We are anonymous, we are legion

The rise of India’s typography community

Admin — 2017-08-07T15:17:25Z

Meet India’s typography community, as they adapt regional language scripts for the digital age and take their passion mainstream.

Seven hundred and eighty languages and 400 scripts: that’s the number the People’s Linguistic Survey of India identified in 2013. Of these, how many scripts do we see daily? Giving text a unique ‘voice’ are typefaces and fonts, created by type designers across the world. It’s safe to say that India is a prime player in this market because of the sheer number of languages we have. Satya Rajpurohit, founder of Ahmedabad-based Indian Type Foundry (ITF), knows this all too well. His family of fonts, called Kohinoor, is what your Apple device is probably displaying every time you look at regional text.

Innovate and experiment

“Designing Indic fonts is tricky; languages that have nothing in common script-wise — like Hindi and Gujarati — should complement each other,” he explains. After getting a global brand to license ITF’s fonts (his other clients include Google, Samsung and Sony), he invested $3 million of his own money in creating fontstore.com, India’s first subscription-based model. Launched early July, he says, “It works like Netflix for fonts: pay a monthly commitment of around $15 and use as many as you need. Within the first month, we’ve had 300 subscribers.” It took 35 designers working for two years to design the commissioned fonts that are available exclusively on the site; more will be added periodically to expand the library.

This propensity to innovate is not uncommon among the Indian type community. Shiva Nallaperumal from Chennai was on the Forbes 30 Under 30 list this year, for being the youngest Indian recipient, at 24, of the SOTA (Society of Typographic Aficionados) Catalyst Award. A graduate of Maryland Institute College of Art, USA, he recently launched Calcula, his latest experimental typeface, in collaboration with a Dutch type foundry, Typotheque. “It also involved coding (done by a partner), as it engineers itself while you type to fit into the letters on either side. It was just a project in pushing boundaries; now, the market will have to find uses for it,” he shares.

Going public

Today, the interest in Indic types is on the rise, thanks to this emerging community of designers. Public demonstrations are also fuelling curiosity. “In Delhi, we organise Typerventions, where we meet common people in a public space and make font installations,” says designer Pooja Saxena, who created a Santhali font. These interventions include writing words with pieces of watermelon and stencilling the word “petrichor” on the road in water and watching it evaporate in the Delhi heat. “There are also typography boot camps and workshops in March, around World Typography Day,” she says, which are surprisingly well-attended.

In Mumbai, type design studio Mota Italic, run by Rob Keller and Kimya Gandhi, organises Typostammtisch (pronounced too-poe-shtaam-tish) events — there’s one happening today at 5 pm at the Doolally Taproom in Colaba. Groups of at least 30 people come together for each meet, invariably held at a pub and featuring lively show-and-tell presentations and games using regional script. “This week, we’ve planned a Type Tour of India,” says Keller.

Latin vs Indic

Regional languages in India were first set to type by the British, which resulted in some bastardisation of the script. Nallaperumal explains, “South Indian scripts are written with a scribe, so it is a single line with no contrast. Devanagiri is more calligraphic because of the pens they are written with. The person who made the first Tamil fonts did not get that. He applied the calligraphic logic to our languages, resulting in varying thickness in each character, which actually does not exist.” But it’s too late to go back to the original, as people wouldn’t be able to recognise it, feel the designers. “We need to improve what people are comfortable with right now. Designing one Indian typeface is more difficult than Latin. With English, you’re done with 26 letters; Indian languages have around 800 characters each, most of which are complicated,” says Rajpurohit.

Regional type was also constrained by the cost of the technology involved, and restricted to the machines that were used to develop them. Aurobind Patel, design consultant for leading Indian and UK newspapers, says, “Font development is now much more accessible, and thanks to smartphones, there’s a need for type that translates the same way across devices. Google has pumped in enormous amounts of money to create fonts, even in dying languages that literally have a handful of readers to ensure that any search that pops up on their engine looks authentic.” However, the challenge in creating typefaces for uncommon Indic languages is immense. Saxena knows the difficulties all too well, as she worked for two and a half years to design the Santhali font, commissioned by The Centre for Internet and Society (they were creating a Wikipedia site in the language). “It needed a lot of hands-on research, looking at old printing materials, talking to readers and writers, getting their feedback on how it should look,” she says.

On the web

The growth of Indic is, unsurprisingly, coming at a most opportune time. While a 1997 study by Babel, a joint initiative of the Internet Society and Montreal-based Alis Technologies, showed that in the mid 1990s English made up almost 80% of the Internet, today, according to internetworldstats.com, that’s down to 30%. A paper presented at a social media conference in Barcelona in 2011 found that 49% of all tweets were in languages other than English. And, closer home, a NASSCOM-Akmai Technologies report released last August said that by 2020, there will be an estimated 730 million Internet users in India — and of the new users, 75% will access it from rural India, and a similar number will engage using local languages.

Sarang Kulkarni, founder of EkType, a Mumbai-based foundry that focuses on Indian type, explains, “These numbers are attracting international attention: around 25 countries are developing Indian typefaces, including China.”

Looking back

Earlier this year, the story of designer Robert Green and the beautiful Doves Type that he recovered from the bottom of the Thames River was doing the rounds on social media. In 2016, designer Steve Welsh ran a Kickstarter campaign to revive a font called Euclid — it is now called Lustig Elements, after its designer. “Many familiar typefaces in use today are preserved or were revived from earlier eras. Baskerville and Garamond — eighteenth and sixteenth century typefaces, respectively — were revived at the beginning of the 20th century. Then there are updated derivatives of old types, like the ubiquitous Times New Roman, which itself is a hybrid of Robert Granjon’s 16th century designs and (again) Baskerville,” says Green, on what we can learn from older types.

While there is not much revival of fonts happening in India — considering that our history of type goes back a couple of centuries, it’s understandable — typography has made its way into pop culture. At EkType, Kulkarni has worked with Hanif Kureshi, of Kyoorius Designyatra, to digitise hand-painted lettering, thus preserving the typographic practice of street painters around the country. “As technology advances, 3D typefaces can be used online and in word processing software as well,” says Kulkarni.

In the classroom

Education in type design, including at University of Reading’s MA Typeface Design course, is Latin-centric. “We are not taught to design in Indian script. There might be a small workshop, but in formal education we are only taught to design in English,” says Saxena, an MATD graduate.

Vaibhav Singh, another Reading scholar, who has designed fonts for Adobe, agrees. “Young designers require reliable sources of information to inform their practice and those are few and far between,” he says. Stating that historical research is patchy at the moment, he feels postgraduate and doctoral theses coming from design schools are beginning to form a base for future work. “Histories of printing usually steer clear of technology, design, and production – and this is an area where interdisciplinary collaboration will add to our knowledge of India’s typographic history,” he says.

To this end, Singh has started a publishing imprint and a journal called Contextual Alternate, launching next year, to address the lack of scholarly research.

Pop goes the type

Brands like Mumbai-based Kulture Shop have made typography cool; they also function as a collective, with over 40 artists contributing to the designs on six product lines. Co-founder Kunal Anand says, “Typography and words have a way of cutting through the noise. You can show an image that can capture a thousand words but when you say something using typography, the subtleties of a letter can change the word entirely.” He adds that people can link their identity to typography, literally wearing it on their sleeve. Kochi-based Teresa George, who runs ViaKerala and the Malayalam Project, says that when it comes to Kerala, script is enmeshed in the culture. “Type can be an extension of who we are. For the younger generation, it’s a way of connecting to their roots,” she says.

This kind of interest is important, as the type we see around us is ubiquitous, says Mahendra Patel, former principal designer at National Institute of Design, Ahmedabad.

“The simple life is the most difficult life. Within the limitations that older foundries had, they created beautiful types. Now in the digital age, we have a certain sense of responsibility towards these classical and historical fonts, and it’s important to go back and revive them. At the same time, there are plenty of new fonts coming out. For me, both are right. There is enough space for both revival and new approaches.”

Basics of type design

Typeface is a collection of fonts: the former is like an album, the latter, the songs. For example, Helvetica is a typeface and Helvetica Bold is a font.

Fonts are designed based on what they are going to be used for. This includes the spacing between each letter combination, and the height and length of the ascenders and descenders.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-susanna-myrtle-lazarus-august-4-2017-the-rise-of

Privacy is not a unidimensional concept

amber — 2017-08-07T08:02:20Z

Right to privacy is important not only for our negotiations with the information age but also to counter the transgressions of a welfare state. A robust right to privacy is essential for all citizens in India to defend their individual autonomy in the face of invasive state actions purportedly for the public good. The ruling of this nine-judge bench will have far-reaching impact on the extent and scope of rights available to us all.

This article, written by Amber Sinha was published in the Economic Times on July 23, 2017.

In a disappointing case of judicial evasion by the apex court, it has taken over 600 days since a reference order passed in August 11, 2015, for this bench to be constituted. Over two days of arguments, the counsels for the petitioners have presented before the court why the right to privacy, despite not finding a mention in the Constitution of India, is a fundamental right essential to a person’s dignity and liberty, and must be read into not one but multiple articles of the Constitution. The government will make its arguments in the coming week.

One must wonder why we are debating the contours of the right to privacy, which 40 years of jurisprudence had lulled us into believing we already had. The answer to that can be found in a series of hearings in the Aadhaar case that began in 2012. Justice KS Puttaswamy, a former Karnataka High Court judge, filed a petition before the Supreme Court, questioning the validity of the Aadhaar project due its lack of legislative basis (since then the Aadhaar Act was passed in 2016) and its transgressions on our fundamental rights. Over time, a number of other petitions also made their way to the apex court, challenging different aspects of the Aadhaar project. Since then, five different interim orders by the Supreme Court have stated that no person should suffer because they do not have an Aadhaar number. Aadhaar, according to the court, could not be made mandatory to avail benefits and services from government schemes. Further, the court has limited the use of Aadhaar to specific schemes: LPG, PDS, MGNREGA, National Social Assistance Programme, the Pradhan Mantri Jan Dhan Yojna and EPFO.

The real spanner in the works in the progress of this case was the stand taken by Mukul Rohatgi, then attorney general of India who, in a hearing before the court in July 2015, stated that there is no constitutionally guaranteed right to privacy. His reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, Rohatgi claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench.

The reference to a larger bench has since delayed the entire matter, even as a number of government schemes have made Aadhaar mandatory. This reading of privacy as a unidimensional concept by the courts is, with due respect, erroneous. Privacy, as a concept, includes within its scope, spatial, familial, informational and decisional aspects. We all have a legitimate expectation of privacy in our private spaces, such as our homes, and in our personal relationships. Similarly, we must be able to exercise some control over how personal data, like our financial information, are disseminated. Most importantly, privacy gives us the space to make autonomous choices and decisions without external interference. All these dimensions of privacy must stand as distinct rights. In MP Sharma, the court rejected a certain aspect of the right of privacy by refusing to acknowledge a right against search and seizure. This, in no way prevented the court, even in the form of a smaller bench, from ruling on any other aspects of privacy, including those that are relevant to the Aadhaar case.

The limited referral to this bench means that the court will have to rule on the status of privacy and its possible limitations in isolation, without even going into the details of the Aadhaar case (based on the nature of protection that this bench accords to privacy, the petitioners and defendants in the Aadhaar case will have to argue afresh on whether the project does impede on this most fundamental right). There are no facts of the case to ground the legal principles in, and defining the contours of a right can be a difficult exercise. The court must be wary of how any limits they put on the right may be used in future. Equally, it is important to articulate that any limitations on the right to privacy due to competing interests such as national security and public interest must be imposed only when necessary and always be proportionate.

It will not be enough for the court to merely state that we have a constitutional right to privacy. They would be well advised to cut through the muddle of existing privacy jurisprudence, and unequivocally establish the various facets of the right. Without that, we may not be able to withstand the modern dangers of surveillance, denial of bodily integrity and self-determination through forcible collection of information. The nine judges, in their collective wisdom, must not only ensure that we have a right to privacy, but also clearly articulate a robust reading of this right capable of withstanding the growing interferences with our autonomy.

For more details visit https://cis-india.org/internet-governance/privacy-is-not-a-unidimensional-concept

High Level Comparison and Analysis of the Use and Regulation of DNA Based Technology Bill 2017

elonnai — 2017-08-11T02:16:52Z

This blog post seeks to provide a high level comparison of the 2017 and 2015 DNA Profiling Bill - calling out positive changes, remaining issues, and missing provisions.

In July 2017 the Law Commission published a report on DNA profiling and the “Draft Use and Regulation of DNA Based Technology Bill 2017”. India has been contemplating a draft DNA Profiling Bill since 2007. There have been two publicly available versions of the bill, 2012, and 2015, and one version in 2016. In 2013, the Department of Biotechnology formulated an Expert Committee to discuss different aspects and issues raised regarding the Bill towards finalizing the text. The Centre for Internet and Society was a member of the Expert Committee, and in its conclusion, issued a note of dissent to the Expert Committee for DNA Profiling.

This post provides a high level overview of the Use and Regulation of DNA Based Technology Bill 2017 and calls out positive changes from the 2015 Bill, remaining issues, and missing provisions. The post also calls out if, and where, CIS's recommendations to the Expert Committee have been incorporated.

If enacted, the 2017 Bill will establish national and regional DNA data banks that will maintain five different types of indices: a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. The data banks will be led by a Director, responsible for communicating information with requesting entities, foreign states, and international organizations. Information relating to DNA profiles, DNA samples, and records maintained in a DNA laboratory can be made available in six instances: to law enforcement and investigating agencies, in judicial proceedings, for facilitating prosecution and adjudication of criminal cases, for taking defence of an accused, for investigation of civil disputes, and other cases which might be specified by regulations. Offences related to unauthorized disclosure of information in the DNA data bank, obtaining information from DNA data banks without authorization, unlawful access to information in the DNA Data Bank, using DNA sample or result without authorization, and destroying, altering, contaminating, or tampering with biological evidence.

Below are some key positive changes from the 2015 Bill, remaining issues, and missing safeguards from the 2017 Bill:

Positive Changes: The Bill contains a number of positive changes from the 2015 draft. Key ones include:

Consent: Section 21 prohibits the taking of samples from arrested persons without consent, except in the case of a specified offence - a specified offence being any offence punishable with death or imprisonment for a term exceeding seven years. If consent is refused, a magistrate can order the taking of the sample. This can be in the case of any matter listed in the Schedule of the Act. Section 22 provides for consent from volunteers. It is important to note that despite being an improvement from the 2015 Bill, which did not address instances of collection with our without consent, this provision is still broad as the list of offences under the Schedule is expansive and can be further expanded by the Central Government. Furthermore, the Magistrate can overrule a refusal of consent of the parent or guardian of a voluneet who is a minor, which does not provide adequate protection to childrens' rights.
Deletion: Section 31 defines instances for deletion of suspect profiles, under trial profiles, and all other profiles. Though a step in the right direction, as the 2015 Bill only addressed retention and deletion of the offenders index, this provision does not address the automatic removal of innocents.
Purpose limitation: Section 33 limits the purpose of profiles in the DNA Data Bank to that of facilitating identification. This is a positive step from the 2015 Bill - which enabled use of DNA profiles for the creation and maintenance of a population statistics data bank. Section 34 also limits the purposes for which information relating to DNA profiles, samples, and records can be made available.
Destruction of samples: Section 20 defines instances for destruction of DNA samples. Destruction of samples was not address in the 2015 Bill, and is an important protection as it prevents samples from being re-analyzed.
Comparison of profiles: Section 29 clarifies that if the individual is not an offender or a suspect, their information will not be compared with DNA profiles in the offenders’ or suspects index. This creates an important distinction between types of indices held in the data bank and the purpose for the same i.e missing persons are not treated as potential offenders. In the 2015 Bill, profiles entered in the offenders or crime scene index could be compared by the DNA Data Bank Manger against all profiles contained in the DNA Data Bank.
Re-testing: Section 24 allows for an accused person to request for a re-examination of fresh bodily substances if it is believed the sample has been contaminated. The closest provision to this in the 2015 was the creation a post - conviction right for DNA profiling - which is now deleted. It is important to note that fresh samples can easily be obtained from individuals, but if contamination happens at a crime scene, it is much more difficult to obtain a fresh sample.
Limiting Indices and including a crime scene index: The 2017 Bill limits the number of indices to five - a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. This is an improvement from the 2015 Bill which provides for the maintenance of indices in the DNA Bank and includes a missing person’s index, an unknown deceased person’s index, a volunteers’ index, and such other DNA indices as may be specified by regulation.

Remaining Issues: There are some remaining issues in the 2017 Bill. Some of these include:

Delegating and Expanding through Regulation: The Bill delegates a number of procedures to regulation - many which should be in the text of the Bill. For example: the format for receiving and storing DNA profiles, and additional criteria for entry, retention, and deletion of DNA profiles. Furthermore, a number of provisions allow for expansion through regulation. For example, the sources from which DNA can be collected from to be expanded as specified by regulations. Further purposes for making DNA profiles available can be defined by regulation. Important procedures such as privacy and security safeguards are also left to regulation.
Broad Powers and Composition of the Board: The Bill designates twenty one responsibilities to the Board. As pointed out in 1, many of these should be detailed in the text of the legislation.

While serving on the Expert Committee,CIS recommended that the functions of the DNA Profiling Board should be limited to licensing, developing standards and norms, safeguarding privacy and other rights, ensuring public transparency, promoting information and debate and a few other limited functions necessary for a regulatory authority. This recommendation has not been incorporated.

Ideally, the Board should also include privacy experts, an expert in ethics, as well as civil society. Towards this, the Board should be comprised of separate Committees to address these different functions. There should be a Committee addressing regulatory issues pertaining to the functioning of Data Banks and Laboratories and an Ethics Committee to provide independent scrutiny of ethical issues.

As a positive note, the reduction of the size of the Board was agreed upon by the Expert Committee from 16 members (2012 Bill) to 11 members. This reccomendation has been incorporated.

CIS also provided language regarding how the Board could consult with the public:The Board, in carrying out its functions and activities, shall be required to consult with all persons and groups of persons whose rights and related interests may be affected or impacted by any DNA collection, storage, or profiling activity. The Board shall, while considering any matter under its purview, co-opt or include any person, group of persons, or organisation, in its meetings and activities if it is satisfied that that person, group of persons, or organisation, has a substantial interest in the matter and that it is necessary in the public interest to allow such participation. The Board shall, while consulting or co-opting persons, ensure that meetings, workshops, and events are conducted at different places in India to ensure equal regional participation and activities. This language has not been fully incorporated

Lack of Authorization Procedure: Though the Bill defines instances of when DNA information can be made available, it fails to establish or refer to an authorization process for making information available and the decision currently seems to rest with the DNA Bank Director.
Expansive Schedule: The Bill creates a schedule containing a list of matters for DNA testing which includes whole acts and a range of civil disputes and matters that are broad and do not relate to criminal cases - most notably “issues relating to immigration or emigration and issues relating to establishment of individual identity.”
Unclear Data Stored: Though the Bill clarifies the circumstance that the identity of the individual will be associated with a profile, it allows for ‘information of data based on DNA testing and records relating thereto” to be stored, yet it is unclear what information this would entail.
Lack of procedures for chain of custody: Presently, the Bill defines quality assurance procedures for a sample that is already at the lab. There are no provisions defining a process for the examination of a crime scene and laying down standards for the chain of custody of a sample from the crime scene to a DNA laboratory.

Missing Safeguards:

There are some safeguards that, if added, would strengthen the Bill and ensure rights to the individual:

Notification to the individual: There are no provisions that ensure that notification is given to an individual if his/her information is accessed or made available.
Right to challenge: There are no provisions that give the individual the right to challenge the storage of their DNA.
Established profiling standard: Though the Law Commission report refers to the 13 CODIS standard, the Bill does not mandate the use of the 13 CODIS profiling standard.
Reporting standard: There are no standards for how matches or other information should be communicated from the DNA director to the authority or receiving entity including instances of partial matches.
Right to access and review: There are no provisions that allow an individual to review his/her information contained in the regional or the national database.
Lack of costing: There is no cost estimate in the report or a requirement for one to be carried out.
Study for the potential for false matches: This must consider the size of the population and large family size, i.e. relatively large numbers of closely related people and is particularly necessary given the the size over population as large as India's.

Importantly, in the DNA Expert Committee, CIS requested the Expert Committee that the Bill be brought in line with the nine national principles defined in the Report of Experts on Privacy led by Justice AP Shah. These include the principles of notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness, and accountability. These principles have not been fully incorporated.

For more details visit https://cis-india.org/internet-governance/blog/high-level-comparison-and-analysis-of-the-use-and-regulation-of-dna-based-technology-bill-2017

Workshop on Public Open Wi-Fi Pilot

Admin — 2017-08-04T02:14:13Z

Pranesh Prakash was a speaker at the Workshop on Public Open Wi-Fi Pilot organized by the Telecom Regulatory Authority of India on July 25, 2017.

Telecom Regulatory Authority of India (TRAI) released a consultation paper on “ Proliferation of Broadband through Public Wi-Fi Networks” on 13th July 2016 realizing the importance of public Wi-Fi networks as complementary to existing landline and cellular mobile infrastructure in improving broadband penetration and adoption in the country. A few of the important issues pointed out in the consultation paper for a successful, scalable and sustainable public Wi-Fi infrastructure in the country include (i) technical interoperability and seamless connectivity of Wi-Fi networks (ii) innovative payment, commercialization, and monetization models; and (iii) collaborative partnerships between various entities of the ecosystem. For more info click here.

Pranesh's talk was based on two submissions: Proliferation of Broadband through Public WiFi Networks and Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks made earlier to TRAI.

For more details visit https://cis-india.org/internet-governance/news/workshop-on-public-open-wi-fi-pilot

OHD on Consultation Paper on Net Neutrality

Admin — 2017-08-04T02:14:46Z

Pranesh Prakash was a speaker at the OHD on Consultation Paper on Net Neutrality organized by Telecom Regulatory Authority of India on July 25, 2017 in Bengaluru.

Click to see the consultation paper. Pranesh's comments at the event followed the lines of the submission made earlier. The submissions can be accessed on this page.

For more details visit https://cis-india.org/internet-governance/news/ohd-on-consultation-paper-on-net-neutrality

Should an Inability to Precisely Define Privacy Render It Untenable as a Right?

amber — 2017-08-04T01:49:56Z

The judges may still be able to articulate the manner in which limits for a right to privacy may be arrived at, without explicitly specifying them.

The article was published in the Wire on August 2, 2017.

Ludwig Wittgenstein wrote in his book, Philosophical Investigations, that things which we expect to be connected by one essential common feature, may be connected by a series of overlapping similarities, where no one feature is common. Instead of having one definition that works as a grand unification theory, concepts often draw from a common pool of characteristics. Drawing from overlapping characteristics that exist between family members, Wittgenstein uses the phrase ‘family resemblances’ to refer to such concepts.

In his book, Understanding Privacy, Daniel Solove makes a case for privacy being a family resemblance concept. Responding to the discontent in conceptualising privacy, Solove attempted to ground privacy not in a tightly defined idea, but around a web of diverse yet connected ideas. Some of the diverse human experiences that we instinctively associate with privacy are bodily privacy, relationships and family, home and private spaces, sexual identity, personal communications, ability to make decisions without intrusions and sharing of personal data. While these are widely diverse concepts, intrusions upon or interferences with these experiences are all understood as infringements of our privacy.

Other scholars too have recognised this dynamic, evolving and difficult to pinpoint nature of privacy. Robert Post described privacy as a concept “engorged with various and distinct meanings.” Helen Nissenbaum advocates a dynamic idea of privacy to be understood in terms of contextual norms.

The ongoing arguments in the Supreme Court on the existence of a constitutional right to privacy can also be viewed in the context of the idea of privacy as a family resemblance concept. In their arguments, the counsels for the petitioners have tried to make a case for privacy as a multi-dimensional fundamental right. Senior advocate Gopal Subramanium argued before the court that privacy inheres in the concept of liberty and dignity under Constitution of India, and is presupposed by various other rights such as freedom of speech, good conscience, and freedom to practice religion. He further goes on say that there are four aspects to privacy – spatial, decisional, informational and the right to develop personality. Shyam Divan, also arguing for the petitioners, further added that privacy includes the right to be left alone, freedom of thought, freedom to dissent, bodily integrity and informational self-determination.

When the chief justice brought up the need to define the extent of the right to privacy, the counsels raised concerns about the right being defined too specifically. This reluctance was borne out of the recognition that by its very nature, the right to privacy is a cluster of rights, with multiple dimensions manifesting themselves in different ways depending on the context. Both advocates, Subramaniam and Arvind Datar, argued that court must not engage in an exercise to definitively catalog all the different aspects of the right, foreclosing the future development of the law on point. This reluctance was also a result of the fact that the court has isolated the question of the existence of the right to privacy and how it may apply in the case of the Aadhaar project. Usually judges are able to ground legal principles in the relevant facts of the case while developing precedents. The referral to this bench is only on the limited question of the existence of a constitutional right to privacy. Therefore, any limits that are articulated by the court on the right exist without the benefit of a context.

On the other hand, the Attorney General (AG) argued that this very aspect of privacy was a rationale for not declaring it a fundamental right. At various points during the arguments, he indicated that the ambiguous and vague nature of the concept of privacy made it unsuitable as a fundamental right. Similarly, Tushar Mehta, arguing for Unique Identification Authority of India, also sought to deny privacy’s existence as a fundamental right as it is too subjective and vague.

The above argument assumes that the inability to precisely define privacy renders its untenable as a right. The key question is whether this lack of a common denominator makes privacy too vague a right, liable to expansive misinterpretations. Conceptions that do not have fixed and sharp boundaries, are not boundless. What it means is that the boundaries can often be fuzzy and in a state of constant evolution, but the limits and boundaries always exist.

At one point during the hearings, Justice Rohinton Nariman wanted the counsels to work on the parameters of challenge for state action with respect to privacy. As mentioned earlier, in the absence of facts to work with, such an exercise is fraught with risks. However, the judges may still be able to articulate the manner in which such limits may be arrived at, without specifying them. Justice Nariman himself later agrees that the judicial examination must proceed on a case by case basis, taking into account not only the tests under Article 14,19 and 21 under which petitioners have tried to locate privacy, but also under any other concurrent rights which may be infringed.

The AG also argued that the infringement of privacy in itself does not amount to a violation of the rights under Article 21, rather in some cases the transgressions on privacy may lead to an infringement of a person’s right to liberty and only in such cases should the fundamental rights be invoked. Thus, the argument made was that there was no need to declare privacy as a fundamental right but only to acknowledge that limiting privacy may sometimes lead to violations of the already existing rights. This argument may have been more cogent had he identified specific dimensions of privacy which, according to him, do not qualify as fundamental rights. However, this might have meant conceding that other dimensions of privacy, in fact do amount to fundamental rights.

It must be remembered that the problem of changing or multiple meanings is not limited to privacy. As the bench noted, drawing comparisons to the concepts of ‘liberty’ and ‘dignity’, these are constitutionally recognised values which equally suffer from a multitude of meanings based on context. The government’s position here is in line with critiques of privacy that Solove seeks to bust in his book. The idea of privacy evolves with time and people. And people, whether from a developed or developing polity, have an instinctive appreciation for it. The absence of a precise definition does not necessarily do great disservice to a concept, especially one that is fundamental to our freedoms.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-august-2-2017-should-an-inability-to-precisely-define-privacy-render-it-untenable-as-a-right

July 2017 Newsletter

praskrishna — 2017-08-23T02:03:19Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
In an article published in the Huffington Post on July 1, 2017, Nirmita Narasimhan stated that imposing taxes on assistive devices is unfair. It is unconscionable that disability aids and assistive technology are considered a luxury and taxed at a higher rate than rough semi-precious stones or cashew nuts. A research paper on patent working requirements and complex products in India authored by Prof Jorge L. Contreras, University of Utah, and Rohini Lakshané, CIS has been accepted for publication in the Jindal Global Law School Law Review 2017. Negotiators from 16 countries met in Hyderabad for discussing a free trade agreement titled Regional Comprehensive Economic Partnership. Anubha Sinha along with Arul George Scaria reported this in an article published by Live Law.in. Supreme Court of India while dismissing an appeal by the Indian Reprographic Rights Organization ruled that there was no copyright infringement and no licence was required since the activities fell under the education exception in Indian copyright law. In an article published by EIFL, Anubha Sinha discusses the judgment and what it means for access to educational materials in India. Odia Wikipedians, in conjunction with Indian Athletics Federation and Sports and Youth Services collaborated to document the 2017 Asian Athletics Championships. Hundreds of photos were uploaded and new Wikipedia content added to inform the event’s fans, wrote Sailesh Patnaik and Jnanaranjan Sahu in a blog post. As recently as May 27, 2016, the General Data Protection Regulation (REGULATION (EU) 2016/679 was adopted The Data Protection Directive (1995/46/EC) will be replaced by this Regulation. It is expected that under this Regulation data privacy will be strengthened. Aditi Chaturvedi analyses the developments in a report.

CIS in the news:

UIDAI declining multiple requests by police to share Indian citizens’ biometrics (Justin Lee; Biometrics; July 4, 2017).
Act now to protect yourself against future ransomware attacks (Sanjay Kumar Singh; Business Standard; July 5, 2017).
Reliance Jio data leaked on website : report (Livemint; July 10, 2017).
Supreme Court sets up constitution bench to hear Aadhaar privacy issues (Priyanka Mittal; Livemint; July 12, 2017).
Centre to form panel to 'encrypt' MGNREGA-DBT database and prevent leaks (Sanjeeb Mukherjee; Business Standard; July 14, 2017).
Calls for law change after Indians left in dark over data leaks (Rahul Bhatia and Sankalp Phartiyal; Reuters; July 14, 2017).
Indians Call For More Stringent Data Protection Laws (PYMTNS; July 17, 2017).
Social Activist Alleges Threat By Police Officer Over Possession of Aadhaar (Gaurav Vivek Bhatnagar; Wire; July 16, 2017).

Aadhaar privacy: Key issues that all Aadhaar card holders should bear in mind (Business Today, July 19, 2017).
Data in the open makes it easy for cyber criminals (Kiran Parashar KM; New Indian Express; July 26, 2017).

CIS members wrote the following articles

Why GST Is A Step Backward For The Disabled (Nirmita Narasimhan; Huffington Post; July 1, 2017).
Course Packs for Education Ruled Legal in India (Anubha Sinha; EIFL; July 12, 2017).
Digital native: Not only words (Nishant Shah; Indian Express; July 16, 2017).
Aadhar: Privacy is not a unidimensional concept (Amber Sinha; Economic Times; July 23, 2017).
RCEP IP Chapter: A Serious Threat to Access to Knowledge/ Cultural Goods? (Arul George Scaria and Anubha Sinha; July 27, 2017).
Digital native: Ever on the go (Nishant Shah; Indian Express; July 30, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Article

Why GST Is A Step Backward For The Disabled (Nirmita Narasimhan; Huffington Post; July 1, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies and Copyright

Research Paper

Patent Working Requirements and Complex Products: An Empirical Assessment of India's Form 27 Practice and Compliance (Jorge L. Contreras and Rohini Lakshané; SSRN and Jindal Global Law School Review; July 17, 2017).

Participation in Event

19th RCEP Meeting (Organized by Ministry of Commerce, Government of India; July 17 - 28, 2017; Hyderabad). Anubha Sinha participated in the meeting.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Note: The events were organized earlier but reports were published in July 2017:

Christ University Wikipedia Education Program Internship (Manasa Rao and Ananth Subray; July 5, 2017).
Christ University Wikipedia Education Program Faculty Orientation Report (Ananth Subray; July 7, 2017).
How It Came To Be: Wiki Loves Uniformed Services (Krishna Chaitanya Velaga; July 10, 2017).
Tallapaka Pada Sahityam is now on Wikisource (Pavan Santhosh; July 10, 2017).
Thematic Edit-a-thon at Yashawantrao Chavan Institute of Science, Satara (Subodh Kulkarni; July 11, 2017).
Asian Athletics Championships 2017 Edit-a-thon (Sailesh Patnaik and Jnanaranjan Sahu; July 31, 2017).

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entry

Data Protection: Understanding the General Data Protection Regulation (Aditi Chaturvedi; July 4, 2017).

Participation in Event

IViR Summer Course on Privacy Law and Policy (Organized by the University of Amsterdam; July 3 - 7, 2017; Amsterdam). Amber Sinha attended the course.

►Free Speech and Expression and Cyber Security

Participation in Events

OHD on Consultation Paper on Net Neutrality (Organized by Telecom Regulatory Authority of India; July 25, 2017). Pranesh Prakash was a speaker.
UNESCO Multistakeholder consultation at 8th Asia Pacific Regional Internet Governance Forum (APrIGF) (Organized by UNESCO; Bangkok; July 26 - 29, 2017). Sunil Abraham was a speaker. Vidhushi Marda also participated in the event.
Cybersecurity Workshop: Spotlight On GCCS 2017 (Organized by Global Partners Digital (GPD) and the Centre for Communication Governance at National Law University, Delhi, in collaboration with Digital Empowerment Foundation, Digital Asia Hub and Open Net Korea; Bangkok; July 25 - 27, 2017). Sunil Abraham was a speaker. Udbhav Tiwari and Vidushi Marda participated in the event.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Participation in Event

Workshop on Public Open Wi-Fi Pilot (Organized by Telecom Regulatory Authority of India; July 25, 2017). Pranesh Prakash was a speaker.

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Event Organized

Dr. Prerna Prabhakar - Impact of Digitisation of Land Records in Rural India (CIS, New Delhi; July 7, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/july-2017-newsletter

UNESCO Multistakeholder consultation at 8th Asia Pacific Regional Internet Governance Forum (APrIGF)

Admin — 2017-08-09T01:49:26Z

Sunil Abraham was a speaker at the APrIGF 2017 organized by UNESCO in Bangkok from July 26 to 29, 2017. Vidushi Marda also participated in the event.

UNESCO takes the occasion to present its new project “Defining Internet Universality Indicators” and engage with Asia-Pacific stakeholders, including young experts, at the 8^th Asia Pacific Regional Internet Governance Forum (APrIGF) for their inputs and contributions. This is a part of a global consultation to develop a set of Internet Universality indicators. The project is an immediate response following UNESCO’s adoption of the ‘CONNECTing the Dots’ Outcome document in 2015, where UNESCO put the concept of ‘Internet Universality’ at the heart of its work to promote an Internet that works for all. Internet universality points to four fundamental norms – known for short as the ROAM principles – which are the guiding framework that promotes an Internet based on:

Rights (R)

Openness (O)

Accessibility (A)

Multistakeholder Participation (M)

The project aims to elaborate appropriate Internet indicators, which can serve to enrich the stakeholders’ capacity for assessing Internet development, broaden international consensus, and foster online democracy and human rights towards knowledge societies engaged in sustainable development. These indicators will help governments and other stakeholders to assess their own national Internet environments and to promote the values associated with Internet Universality. Special attention will be paid to gender and to the needs and interests of children and young people. There will be a mix of quantitative and qualitative indicators. The work on the project to define Internet Universality indicators is being led for UNESCO by the Association for Progressive Communications (APC).

The 8^thAPrIGF is of high pertinence to the Internet Universality Indicators because it serves as a multi-stakeholder platform for public policy on Internet and its impact on society. It draws discussions and powers collaborations for the developments of universally affordable, accessible, non-discriminated, secure and sustainable Internet across the region, which are the focus topics of UNESCO’s multi-stakeholder consultation; as well as addressing gender inclusion and the inclusion of children and young people in the Internet environment.

The session will start with a brief presentation of the draft indicators and brief remarks from the speakers. The moderator will structure the discussion into five slots on Human Rights, Openness, Access, Multi-stakeholderism and crosscutting dimension and will invite all of you to take the floor. Focus groups will possibly be created to facilitate more in-depth discussion among participants. Some key questions will be asked to all participants regarding your experience of gathering and using Internet indicators within your country/area of work or the most important issues related to human rights, openness, accessibility and multistakeholder approach that should be included in the Internet Universality indicators.

A draft background paper on Defining Internet Universality Indicators will be shared and released before the session as a basis for discussion.

Written contribution is welcome via UNESCO email: internetstudy@unesco.org

An online platform for consultation will be available at: http://www.unesco.org/new/en/internetuniversality

In-Person Co-Moderators: Ms. Xianhong Hu; Ms. Chat Garcia Ramilo

Speakers

Presentation of the project

Ms Xianhong Hu, UNESCO

Speakers on Human Rights dimension indicators

Ms Gayatri Khandahai, APC
Ms. Anja Kovacs, Internet Democracy Project

Speakers on Openness indicators

Ms Xue Hong, Beijing Normal University

Speakers on Accessibility indicators

Mr. Winston Roberts, International Federation of Library Associations & Institutions
Ms. Piyawan Suwattanathum, UNESCO Bangkok Education

Speakers on Multi-stakeholderism indicators

Mr. Sunil Abraham, Center for Internet Society
Mr. Naveed Haq, ISOC
Ms. Joyce Chen, ICANN

Speakers on Crosscutting dimension indicators

Ms. Bishakha Datta, Point of View

Vidushi participated in the following meetings on July 26:

Fellowship Morning Meeting
Meet & Greet for Fellows & Buddies

Sharing of IG/Internet in your economies

Expectation Setting & Quick Brief of 3 days agenda

Capacity Building Day (13:00 - 18:30)

Welcome Social for Fellows @CU International House

The following meetings on July 27:

Opening Plenary
Synthesis Document Townhall Sessions
Respective sub-theme sessions assigned for rapporteur work
Closing Plenary

Digital Asia Hub and CIS workshop on "Technology and Extremism" was a highlight of the event.

Vidushi moderated a panel discussing the PT project and sharing key findings, titled: "Towards Sustainable Development in Asia Pacific: Mobile Internet and Access to Knowledge in the Marketplace".

Vidushi also attended the Global Partners Digital Event on the GCCS. List of APrIGF fellows can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/asia-pacific-regional-internet-governance-forum-aprigf-2017

Data in the open makes it easy for cyber criminals

Admin — 2017-07-29T02:40:05Z

With data of about 10 crore bank accounts available in the public domain, it has become easy for cyber criminals to steal money. What makes detection of such crimes tough is the lack of convergence between various departments and sectors.

The article by Kiran Parashar KM was published in the New Indian Express on July 26, 2017. Pranesh Prakash was quoted.

A recent report of Centre for Internet and Society-India suggests that data of 10 crore bank accounts is available in the public domain. It points out that the availability of Aadhaar numbers along with bank accounts and phone numbers increases the risk of financial fraud. Social engineering is often used to find out details of bank accounts, credit card numbers and passwords to steal money.
Investigating officials say once a victim files a complaint, they seek information from banks and many times, private banks don’t even reply.

“Also, we also have observed there are a lot of loopholes in the banking system. Banks outsource credit/debit card issuance and maintenance to agencies who follow security protocols. In many cases, insiders helped in sharing information,” a police officer said.

Nilesh Jain, Country Manager — (India and SAARC), Trend Micro, which provides cyber security solutions, says, “With more people using online transactions, there is a growing number of hackers. Most ATMs are on the legacy operating system of Windows. Banks have started realising that there are malwares designed to attack ATMs.With RBI mandating that banks should report security attacks within six hours, hackers will no longer get an upper hand.”

Pranesh Prakash, Policy Director at the Centre for Internet and Society, says, “There are many ways bank customers can safeguard themselves: using a browser-based password manager, and by never entering their banking username on any site other than their bank (which they should confirm via web address). Banks should offer a form of multi-factor authentication called “universal 2nd factor” (U2F) which prevents fraud in the form of man-in-the-middle attacks by phishing websites. Unless banks roll out U2F, they should refund any losses a customer faces due to fraud.

Case studies

June 2017
Vinod Kumar Pacchiyappan, manager of SBI Cards and Payment Services Pvt Ltd filed a police complaint that Know Your Customer data of customers was compromised.

May 2016
A US couple were cheated of D6 lakh in just two hours where criminals used their bank data and shopped online.

January 2016
Seven people from Telangana, including an Axis Bank deputy manager, were held in Bengaluru for allegedly hacking into people’s bank accounts using mobile banking apps and stealing money.

For more details visit https://cis-india.org/internet-governance/news/new-indian-express-kiran-parashar-km-july-26-2017-data-in-the-open-makes-it-easy-for-cyber-criminals

Cybersecurity Workshop: Spotlight On GCCS 2017

Admin — 2017-08-23T00:47:36Z

Sunil Abraham, Udbhav Tiwari and Vidushi Marda attended this workshop which was held alongside the Asia Pacific Regional Internet Governance Forum (APrIGF) between the 25 - 27 July 2017 in Mahitaladhibesra Building, Chulalongkorn University, Bangkok, Thailand. It was organised by Global Partners Digital (GPD) and the Centre for Communication Governance at National Law University, Delhi, in collaboration with Digital Empowerment Foundation, Digital Asia Hub and Open Net Korea

Sunil was a speaker in one of the introductory sessions, while Udbhav was a participant in the workshop.The workshop consisted of various participants from the Asian region and the sessions concentrated on cyber capacity building in the context of the Global Conference on Cyberspace 2017.

For more details visit https://cis-india.org/internet-governance/news/cybersecurity-workshop-spotlight-on-gccs-2017

Aadhar: Privacy is not a unidimensional concept

amber — 2017-08-23T01:50:19Z

Right to privacy is important not only for our negotiations with the information age but also to counter the transgressions of a welfare state. A robust right to privacy is essential for all Indian citizens to defend their individual autonomy in the face of invasive state actions purportedly for the public good.

The article was published in the Economic Times on July 23, 2017.

The ruling of this nine-judge bench will have far-reaching impact on the extent and scope of rights available to us all. In a disappointing case of judicial evasion by the apex court, it has taken over 600 days since a reference order was passed in August 11, 2015, for this bench to be constituted. Over two days of arguments, the counsels for the petitioners have presented before the court why the right to privacy, despite not finding a mention in the Constitution of India, is a fundamental right essential to a person’s dignity and liberty, and must be read into not one but multiple articles of the Constitution. The government will make its arguments in the coming week.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-july-23-2017-amber-sinha-aadhar-privacy-is-not-a-unidimensional-concept

Calls for law change after Indians left in dark over data leaks

Admin — 2017-07-20T14:38:51Z

Fears Indian telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for India to adopt more robust laws to protect consumers.

The blog post by Rahul Bhatia and Sankalp Phartiyal was published by Reuters on July 14, 2017.

Jio has repeatedly denied any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called "Magicapk" appeared to be "unauthentic." The website was later shut down.

The company, part of conglomerate Reliance Industries Ltd, said on Monday that its subscriber data was safe and protected by the highest levels of security.

However, Jio filed a complaint the same day alleging unlawful access to its systems, police have told Reuters.

Jio did not respond to requests for comment.

In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said.

"It raises questions of security and accountability," said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organization.

People complained on Twitter about personal information of Jio users being available on the Magicapk site. Several local news outlets said their checks had led them to believe a leak had occurred.

"A rule to report breaches exists, but it is unenforceable," says Prakash. "It says you're not liable if you're following reasonable security practices. What 'reasonable' means is not defined."

Advocates of stronger laws in India say a data breach in countries with more stringent cyber laws, such as Britain or the United States, would prompt an inquiry by regulators.

After reports of a data leak at Verizon earlier this week, for example, the U.S. telecoms firm quickly responded with an explanation of what had occurred, how it had happened and the extent of the problem.

"India is at a nascent stage. For good norms in Asia, look to Singapore. It's been praised for not having cyber security issues by the UN," Srinivas Kodali, an independent security researcher, said.

Not a Priority

"We don't have full-menu data protection laws," said Apar Gupta, a Supreme Court lawyer working on data privacy issues. "We don't even have an institutional framework or expert body to implement the limited data protection regulations that do exist. It's so limited it's more accurate to say no law exists."

In May alone, there were two data security incidents in India.

The records of 17 million customers of Zomato, a popular food-delivery app, were put on sale online. Zomato initially advised customers that their passwords were secure, but later advised users to change them.

Separately, a CIS report said the Aadhaar numbers of as many as 135 million Indians had leaked from government databases and could be found online. (bit.ly/2tOseSV)

The number, similar to a U.S. social security number, is unique to each Indian citizen and the Aadhaar database also stores a user's biometric data. The government is pushing for Aadhaar numbers to be used in everything from opening bank accounts to filing tax returns.

For India, data privacy is not a priority, said Amry Junaideen, a risk advisor at audit firm Deloitte.

"From an organizational perspective there's really no incentive other than being a good corporate citizen, to report a breach," he said, noting that in the European Union and United States the regulatory framework is basically for the good of the consumer, but that this is not the case in India.

India, home to the back offices of many large multinationals and outsourcing companies, has also unsuccessfully sought "data-secure" status from the European Union since 2012.

The status is vital for information sharing between entities in the EU and India, because it means the EU is satisfied that data protection rules in a country meet its standards, so data of EU citizens can be sent to that jurisdiction.

Raman Chima, policy director at Access Now, which advocates stronger digital rights, says weak data privacy laws are likely the main stumbling block to "data-secure" status.

In 2010, a European Union study of data protection in India noted there were "no aspects of India's data protection which would unequivocally be regarded as 'adequate' by European Union standards as yet".

Reporting by Rahul Bhatia and Sankalp Phartiyal; Editing by Euan Rocha and Neil Fullick

For more details visit https://cis-india.org/internet-governance/news/reuters-july-14-2017-rahul-bhatia-and-sankalp-phartiyal-calls-for-law-change-after-indians-left-in-dark-over-data-leaks

Social Activist Alleges Threat By Police Officer Over Possession of Aadhaar

Admin — 2017-07-20T14:31:12Z

Social activist Shabnam Hashmi recorded a policeman telling her those without address proof and Aadhaar could be “eliminated”.

The article by Gaurav Vivek Bhatnagar was published in the Wire on July 16, 2017. Pranesh Prakash was quoted.

Well-known social activist Shabnam Hashmi held a press conference to say she was threatened on the telephone by a police officer at the Lajpat Nagar police station warning her that the government had launched a ‘surround and eliminate’ campaign against people whose addresses are not known and who do not possess Aadhaar numbers or cards. This is now a standing instruction to all police stations, Hashmi was told. Moreover, the officer – accused of threatening and abusing Hashmi when she called him on the night of July 14 to know why the husband of a woman, who learns stitching at a training centre run by the NGO Pehchan at Jaitpur in south-east Delhi, had been summoned at a late hour – insisted that police personnel were well within their rights to act in this way.

The police may brush aside this assertion as the concerned officer’s personal opinion, or they may deny the veracity of the conversation, which Hashmi recorded and shared with the media; but she and other anti-Aadhaar activists say the interaction raises questions about the consequences – intended or unintended – of the Centre’s stress on making Aadhaar mandatory for the personal liberty and civil rights of ordinary residents.

Many Aadhaar critics have, in the past, expressed the fear that the irresponsible use or misuse of Aadhaar could lead to India becoming a ‘surveillance state’ or ‘police state’ by placing enormous discretionary powers in the hands of unscrupulous state officials.

Petitioners in SC had cautioned against misuse of Aadhaar

Earlier this year, Communist Party of India leader Binoy Viswam had filed a petition in the Supreme Court questioning the introduction of Section 139 AA of the IT Act to link Aadhaar cards with PAN cards. Subsequently, in an interview in April this year, he had noted that “the citizens are becoming instruments in the hands of the state” as “by taking fingerprints, iris scans and other details of the citizens of the country, the state is becoming the custodian of its people.” He had also expressed the fear that “the state can use this data according to its whims and fancies”.

Viswam could not have been more correct. Much before the use of data, “elements” of the state have started using the ruse of creation of data itself as a convenient tool to threaten and intimidate people and this is precisely what happened in the case of Hashmi.

Recalling the incident, Hashmi, who is the founding trustee of Pehchan, said the NGO runs a small centre in Jaitpur extension where it teaches school dropouts to appear for class 10 and 12 examinations and also runs sewing classes for women.

Hashmi said that at around 9 pm on July 14, Haseen, the husband of Mubina, one of the trainees, was summoned by a sub-inspector to the Lajpat Nagar police station regarding a complaint. When Hashmi called up the police station to find out what the summons was about, the policeman allegedly “hurled abuses”, and used “highly derogatory and uncivilised language” during the conversation.

Though Hashmi did not have a recorder in her phone at the time of the first call, she subsequently downloaded one and later recorded her conversation with the same officer.

In this conversation, the policeman is heard reasoning with Hashmi that he had not summoned Haseen at a late hour. He claimed that he used harsh language in the first conversation since she had not identified herself and had only proclaimed herself to be a social worker. It also comes across in the conversation that Hashmi had told the man in the earlier conversation that he was drunk while being on duty and that this had irked him. It emerged that the cop had got an inkling that she was recording the later conversation, because of which he apparently mellowed down.

The issue assumes significance as after declaring twice in the past that Aadhaar cannot be made mandatory for delivering services, the Supreme Court had recently upheld the validity of an Income Tax law amendment linking PAN with Aadhaar for filing tax returns.

Former Attorney General Mukul Rohatgi had argued that the government was “entitled to have identification” and that “as constituents of society people can’t claim immunity from identification.” Rohatgi had insisted that “no right is absolute, right to body is not absolute. Under extreme cases even right to life can be taken away, under due process.”

Experts have often cautioned against Aadhaar misuse

According to legal experts, the illegalities related to Aadhaar do not just end with such arguments. Writing for The Wire, Prashant Reddy T., a research associate at the School of Law, Singapore Management University, had noted that in the past couple of months the “Modi government has increasingly used its rule-making powers under various laws in a manner which is contrary to the law of the land.” He was referring to the Centre’s announcement to mandatorily link Aadhaar numbers to all non-small bank accounts, failing which, access to the bank accounts would be disabled after December 31.

“As is often the case with this government, the question now is whether this new mandatory Aadhaar requirement (and the threatened punishment) is legal,” the expert had asked.

Earlier this year, writing for the Hindustan Times, Pranesh Prakash, policy director at the Centre for Internet and Society, and an affiliated fellow at Yale Law School’s Information Society Project, had referred to the immense potential of Aadhaar for profiling and surveillance. He had called for fundamentally altering Aadhaar, saying that if the rampant misuse of surveillance and wilful ignorance of the law by the state were anything to go by, the future looked bleak.

For more details visit https://cis-india.org/internet-governance/news/the-wire-gaurav-vivek-bhatnagar-july-16-2017-social-activist-alleges-threat-by-police-officer-over-possession-of-aadhaar

Aadhaar privacy: Key issues that all Aadhaar card holders should bear in mind

Admin — 2017-07-20T14:18:28Z

As the Supreme Court hears petitions whether the right to privacy is a fundamental right, there are some key aspects that Aadhar Card holders should bear in mind, especially, because the government has made Aadhaar mandatory for a number of schemes and official purposes, including the filing of income tax returns.

The article was published by Business Today on July 19, 2017.

Linking of PAN with Aadhaar: What it means

The government claims that by linking the Aadhaar with PAN, authorities will be able to crack down on people with multiple PAN cards, and those who are escaping the tax net. The government has also made it clear that all bank accounts will have to be linked to Aadhar by the end of this year. This, essentially, implies that the government will be able track financial transactions.

Amit Maheshwari, Partner, Ashok Maheshwary & Associates LLP, says, "As the bank accounts of the person would already have PAN as his/her KYC requirement, once Aadhaar is linked with PAN, it will certainly lead to automatic link with the bank accounts as well."

"Since Aadhaar is based on biometrics, the chances of duplication are much less as compared to PAN, which is not based on biometrics," Maheshwari adds.

According to the latest data, there are more than 24.37 crore PANs registered in the country, while Aadhaar card has been issued to 113 crore people. Against this, only 2.87 crore individuals filed income tax returns (in the assessment year 2012-2013), out of which 1.62 crore did not pay any tax - leaving the number of taxpayers at just one per cent of the country's total population. Given the abysmally low number of tax payers in the country, the government intends to keep a close watch on tax evaders with this move.

Although the judgment is awaited, here's a low-down on how to link your PAN card with Aadhaar:

Register on the e-Filing portal of the Income Tax Department, www.incometaxindiaefiling.gov.in
Enter log-in ID, password and date of birth
After logging in, go to your profile setting which has the option of linking your Aadhaar Card. Generally, a pop-up window appears, prompting you to link your PAN card with Aadhaar card.
Check if the details such as name, date of birth and gender appearing on screen match with those on your Aadhaar card.
Enter your Aadhaar card number and click on the 'link now' button. If details on both the cards match, your card will be linked instantly.

Aadhaar prone to financial frauds

Many civil rights activists have raised concerns about privacy and security of data under Aadhar. Bangalore-based civil society group, The Centre for Internet and Society (CIS), has expressed concerns over the lack of security features associated with Aadhaar-linked financial transactions.

Authored by Amber Sinha and Srinivas Kodali, the CIS report pointed out that unless sufficient security features are added, the system is prone to financial frauds.

"The availability of large datasets of Aadhaar numbers along with bank account numbers and phone numbers on the Internet increases the risk of financial fraud," the report said.

According to the authors, social engineering is often used to find out bank account details, credit card numbers and passwords to steal money from people's accounts.

"One of the prime examples is individuals receiving phone calls from someone claiming to be from the bank. Aadhaar data makes this process much easier for fraud and increases the risk around transactions. In the US, the ease of getting Social Security Numbers from public databases has resulted in numerous cases of identity theft. These risks increase multifold in India due the proliferation of Aadhaar numbers and other related data available," the report pointed out.

How secure is Aadhar Pay?

In May, when malicious ransomware (in which the attacker locks down your computer and demands money to unlock it) infected hundreds of computers in different countries, questions were raised on how safe are we from cyber attacks, especially when digital transactions are increasing by leaps and bounds?

The government launched Aadhaar Pay, a platform that allows you to make payments using Aadhaar number-linked bank accounts. It is a merchant version of Aadhaar-enabled payment system which lets you make payments without a smartphone. One just requires the fingerprint of the payer for authentication; there is no need for a POS machine to swipe the card.

However, when passwords are fallible, how reliable can biometric authentication from Aadhaar Pay be, particularly when there have been cases of leakage of Aadhaar data? According to some experts, Aadhaar authentication is pretty strong because you cannot connect to the Aadhaar database except through secured APIs.

For more details visit https://cis-india.org/internet-governance/news/business-today-july-19-2017-aadhaar-privacy-key-issues-that-all-aadhaar-card-holders-should-bear-in-mind

Indians Call For More Stringent Data Protection Laws

praskrishna — 2017-07-18T13:36:49Z

The government is India is facing calls to establish better cybersecurity laws to protect consumers’ data after fears have crept up that Reliance Jio, the telecom startup in India, suffered a major data leak.

This report was published by PYMNTS on July 17, 2017. Pranesh Prakash was quoted.

According to a report in Reuters announcing the news, Jio denied the data leak took place, saying the names, telephone numbers and email addresses of Jio users that showed up on Magicpak, a website, were unauthentic. Its parent Reliance Industries said customers’ data was safe and protected.

But at the same time that it was issuing reassurances, Jio filed a complaint claiming unlawful access to its computer systems, reported Reuters. That discrepancy has led Indians to call for better laws for data protection for consumers.

“It raises questions of security and accountability,” said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organization, in the report. “A rule to report breaches exists, but it is unenforceable. It says you’re not liable if you’re following reasonable security practices. What ‘reasonable’ means is not defined.”

Supporters of stronger data protection laws in India said that countries that have stronger cybersecurity laws on the books would have started an inquiry into what happened with Reliance Jio. They point to the data breach last week at Verizon. Verizon quickly responded with an explanation of what went down, how it occurred and how many customers’ data privacy it impacted.

“India is at a nascent stage. For good norms in Asia, look to Singapore. It’s been praised for not having cybersecurity issues by the UN,” Srinivas Kodali, an independent security researcher, said in the same Reuters report.

The report noted that in May there were two data privacy breaches of Indian companies with the records of 17 million Zomato customers being compromised. In another breach, as many as 135 million of India’s Aadhaar numbers had been stolen from government databases and placed online. Aadhaar numbers are similar to social security numbers.

For more details visit https://cis-india.org/internet-governance/news/pymnts-july-17-2017-indians-call-for-more-stringent-data-protection-laws