We are anonymous, we are legion

Not Surprised by Indian govt's data localisation directives: Michael Dell

Admin — 2018-10-18T01:37:17Z

The Indian government's attempts to ensure that companies adhere to data localisation norms will spawn similar requests from other countries, Michael Dell, the founder and chief executive of Dell Technologies, said.

The blog post by Anand J. was published in VCCircle on October 17, 2018.

However, he acknowledged that the country's concerns are genuine given the privacy and security implications of data. "If you don’t know where your data is or it has gotten into the wrong hands, it can be a very, very dangerous problem," Dell told The Economic Times. He added, "I would not be surprised if pretty much every country in the world creates something like this."

Dell's comments come in the backdrop of India's draft Personal Data Protection Bill, data localisation efforts and data mirroring requirements for payment firms as required under the diktat by the Reserve Bank of India.

Under the RBI direction, even the multinationals like Visa and MasterCard have to ensure that Indian customer data is stored locally. Though the last date for these companies to comply with the directive expired on Monday, the central bank will not penalise them as of now.

In the interview, Dell also acknowledged that information is more valuable than applications and problems will arise when data gets leaked or compromised. "Every business at the end of the day is based on some kind of trust or assurance," he told ET.

However, industry lobby Nasscom and internet watchdog Centre for Internet and Society had told TechCircle that some of the data localisation norms are rather strict and will prevent internet businesses from being truly open and free.

"Data localisation mandates should be narrowly tailored. Ideally, data should be localised based on the sector. For instance, military, intelligence and law enforcement might need strict localisation rules. There is no policy objective that will be served by localising social media data," CIS director Sunil Abraham had told TechCircle in an interview some months ago.

Nasscom's policy director Ashish Aggarwal told TechCircle that the industry lobby did not see the recommendations as a balanced approach in terms of localisation. "If imposed, this will cause a disproportionate cost to the industry," he had said.

For more details visit https://cis-india.org/internet-governance/news/vccircle-october-17-2018-anand-j-not-surprised-by-indian-govt-data-localisation-directives

Not Everyone Plays by the Rules in the Digital Playground: Addressing Online Child Sexual Exploitation

praskrishna — 2016-10-05T15:08:40Z

Japreet Grewal spoke at a panel on 'Prevention through Awareness and Education' at a meeting titled 'Not Everyone Plays by the Rules in the Digital Playground:Addressing Online Child Sexual Exploitation' that was organised by the International Centre for Missing and Exploited Children, Singapore (ICMEC) and TULIR - Centre for the Prevention and Treatment of Child Sexual Abuse, India on October 3-4, 2016 at India Habitat Centre, New Delhi.

Click the links below to access:

For more details visit https://cis-india.org/internet-governance/news/not-everyone-plays-by-the-rules-in-the-digital-playground-addressing-online-child-sexual-exploitation

Northeast exodus: Is there a mechanism to pre-screen social media content?

praskrishna — 2012-09-04T04:06:46Z

The government has passed the blame buck on social media and blocked hundreds of websites, which it claims, hosted hate speech and inflammatory content, enough to incite violence. But is it feasible to pre-screen objectionable or provocative content, and reject it before posting so that there is no chance of such rumours?

The article by Wahid Bukhari was published in merinews on August 23, 2012. Pranesh Prakash is quoted.

The government took the action after Home Minister RK Singh alleged that the exodus of northeastern people from southern states such as Bangalore, Mumbai and Pune was a result of the panic and rumours created because of the content uploaded on these websites, many according to him were created by elements across the border in Pakistan. Though many suspected that Mr Singh's claim was an excuse to save the government from its inefficiency in controlling the riots, and the exodus of the northeastern people who were seen boarding the trains to their home states with their belongings amid fears of reprisal attacks.

Was the action meant to pass on the inefficiency buck or not - the government has, at least, managed to shift the focus of the media from exodus to the debate - as to whether social networking sites or websites promoting hatred should be blocked or not - given the democratic rights of every citizen to freedom of speech and expression.

Around a hundred more websites have been reported promoting hate speech and Google, Facebook and other social networking sites like Twitter have been asked to remove such content as soon as possible but in this whole debate one question remains unanswered: How does removing a post from Twitter or Facebook make a difference, several hours after it was published? One might argue even an hour is enough for an inflammatory picture or comment to incite violence or hatred. As a consequence, one might demand that a comment is screened before it is posted on a website, otherwise it doesn't serve any purpose.

Whether pre-screening is technically possible, Pranesh Prakash maintains: "Given the amount of content uploaded on the larger social networks, pre-screening content is just not possible, while removal upon complaint is. They don't have editors like newspapers do; importantly, they shouldn't."

Perhaps, a mid way is to intervene prior to registration on social media websites. All those who register should be made aware of the content that's not permissible, and make them aware of relevant laws and repercussions of breaking them if their complicity is proved. Similarly, these sites can be asked by the Indian government to continuously remind registered users as well as general public, through mass media advertizing, about what kind of content is not permissible. The government, from its side, can strengthen cyber laws to empower sites such as Facebook and Twitter to curb posting of provocative content due to presence of these stringent laws.

Terming the government action unfortunate, Mr Prakash who is a programme manager with the Bangalore-based research and advocacy group, The Centre for Internet and Society believes that government botched up at so many levels. “I don't think the government should be going after Facebook, YouTube, or Twitter. It should be going to them, to work with them on removing content,” Mr Prakash suggests. "The larger social networks have dedicated complaints mechanisms, which the government could have asked them to run 24x7 for a few days, and to expedite that process, and both complained itself and asked the public to use the complaints process,” he adds.

Though Pakistan has rubbished the claims that it has any role in fomenting trouble, but it has also asked the Indian government to provide it with evidence so that it could nab the accused. Whether or not there is any evidence is a secondary question, the primary blame will always rest with both the state and central governments who failed to stop the exodus of fear-stricken people from the northeast.

Experts like Mr Prakash are wondering why the government didn't pay back in the same coin by using the social media to dispel the rumours. “It is a pity that they notified a new policy to encourage governmental use of social media only today; they sorely needed it this last week,” Mr Prakash rues.

The government has blocked content related to thirty Twitter accounts but another surprising thing is that only accounts using the web interface have been blocked, and such accounts can still be accessed on BlackBerrys or other smartphones.

The only visible thing government did on ground when the exodus started taking place in Bangalore was the setting up of helplines but did they help in preventing the exodus - there are enough reasons to believe against it. "There were some complaints that the people attending some of these helplines could only speak in Kannada, and not the English or Hindi that people calling for help were expecting. Even such positive steps were executed badly." Mr Prakash informs.

For more details visit https://cis-india.org/news/www-merinews-com-wahid-bukhari-august-23-2012-northeast-exodus

Noose tightens on freedom of speech on the Internet

praskrishna — 2015-03-27T01:01:18Z

A worrying trend has emerged in the last few years, where intermediaries around the world are being used as chokepoints to restrict freedom of expression online, and to hold users accountable for content.

The blog post by Gabey Goh was originally published by Digital News Asia and mirrored in Malaymail Online on March 26, 2015. Jyoti Panday gave her inputs.

“All communication across the Internet is facilitated by intermediaries: Service providers, social networks, search engines, and more,” said Electronic Frontier Foundation (EFF) senior global policy analyst Jeremy Malcolm.

“These services are all routinely asked to take down content, and their policies for responding are often muddled, heavy-handed, or inconsistent.

“That results in censorship and the limiting of people’s rights,” he told Digital News Asia (DNA) on the sidelines of RightsCon, an Internet and human rights conference hosted in Manila from March 24-25.

This year, the government of France is moving to implement regulation that makes Internet operators “accomplices” of hate-speech offences if they host extremist messages.

In February, the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) urged ICANN (the Internet Corporation for Assigned Names and Numbers) to ensure that domain name registries and registrars “investigate copyright abuse complaints and respond appropriately.”

Closer to home, the Malaysian Government passed a controversial amendment to the Evidence Act 1950 – Section 114A – back in 2012.

Under Section 114A, an Internet user is deemed the publisher of any online content unless proven otherwise. The new legislation also makes individuals and those who administer, operate or provide spaces for online community forums, blogging and hosting services, liable for content published through their services.

Due to the potential negative impact on freedom of expression, a roadmap called the Manila Principles on Internet Liability was launched during RightsCon.

The EFF, Centre for Internet Society India, Article 19, and other global partners unveiled the principles, whose framework outlines clear, fair requirements for content removal requests and details how to minimise the damage a takedown can do.

For example, if content is restricted because it’s unlawful in one country or region, then the scope of the restriction should be geographically limited as well.

The principles also urge adoption of laws shielding intermediaries from liability for third-party content, which encourages the creation of platforms that allow for online discussion and debate about controversial issues.

“Our goal is to protect everyone’s freedom of expression with a framework of safeguards and best practices for responding to requests for content removal,” said Malcolm.

Jyoti Panday from the Centre for Internet and Society India noted that people ask for expression to be removed from the Internet for various reasons, good and bad, claiming the authority of myriad local and national laws.

“It’s easy for important, lawful content to get caught in the crossfire. We hope these principles empower everyone – from governments and intermediaries, to the public – to fight back when online expression is censored,” she said.

The Manila Principles can be summarised in six key points:

Intermediaries should be shielded by law from liability for third-party content
Content must not be required to be restricted without an order by a judicial authority
Requests for restrictions of content must be clear, be unambiguous, and follow due process
Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
Laws and content restriction policies and practices must respect due process
Transparency and accountability must be built in to laws and content restriction policies and practices

“Right now, different countries have differing levels of protection when it comes to intermediary liability, and we’re saying that there should be expansive protection across all content,” said Malcolm.

“In addition, there is no logic in distinguishing between intellectual property (IP) and other forms of content as in the case in the United States for example, where under Section 230 of the Communications Decency Act, intermediaries are not liable for third party content but that doesn’t apply to IP,” he added.

The Manila Principles have two main targets: Governments and intermediaries themselves. The coalition, led by EFF, will be approaching governments to present the document and discuss the recommendations on how best to establish an intermediary liability regime.

This includes immunising intermediaries from liability and requiring a court order before any content can be taken down.

With intermediaries, the list includes companies such as Facebook, Twitter and Google, to discuss establishing transparency, responsibility and accountability in any actions taken.

“We recognise that a lot of the time, intermediaries are not waiting for a court order before taking down content, and we’re telling them to avoid removing content unless there is a sufficiently good reason and users have been notified and presented that reason,” said Malcolm.

The overall aim with the Manila Principles is to influence policy changes for the better.

Malcolm pointed out that by coincidence, some encouraging developments have taken place in India. On the same day the principles were released, the Indian Supreme Court struck down the notorious Section 66A of the country’s Information Technology Act.

Since 2009, the law had allowed both criminal charges against users and the removal of content by intermediaries based on vague allegations that the content was “grossly offensive or has menacing character,” or that false information was posted “for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.”

Calling it a “landmark decision,” Malcolm noted that the case shows why the establishment and promotion of the Manila Principles are important.

“Not only is the potential overreach of this provision obvious on its face, but it was, in practice, misused to quell legitimate discussion online, including in the case of the plaintiffs in that case – two young women, one of whom made an innocuous Facebook post mildly critical of government officials, and the other who ‘liked’ it,” he said.

The court however, upheld section 69A of the Act, which allows the Government to block online content; and Section 79(3), which makes intermediaries such as YouTube or Facebook liable for not complying with government orders for censorship of content. — Digital News Asia

For more details visit https://cis-india.org/internet-governance/news/malaymail-online-gabey-goh-march-26-2015-noose-tightens-on-freedom-of-speech-on-the-internet

Non-Discrimination and Equal Opportunities Policy

praskrishna — 2020-07-29T06:59:09Z

Preliminary

This Non-Discrimination and Equal Opportunities Policy ("Policy") states the internal policy of the Centre for Internet & Society ("CIS") with regard to non-discrimination at the workplace and equal opportunities during recruitment.
This Policy is internal to CIS and is meant to provide a safe, diverse and comfortable workplace at CIS. This Policy is not legally mandated and, therefore, is not judicially enforceable in India. This Policy is without prejudice to any anti-discrimination provisions of applicable law including, but not restricted to, the provisions of:
- Article 17 of the Constitution of India;
- the Protection of Civil Rights Act, 1955,
- the Scheduled Castes and Scheduled Tribes (Prevention of Atrocities) Act, 1989;
- the Sexual Harassment of Women at the Workplace (Prevention, Prohibition and Redressal) Act, 2013;
- Sections 354 and 509 of the Indian Penal Code, 1860; and,
- the Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act, 1995.

Non-discrimination

CIS will not adversely discriminate, and prohibits other adverse discrimination at the workplace, on the basis of religion, race, caste, sex, place of birth, descent, sexual orientation, gender identity, disability, age or any of them ("Discrimination Characteristics"). CIS will not condone any adverse discrimination against any person on its premises, whether that person is in its employment or otherwise.
Any person who believes himself or herself to have been subjected to adverse discrimination on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity. No person will be punished, retaliated against, or limited in employment or other opportunity for exercising anything set out in this Policy, or for filing a complaint, furnishing information for, or participating in an investigation, or any other activity related to the administration of this Policy.
Any adverse discrimination or other action or behaviour that constitutes a violation of law will be reported to the police.

Equal Opportunities

CIS provides equal opportunities to its employment, consultancy or otherwise without regard for the Discrimination Characteristics. All actions of CIS with regard to its employees, consultants, advisors, interns and staff, including but not limited to those relating to compensation, benefits, transfers, leave, layoffs, training, education, and assistance, will be made without regard for the Discrimination Characteristics.
Notwithstanding anything contained in the previous paragraph, if CIS reasonably believes that its employment, workplace or premises do not adequately represent the balance of diversity of persons who share one or more of the Discrimination Characteristics, it may, with the aim only of redressing that imbalance, take positive discriminatory action in respect of persons who share that aspect, or those aspects, of the Discrimination Characteristics that are sought to be adequately represented.
Any person who believes himself or herself to have been subjected to adverse discrimination, or impermissible positive discrimination, on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity.

Diversity Committee

The Interim Diversity Committee of CIS is comprised of:

Pallavi Bedi
Torsha Sarkar
Gurshabad Grover

For more details visit https://cis-india.org/about/policies/non-discrimination-equal-opportunities-policy

Non human intelligence is closer than you think!

nishant — 2012-05-24T06:36:57Z

In one of the research projects that I have been involved in, I was recently a part of a jury, for a contest which required on-line voting. It sounded like a fun thing, giving the participants a chance to bring in their inherited networks and also expanding the reach of the contest entries.

Nishant Shah's article was published in FirstPost on April 25, 2012.

We were just about to close shop and announce the clear winners who had a landslide victory in the contest, when following up on a clue – a simple mismatch between the number of people who had visited the webpage and the number of votes polled – sniffed up by a colleague, we were suddenly faced with the suggestion that a lot of the votes cast in the contest were by non-human actors.

The first instincts for many of us involved were that an act of deception or fraud had happened. It felt natural, to most of us that when we asked for votes, we were specifically looking for human votes. Our relationship with technologies – digital or otherwise – has been primarily defined through usage. We use technologies so that we can perform an intended task. Especially with transparent and wearable portable technologies, we constantly think of them as disposable extensions which help execute our ideas and actions with efficiency.

In this one-way functional understanding of technologies, we often forget that these technologies are not merely tools. More often than not, the technologies that we interact with and engage with, shape the ways in which we look at the world. This is true even of the simplest of tools – If you have a hammer in your hand, the whole world appears to be a nail.

Within large-scale digital networks this becomes so much more complicated because the lines between human and non-human actors within those networks are very blurred. Our engagement with the network is not merely to use it as a conduit for communication. The network is an intelligent entity. It grows, learns, watches and responds to our different actions. There are actors within the network which can perform actions which might resemble, if they are not exactly the same, as the human actions in the same environment.

In fact, we are often faced with non-human actors – call them bots, scripts, artificial intelligence, or any other name – which are more efficient in performing certain repetitive and recursive actions which are necessary to sustain the network, that the human actor might be unable to cope with.

Think of your favourite social network and realise that there are so many ways by which the interface and the network, aided by a range of non-human actors, are interacting with you constantly to customise and ease your interactions within the network. Anthropomorphised guides give you tours of new applications. Email based bots notify of activity in your network. Sniffers detect your browser, your ISP, your connectivity speed, your browser, your access device, your preferred language, your customised settings, etc. to render the social network legible on your screen.

We increasingly depend upon these transparent workers, very much like the magical servants in Beast’s enchanted castle in the fairy tale about Beauty and the Beast. If you do a measure of who you interact with the most within a network you will quickly realise that what you actually interact with, within a network, is these non-human actors who facilitate your peer-2-peer connections in the digital domain.

And this is not limited to your social networking systems. As we move towards a more intuitive internet that operates through multiple nodes and forms pervasive and persuasive networks of being, we are increasingly living with non-human actors who can mimic life more efficiently in their native environments. The bots that perform edits on Wikipedia entries to clean the language and correct styles are made out of code.

Scripts that relay information about your usage so that it gets logged, tracked and visually presented in Google Analytics are also bits and bytes. The IVR that you use for your financial transactions or indeed the very systems which authenticate your credit card details, without you worrying about fraud is because it is done without human intervention. It is despite these transactions, or perhaps, because of it, that we refuse to think of technologies as sapient.

We often think of ourselves in technology terms and sometimes also Disnefy our gadgets by giving them names and talking of them as almost-human. However, when it comes to questions of actions or doing things, there is a false presumption that the human proposes and the technological does it, despite the contrary evidence that we generally have the technological dictating terms and us following them through within digital networks.

We resolved our small crisis by counting only the human votes. But that resolution is not one that we will be able to live with for long. We are soon going to enter worlds where the non-human actor in the network is going to have equal rights, agency, will and choices, and it will perform actions that will have equal credibility as the human one. If not more.

For more details visit https://cis-india.org/internet-governance/non-human-intelligence

Noida cyber cell gives tips on preventing WannaCry attack

praskrishna — 2017-06-07T01:18:22Z

The attackers targeted a weakness found in older versions of Microsoft Windows.

The article by Juana McKenzie was published in the World News Journal on May 20, 2017.

Since late last week, the WannaCry cyber scourge has blocked customers the world over from accessing their data - unless they paid a ransom using Bitcoin. Here's what you should do to protect yourself.

Third, and perhaps more important: like the emperor's new clothes, even this new-fangled ransomware isn't as sophisticated as it's cracked up to be. If you're unsure about the legitimacy of something, delete it.

When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches, said Michael Scott, a professor at Southwestern Law School.

It pays to know the proper file extensions that are available.

If you happen to come across files such as worklog.doc.exe, or financial_statement.xls.scr, do not open them as the files are most likely malicious.

'And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today - nation-state action and organised criminal action'.

Then there's the USA government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised.

No. This strain of ransomware was spread from device to device by taking advantage of an old security hole in some versions of Microsoft's Windows operating system.

Microsoft released a patch for this vulnerability in March and, on the heels of the attack Friday, even took the unusual step of releasing fixes for older versions of Windows that are no longer supported, such as Windows XP, Windows Server 2013, and Windows 8. This included the release of the patch in March and an update on Friday to Windows Defender to detect the WannaCrypt attack.

As there are different types of ransomware, there is no single, easy solution to restore your computer if it has been infected. Enterprises need to test patches before installing them to ensure that they don't have compatibility issues with existing applications and break existing workflows.

Security experts have hailed Microsoft's decision to publicly call out the U.S. government and the NSA's decision to stockpile cyberweapons.

"As software has become ever more complex, interdependent and interconnected, our reputation as a company has in turn become more vulnerable", Gates wrote in an email to employees identifying trustworthy computing as Microsoft's top priority. Such software will act as the first line of defence by blocking auto downloads and actively scan for suspected threats on the PC.

The culprit was "ransomware" known as WanaCryptOr 2.0, or WannaCry.

Europol said a special task force at its European Cybercrime Centre was "specially created to assist in such investigations and will play an important role in supporting the investigation".

Kaspersky said it was seeking to develop a decryption tool "as soon as possible". If the ransomware has locked your entire PC, as WannaCry has done, combating it is more hard. Backups often are also out of date and missing critical information.

Cloud storage services such as Google Drive, Microsoft OneDrive, Dropbox and Box offer large amount of storage space for a monthly or yearly subscription fee.

For more details visit https://cis-india.org/internet-governance/news/world-news-journal-juana-mckenzie-may-20-2017-noida-cyber-cell-gives-tips-on-preventing-wannacry-attack

No, India did NOT oppose the United Nations move to “make internet access a human right”

Pranesh Prakash and Japreet Grewal — 2016-07-13T16:09:31Z

Last Friday, the United Nations Human Rights Council (UNHRC) passed a resolution titled “The promotion, protection and enjoyment of human rights on the Internet.”

The article by Pranesh Prakash and Japreet Grewal was published in Factordaily on July 13, 2016.

Several media outlets, including T he Verge, India Today, and BuzzFeed, reported that the resolution was ‘opposed’ by China, Russia, Saudi Arabia, South Africa and India. The Verge, for instance, reported that these countries “specifically opposed” a clause of the resolution that “condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online and calls for all countries to refrain from such measures”. This is pure bunkum. Some media organisations have also been reporting that the UNHRC resolution “declares that access to the Internet is a human right”. This too is fiction.

What’s the truth? The UNHRC resolution covers wide ground, including the reaffirmations of two previous resolutions, which stated that the same rights that people have offline must also be protected online as well. As ARTICLE19, an international free speech NGO, notes: “The draft resolution goes further than its predecessors, including by stressing the importance of an accessible and open Internet to the achievement of the Sustainable Development Goals, as well as in calling for accountability for extrajudicial killings, arbitrary detentions and other violations against people for expressing themselves online.” Importantly, the resolution “unequivocally condemns” internet shutdowns, such as the one that happened in Kashmir just last week after security forces killed guerrilla Burhan Wani.

This resolution was, in fact, adopted without any opposition. So why the brouhaha over countries like India?

Here are the facts

There were four separate amendments, two of which were proposed by Belarus, China and Russia (referred as L85, L86 in this article) and the other two were proposed by Belarus, China, Russia and Iran (referred as L87 and L88). None of these amendments comment on the paragraph in the resolution that condemns intentional disruption of access or dissemination of internet services. So the headlines in most of the reports are just plain wrong. Let’s examine each of these four amendments one by one

In L85, an amendment was suggested to a paragraph that refers to past resolutions by the UNHRC and the UN General Assembly relating to freedom of expression and the right to privacy online. The amendment, which proposed including a reference to a previous UNHRC resolution on the rights of children online, was later withdrawn.

In L86 the proposed amendments both added and removed some text, and was hotly opposed by organisations like ARTICLE19. The proposed amendment said that the same rights people have offline must also be protected online, in particular, freedom of expression and the right to privacy, in accordance with articles 17 and 19 of the International Covenant on Civil and Political Rights (ICCPR), a multilateral treaty adopted by the United National General Assembly to respect civil and political rights of individuals. Major additions: Some text on right to privacy and a reference to Article 17 of the ICCPR, which is about privacy. Major deletions: a reference to the Universal Declaration on Human Rights, and language stating that that freedom of expression is “applicable regardless of frontiers and through any media of one’s choice”, which is present in article 19 of the ICCPR. However, article 19 of the ICCPR is incorporated by reference even in the proposed amendment! So is there a real loss in purely legal terms? Not really.

The amendments in L87 sought to replace the term “human rights based approach” that stressed on the need to provide and expand access to the internet, and to replace it with the term “comprehensive and integrated approach.” The problem is that there is no clarity about what a “human rights based approach” to providing and expanding access to the internet is. What does it even mean? Is there a “human rights based approach” to spectrum auctions and spectrum sharing? Or the laying of fibre optic cables? Or anything else associated with internet access? If there is, indeed, a human rights based approach to providing and expanding access to the internet, it should be spelt out, rather than simply calling it that. Similarly, the term “comprehensive and integrated approach” is equally vague.

Even if one harbours reservations about these amendments, none of these amendments could be reasonably be characterised as “opposing” the condemnation of Internet shutdowns or “opposing” online freedoms.

Finally, in L88, the amendments proposed that the UN resolution should acknowledge concerns about using the internet and information technology for spreading ideas about “racial superiority or hatred, incitement to racial discrimination, xenophobia and related intolerance.” In the light of this, it is difficult to understand how adding concerns relating to hate speech to the resolution is seen as “being opposed” to online freedoms, especially when there is no direct action contemplated in the proposed amendment.

Indeed, in Paragraph 9, gender violence is mentioned, and in Paragraph 11, incitement to hatred is mentioned. Adding an additional, more specific reference can hardly be construed as being opposed to online freedoms. After all, states have a positive obligation to enact laws to prohibit hate speech under Article 20 (2) of the ICCPR, which is a centrepiece of international human rights law.

Even if one harbours reservations about these amendments, none of these amendments could be reasonably be characterised as “opposing” the condemnation of Internet shutdowns or “opposing” online freedoms. And factually, no states (including India, China, South Africa, Russia, and more) voted against the resolution.

A game of Chinese whispers

So why did so many prominent news organisations around the world get it so wrong? My theory is that it happened because organisation like ARTICLE19 put out press releases on what they perceived as the ‘weakening’ of the resolutions by the amendments examined above, and their regret that even democratic states like India and South Africa voted for these amendments. This was wrongly portrayed in much of the media as opposition by these countries to the resolution itself, to online freedoms, and particularly as opposition to the idea of condemning internet shutdowns. Thanks to the Chinese whispers nature of news reporting, this mistaken idea spread far and wide without any of the reporters bothering to check the original UN documents.

It is shameful if India condemns internet shutdowns at the UNHRC while deploying them for purposes such as preventing cheating during an examinations, during Ganesha visarjan, during Eid, during wrestling matches, and during protests.

However, regardless of the faulty reportage, there is a real crisis in India, with organisations like Medianama and the Software Freedom Law Centre having counted at least nine internet shutdowns this year alone, and at least 30 since 2013. It is shameful if India condemns internet shutdowns at the UNHRC while deploying them for purposes such as preventing cheating during an examinations, during Ganesha visarjan, during Eid, during wrestling matches, and during protests.

We at the Centre for Internet and Society have previously explained why a Gujarat High Court order allowing for an internet shutdown during riots was wrong in law, and violated our Constitution as well as our international human rights obligations. That is something the India media ought to be focussing far more on, but aren’t.

Lastly, it would also be welcome for the individual civil society organisations that signed an open letter to UNHRC members to explain why they too believed that these amendments would have significantly harmed our freedoms online. We see it instead as a case of ‘human rights politics’ being played out, when none of the proposed amendments would have had much of a negative legal impact, but only a political impact.

Should civil society organisations really get worked up about these?

Edited by: Pranav Dixit

For more details visit https://cis-india.org/internet-governance/blog/factordaily-pranesh-prakash-and-japreet-grewal-july-13-2016-no-india-did-not-oppose-un-move-to-make-internet-access-a-human-right

No UID Campaign in New Delhi - A Report

praskrishna — 2012-06-20T03:51:45Z

The Unique Identification (UID) Bill is not pro-citizen. The scheme is deeply undemocratic, expensive and fraught with unforseen consequences. A public meeting on UID was held at the Constitution Club, Rafi Marg in New Delhi on 25 August, 2010. The said Bill came under scrutiny at the meeting which was organised by civil society groups from Mumbai, Bangalore and Delhi campaigning under the banner of "No UID". The speakers brought to light many concerns, unanswered questions and problems of the UID scheme.

Since 2009, when the UID Bill was presented to the general public by Nandan Nilekani, the project has been characterized as a landmark initiative that will transform India, bring in good governance, and provide relief and basic services for the poor. The scheme is rapidly being put in place; the draft Bill has been put before the Parliament of India and the resident numbers and data have been collected.

The UID proposes to take the finger prints and iris scans of every resident of India for authentication of each individual. J. T. D'Souza, an expert in free software technology exposed the flaws of the entire technical aspect of the UID project. He presented the risks and loopholes that technology such as iris and fingerprint scanners pose, and the risks in using a biometric system as a form of identification system. Contrary to the claim of the UID authority, that a scheme based on biometrics is foolproof, he explained how fingerprints are not unchanging, both fingerprints and iris scans can be easily spoofed (with a budget of only $10), and there are many ways in which the technology can break, be inconsistent, or be inaccurate.

From a human rights perspective the lack of democracy in the entire project was stressed. Usha Ramanathan reiterated the fact that no white paper was issued, the Bill has not gone through the Parliament and yet citizens’ data is being collected, citizens were given only a two week period to comment on the Bill, and in practice the UID number will not be voluntary for individuals.

The UID authority has posited the scheme as bringing benefits to the poor, plugging leakages in the Public Distribution System and the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), as well as enabling inclusive growth by providing each citizen with a verifiable and portable identity. These claims were debunked. An identity number will not fix the waste of grain that takes place every day, the portability of the number raises new problems of accessibility and distribution of resources, and the MGNREGS system is already working to be financially inclusive with a majority of its members already having a bank account.

In response to hearing the presentations of the speakers and the comments by the audience, senior Member of Parliament of the Revolutionary Socialist Party of India (RSP), Abani Roy called for the launching of a massive campaign to resist this expensive and dangerous project through which several companies will gain massive contracts from the public exchequer.

The campaigners for No UID plans to hold further meetings across the country and lobby Parliamentarians in the coming months.

For more information contact: Mathew Thomas (Bangalore) mathew111983@gmaill.com, Elonnai Hickok (Bangalore) elonnai@cis-india.org , Sajan Venniyoor (Delhi): +91-9818453483 - Bobby Kunhu (Delhi): +91-9654510398

For more details visit https://cis-india.org/internet-governance/blog/no-uid-campaign

No to homosexuals, yes to their vote

praskrishna — 2014-04-04T09:54:39Z

The ad appears at the bottom of the page. It has BJP’s symbol and Modi’s photograph displayed prominently.

The article by Yogesh Pawar was published in DNA on March 21, 2014. Sunil Abraham is quoted.

In a hotly contested election where every vote will count, the scramble among political parties to scrounge for votes is understandable. Yet, what would you make of a party that hates a community but wants their votes? The BJP had opposed any move to nullify Supreme Court's order re-criminalizing consensual sex among consenting adults, dealing a huge setback to any move to scrap or dilute Section 377 of the Indian Penal Code (IPC). Party chief Rajnath Singh went to the extent of saying, "Gay sex is not natural and we cannot support something which is unnatural."

This is why the gay community across the country has expressed surprise to find a BJP ad asking for votes on the popular gay social media dating website grindr. The ad which will obviously lead to to a lot of red faces in the BJP, appears at the bottom of the page has both the party' lotus symbol and their prime-ministerial candidate Narendra Modi's photograph displayed prominently. It exhorts voters to vote BJP to stop price rise.

"This exposes the party's hypocrisy," guffawed India's pioneering gay rights activist Ashok Row Kavi. "So you want our votes and not us. I'm glad this has happened. The country will finally know the true face of falsehood of the party."

He's not alone. Many from the community have taken to social media sites like facebook and twitter to make their disgust known. Counselling psychologist Deepak Kashyap is one of them. "So, #BJP says it'd never support the "unnatural act" of homosexuality, but #NaMO has no qualms about asking for support on gay dating apps, like grindr! What a sham(e)!" he posted.

Linking most homophobia with an intense struggle with latent homosexuality Kashyap, the University of Bristol pass-out and equal rights activist for the LGBTQ community told dna, "Whatever makes you jump up in your chair, essentially makes you insecure about your own condition in some way or the other." According to him, similar results were shown in a research called 'Is Homophobia Associated with Homosexual Arousal?', by Georgia University published in the Journal of Abnormal Psychology.

When reached for comment, the BJP's National IT head Arvind Gupta said, "I am not aware of such an ad being placed on this website. If this is indeed true we will take it up with the advertising agency responsible." BJP spokesperson and Lok Sabha candidate from New Delhi Meenakshi Lekhi too told dna, "This is the first I am hearing of such an advertisement," and added, "In the first instance it seems like a deliberate act of mischief in the poll season to embarrass our party."

Centre for Internet and Society, Executive Director Sunil Abraham felt the ad on grindr may have to do more with the lack of knowledge than anything else. "We find many ads by top Indian corporate brands on pirate websites. This happens because people are still not completely conversant with negotiating with advertising networks when it comes to websites."

For more details visit https://cis-india.org/news/dna-march-21-2014-yogesh-pawar-no-to-homosexuals-yes-to-their-vote

No such rule, but many vaccination centres are insisting on Aadhaar as proof

Sreedevi Jayarajan — 2021-06-26T04:43:13Z

Radhika Radhakrishnan saw three words swimming before her as she inched closer to the hospital lobby.

The blog post by Sreedevi Jayarajan was published in the News Minute on June 4, 2021. Pranesh Prakash was quoted.

The words were written on a white board inside the private hospital she had visited in Bengaluru on May 21, three weeks after the Union Government opened up COVID-19 vaccinations for the 18+ category after online registration. “I had booked a vaccine slot and visited the hospital and the words on the board read ‘Aadhaar is mandatory’, along with other dos and don’ts of the vaccination process that the hospital followed,” she tells TNM. On the morning of her vaccination date, Radhika had registered on the Union Health Ministry’s CoWin portal for a vaccine slot in the 18+ age group. She had given her PAN number when the portal asked for a government ID proof. The appointment slip on CoWin also showed her PAN, she says.

But on the day of vaccination, authorities at the private hospital refused to accept her PAN card. Radhika says that they insisted on her Aadhaar number in order to authenticate her vaccination appointment, despite her telling them that it is illegal to demand her Aadhar card. “The hospital authorities told me that they only used Aadhaar cards to register people for vaccination or authenticate CoWin appointments. They said that if I did not want to give my Aadhaar number, I would have to wait a few more hours for them to figure out a different process,” she tells TNM. By this time, Radhika had already waited three hours in the hospital queue.

Bengaluru-based journalist Biswak* too recounts a similar experience at a government run vaccination centre he had visited on May 5. The 25-year-old had registered on CoWin using his Driving License, one of five government ID proofs that the Health Ministry portal accepts for booking vaccination slots. But at the centre, Biswak says that the officials insisted on his Aadhaar number. “Thankfully I had the number despite not carrying my card. I got vaccinated and the vaccination certificate issued on my CoWin account showed the last four digits of my Aadhaar, and did not mention my driving license which was my ID proof of choice,” he says.

TNM got in touch with several people from Tamil Nadu and Karnataka among other states who confirmed that their vaccination centres refused to accept any other ID proof, and insisted on Aadhaar. This despite the Union government not making Aadhaar mandatory for CoWin registration, for on-the-spot registrations, and even for authentication of appointments at vaccination centres.

Co-Win does not insist on Aadhaar

A quick look at the CoWin portal will tell you that you can register with any of six government ID proofs other than your Aadhaar card. These are Driving License, PAN card, Passport, Pension Passbook, NPR Smart Card and Voter ID (EPIC). To the vaccine centres, registered citizens should carry the very same ID proof they have used to register on the Co-Win portal, along with a printout or screenshot of their appointment slip. This means, if a person has registered on the portal using an Aadhaar card, the vaccination centre will ask for the same for authentication.

Once vaccinated, citizens get a certificate with their vaccination status (one dose or fully vaccinated) on their phones. This certificate contains the person’s name, age, type of vaccine (Covishield or Covaxin) and the last four digits of the ID proof used for registration.

While Radhika and Biswak say that their appointment slips had their PAN and Driving License numbers respectively, after they were coerced to give their Aadhaar numbers, the vaccination certificate on the Co-Win portal showed their Aadhaar number. “This means that they have forced me to give my Aadhaar number and then used this, despite me giving a different ID proof,” Radhika says. Multiple private hospitals in Chennai too currently insist on Aadhaar card for vaccinations, while Tamil Nadu government maintains that Aadhaar is not mandatory.

TNM spoke to a senior official in the Revenue and Finance Department of the Greater Chennai Corporation who confirmed that centres, both private and government, did not have the right to demand Aadhaar for vaccination. “There is no such rule that Aadhaar has to be submitted by citizens. In fact, the Co-Win portal also has a section to register those who have no ID proof, i.e homeless persons or those from marginalised sections. The portal finds another way to register these people. So insisting on an Aadhaar number is out of the question,” he says. In the neighbouring state of Kerala, the government recently announced that persons who had to travel abroad for various reasons should register on the government portal only using their passports. This, so that their vaccination certificate would generate their passport number as ID proof.

A matter of convenience?

In the absence of a law which mandates Aadhaar to be used for the purpose of universal COVID-19 vaccination, there is no legal basis for hospitals and vaccination centres to insist on Aadhaar numbers to vaccinate people. “Unlike a law passed by the Union government which makes it compulsory for your PAN to be linked to your Aadhaar, there is no law which the government has passed to make Aadhaar compulsory for vaccination. The Union government does, however, have the legislative competence to pass such a law. Which means that if they want to make Aadhaar mandatory for vaccination, they can. So far they have not. And therefore, nobody has the right to demand Aadhaar to vaccinate people,” says Pranesh Prakash of the Centre for Internet and Society.

However, it could be a matter of convenience for hospitals to use one type of ID proof, to be able to streamline their data entry process. “As (I believe) Aadhaar is the most widespread ID card in the country right now, when compared to other ID proofs, it makes it simple for vaccination centres to ask for Aadhaar numbers and key this in," Pranesh adds.

To a query that TNM posted on Twitter, we got varied responses from people. While many said that the centres did not insist on a particular ID card, many others said they had to give their Aadhaar. The insistence for Aadhaar by vaccination centres, both private and government, seems to be random, with no proper pattern or rule in place.

System does not support other ID proofs?

From Radhika’s experience, the hospital she visited for vaccination could not support any other ID proof, as they, in their own words “followed a system of using just Aadhaar cards”. This indirectly coerces unwilling citizens to part with their Aadhaar details, and offers no choice for those who registered with other ID proofs.

“I had to finally give my Aadhaar number but it said that there was a mismatch. Later we found out that my name on my PAN was a bit different from the name on my Aadhaar card. Since I had used the PAN to register on Co-Win, the portal could not authenticate me with the Aadhaar number. Finally I had to re-register on the spot and give a different phone number as the phone number I had given was already linked to my Aadhaar and PAN,” she says, adding that all of this could have been avoided if the hospital had accepted her PAN in the first place.

However, a private hospital that has been doing vaccinations in many places across India told TNM that they had no instructions from the state or Union government to use only Aadhaar and claimed that they only asked for Aadhaar if the person had used it during registration. However, many people who responded to TNM named this private hospital and many others too as those insisting on Aadhaar as proof.

For more details visit https://cis-india.org/internet-governance/news/the-news-minute-june-4-2021-sreedevi-jayarajan-no-such-rule-but-many-vaccination-centres-are-insisting-on-aadhaar-as-proof

No party's got a clear stand, Aadhaar's fate hangs in balance

praskrishna — 2014-05-05T06:01:08Z

A non-UPA government for sure will review the multi-crore UID programme, but none of the parties have yet talked about scrapping it.

The article by Pratap Vikram Singh was published in GovernanceNow.com on April 13, 2014. Sunil Abraham is quoted.

Since inception, Aadhaar’s foundation has been shaky. The Unique Identification Authority of India (UIDAI) has been functioning on an executive fiat, without parliamentary ratification. When the government first came up with a bill on the UID programme, it was rejected by the parliamentary standing committee, which questioned the purpose of the programme.

Aadhaar’s acceptability as proof of residence and its issuance to the illegal immigrants too has courted controversy. The opposition and the ministry of home affairs have repeatedly flagged the issue. Recently, the supreme court (SC) instructed the government to withdraw all orders mandating Aadhaar number for service delivery. In September last year too the apex court had ruled that no one should be denied a service for want of Aadhaar.

While the Congress hasn’t changed its position on Aadhaar and wishes to continue with Aadhaar-linked benefits transfer, the BJP hasn’t mentioned it even once in its 52-page manifesto. On April 8, Narendra Modi, BJP’s prime ministerial candidate, in an election rally near Bangalore was quoted as saying, “I asked several questions on the Aadhaar project. I asked them questions relating to illegal migrants and national security. They (the government) did not have any answer.”

Rajendra Pratap Gupta, member of BJP’s core committee on manifesto, told Governance Now: “If we come to power we will review this in totality. There is scepticism around the whole project and even the SC has ruled against mandating it.” He called Aadhaar one of the ‘biggest scams’ of the UPA. “We have found people owning multiple Aadhaar cards. It (Aadhaar) is not a very secure system,” he added.

On the other hand, Aam Aadmi Party doesn’t oppose the idea of Aadhaar, though it is critical of its linkage to delivering food and other subsidies. Atishi Marlena, the party’s manifesto committee chief, said, “In principle, we don’t oppose the Aadhaar programme. If it’s about providing an identification proof to the poor who don’t have other documents, we certainly welcome it. But Aadhaar’s linkage with benefits-transfer needs to be questioned. Who gets what and who doesn’t should be determined by gram sabhas and mohalla sabhas. It should be done via people participation.”

The CPI(M), in its manifesto, called for halting the project unless it gets parliamentary approval. It also underlined the need for a privacy and data protection law prior to the rollout of the UID programme. “The moment Aadhaar is linked with service delivery, the scope for exclusion widens. You need to have universal coverage of Aadhaar and banking before you roll out the benefits transfer programme,” CPI(M) Rajya Sabha member Tapan Sen said.

In its manifesto, the party has talked about ‘constituting an independent high-level expert panel for an appraisal of the technology of biometrics used in the project’.

Sunil Abraham of the Centre for Internet and Society said, “The centralised online authentication automatically raises issues of privacy infringement. The authentication, in a decentralised fashion, with help of smart cards, is less intrusive, as the logs are stored in a local fashion and not centralised as in the case of Aadhaar. It will be a welcome move if the next government selects resident ID (smart) card, issued by the home ministry, as proof for identification and service delivery.”

For more details visit https://cis-india.org/news/governance-now-april-13-2014-pratap-vikram-singh-no-party-has-got-clear-stand-aadhaar-fate-hangs-in-balance

No more blocking of entire websites?

praskrishna — 2012-06-26T09:47:02Z

The Madras HC has taken one step to ensure that entire websites are no longer blocked, but it doesn't mean that arbitrary takedowns will cease.

CIS research is quoted in this article by Danish Sheikh published in the Business Standard on June 24, 2012

Vimeo’s back. As is Pastebin, and Pirate Bay and IsoHunt. For your, you know, legitimate file-sharing practices.

Having been approached by a consortium of Internet Service Providers, the Madras High Court has issued a welcome clarification of its “John Doe order” issued in favour of RK Productions for the films 3 and Dammu. Designed to protect against potential offences by yet-unidentified persons, the sweeping scope of the order left a very wide, undefined scope to ISPs dealing with potentially infringing material. The ISPs over-complied, a host of file-sharing websites were barred from Indian servers overnight — oh, and “Anonymous” got more annoyed. Note here that the vagueness of the order extended to not specifying any infringing websites in particular.

Following the representation from the ISPs, the Court has provided them a specific directive. The new order states that the interim injunction was granted only with respect to the particular URL which featured the infringing movie, and not the entire website. No more blocking entire websites — the ISPs are now required to be informed about the particulars of where the infringing movie is kept within 48 hours.

The clarification couldn’t have come at a more vital time, and will hopefully serve as a precedent to curb an alarming practice that can be traced back to 2002. Back then, the Delhi High Court was approached in a matter concerning the unauthorised transmission of Ten Sports by unlicensed cable operators. The result was the Court’s first John Doe order with respect to media transmission: a commissioner was appointed to search premises of unnamed cable operators and seize evidence by taking photographs and video films. This particular order was then relied on by the Court almost a decade later in pre-emptively injuncting piracy of UTV Software Communication’s Saat Khoon Maaf and Thank You. The trend escalated from there, with similar orders being obtained for a number of films including Don 2, Bodyguard, Kahaani and Department, to name a few.

Where the last few years have seen a steadily rising output of orders largely from the Delhi and Madras High Court, just last week it was the Bombay High Court that joined the fray. Approached by Viacom 18 Motion Pictures, it passed a John Doe pre-emptively banning the piracy of Viacom’s Gangs of Wasseypur prior to its June 22 release. Considering the Bombay High Court’s noted apprehension in granting ex-parte orders, this decision looked set to add further momentum to the John Doe juggernaut.

Instead, we get the Madras High Court’s welcome restraint. That vague injunctions are an abuse of process is a principle that has been noted time and again, with the Delhi High Court even noting that “vague and general injunction of anticipatory nature can never be granted”. This is coupled with the larger access to information and free speech issue that has been raised more vocally following the ire with the mass block of file-sharing websites. The antecedents to this scenario may well be the media infrastructure cases of the ‘50s and ‘60s, where newspaper content was indirectly being regulated by way of regulation of newsprint, advertisement space, etc. Recognising these indirect control mechanisms in their ultimate speech-restricting form, the Supreme Court struck them down as unreasonable restrictions to the right to free expression under Article 19(1)(a) of the Constitution.

Prevention isn’t always better than cure. The Madras High Court has thankfully taken one step in the direction. What is left dangling is the other big question — that of the intermediary rules. There may now be a barrier to blocking of entire websites in this manner, but as so many internet users have found, one doesn’t have to necessarily approach the Courts if they want internet service providers to take down content: the ISPs are happy to do that for free. As a Centre for Internet and Society study found, takedown requests sent to ISPs, no matter how trivial or flimsy, will for the most part be met by acquiescence of the order. Without appropriate checks and balances, the intermediary will over-comply.

While the ISPs’ intervention before the Madras High Court is an encouraging sign, it doesn’t mean that the arbitrary takedowns under the intermediary rules will cease to happen. The digital media site Medianama quotes an ISP representative citing concern that ISPs were being wrongfully vilified on the Internet — and (significantly) that it would adversely impact their business if video streaming was disabled for users. The same commercial considerations wouldn’t likely stand when it comes to the bit-by-bit requests that come forward under the IT rules. Along with focusing attention on the High Court’s clarification, we need to sustain the movement to strike down the intermediary rules and push for a more transparent and fair mechanism.

For more details visit https://cis-india.org/news/no-more-blocking-of-websites

No laws in India to protect customers if they lose money during digital transactions

praskrishna — 2016-12-02T17:07:02Z

The lack of basic privacy and security laws pertaining to digital payments in India puts the onus on consumers who use such services.

The article by Alnoor Peermohamed was published by Business Standard on December 2, 2016. Sunil Abraham was quoted.

India lacks laws to protect consumers if they lose money during digital transactions even as the government pushes for a less-cash economy after it withdrew Rs 500 and Rs 1,000 currency notes as the legal tender.

The Modi government's demonetisation move might have warranted an increase in transaction activity on digital wallets, but measures to ensure the underlying cyber security parameters for digital payments is still kept largely under the ambit of the Information Technology Act.

"We don't have any dedicated law on digital payments. That's very important to grant complete legality and remove and doubts and clarifications pertaining to legal efficacies and legal validity of digital payments," says Pavan Duggal, an advocate in the Supreme Court specialising in cyber law.

While the Reserve Bank of India usually sets security and privacy standards for banks in the country, the various digital wallets such as Paytm, Freecharge and Mobikwik fall under the category of Non-banking Financial Corporations (NBFCs) excluding them from this. For FinTech companies, security compliance falls under just Section 43 A of the IT Act.

Today, transactions between a user and a mobile wallet service provider are merely contractual agreements which can always be repudiated. There's a heightened need to legally back digital payments in India, not only to ensure the safety of consumer money but also for the safety of these companies.

Since the demonetisation on November 8, digital wallet firms such as Paytm have seen 35 million transactions by users to either buy goods and services, or transfer funds to another account. Rival Freecharge has tied up with police forces of Mumbai to pay traffic fines using its platform.

Research by Bengaluru-based think tank Centre for Internet and Society (CIS) shows that some of India's largest technology companies still do not comply with Section 43 A.

"We have a minimal data protection law in our IT Act and that will apply to all the FinTech players. But our ISPs and Telcos don't comply with Section 43 A, so you can imagine in the FinTech sector the compliance will be even lower," says Sunil Abraham, Executive Director at CI

The lack of basic privacy and security laws pertaining to digital payments in India puts the onus on consumers who use such services. While the issue is not being completely ignored by the authorities, some of the proposed workarounds such as creating a virtual sandbox around digital payment services raised questions.

The RBI limits the maximum balance on digital wallets to Rs 10,000 per user, ensuring that in the case of a breach the damage caused to a consumer is minimal but on November 23, the banking regulator increased the limit to Rs 20,000 .

Just last week India's largest digital wallet provider Paytm rolled out the option for customers to increase their wallet balance to a maximum of Rs 100,000 by getting a KYC check done.

"There are no legal mechanisms available should there be disputes pertaining to digital payments,"aid Duggal. He added that there are no effective remedy mechanisms available in case money in the digital payment ecosystem gets lost, hacked, stolen or misused.

While laws might take years to be framed and implemented, Abraham says there are temporary workarounds with which the overall cyber security of digital payment services can be improved. Under Section 43 A there are provisions to allow a sector to form a consortium that mutually agrees to set security standards, which all players must follow and is valid in the court of law during dispute resolution.

This move is encouraged by experts as governments often lack the bandwidth to define sectoral specific laws but is where private sector expertise can go a long way.

For more details visit https://cis-india.org/internet-governance/news/business-standard-december-2-2016-alnoor-peermohammed-no-laws-in-india-to-protect-customers-if-they-lose-money-during-digital-transactions

No ID, no benefits: thousands could lose lifeline under India’s biometric scheme

praskrishna — 2017-03-22T14:27:25Z

Controversial Aadhaar card restricts fundamental rights, argue critics, limiting access to free school meals and exposing 1 billion people to privacy risks.

The article was published in the Guardian on March 21, 2017. Sumandro Chattapadhyay was quoted.

An Aadhaar biometric identity card, which will be mandatory for Indians to access many essential government services and benefits. Photograph: Bloomberg/Getty Images

Hundreds of thousands of people in India could be left without essential government services and benefits – including free school meals and uniforms, food subsidies and pensions – under new rules that make access to more than three dozen state-funded schemes conditional on showing identification.

Over the past month, citizens have been notified that they have to prove their identity with a biometric ID, known as an Aadhaar card, to be eligible to use various services. Booking railway tickets online, applying for some jobs, and getting fuel subsidies will also be dependent on showing the controversial card.

Aadhaar cards were introduced by the Indian government in 2009, and rolled out by prime minister Narendra Modi in 2014. They record personal biometric data, including fingerprints and eye scans, which the government says allows it to ensure that welfare services are being delivered to those who really need them, and saving billions of rupees by reducing welfare fraud.

The Unique Identification Authority of India (UIDAI), which oversees the Aadhaar programme, says that more than 1.13 billion people have been enrolled on an official database. But activists say that hundreds of thousands of Indians and migrants are still undocumented and could miss out on their fundamental rights because of the new rules.

“What if a Facebook account was necessary to log in to the internet, and what if Facebook was owned by the government of the US?” asked Sumandro Chattapadhyay, research director at the Centre for Internet and Society (CIS), a thinktank with offices in Bangalore and Delhi. “We are building a system that will decide whether a child will eat or not on an afternoon based on [the] quality of internet connectivity and cleanliness of the child’s thumbprint.”

Chattapadhyay argued that Aadhaar, which is effectively being forced upon Indians, and which is used increasingly by private companies, exposed more than a billion people to huge privacy risks.

“The Aadhaar ID is being connected to digital communications via sim card registration, it is being connected to financial transactions via bank accounts, and all Indian citizens are being forced to enrol for it against the threat of losing out from welfare services,” he said.

“The potential of unmonitored and unregulated use of such linked data by the private sector is massive. It does not matter if the Indian state will finally go ahead with implementing this system or not. The fact that [it] is considering such a system is scary enough.”

Nanu Bhasin, spokesperson at the ministry of women and child development, confirmed that the order to link Aadhaar to government schemes had come directly from the Modi government. “There are leakages in the system,” she said. “This will plug leakages.”

Bhasin said Aadhaar was now mandatory: “You have to take it, it is necessary. You cannot take the right to a benefit if you don’t have the Aadhaar card.”

She said she did not know if those who did not want to enrol in the scheme because of potential privacy risks would still be able to receive benefits. “You have bank accounts, there you give all your details, everything. Why make a fuss [about privacy] for Aadhaar?” she said.

One of the most contentious new rules introduced this month, and coming into force in July, requires children to show Aadhaar cards to get free school meals. The notice led to a media storm in India, where malnutrition rates are high and nearly 60 million children are underweight.

On 7 March the government said alternative forms of ID would be accepted for free school meals where people did not yet have Aadhaar cards, and urged schools and childcare centres to enrol all attendees.

Activists argue that setting any barriers to free school meals is unethical and unconstitutional. Ambarish Rai, national convenor of the Right to Education Forum, said: “This is a very insensitive decision of the government. How can you make it mandatory? It is a clear-cut violation of the Right to Education Act 2009.”

Compulsory identification could deter school attendance if children struggle to get free school meals or uniforms, said Swati Narayan, visiting research scholar from the LSE and food activist. “India’s school meal programme covers almost 100 million children – the largest in the world. Instead of creating unnecessary barriers, the focus should be on how to improve these modest meals by adding eggs, fruit and nutritious foods to the menu.”

Glitches in the Aadhaar system have already led to reports of people being unfairly denied government subsidies. In February, the news website Scroll recorded a number of people in the state of Jharkhand being denied rice subsidies because of problems with Aadhaar card machines.

The constitutional validity of the government’s new orders is currently being debated in court, with questions raised as to whether the Indian parliament can restrict fundamental rights enshrined in the constitution, and whether the government has the power to force citizens to enrol.

In 2015, a supreme court order had ruled that the scheme was purely voluntary, and that it could not become mandatory with a court ruling. But in 2016, parliament passed the Aadhaar Act, which allowed the government to require identification for government services.

Khagesh Jha, a lawyer and activist, argued that the act was fundamentally unconstitutional. “Rescued children, children who have been trafficked or those who have been forced into child labour – [you] can’t expect them to hold an Aadhaar card or documents like a birth certificate. Right to education is a fundamental right, and is protected by the core of the constitution. It cannot be challenged by any other document.”

UIDAI, the agency overseeing Aadhaar, issued a statement saying the government had made savings of more than 490bn rupees (£6bn) in the past two and a half years, thanks to schemes linking government benefits to Aadhaar. It added that during the past seven years, there had been no report of a breach or leak of residents’ data.

For more details visit https://cis-india.org/internet-governance/news/the-guardian-march-21-2017-no-id-no-benefits