We are anonymous, we are legion

Open standards can disrupt Facebook’s messaging monopoly

Admin — 2019-02-02T01:59:37Z

Facebook made the news last week when The New York Times’ Mike Isaac reported that CEO Mark Zuckerberg intended to integrate the company’s three messaging platforms: WhatsApp, Messenger, and Instagram.

The blog post by Abhimanyu Ghoshal was published in The Next Web on January 30, 2019. Pranesh Prakash was quoted.

We don’t have all the details of exactly how this will work. The plan is still in its early stages, and there are plenty of moving parts – legal and technical – to take care of. What’s clear is this: with more than 2.6 billion users between the platforms, this is set to impact a lot of people if it goes through – and potentially many hundreds of millions more in the following years.

While the specifics of the move are yet to be revealed, a move like this could help Facebook create more detailed profiles of its users. Even if the company encrypts communications end-to-end as it seemed to imply in its responses to NYT, it could still leverage communications metadata to target ads more accurately than you might think.

Here’s an example: without looking at your messages (because they’re encrypted), Facebook could gather data on who you chat with most often and for how long, later correlating that with the recipients’ interests from Instagram. It could then show you ads for gifts that contact may like, right around the time their birthday comes up.

Integrating these platforms could also bolster Facebook’s efforts to keep users tied into its ecosystem. That’s problematic, when you consider the larger your network of contacts is on the company’s services, the harder it is for you to leave them and use an alternative you’re more comfortable with.

Is there a way out? Pranesh Prakash – a Fellow at the Center for Internet and Society, as well as a Fellow at the New America think tank – believes that the answer lies not in breaking up Facebook over privacy laws, but in competition, and regulators at the government level should demand Facebook use open standards for its messaging platforms.

Prakash explained that standards like SMTP and IMAP, which are used for facilitating email exchanges, allow for interoperability between services run by different organizations. They also let users choose the client apps they prefer for accessing their inboxes.

Facebook’s messaging services, meanwhile, run on closed standards and don’t play nice with platforms created by third parties.

This results in people becoming trapped in Facebook’s ecosystem: even if you’re opposed to using the company’s products, you can’t realistically ditch them all because your friends and family are all using its platforms.

In case you’re worried about open-source protocols not being up to the task of serving massive networks like the ones Facebook operates, consider the fact that WhatsApp runs on FunXMPP, a customized version of the open XMPP set of standards that anyone can use for their own projects.

If Facebook is doing the difficult legwork of unifying the underlying technical infrastructure of its three apps, Prakash argues, it’d do well to make its new protocol public and open-source. That way, anyone should be able to use the company’s services to reach people just the same as when they choose to use a service created by a separate entity.

Prakash said that the only way diminishing Facebook’s power in this regard is to open up access to its network of users. In doing so, it will see people stick with the company’s services because they like using them, not because they can’t stay in touch with their contacts.

Questions surrounding Facebook’s monopolistic domination of the messaging space will inevitably crop up when the company implements Zuckerberg’s plan, and this sounds like a healthy way to tackle those issues.

Naturally, that seems like it’d hurt Facebook’s bottom line – but it’s important to start thinking about realistic measures to comply with antitrust law – or risk being booted from countries that don’t appreciate the way the company does business.

For more details visit https://cis-india.org/internet-governance/news/the-next-web-abhimanyu-ghoshal-january-30-2019-open-standards-can-disrupt-facebooks-messaging-monopoly

Open sesame

praskrishna — 2015-09-25T01:31:49Z

The government’s email is shockingly vulnerable.

The article was published in the Hindu on September 22, 2015. CIS research on private email accounts is mentioned.

As the Centre moves towards smart cities and a Digital India, some critics have cited the country’s increased vulnerability to cyber attacks. To be sure, cyber threat groups could disrupt our infrastructure by taking control of many systems. Such attacks could be quite damaging. Yes, they are rare today, but are much more likely to arise in conjunction with traditional armed conflicts. Cyber criminal groups target Indian organisations on a daily basis.

Almost two years ago, the IT minister’s office triggered national outrage when it used a public email service for official communication. There was much hand-wringing about security practices in a ministry responsible for setting the technology direction (secure email policy) for the country. Then in December 2013, the Centre for Internet and Society revealed that up to 90 per cent of Indian government officials used private email accounts for professional purposes.

A big deal

Between then and now, we’ve read about a new email policy and revelations of several cyber attacks on government officials. And FireEye revealed a decade-long cyber espionage operation by a group we call ‘APT30’, which is likely to be sponsored by China. How did they break in? By sending targeted ‘spear-phish’ emails with malware attached.

Email doesn’t sound like a big deal. Most of us have been using it for over a decade, and think we know how to use it right. But when you’re in a position of authority with access to sensitive information, you shouldn’t leave it to chance.

Today, state-sponsored attackers craft these spear-phishing emails after considerable research. APT30 carefully researched their targets and crafted mails which would appear extremely relevant, with interesting content. The moment a victim would open an attachment, an exploit would secretly install a backdoor. Through that backdoor, groups can compromise the employee’s entire network and extricate sensitive data. Groups bent on destruction can deploy malware to destroy the data. They could also take control of systems managing infrastructure or industrial processes and create havoc.

Spear-phishing has an open rate of 70 per cent, while regular mass emails had an open rate of just 3 per cent. Email is the front- door for today’s threat groups. That’s why governments around the world are improving the security of their email systems to fend off these spear-phishing threats.

Public concerns

When government employees use webmail for official business, they trade away their security for convenience. The emails they receive are no longer screened by cyber security solutions, which detect advanced targeted email attacks before they reach the inbox. In addition, because people typically retrieve their webmail in a browser, attackers have a larger attack surface to exploit when carrying out their attacks. For example, attackers can coax victims to click on a link to a website, which delivers an exploit via Adobe Flash.

Webmail opens the door to threats that would otherwise have been intercepted. When our government employees use webmail for official business, they leave the front door wide open to threats. One of the best steps we can take towards improving our government’s cyber security defences is abandoning public email services.

The writer is a software architect at the cyber security firm FireEye

For more details visit https://cis-india.org/internet-governance/news/the-hindu-september-22-2015-atul-kabra-open-sesame

Open Secrets

nishant — 2013-11-30T08:21:21Z

We need to think of privacy in different ways — not only as something that happens between people, but between you and corporations.

Dr. Nishant Shah's article was originally published in the Indian Express on October 27.

If you are a part of any social networking site, then you know that privacy is something to be concerned about. We put out an incredible amount of personal data on our social networks. Pictures with family and friends, intimate details about our ongoing drama with the people around us, medical histories, and our spur-of-the-moment thoughts of what inspires, peeves or aggravates us. In all this, the more savvy use filters and group settings which give them some semblance of control about who has access to this information and what can be done with it.

But it is now a given that in the world of the worldwide web, privacy is more or less a thing of the past. Data transmits. Information flows. What you share with one person immediately gets shared with thousands. Even though you might make your stuff accessible to a handful of people, the social networks work through a "friend-of-a-friend effect", where others in your networks use, like, share and spread your information around so that there is an almost unimaginable audience to the private drama of our lives. Which is why there is a need for a growing conversation about what being private in the world of big data means.

Privacy is about having control over the data and some ownership about who can use it and for what purpose. Interface designs and filters that allow limited access help this process. The legal structures are catching up with regulations that control what individuals, entities, governments and corporations can do with the data we provide. However, most people think of privacy as a private matter. Just look at last month's conversations around Facebook's new privacy policies, which no longer allow you to hide. If you are on Facebook, people can find you using all kinds of parameters — meta data — other than just your name. They might find you through hobbies, pages you like, schools you have studied in, etc. This can be scary because it means that based on particular activities, people can profile and follow you. Especially for people in precarious communities — the young adults, queer people who might not be ready to be out of the closet, women who already face increased misogyny and hostility online. This means they are officially entering a stalkers' paradise.

While those concerns need to be addressed, there is something that seems to be missing from the debate. Almost all of these privacy alarms are about what people can do to people. That we need to protect ourselves from people, when we are in public — digital or otherwise. We are reminded that the world is filled with predators, crackers and scamsters, who can prey on our personal data and create physical, emotional, social and financial havoc. But this is the world we already know. We live in a universe filled with perils and we have learned and coped with the fact that we navigate through dangerous spaces, times and people all the time. The digital is no different than the physical when it comes to the possible perils that we live in, though digital might facilitate some kinds of behaviour and make data-stalking easier.

What is different with the individualised, just-for-you crafted world of the social web is that there are things which are not human, which are interacting with you in unprecedented ways. Make a list of the top five people you interact with on Facebook. And you will be wrong. Because the thing that you interact with the most on Facebook, is Facebook. Look at the amount of chatter it creates — How are you feeling today?; Your friend has updated their status; Somebody liked your comment… the list goes on. In fact, much as we would like to imagine a world that revolves around us, we know that there are a very few people who have the energy and resources to keep track of everything we do. However, no matter how boring your status message or how pedestrian your activity, deep down in a server somewhere, an artificial algorithm is keeping track of everything that you do. Facebook is always listening, and watching, and creating a profile of you. People might forget, skip, miss or move on, but Facebook will listen, and remember long after you have forgotten.

If this is indeed the case, we need to think of privacy in different ways — not only as something that happens between people, but between people and other entities like corporations. The next time there is a change in the policy that makes us more accessible to others, we should pay attention. But what we need to be more concerned about are the private corporations, data miners and information gatherers, who make themselves invisible and collect our personal data as we get into the habit of talking to platforms, gadgets and technologies.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-october-27-2013-nishant-shah-open-secrets

Open Letter to Prevent the Installation of RFID tags in Vehicles

maria — 2013-07-12T10:59:31Z

The Centre for Internet and Society (CIS) has sent this open letter to the Society of Indian Automobile Manufacturers (SIAM) to urge them not to intall RFID tags in vehicles in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

This letter is with regards to the installation of Radio Frequency Identification Tags (RFID) in vehicles in India.

On behalf of the Centre for Internet and Society, we urge you to prevent the installation of RFID tags in vehicles in India, as the legality, necessity and utility of RFID tags have not been adequately proven. Such technologies raise major ethical concerns, since India lacks privacy legislation which could safeguard individuals' data.

The proposed rule 138A of the Central Motor Vehicle Rules, 1989, mandates that RFID tags are installed in all light motor vehicles in India. However, section 110 of the Motor Vehicles Act (MV Act), 1988, does not bestow on the Central Government a specific empowerment to create rules in respect to RFID tags. Thus, the legality of the proposed rule 138A is questioned, and we urge you to not proceed with an illegal installation of RFID tags in vehicles until the Supreme Court has clarified this issue.

The installation of RFID tags in vehicles is not only currently illegal, but it also raises majors privacy concerns. RFID tags yield locational information, and thus reveal information as to an individual’s whereabouts. This could lead to a serious invasion of the right to privacy, which is at the core of personal liberty, and constitutionally protected in India. Moreover, the installation of RFID tags in vehicles is not in compliance with the privacy principles of the Report of the Group of Experts on Privacy, as, among other things, the architecture of RFID tags does not allow for consent to be taken from individuals for the collection, use, disclosure, and storage of information generated by the technology.[1]

The Centre for Internet and Society recently drafted the Privacy (Protection) Bill 2013 – a citizen's version of a possible privacy legislation for India.[2]The Bill defines and establishes the right to privacy and regulates the interception of communications and surveillance, and would include the regulation of technologies like RFID tags. As this Bill has not been enacted into law and India lacks a privacy legislation which could safeguard individuals' data, we strongly urge you to not require the mandatory installation of RFID tags in vehicles, as this could potentially violate individuals' right to privacy and other human rights.

As the proposed rule 138A, which mandates the installation of RFID tags in vehicles, is currently illegal and India lacks privacy legislation which would regulate the collection, use, sharing of, disclosure and retention of data, we strongly urge you to ensure that RFID tags are not installed in vehicles in India and to play a decisive role in protecting individuals' right to privacy and other human rights.

Thank you for your time and for considering our request.

Sincerely,

Centre for Internet and Society (CIS)

[1]. Report of the Group of Experts on Privacy: http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[2].Draft Privacy (Protection) Bill 2013: http://cis-india.org/internet-governance/blog/privacy-protection-bill-2013.pdf

For more details visit https://cis-india.org/internet-governance/blog/open-letter-to-siam-on-rfid%20installation-in-vehicles

Open Letter to Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee

elonnai — 2013-10-23T05:00:02Z

An open letter was sent to the Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee on the proposed EU Regulation. The letter was apart of an initiative that Privacy International and a number of other NGO's are undertaking.

Dear Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee,

On behalf of The Centre for Internet and Society, Bangalore, India, we are writing to express our support of the European Commission’s proposed General Data Protection Regulation (COM (2012) 11).

The legal framework established under the 1995 Data Protection Directive (95/46/EC) in Europe has positively influenced many existing privacy regimes worldwide, serving as a model legal framework in jurisdictions that are in the process of developing privacy regimes, including India. The positive impact of the Data Protection Directive shows the potential of the Regulation to become a global model for the protection of personal data. The Regulation seeks to address new scenarios that have arisen in the context of rapidly changing technologies and practices, increasing its potential for positively influencing privacy rights for individuals globally.

India is currently in the process of considering the enactment of privacy legislation, in part with the aim of ensuring adequate safeguards to enable and enhance information flows into India from countries around the world, including Europe. At the same time, India is seeking Data Secure Status from the EU, on the basis of its current regime.

It is clear that the EU framework for data protection has a major influence on the current and emerging privacy regime in India. India is only one country of many that are in the beginning stages of developing a comprehensive privacy regime. Thus, we ask that you keep in mind how the Regulation will impact the rights of individual in countries outside of Europe, particularly in countries that are in the process of developing privacy regimes.

We ask that you take into consideration the four following points that we believe need to be addressed in the Regulation to help ensure adequate protection of the rights of individuals in the European Union and around the world.

Strengthen the principle of purpose limitation: The Regulation should incorporate a strong purpose limitation principle that strictly limits present and future uses of personal data to the purposes for which it was originally collected. Currently, Article 6(4) allows for the further processing of data when the processing is “not compatible with the one for which the personal data have been collected”. Though the provision establishes legal requirements, one of which must be before information can be used for a further purpose, this is has proven insufficient in the existing Directive. The current provision in the Regulation dilutes the principle of purpose limitation as well as weakening an individual’s ability to make informed decisions about their personal data.
Define principles for interpretation of broad terms: The Regulation should create principles for interpreting broad terms such as “legitimate interest” and “public interest”. These vague terms are used throughout the Regulation, and create the potential for loopholes or abuse. Because these terms can be interpreted in many different ways, it is important to create a set of principles to guide their interpretation by data protection authorities and courts to avoid inconsistent application and enforcement of the Regulation.
Clarify the scope of the Regulation: The Regulation should clearly describe the jurisdictional scope and reach of its provisions. Currently Article 3(1) states that the Regulation will apply to the processing of data “in the context of the activities of an establishment of a controller or a processor in the Union”. The flow of information on the online environment coupled with trends such as cloud computing, outsourcing, and cross border business creates a scenario where defining what constitutes “context of the activities of an establishment”, is difficult and could lead to situations where personal data is not protected, as the collection, use, or storage of it does not necessarily fall within the “context of the activities”.
Address access by foreign alliance bodies: In light of growing demands by law enforcement for access, use, and transfer of personal information for investigative purposes across jurisdictions– the Regulation should define the circumstances in which personal data protected by its provisions can be accessed and used by foreign intelligence bodies, and the procedure by which to do so. The Regulation should address challenges such as access by foreign intelligence bodies to data stored on the cloud and data that has passed through/is stored on foreign networks/servers.

For more details visit https://cis-india.org/internet-governance/blog/open-letter-members-european-parliament-civil-liberties-justice-home-affairs-committee

Open letter to Kolaveri Di makers: How Dare You!

nishant — 2012-05-23T07:02:03Z

When it comes to piracy, you are sure to have an opinion. You might either make a virtue out of it, talking about cultural commons and collaborative conditions of production. Or you might vilify it as the social fault-line that is destroying the very pillars of commerce and cultural negotiations.

This article by Nishant Shah was published in First Post on May 22, 2012.

No matter which part of the fault-line you fall under, this is the time for all good (and otherwise ambiguously identified) people to come to the aid of the party. This is an open call for anybody who has been on the interwebz, to share and distribute one particular object whose rights protector have recently taken your right to access countless platforms which are a part of your everyday life online.

If you haven’t yet grasped it, I am referring to the recent events where, following a John Doe order from the High Court of Chennai, all kinds of file sharing platforms are suddenly being blocked by Internet Service Providers (ISPs) across India.

The film producers of ‘3’, the movie whose claim to fame has been the spectacular viral success of the Kolaveri Di song, have moved the courts to issue a blanket order that has suddenly made it impossible for Indian netizens to access file sharing, user-generated-content hosting websites which allowed for digital cultural texts – from print to music to movies to presentations – to be shared and disseminated freely online.

The producers and those who support them, are glorying in this legal battle where they have identified nodes in our networks, through which their copyright information was potentially being pirated. They are hoping that by ensuring this lack of digital mobility for their film, they will be able to entice audiences to come into the theatres and spend their money ‘legitimately’ on the film.

They are revelling in the fact that hundreds of thousands of users have been thwarted in their attempts at copyright infringement. What they haven’t realised is that they have justified their box-office greed by infringing on your and my rights to perform everyday activities online.

I am sure there is going to be a smart-aleck riding a moral high horse, who will applaud this move and point out to me about the rights of the producers to protect their content. There are many who support this high-censorship which not only betrays the power of the Music And Film Industry Association (MAFIA, to friends) to curb us of our rights, but also the completely depraved technology apparatus of the State which seems to have no understanding of how the internet actually works.

However, i want to shift the focus from the rights of these victimised producers and right-holders to the right of the individual who is actually the structural unit of cyberspaces. And I want to suggest to you that these right-holders, who incidentally, have such global value only because the Kolaveri Di song put them on the global meme map, have now infringed upon my right to access my content which I had put out to share.

There are open content videos on Vimeo that we have produced through years of research and a huge amount of financial investment, which are now no longer available to people who want to view them.

There are powerpoint presentations and publications on file sharing sites, seeded through torrents, which are now impossible to access for people in India. A large amount of our personal research and lectures, which we have shared for educational purposes, are now not even available for us to download.

And we are not alone in this. Hundreds of thousands of individuals, who have shared openly licensed material, have now lost the ability to access that information because one private company wanted to make sure it made its profits.

I am not going to write a manifesto for the digital world, but I do want to put it out there, this new cultural MAFIA, grant to me my rights which their actions have violated. For every site that they have included in their banned list, they have disrespected the open, collaborative licenses that enabled sharing of information whose value, usage and worth is more than their commercial pot boiler, which shall hopefully be forgotten before we realise it was released in the markets.

Their commercially driven arrogance has suddenly demanded that we pay a price for the shared information, and that price should be to those who hold rights over the movie.

And so I am writing this open call, for you to come and demand your right. If that movie producer has the right to protect his interests, you and I have the right to protect ours. I demand that for every site that I am not able to access, for public domain information that I am entitled to, they pay us a penalty.

For more details visit https://cis-india.org/internet-governance/open-letter-to-kolaveri-di

Open letter to Hillary Clinton on Internet Freedom

sunil — 2012-09-04T08:28:02Z

Last month I wrote an open letter to Hillary Clinton. It was based on a presentation I that I made during a panel discussion at a Google sponsored conference titled Internet at Liberty 2012 in Washington DC on May 24, 2012.

Sunil Abraham's article was published in Thinking Aloud on July 17, 2012

The question that my panel tried to grapple with was "In a world where nearly nine out of ten Internet users are not American, what is the responsibility of United States institutions in promoting internet freedom?" My co-panelists were Cynthia Wong who is with the Centre for Democracy and Technology, Mohamed El Dahshan a writer and journalist, Dunja Mijatovic the OSCE Representative on Freedom of the Media.

Internet freedom is a curious subject. It is a technology specific liberty - for a moment consider television freedom. The US has more Muslims than India has Christians. But Indian television in the average hotel comes in hundreds and there are at least 3 channels of Christian preaching. But US television in hotels is usually less than 50 channels with no channels of Islamic preaching. In fact even the reception of secular channels from the Islamic World like Al Jazeera is still difficult in America. Can we accuse the US of not having television freedom since their television features Christian evangelists but not Muslim evangelists? Should it be part of India's foreign policy to evangelize television freedom given that there is a large domestic industry with clear international potential?

In an ideal world - citizens will possess technology-neutral freedom to communication and expression. But nothing can be farther from the truth. Communication technologies are regulated using a plethora of policies and practices and very often these have a chilling effect on freedoms.

The following is my response to the technology-specific demands for deregulation from the US Government.

Text of the Open Letter[2]

Recognise Access to Knowledge (A2K) as pre-condition for freedom of expression: There is no difference between aggressive enforcement of imbalanced and obsolete intellectual property laws and censorship. The need of the moment is not more enforcement to protect obsolete business models against the everyday practices of ordinary netizens but rather the reform of intellectual property law (levies, broader exceptions and limitations, pools, statutory and compulsory licenses, prizes etc.) to keep pace with innovations in technology and the production of knowledge and culture.

Recognise privacy as pre-condition for security: The alleged tension between privacy and security is a false dichotomy. Blanket surveillance by design compromises security. Surveillance is like salt in cooking — essential in very small quantities but dangerous even if slightly in excess. Blanket surveillance technologies are only going make things easier for — and will only serve as targets for — current and future online villains.

Don't lose the moral high-ground: Remember, with great power comes great responsibility. Other countries are waiting to cherry pick from your worst practices. Also don't use trade agreements to selectively export components of US policy without the accompanying safeguards for civil liberties and rights. Citizens in oppressive and authoritarian states are depending on the US government, courts and civil society to protect their rights online. Don't undermine their capacity to shame their governments by holding up the US as the example of 'how to get things right'. They urgently need the US government to lead by example.

Recognise that freedom of expression has become a trade issue: This is unfortunate but this is true — thanks to the precedent set by the developed world when it came to asymmetric trade negotiations. Just as the US is interested in protecting the interests of its corporations in global markets — other governments are keen protect the interests of their own corporations. The optimal solution in this case is where all countries and corporations are equally unsatisfied. This will remain a continuing discussion.

Address developing country anxieties around critical internet infrastructure: Security by obscurity will no longer do — security by transparency through open standards, technologies and governance is the only way to fears and build a trust-worthy and secure Internet for all of us. For example, there is urgent need to develop standards for supply chain audits of information infrastructure. The US has dealt with the fear of back doors by banning the use of hardware and software from countries it does not trust. The developing world is not sure if there are back-doors in hardware and software manufactured by US corporations.

Time has comes to address this and other related anxieties.

Appreciate diversity in nomenclature: 'Freedom' and 'liberty' may be appropriate terms to use in the United States of America. But openness may be more in countries that are not yet full and robust liberal democracies. The Internet Governance Forum for example uses 'openness' instead of 'freedom'. Openness is also preferred because it includes 'freedom of expression', 'freedom of information' (also known as right to information, access to information or public and 'free knowledge' (free software, open standards, open content, open access, open data, open educational resources, etc.)

Don't be too instrumental in your interventions: Don't undermine the local credibility of like-minded civil society, think-tanks and research organisations by being too directive in your support. Managerialism will undermine reform of policies and practices in information societies and so does inappropriate/premature monitoring and evaluation (for example, looking for explicit attribution in terms of casual connections between your actions and outcomes). There is a need to support greater reflexivity in the global information society by developing institutional capacity in developing countries through unrestricted funding. True critical thinking is the foundation of both scientific progress and open societies. Go out of your way to find and support those who disagree with you. Protect the plural foundation of our networked society!

Video

Sunil Abraham was a speaker along with Cynthia Wong, Mohamed El Dahshan and Dunja Mijatovic in Plenary IV Debate 3 at the Internet at Liberty 2012 event organised by Google on May 24, 2012.

View the video on YouTube

For more details visit https://cis-india.org/internet-governance/open-letter-to-hillary-clinton

Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation

elonnai — 2013-07-12T11:07:58Z

India shouldn't be granted the status of "data secure nation" by Europe until it enacts a suitable privacy legislation, points out the Centre for Internet and Society in this open letter.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

This letter is with regards to both the request from the Confederation of Indian Industry that the EU recognize India as a data secure nation made on April 29th 2013, [1] and the threat from India to stall negotiations on the Free Trade Agreement with the EU unless recognized as data secure nation made on May 9th 2013.[2]

On behalf of the Centre for Internet and Society, we request that you urge the European Parliament and the EU ambassador to India to reject the request, and to not recognize India as a data secure nation until a privacy legislation has been enacted.

The Centre for Internet and Society believes that if Europe were to grant India status as a data secure nation based only on the protections found in the “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011”, not only will India be protected through inadequate standards, but the government will not have an incentive to enact a legislation that recognizes privacy as a comprehensive and fundamental human right. Since 2010 India has been in the process of realizing a privacy legislation. In 2011 the “Draft Privacy Bill 2011” was leaked.[3] In 2012 the “Report of the Group of Experts on Privacy” was released. The Report recommends a comprehensive right to privacy for India, nine national privacy principles, and a privacy framework of co-regulation for India to adopt. [4] In 2013 the need for a stand alone privacy legislation was highlighted by the Law Minister.[5] The Centre for Internet and Society has recently drafted the “Privacy Protection Bill 2013” - a citizen's version of a possible privacy legislation for India.[6] Currently, we are hosting a series of six “Privacy Roundtables” across India in collaboration with FICCI and DSCI from April 2013 - August 2013.[7] The purpose of the roundtables is to gain public feedback to the text of the “Privacy Protection Bill 2013”, and other possible frameworks for privacy in India. The discussions and recommendations from the meeting will be published into a compilation and presented at the Internet Governance meeting in October 2013.

The Center for Internet and Society will also be submitting the “Privacy Protection Bill 2013” and the public feedback to the Department of Personnel and Training (DoPT) with the hope of contributing to and informing a privacy legislation in India.

The Centre for Internet and Society has been researching privacy since 2010 and was a member of the committee which compiled the “Report of the Group of Experts on Privacy”. We have also submitted comments on the “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011” to the Committee on Subordinate Legislation of the 15th Lok Sabha.[8]

We hope that you will consider our request and urge the European Parliament and the EU ambassador to India to not recognize India as a data secure nation until a privacy legislation has been enacted.

[1]. CII asks EU to accept India as 'Data Secure' nation: http://bit.ly/15Z77dH

[2]. India threatens to stall trade talks with EU: http://bit.ly/1716aF1

[3]. New privacy Bill: Data Protection Authority, jail term for offence: http://bit.ly/emqkkH

[4]. The Report of the Group of Experts on Privacy http://bit.ly/VqzKtr

[5]. Law Minister Seeks stand along privacy legislation, writes PM: http://bit.ly/16hewWs

[6]. The Privacy Protection Bill 2013 drafted by CIS: http://bit.ly/10eum5d

[7]. Privacy Roundtable: http://bit.ly/12HYoj5

[8]. Comments on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data Information) Rules, 2011: http://bit.ly/Z2FjX6

Note: CIS sent the letters to Data Protection Commissioners across Europe.

For more details visit https://cis-india.org/internet-governance/blog/open-letter-to-not-recognize-india-as-data-secure-nation

Open House on Security Practices in FinTech

Admin — 2017-11-12T10:18:09Z

CIS in collaboration with Has Geek is organizing an Open House on security practices in FinTech.

The prevalence of fintech companies operating in India is growing with new actors entering the sector and traditional actors such as banks beginning to offer digital financial services. The push to digital payments has been particularly strong after the demonetization policy, the development and implementation of Aadhaar and India Stack. Services offered by Fintech firms can range from offering a loan or credit to a digital wallet and digital banking and payment services.

Presently, there is a regulatory gap for many of the fintech services and business models. The Reserve Bank of India has published consultation papers on Peer-to-Peer lending platforms as well as Account Aggregators, but comprehensive regulations, especially those surrounding minimum security practices, have yet to emerge – presenting a critical policy and research window. Furthermore, under Section 43A of the IT Act and its associated Rules, ‘body corporates’ are required to implement reasonably security procedures compliant with ISO27001 or a sectoral standard approved by the Central Government. However, currently such a sectoral standard is absent for the FinTech and Digital Payments space.

The growing prevalence of these fintech technologies and the criticality of security of the same to engender citizen trust, protect rights, and comprehensive national security posture demands debate and discussion.

On November 17th, the HasGeek in collaboration with the Centre for Internet and Society will be holding an Open House from 6pm - 8pm to discuss security practices in the fintech industry.

Pressing questions for discussion include: How secure are these services? What security standards are they adhering to? Who is holding them accountable for adherence to security standards? What can individuals do if there financial data is compromised?

Please join us for a robust discussion on these issues @HasGeek House, 2699, 19th Main Rd, HAL 2nd Stage, Indiranagar, 19th Main Rd, HAL 2nd Stage, Indiranagar, Bengaluru, Karnataka 560008 from 6PM - 8 PM on November 17th.

For more details visit https://cis-india.org/internet-governance/events/open-house-on-security-practices-in-fintech

Open house on information breaches

praskrishna — 2017-06-07T00:41:55Z

On May 26, 2017 at the Has Geek open house participants discussed the state of information security in India the legal and regulatory measures that companies must comply with, and consumers should be aware of. Udbhav Tiwari was a speaker at the event organized by Has Geek in Bengaluru.

Sandesh Anand–InfoSec professional at Cigital was the other speaker. Alok Prasanna Kumar, former Supreme Court advocate and Senior Resident Fellow at the Vidhi Centre for Legal policy, moderated the discussion. Udbhav spoke about Breach Notifications and the legal and regulatory positions behind it in India. His presentation from the event can be found here: https://goo.gl/51GDba

For more details visit https://cis-india.org/internet-governance/news/open-house-on-information-breaches

Open Governance and Privacy in a Post-Snowden World : Webinar

vanya — 2015-10-04T11:09:12Z

On 10th September 2015, the OGP Support Unit, the Open Government Guide, and the World Bank held a webinar on “Open Governance and Privacy in a Post-Snowden World” presented by Carly Nyst, Independent consultant and former Legal Director of Privacy International and Javier Ruiz, Policy Director of Open Rights Group. This is a summary of the key issues that were discussed by the speakers and the participants.

See Open Governance and Privacy in a Post-Snowden World

Summary

The webinar discussed how Government surveillance has become an important and key issue in the 21^st century, thanks to Edward Snowden. The main concern raised was with respect to what a democracy should look like in the present day. Should the states’ use of technology enable state surveillance or an open government? Typically, there is a balance that must be achieved between the privacy of an individual and the security of the state – particularly as the former is primarily about social rights and collective interest of citizens.

At the international level, the right to privacy has been recognized as a basic human right and an enabler of other individual freedoms. This right encapsulates protection of personal data where citizens have the authority to choose whether to share or reveal their personal data or not. Due to technological advancement that has enabled collection, storage and sharing of personal data, the right to privacy and data protection frameworks have become of utmost importance and relevance with regard to open government efforts. Therefore, it is important for Governments to be transparent in handling sensitive data that they collect and use.

Many countries have also introduced laws to balance the right to privacy and right to information. The role of the private sector and NGOs involved in enabling an open and transparent government must also be duly addressed at a national level.

Key Questions:

Why should the government release information?

There are multiple reasons for doing so including:

For the purposes of research and public policy (which relates to healthcare, social issues, economics, national statistics, census, etc.)

Transparency and accountability (politicians, registers, public expenses, subsidies, fraud, court records, education)

Public participation and public services (budgets, anti-corruption, engagement, and e-governance).

However, all these have certain risks and privacy implications:

Risk of identification of individual: Any individual whose information is released has the risk of identification, followed by issues like identity theft, discrimination, stigmatization or repression. Normally, the solution for this would be anonymization of the data; however, this is not an absolute solution. Privacy laws can generally cope with such risks, but with pseudonymous data it becomes difficult in preventing identification.
Profiling of social categories which can lead to discrimination: In such a situation, policies and other legislations regulating the use of data and providing remedy for violations can help.
Exploitation and unfair/unethical use of information: When understanding the potential exploitation of information it is useful to consider who is going to benefit from the release of information. For example, in UK, with respect to release of Health Data, the main concern is that people and companies will benefit commercially from the information released, despite of the result potentially being improved drugs and treatment.

What are the Solutions?

The webinar also discussed potential solutions to the questions and challenges posed. For example, when commitments of Open Government Data Partnership are considered, privacy legislations must also be proposed. Further, key stakeholders must make commitments to take pro-active measures to reduce informational asymmetries between the state and citizens. To reduce the risks, measures must be taken to publish what information the State has or what the Government knows about the citizens. For example, in UK, within the civil society network, it is being duly considered in the national plan that the government will publicize how it will share data and have a centralized view on the process of information handling and usage of the data.

The Open Government Guide provides for Illustrative Commitments like enactment of data protection legislation, establishing programmes for awareness and assessment of their impact, giving citizens control of their personal information and the right to redress when that information is misused, etc.

Surveillance

The issue of surveillance and the role of privacy in an open government context was also discussed. The need for creating a balance between the legitimate interest of national security and the privacy of individuals was emphasized. With the rise of digital technologies, many governmental measures pertaining to surveillance intervene in individual privacy. There are many forms of surveillance and this has serious privacy implications, especially in developing countries. For example:

Communications surveillance
Visual surveillance
Travel surveillance

This raises the question: When is surveillance legitimate and when must it be allowed?

The International Principles on the Application of Human Rights to Communications Surveillance acts as a soft law and tries to set out what a good surveillance system looks like by ensuring that governments are in compliance with international human rights law.

In essence surveillance does not violate privacy, however, there must be a clear and foreseeable legal framework laying circumstances when the government has the power to collect data and when individuals might be able to foresee when they might be under surveillance.

Also, a competent judicial authority must be established to oversee surveillance and keep a check on executive power by placing restrictions on privacy invasions. The actions of the government must be proportionate and the benefits must not outweigh harm caused by surveillance.

Role of openness in a “mass surveillance” state

Surveillance measures that are being undertaken by governments are increasingly secretive. The European court of Human Rights has held that Secret surveillance may undermine democracy under the cloak of protecting it. Hence, open government and openness will work towards protecting privacy and not undermining it.

To balance the measure of government surveillance with privacy, there is a need to publish laws regulating such powers; publish transparency reports about surveillance, interception and access to communications data; reform legislations relating to surveillance by state agencies to ensure it complies with human rights and establish safeguards to ensure that new technologies used for surveillance and interception respect the right to privacy.

Conclusion

The conclusion one can draw is that Privacy concerns have gained importance in today’s data driven world. The main question that needs to be answered is whether Government’s should adopt surveillance measures or adopt an Open Government?

Considering equal importance of national security and privacy of individuals, it is required that a balance must be crafted between the two. This could be possibly done by enacting foreseeable and clear laws outlining scope of surveillance by the Government on one hand, and informing citizens about such measures on the other. Establishment of a competent judicial authority to keep a check on Government actions is also suggested to work out the delicate balance between surveillance and privacy.

For more details visit https://cis-india.org/internet-governance/blog/open-governance-and-privacy-in-a-post-snowden-world-webinar

Open Forum - DINL, Digital Infrastructure Association

praskrishna — 2015-11-07T14:45:58Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Digital Infrastructure Netherlands Foundation is organizing this workshop at IGF on Tuesday, November 10, 2015. Jyoti Panday will be speaking at this workshop.

In this open forum we wish to discuss the increase in government engagement with “the internet” to protect their citizens against crime and abuse and to protect economic interests and critical infrastructures. The fact that the traditional benign neglect of states towards the internet is increasingly replaced with political interest has positive and negative effects. We are particularly concerned with those state interventions – often for reasons of national security or economic interest - that impact on the technical and logical ‘core’ of the internet ecosystem – such as interventions in the DNS - and in the impact on organizations and businesses that are traditionally thought of as ‘technical’ and whose roles are in danger of being politicized, such as ISPs, CERTs and hard- and software developers. There is a growing need to separate out the legitimate interests of states from political overreach into the technical and logical core of the internet. A cooperative or constructive approach towards interaction, founded in firm principles, may strengthen the balance and lead to a sustainable protection of Internet values. In this open forum we will present ideas about an agenda for the international protection of ‘the public core of the internet’ and seek to collect and discuss ideas for the formulation of norms and principles and for the identification of practical steps towards that goal. More specifically we aim to discuss: A definition of a public core of the internet: this would comprise the core protocols and infrastructure of the internet which all governments should consider as a global public good, governed by the Internet community and protected from direct activities and involvement by any government Definitions of proper interfaces: outlining norms and mutual expectations that should govern the relations between governments and various central actors in the technical and economic internet ecosystem, such as ISPs, CERTs and hard- and software developers when it comes to fighting cybercrime, retrieve information, mandate takedowns, request information and more.

Speakers
In this IGF open forum DINL wants to explore these ideas and discuss them with thought leaders from other countries. Speakers include:

Bastiaan Goslings (AMS-IX, NL)
Jyoti Panday (CIS, India)
Marilia Maciel (FGV, Brasil)
Dennis Broeders (NL Scientific Council for Government Policy) and will be chaired by Michiel Steltman (DINL), but aims to broaden the debate on this issue with those present.

More information on IGF website here.

For more details visit https://cis-india.org/internet-governance/news/open-forum-dinl-digital-infrastructure-association

Open Call for Comments: The Privacy Protection Bill 2013 drafted by the Centre for Internet and Society

bhairav — 2014-02-25T05:38:27Z

The Centre for Internet and Society is announcing an Open Call for Comments to the CIS Privacy Protection Bill 2013.

In early 2013 the Centre for Internet and Society drafted the Privacy (Protection) Bill 2013 as a citizen’s version of privacy legislation for India. The Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

The Centre for Internet and Society has been collecting comments to the Privacy Protection Bill since April 2013 with the intention of submitting the Bill to the Department of Personnel and Training as a citizen’s version of a privacy legislation for India. If you would like to submit comments on the Privacy Protection Bill to be included as part of the Centre for Internet and Society’s submission to the Department of Personnel and Training, please email comments to bhairav@cis-india.org.

Download the latest version of the Privacy Protection Bill (February 2014)

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-open-call-for-comments

Only digital sex, please

praskrishna — 2015-06-15T01:38:12Z

Many Indian men are getting so dependent on digital sex and online pornography that they can’t handle real relationships. And a new book says this is happening the world over. Prasun Chandhuri and Avijit Chatterjee turn the spotlight on the trend

The article was published in the Telegraph on May 31. Rohini is quoted.

P. Sharath doesn't know how to handle women. The 31-year-old software engineer, who works for a multinational company in Bangalore, thinks he doesn't need them either. The man who grew up in Hubli in Karnataka and now earns an eight-figure annual salary has his virtual world. That gives him his sexual satisfaction.

Socially awkward, Sharath did try to date a woman, but the relationship broke within a few months because he found that she was getting to be "clingy" and "boring". An attempt by his family to fix a marriage with a woman failed when he groped her in a cinema hall. His online women, on the other hand, need no pampering, and do not complain.

Sharath, however, is not happy. "He no longer gets any gratification from online sex and has been suffering from anxiety and depression," says Dr Ali Khwaja, a Bangalore-based psychologist and founder of the Banjara Academy, a counselling centre.

Increasingly, counsellors in urban India are coming across such cases of people who are so used to digital sex that they can't cope with real relationships any more. Khwaja refers to them as "hollow men" - people who go through despair after relations fail because of their dependence on digital pornography.

"Almost every week I meet a young man addicted to porn," says Mumbai-based counsellor Shefali Batra, author of the recently published book Teen Matters.

It's a pattern that many counsellors have noticed. As teenagers, young boys get hooked on to digital sex. "But it becomes a vicious addiction over time, playing havoc with their social and sexual development," Batra says. The women they meet do not match up to the large breasted and oversexed digital women - and the boys become men who cannot sustain marriages and relationships.

Pornography has always existed, and some counsellors do not believe that it is always harmful. But the spread of the Internet, the easy availability of smartphones and the profusion of sophisticated sex games and other platforms have led to a situation where men merely log on for sexual satisfaction.

The Internet is bursting at the seams with sex sites. There are various types of sex games, including cartoon sex games, 3D sex games, virtual reality sex games and so on where the viewer can indulge in sex with three or four imaginary characters. Some online games offer virtual simulation sex. In a new genre of digital porn, users can enjoy 3D porn with a special virtual reality headset that allows them to step inside their favourite games and completely immerse themselves in a sexual fantasy.

And this is happening across the world. In a recently released book, Men (Dis)Connected: How technology has sabotaged what it means to be male, psychologist Philip Zimbardo holds that "masculinity" is being destroyed by online pornography and gaming technology.

"We have surveyed over 20,000 young people in many countries. Even though we don't have data on Indian men, we assume that the impact of freely available porn is creating a new breed of addicts in every country," he says in an email interview. "These men prefer to masturbate to visual images than have live sexual relations with real women."

Nikita Coulombe, co-author of Men (Dis)Connected, adds that it is an "endless novelty" and a "virtual harem" for the men. "In 10 minutes you can see more 'mates' than your ancestors would have seen in their lifetime."

There was a time when people shrugged and said, it's just a phase. But Zimbardo believes that this addiction has gone beyond that and will have a "permanent negative impact" on young men everywhere because the porn industry is big business.

The professor emeritus at Stanford discovered this phenomenon when he found that many of his male students were shy and spent too much time poring over screens. Closer home, academic and writer Shiv Visvanathan had a similar experience while teaching at the O.P. Jindal University in Haryana.

"Many of these guys do not know how to talk to a girl - they'd rather convey their feelings through text messages or through social networks or mobile phones. Sometimes you'll even see two people sitting close together but talking over the phone, just to avoid a face-to-face conversation," Visvanathan says.

What this means is that young men are not just wary of getting into relationships - they are not missing them either. "Porn gives them instant gratification which can be repeated, say, 200 times. Moreover, the virtual body seems more transformable than the actual body and it's fast," Visvanathan points out.

It is an addiction that draws men more than women, primarily because the majority of Internet porn is male-centric and, more than teenage women, boys are addicted to computer games and associated thrills. "Research has affirmed that this is truer for the male brain in comparison to the female brain," explains Batra. "The male brain is more thrill and pleasure seeking and these exciting virtual realities provide an immense rush of pleasure in the brain."

Zimbardo's survey underlines this. It found that three out of five men expressed a "lack of interest in pursuing and maintaining a romantic relationship" while three out of four women between the ages of 18 and 30 said they were concerned about the "emotional immaturity or the unavailability" of men.

While the celebrated psychologist plans to conduct a similar survey in India, concerns are already rising because the lack of sex education in schools and colleges - coupled with repressed backgrounds and exaggerated pornographic images - gives the young a warped idea of sex and relationships.

"In a society where talking about sex is taboo, their only avenue to satisfy sexual curiosities becomes porn," says Rohini Lakshane, researcher, Centre for Internet and Society, Bangalore.

This is why sexologist Prakash Kothari often encounters young men who yearn for a "14-inch organ" and suffer from performance anxiety and depression. "Proper sex education can teach them just two inches and oodles of erotic love are enough to satisfy your female partner," says Kothari.

The experts stress that they are not against pornography. "One should not shoot the messenger," contends Audrey D'Mello, programme director, Majlis, a legal counselling centre in Mumbai. "If used properly it can be an aphrodisiac," Kothari adds.

But many of the images that the young today see are violent and bestial. "These twisted forms of sex are being consumed by young men and boys through smartphones across the country," laments Ira Trivedi, author of India in Love. Lakshane believes that easy access to violent pornography "degrades and objectifies women", giving men and boys a "skewed view of sex and intimacy".

Calcutta-based Subhrangshu Aditya counselled a woman who wanted a divorce because her husband forced her to replicate all that he watched on porn. "It was torture for her, devoid of romantic love or eroticism," Aditya says.

Indeed, the effect on men has an impact on women as well. Trivedi points out that as men devote themselves to porn, women go for measures such as vaginal beautification to attract men.

Or women go off sex altogether.

"These women have an extreme phobia about sex," says Aindri Sanyal, an infertility specialist at a Calcutta-based fertility centre. "Some haven't even got their marriage consummated. So they want to conceive through artificial insemination."

Is there a way out? Experts such as Khwaja are doing what they can. "I am trying to help Sharath socialise in mixed groups, then spend a few minutes at a time doing a favour for a woman, or showing a gesture. I want him to focus on understanding the emotions that girls go through and eventually make him understand how to interact with another flesh-and-blood person who has her own romantic and sexual needs," he says. "The process will take quite a long time."

Zimbardo, 82, wants the "socially crippled generation" to hit the Escape button on their digital devices. He wants to remind them that real sex involves communicating with a real person, feeling their pain, earning their trust and making a real connection to their heart. Like people did, once upon a time.

If it’s May, it’s got to be India

Some porn stats

In 2014, India ranked among the highest consumers of pornographic content in the world, according to Pornhub, an online video hub
Around 25 per cent of Indian visitors on Pornhub.com were women, 2 per cent higher than the worldwide average of 23 per cent
Indians seek out pornography most in May and least in October
More Indians surf porn on their smartphones than on desktops
On an average, Indians spend 8 minutes and 22 seconds per visit to Pornhub, 30 seconds less than the rest of the world
Of all states, people from Andhra Pradesh spend the least time on Pornhub — 6 min and 40 sec; people from West Bengal spend 9 min and 5 sec; people from Assam spend 9 min and 55 sec
Sunny Leone is India’s favourite porn star
In most places in the world, porn is viewed most on Monday, but in India, it’s on Saturday
Porn viewing in India dips by over 25 per cent on Diwali, Dussehra, New Year’s Eve and Gandhi Jayanti.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-may-31-2015-only-digital-sex-please

Online Trolls Attack Critics of India's Aadhaar State ID System

praskrishna — 2017-06-07T13:34:00Z

India's biometric state ID system has been leaking citizens’ data for months. When this information surfaced in April 2017, it stoked fears that the system could be used as an instrument of surveillance against Indian residents.

The blog post by Rohith Jyothish was published by Global Voices on May 31, 2017.

The Unique Identity Authority of India (UIDAI), which administrates the system known as Aadhaar (meaning foundation in Hindi) maintains that it only collects minimal personal data and stores it securely. But critics have firmly expressed doubts about these claims.

The implications of these leaks, and of any system flaw in Aadhaar technology, are substantial, especially for Indians who depend on the Aadhaar system in order to authenticate their identities when they use any number of government services. The Aadhaar system has become the gatekeeper of state systems and services ranging from voting to financial savings to food subsidies.

The digital sphere is now starting to see a pushback against Aadhaar critics through articles and blogposts that describe concerned citizens and privacy experts as the ‘anti-Aadhaar brigade‘ and accuse them of publishing “half-truths” and “spread[ing] confusion to advance their own interests.” One such article was even featured on the UIDAI website.

Some of the most well-researched critiques of the system have come from the Centre for Internet and Society (CIS), an inter-disciplinary research organisation in Bangalore that has now become a target of the pro-Aadhaar lobby. Shortly after CIS released a report that pointed out security flaws in the Aadhaar ecosystem, the UIDAI accused the organization of hacking into the Aadhaar system themselves.

In fact, CIS had investigated databases of four specific government websites. Three were available publicly, the fourth one was accessible by simply changing one of the URL parameters. Following the accusation from UIDAI, CIS clarified that the Aadhaar numbers along with other sensitive personal financial information like bank account details were made available by government websites themselves, putting a sizeable portion of Indian citizens at risk of financial fraud.

The Press Trust of India (India's largest news agency) referred to it as a “flip-flop”, which was contested by researchers at CIS.

Independent technology news platform Medianama reported that the accusation by the UIDAI is regrettably consistent with previous actions in which they filed a case against a journalist for exposing flaws in Aadhaar's enrollment mechanism.

A website called ‘Support Aadhaar‘ and its Twitter handle sought to collate opinions supporting Aadhaar and quell those speaking against it. However, most of their messages appear to evade or deflect the concerns that critics have raised by touting the benefits of the system and portraying critics as having a poor understanding of the benefits of technology.

Many Twitter users have also begun noticing patterns in the pro-Aadhaar posts:

Meanwhile, several critics of Aadhaar have repeatedly been trolled by anonymous handles on Twitter. These ‘sock puppet’ accounts seemed to be targeting those who criticise Aadhaar on social media.

One of the most active trolls issued an open challenge to reveal their identity with just their Aadhaar number. Technology entrepreneur Kiran Jonnalagadda accepted the challenge and found that ‘@Confident_India’, one of the many anonymous troll Twitter handles, is Sharad Sharma, the co-founder and director of iSPIRT Foundation (Indian Software Product Industry Roundtable), the software lobby that built the backbone of the Aadhaar ecosystem.

Sharma accidentally tweeted a denial from the troll account which has since been deleted. He then tweeted again from his personal handle which was captured.

iSPIRT officially denied allegations by Jonnalgadda that the “evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.” India Stack is the digital infrastructure that has been built over Aadhaar.

But several other Twitter users have confirmed that Sharma's phone number is linked to ‘@Confident_India’. By their own admission, iSPIRT seemed to have an officially sanctioned project intended to systematically challenge anti-Aadhaar campaigners in online platforms. But they refuse to term these actions as “trolling”.

However, Sharma later made an apology for trolling and called it a “lapse of judgement”. CIS Executive Director Sunil Abraham seemed to appreciate the message. He tweeted: Bravo to @sharads for this! All of us at @cis_india look fwd to collaborating with @Product_Nation & @sharads to serve Indian s/w sector. https://twitter.com/sharads/status/866943195678035968 …

iSPIRT is an initiative which finds far-reaching support from several IT industry leaders in India. What is worrying is that there is still no clarification from iSPIRT on the identities of the other anonymous trolls and their position on trolling against genuine concerns raised by citizens.

More than a week after the trolling revelations, iSPIRT announced on its website, the results of an investigation carried out by an Internal Guidelines and Compliance Committee over the allegations against Sharma of operating the anonymous handles, ‘@Confident_India’ and ‘@Indiaforward2′. Jonnalgadda was one of the trolling victims who testified in the internal meeting. A summary of the investigation was posted bafflingly by the accused himself in which he says that project Sudham has been dissolved and that he has been told to not make public appearances on behalf of iSPIRT for four months while he remains Director and the face of the organisation. FactorDaily reported that iSPIRT members on the condition of anonymity said that Pallav Nadhani (Founder, Chief Executive, FusionCharts) and Naveen Tewari (Co-founder, InMobi) who quit iSPIRT were upset with their excessive focus on India Stack.

One wonders whether this kind of behavior would be treated differently if it took place offline. Is intimidating those who appear to be ‘detractors’ the most effective way of dealing with criticism? Why is a software lobby taking it upon themselves to defend the idea of Aadhaar and India Stack through such means?

Many are hoping that experts on both sides of the issue can find a way to debate questions around the privacy and security of Aadhaar's technology — that affect some 1.3 billion people — in a more democratic way.

For more details visit https://cis-india.org/internet-governance/news/global-voices-rohith-jyothish-may-31-2017-online-troll-attack-critics-of-indias-aadhaar-state-id-system