third party organisations. Severe penalties should also be implemented to ensure robust compliance to these measures.

For more details visit https://cis-india.org/internet-governance/news/youth-ki-awaaz-roopa-sudarshan-what-you-need-to-worry-about-before-linking-your-mobile-number-with-aadhaar

OPINION | Data is New Oil and Human Mind the New Battlefield. India Must Wake Up Now

Admin — 2017-11-26T03:28:55Z

In information warfare, the battlespace is the human mind. This is where the privacy of an individual intersects with national security. Fighting this battle will require a new paradigm in thought and action.

The article by Lt. General (Retd.) D. S. Hooda was published by News18.com on November 11, 2017

A few days ago, the Army Headquarters took out a public advisory warning about a “deliberate misinformation campaign being launched by vested interests some of which is being initiated from countries bordering our nation.” This is an acknowledgment of the use of social media for what is today considered the most dominant form of warfare — ‘information warfare’. It has been extensively used by our adversaries in Jammu and Kashmir to show the government and security forces in poor light.

Deception, propaganda and misinformation have always been a part of warfare but what is different today is that the tools of information warfare have acquired a new dimension. An integration of massive amounts of data with Artificial Intelligence (AI) has given a significant weapon in the hands of information warriors.

The cost of saving data has been plummeting, with the cost being halved about every 15 months. Now more and more data about individuals is being saved, both by corporations and governments. In his book, Data and Goliath, Bruce Schneier writes that worldwide, Google has the capacity to store 15 exabytes of data. To put it in context, one exabyte is 500 billion pages of text. Bruce also quotes the case of Max Schrems, an Austrian law student, who in 2011 demanded all his personal data from Facebook. After a two year legal battle, Facebook gave him a CD with 1200 pages of PDF. This is how much Facebook knows about you, and it does not forget because it is all saved.

All this big data would be useless unless it can be utilised for decision making and this is where advances in AI have provided the breakthrough. Smart machines mine the data and detect trends, patterns, habits, ideology and desires. These personal characteristics of individuals are being used by corporations to send targeted advertisements to influence commercial decisions.

The same technique is used in information warfare. On November 1, the US House Intelligence Committee released Facebook advertisements bought by Russian operatives to influence the 2016 elections. Washington Post wrote, “The ads made visceral appeals to voters concerned about illegal immigration...African American political activism, rising prominence of Muslims” among other issues. Senator Angus King said, “The strategy is to take a crack in our society and turn it into a chasm.”

Data is the new oil and that is exactly how it is being traded and sold. In the absence of any legal provisions, companies and ‘data brokers’ are sharing and selling personal data. Can this personal data find its way to a hostile government? Last month, the US Army brought out that their troops in the Baltic had reported instances of cell phone hacking. However, more worrisome was the fact the hackers knew personal details of the soldiers. Direct threats against family members of the military can have a negative psychological impact during conflict.

India has its share of political, social and ethnic differences, just as in many societies. In recent times these differences have been magnified as nationalism has taken centre stage. It is difficult to imagine why these fault lines will not be exploited by inimical forces as India enters the election mode in 2018. Looking at examples from the US and French elections, Brexit and the cyber battle during the Catalonia referendum, I think we have no option but to be prepared.

The preparation for this war (and I do not use this word lightly) lies in three spheres — concepts, practices and structures.

Conceptually, our current shortcoming is that we are viewing this issue through a technical prism rather than the broader spectrum of information warfare. CERT and NTRO can technically protect our critical infrastructure but they do not have an equal understanding of the human dimension, which is more strategic than scientific. The Americans, world leaders in information technology, have not been able to prevent a perceived subversion of their democratic process.

Our practices need to improve. The security of personal data is a major concern. The Supreme Court has declared privacy as a fundamental right, but there are no privacy laws to back it up. Even data stored in India is not safe as the owners of our data are the giant technology companies, mostly based in the US and not under our legal control. In September 2017, it was reported that Google has quietly stopped challenging most search warrants from US judges in which the data requested is stored on overseas servers.

A May 2017, report by the Centre for Internet and Society estimated that 135 million Aadhaar numbers could have been leaked from official portals. This was not due to a security breach but due to poor privacy practices.

Our continued reliance on foreign hardware and software is extremely worrisome. There was clear evidence that Cisco systems had been back-doored by the American National Security Agency but the Indian military continues to procure hardware from Cisco. There is a similar story with Chinese equipment in our telecommunication and power sectors. An attempt to introduce an Indian operating system to replace Windows in the Army has been mired in controversy.

In case of a targeted cyber attack on India, there is little we can do except issue advisories. The solutions will have to come from foreign manufactures or developers whose equipment we are using. There is an urgent need to give a fillip to developing indigenous solutions for our critical infrastructure.

And finally, structures. An organisation to execute information warfare would have to be led by the Ministry of Defence, because the threat is mainly from external players. It would be a combination of military planners, specialists from the field of intelligence, government agencies, media and cyber warfare experts. Such an organisation does not currently exist, though the raising of the Cyber Command could fill this gap.

In information warfare, the battlespace is the human mind. This is where the privacy of an individual intersects with national security. Fighting this battle will require a new paradigm in thought and action.

(The author is former Northern Commander, Indian Army, under whose leadership India carried out surgical strikes against Pakistan in 2016. Views are personal.)

For more details visit https://cis-india.org/internet-governance/news/news-18-lt-general-retd-ds-hooda-data-is-new-oil-and-human-mind-the-new-battlefield-india-must-wake-up-now

BIS International Seminar on Internet of Things

Admin — 2017-11-25T16:35:42Z

To create awareness among Indian community and to provide a platform to all stakeholders to discuss the technology, challenges and the way forward with an emphasis on the role of standards, BIS organized a half day International seminar on Internet of Things on 15 November 2017 at India Habitat Centre in New Delhi. Amber Sinha attended the event.

Click to see the agenda.

For more details visit https://cis-india.org/internet-governance/news/bis-international-seminar-on-internet-of-things

Why should you keep a close eye on the net neutrality debate in the US

Admin — 2017-11-25T15:33:32Z

As the United State's FCC Chairman Ajit Pai gears up to repeal the net neutrality laws put in place in 2015, India should sit up and take note.

The blog post by Subhrojit Mallick was published by Digit on November 24, 2017.

Back in 2014, a group of Redditors started debating net neutrality in India after Airtel announced it would charge extra for Voice Over IP (VoIP) services like Skype. Soon, that snowballed into a nation-wide campaign with over a million internet users participating. Things didn’t help when Facebook too wanted to provide a bunch of internet services for free in India through its Internet.org or Free Basics initiative. However, a year-long discussion and public outrage against the two, led the Telecom Regulatory Authority of India (TRAI) to rule in favour of net neutrality and stop both Airtel and Facebook in their tracks of violating a free and open internet.

Fast forward three years down the line and America, the birthplace of the internet, is struggling with the problem of internet freedom. The Federal Communications Commission (FCC) under the Donald Trump Administration led by Chairman Ajit Pai submitted a final draft proposal yesterday to repeal the existing net neutrality laws put in force by the Obama administration in 2015. The draft proposal will be voted upon by FCC by the end of the year and considering the FCC has a Republican majority under Ajit Pai, the proposal is likely to pass.

The draft removes almost every net neutrality rule from 2015, making ISPs the gatekeepers of the internet. It states internet providers will have the freedom to implement fast and slow speed lanes, prioritise traffic and block apps and services. The only rule they have to follow -- publicly disclose when they are doing any of the things stated above.

Executive director of the Centre for Internet and Society, Sunil Abraham elaborated on what's on Pai's mind.

"Ajit Pai's ideology is pro-market. He believes the market will sort all problems out. According to Pai, the magic of competition will eliminate all the harms emerging from net neutrality violation," he said.

"Pai has said, you do what you want to do, but you have to disclose that to the public. You can block, throttle, have fast lanes, prioritise traffic, have discriminatory pricing, but you disclose them. If the customer doesn't like it, he can swith to another network. Pai believes the transparency requirements will allow the magic of the market to diminish and eliminate harm. His regulation of net neutrality is transparency," Abraham further added.

However, such a move will have drastic effects on the free flow of internet traffic. Telecom companies and ISPs can handpick services by charging customers to access some sites or by slowing down the speeds of others. For instance, ISPs can make consumers pay more to watch high-quality content on Netflix.

With net neutrality rules repealed, the internet will become a pay-to-play service. It will essentially divide the internet into fast and slow lanes. One will be a speedy service that could be priced higher and another, much slower and cheaper. While big players like Amazon, Facebook, Google, Netflix and the likes can easily pay the higher fees and stay unfettered, newcomers and smaller players will have it tough. Although, the move will lead to cuts in profits for everyone. A higher price to consumers will eat into the user base of these companies, while startups and new voices in the media will find entry and success prohibitive.

Although it’s true that no single ISP in the US has the entire market to itself and the market is indeed divided into a handful of players, they do operate in a de facto monopolised way. How? ISPs in the US have sliced up the entire country into areas such that users in a particular area have only one choice of service provider. That essentially leaves users at the mercy of whatever Comcast or Spectrum is offering (or not offering).

By putting the net neutrality rules in place in 2015, the US had ensured these ISPs won’t do anything grossly uncompetitive. The current rules make broadband in the country a public utility, same as electricity. And now, Ajit Pai-led FCC is about to repeal those very rules that kept them grounded.

Will the FCC ruling make apps and services expensive in other countries?

While Pai’s jurisdiction does not extend beyond the United States, his tirades against a free internet will most definitely have rippling effects across the world. More importantly, it will raise the cost of operations of companies like Netflix and Amazon who will have to hire legal experts and lobbyists to negotiate deals with service providers. That extra cost will be burdened on the US consumers of course, but since they have a large international presence, it is likely that the extra cost will trickle down to users outside the US as well.

And that’s not just the streaming companies. All the tech giants hail from the US and it is only logical that a rise in their costs of operation will have an impact on their global operations.

Although, if the level playing field in the US is disrupted, companies will look for greener pastures and if that means moving out of the US to other countries, it could happen.

How will FCC’s decision impact India?

While US is grappling with such a reality, Indians fought against it and won. Or did they? Last year, after Airtel and Facebook were asked to drop their plans for differential pricing, TRAI released a paper on net neutrality and differential pricing to finalise its views on the matter. The regulatory body released a 14-question long consultation paper seeking comments on internet traffic management from the public.

“Increasingly, concerns have been raised globally relating to discriminatory treatment of Internet traffic by access providers. These concerns relating to nondiscriminatory access have become the centre of a global policy debate. The purpose of this second stage of consultation is to proceed towards the formulation of final views on policy or regulatory interventions, where required, on the subject of NN,” the paper read.

“Net Neutrality being repealed in the US will hurt innovation in that country, and will lead to a consolidation of power with those Internet companies which have the money to partner with US carriers. This hurts Indian product startups, because it means that their apps may not be as easily available to users in the US. The Internet is one world, and we need the same Internet to be available everywhere, across the world: one Internet for the entire world,” Nikhil Pahwa, Co-Founder of Internet Freedom Foundation told Digit.

That means, essentially, the debate on net neutrality is not over in India. In fact, both RS Sharma, the Chairman of TRAI and FCC’s Ajit Pai agree on the need to bridge the digital divide. Both are exploring ways to keep the internet open while providing access to the unconnected. Thankfully, both differs on the approach to meet that goal.

Pai believes the internet should be left unregulated despite the “hypothetical harms” to the consumer. He thinks the current rules were put in place to avoid theoretical harms which were not based on hard evidence. Pai claims there should be evidence-based regulation of the internet.

Sharma, in contrast, disagrees on an evidence-based approach.

“The TRAI's view of Net Neutrality has so far been diametrically opposite to Ajit Pai's FCC, and with good reason. Net Neutrality ensures that all ISPs and telecom operators act as exchanges of data between users, and do not discriminate on the basis of the type or source of that data. This allows for permission-less innovation on the Internet, which has given us the Internet that we have today,” Pahwa added.

Will India’s stance on net neutrality change after the FCC’s decision?

Rajan Mathews, Director General of Cellular Operators Association of India believes the FCC’s decision will no doubt have some impact on the path India takes.

“I think the policymakers will look at the decision the US makes. They had taken their decision as a point of reference before and the FCC’s ruling is too large an issue to not look at it. Both the DoT (Department of Telecom) and TRAI will have to reevaluate their approach in the context of the what happens in the US,” he said.

“Net neutrality approach in both countries is still in flux and India is going to tread lightly on net neutrality issues,” he added. As per Mathews, in India, the situation is different from the US where a handful of telecom companies and ISPs wield control of the entire country. In India, there is a licensed environment which provides a minimal standard of net neutrality, which is applied across the board and everybody who is providing a similar service is made to follow similar guidelines.

However, Mathews did attribute India’s efforts to enforce net neutrality to the United States’ efforts to place the rules in the first place in 2015 under the Obama administration, when internet was deemed as a public utility, same as electricity or telephone.

“Net neutrality in India emerged from the US definition. Now that they are going to repeal it, people in India who were looking at the US as a model will evaluate the implications of the move,” Mathews elaborated.

The US is looking to implement an ex-post approach to regulating the internet wherein the ISPs and telcos will adopt a free market approach and will only be investigated if they violate a rule. India, Mathews says, is adopting an ex-ante approach where there will be some commonly accepted criteria of net neutrality, but operators will have the ability to manage their traffic to ensure quality of service.

Minister of Information and Broadcasting, Ravi Shankar Prasad also helped alleviate fears of India following suit. During the Global Summit for Cyberspace Security held yesterday, he said, "The citizens' right of accessing the internet is "non-negotiable" and the government will not allow any company to restrict people's entry to the worldwide web."

Prime Minister Narendra Modi also came in support of net neutrality in India. He tweeted, "The internet, by nature, is inclusive and not exclusive. It offers equity of access and equality of opportunity."

Pahwa, who fought hard against Airtel and Facebook to ensure the internet remains neutral, was confident the decision won’t affect India’s stance on net neutrality. However, he is apprehensive that Indian telecom companies might borrow a leaf from their US counterparts and lobby hard to repeal the rules.

“I don't think the FCC decision affects the Indian regulation in any way, because the Indian regulator TRAI has already established strong and well rooted principles for Net Neutrality regulations in India. The only thing that worries me is that Indian telecom operators will use the developments in the US to push back against Net Neutrality with renewed vigour,” he said.

So, on the face of it, while India is well insulated from the catastrophe the United States has embarked upon, it is important to watch what the US is doing closely and make sure we don’t repeat their mistakes here.

For more details visit https://cis-india.org/internet-governance/news/digit-subhrojit-mallick-november-24-2017-why-should-you-keep-a-close-eye-on-net-neutrality-debate-in-us

Govt working to set up financial CERT to tackle cyber threats

Admin — 2017-11-25T02:28:18Z

IT secretary Ajay Prakash Sawhney says the government is getting the framework in place for financial CERT, which will be followed by other sectoral CERTs later.

The article by Komal Gupta was published in Livemint on November 16, 2017

The government is working to set up a financial Computer Emergency Response Team (CERT) to tackle a rise in cyber threats to India’s financial institutions.

This will be the first sectoral CERT to be introduced in India, said IT secretary Ajay Prakash Sawhney on Wednesday.

“Right now, the one which is directly being worked on is the financial CERT. We are getting the framework in place and once that is there, we will look at other sectors, said Sawhney, responding to a question on the progress of setting up of sectoral CERTs in the country. “It will oversee the entire financial sector including banks and financial institutions,” he added.

He was addressing the Asia Pacific Computer Emergency Response Team (APCERT) Open Conference in the capital on Wednesday.

In March, the power ministry had announced setting up of four sectoral CERTs for cyber security in power systems—CERT (Transmission), CERT (Thermal), CERT (Hydro) and CERT (Distribution).

According to Sawhney, as of now, there is a national CERT and no other sectoral CERTs. While addressing the conference, he said one of the themes to be discussed will be “How sectoral CERTs can function in conjunction with the national CERT.”

CERT-In is the national nodal agency under the ministry of electronics and IT (MeitY), which deals with cyber security threats such as hacking and phishing. The agency is tasked with the collection, analysis and dissemination of information on cyber incidents and even taking emergency measures for handling cyber security incidents.

“The biggest task of sectoral CERT is to share information with the others in the industry. For example, if a bank undergoes an attack; normally the bank will perform all the necessary actions to limit the attack and to prevent it from happening in the future. But the obligation of sharing how the attack happened with all the other banks in India to make sure that they can protect their respective systems from such an attack, can be carried out by a financial CERT,” said Udbhav Tiwari, programme manager at the Centre for Internet and Society, a Bengaluru-based think tank

“From April to October 2017, around 50,000 cyber security incidents have been handled by CERT-In; including phishing, malware attacks, attacks on digital payments and targeted attacks on some of the critical industries,” said cyber security chief Gulshan Rai, who was also present at the event.

A total of 50 incidents of cyber attacks affecting 19 financial organizations have been reported from 2016 till June 2017, PTI reported in August.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-16-2017-komal-gupta-govt-working-to-set-up-financial-cert-to-tackle-cyber-threats

Roundtable on Data Integrity and Privacy

Admin — 2017-11-25T02:17:13Z

Amber Sinha attended a roundtable on data integrity and privacy organized by the Observer Research Foundation (ORF) on November 18, 2017 in New Delhi. The round table discussion was chaired by Shri Baijayant Panda, Hon'ble Member of Parliament.

With the 10-member committee headed by former Justice B.N. Srikrishna being mandated to recommend principles for a new data protection bill, the time is ripe for online platforms, service providers and citizen stakeholders to discuss what the substantive elements of the new data protection law should look like.

Regulatory principles around data should be informed by the impetus for innovation, the responsibility to deliver social benefits and most importantly the users’ expectation of privacy. Increasingly, the nature and number of actors collecting and processing user data is becoming unclear. The new data protection framework must clarify the relationship between the user and apps/ mobile platforms that collect her data, but should do so while acknowledging the heterogenous nature of the Indian digital economy, comprising operating systems, platforms and devices of varying security and sophistication.

To kick-start this project, ORF hosted a roundtable chaired by Shri Baijayant Panda to hear from a diverse set of stakeholders to understand what direction the data privacy regime in India should take. The roundtable took place at the Viceroy, Claridges Hotel, 12, Dr APJ Abdul Kalam Road, New Delhi, Delhi 110011.

The roundtable broadly covered the following aspects –

Role of user consent and choice
Importance of cross border data flows
Appropriate regulatory authority
International best practices and relevance to the Indian context
Reasonable restrictions
Private-public collaboration

For more details visit https://cis-india.org/internet-governance/news/roundtable-on-data-integrity-and-privacy

Internet Universality Indicators for a Safe, Secure and Inclusive Cyberspace for Sustainable Development

Admin — 2017-11-25T02:04:54Z

Amber Sinha attended an event organized by UNESCO in collaboration with the Ministry of Electronics and IT, Government of India in the run-up to the 5th Global Conferene on Cyberspace (GCCS 2017) on November 17, 2017 at UNESCO Conference Room in Chanakyapuri, New Delhi.

Agenda here

For more details visit https://cis-india.org/internet-governance/news/internet-universality-indicators-for-a-safe-secure-and-inclusive-cyberspace-for-sustainable-development