We are anonymous, we are legion

New law to unlock data economy

praskrishna — 2017-06-12T01:10:06Z

Proposal has been sent to PMO for approval.

The article by Yuthika Bhargava was published in the Hindu on June 9, 2017.

The government is mulling a new data protection law to protect personal data of citizens, while also creating an enabling framework to allow public data to be mined effectively. The move assumes significance amid the debate over security of individuals’ private data, including Aadhaar-linked biometrics, and the rising number of cyber-crimes in the country.

“The Ministry of Electronics and Information Technology (MEIT) is working on a new data protection law. A proposal to this effect has been sent to the Prime Ministers’ Office for approval,” a senior ministry official told The Hindu.

Once the PMO approves it, the ministry will set up a “cross-functional committee” on the issue.

“We want to include all stakeholders. It will be a high-level committee, and all current and future requirements of the sector will be discussed.”

Two chief aims

The official said: “We are working with two main aims – to ensure that personal data of individuals remain protected and is not misused, and to unlock the data economy.”

The official explained that a lot of benefits can be derived from the data that is publicly available, by using technology and big data analytics. “The information can be used for the benefit of both individuals and companies,” the official said.

“The underlying infrastructure of the digital economy is data. India is woefully unprepared to protect its citizens from the avalanche of companies that offer services in exchange for their data, with no comprehensive framework to protect users,” Software Freedom Law Centre (SFLC.in), a non-profit, said in an emailed reply.

Currently, India does not have a separate law for data protection, and there is no body that specifically regulates data privacy.

“There is nominally a data protection law in India in the form of the Reasonable Security Guidelines under Section 43A of the Information Technology Act. However, it is a toothless law and is never used. Even when data leaks such as the ones from the official Narendra Modi app or McDonald’s McDelivery app have happened, section 43A and its rules have not proven of use,” said Pranesh Prakash, policy director at CIS.

Some redress for misuse of personal data by commercial entities is also available under the Consumer Protection Act enacted in 2015, according to information on the website of Privacy International, an NGO. As per the Act, the disclosure of personal information given in confidence is an unfair trade practice.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-yuthika-bhargava-june-9-2017-new-law-to-unlock-data-economy

New Kids on the Blog

praskrishna — 2011-04-01T16:10:34Z

Across the world, the blogosphere is shrinking. But that might not be a bad thing. Look closer, self-indulgence has found newer platforms, and only the fittest and the smartest blogs have survived. This article was published by the Indian Express on February 6, 2011. Indian Express reporter spoke with Nishant Shah.

Meet aneesha, a personable 20-something in a red jacket, with a coffee “without cream” cupped in her hands. Seven years ago, this Delhi-based professional was an avid user of LiveJournal. Most of her friends are from the online world; she met their blogs before she knew them personally. “My family’s perception of me and what I am are very different,” she says, “I hide myself in the layers of the internet.” Aneesha found herself and her friends through blogs; today, however, she has no time or inclination for the blogging world. “We used to write about the sunshine, a cute dog, a nice day. Who has the time for that any more?”

“I quit”. “We are moving out”. “This blog is Dead”.

An aerial view of the blogosphere resembles an abandoned city, with silence blowing through boarded-up windows. Recent Pew Internet Project surveys of teens and adults in the US reveal a decline in blogging among teens and young adults and a modest rise among adults 30 and older. According to the 2010 report, “In 2006, 28 per cent of teens in the 12-17 age group, and adults between 18 and 29 were bloggers, but by 2009, the numbers had dropped to 14 per cent of teens and 15 per cent of adults. During the same period, the percentage of online adults over 30 who were bloggers rose from 7 per cent to 11 per cent.” These numbers reflect American reality, but the blogosphere has not been similarly mapped and analysed in India, says Nishant Shah, director, research, Centre for Internet and Society, Bangalore. When contacted, WordPress, a blog tool and publishing platform, said that they don’t publish country-specific statistics either.

While blogging in itself seems to have peaked and plateaued, blog-like activities have moved to other online spaces. Blogs were at the social media forefront around five years ago. According to Technorati, an internet search engine for blogs, the blogosphere in 2004 was eight times as large as it was in June 2003. Since then, Blogger and WordPress have been stagnating, says Nielsen, a media-research firm. A 2010 article in The Economist pointed out, that according to Blogads, which sells ads, “media buyers’ inquiries increased tenfold between 2004 and 2008, but have grown by only 17 per cent since then.”

But the numbers only tell a part of the story. The immensity of the blogging world means that it will always remain terra incognita. Its vastness allows poorly-written, lazily-reasoned dribbles to exist, but it also provides an unparalleled democratic platform (if you have access to the internet). The blogosphere, which had become an endless echo chamber, has evolved into a more interesting space, with startling diversity. Teenagers have found new fads, and moved out; instead, adults are setting up their couches here. Over the last four-five years, the fittest and smartest blogs have survived, whereas those with a readership of one have sunk to Google’s ocean floor. Few bloggers actually bother to delete their accounts, most starve away because of the author’s neglect and the audiences’ disinterest. The ones that have thrived have created communities of kindred souls, with an eye for beauty or a knack for the kooky. The Indian blogosphere is rich ground for posts on cinema, economics, sports, design and politics. Blogs can be conclaves of critics against the mainstream, they can be crucial support systems for the grieving. But how did we get here?

Peter Merholz, a lover of words and etymologies, and founding partner of consultancy Adaptive Path, created the word “blog” in 1999.

Playing with syllables, he decided to change “weblog” into “blog” for short. This San Francisco-based designer writes in his blog, “I like that it’s roughly onomatopoeic of vomiting. These sites (mine included!) tend to be a kind of information upchucking.”

For something that started as verbal upchucking, blogging has evolved over the decade. Anupam Mukerji, aka the Fake IPL Player, whose blog was the sensational sideshow that overshadowed the second edition of the Indian Premier League in 2009, says, “Self-indulgence is out. People want to be entertained and nobody really cares what you had for breakfast.”

In the early part of this decade, blogging was about self-expression, within a small community (like LiveJournal), says Aneesha. Kiran Jonnalagadda, a Bangalore-based social technologist, and founder of HasGeek, which organises technical discussions, recalls, “Your blog was not secret, but was private by virtue of not many people being online. It was a safe assumption for young people that their parents and siblings would never read their blog. The medium of the blog was the most advanced technology of the day. It was crude by modern standards, but fantastic compared to anything earlier.” Aneesha and Jonnalagadda abandoned LiveJournal after their initial euphoria. Today, it is said, only the Russians use it, since it was bought over by a Russian company in 2007.

Blogging has come of age in India where we now see the growth of the “modern blogger”, says Jonnalagadda, one of the early Indian bloggers. “It’s important to distinguish between these two — the blogger as someone who indulged in self-expression in the early 2000s, who’s now moved to Facebook and other tools, versus the modern blogger who uses the same technology but is actually a small media publisher serving a niche segment.”

Facebook and Twitter are dummy-friendly and easily satisfy the exhibitionist, the voyeur, the curious or the intellectual. In 2010, there were 152 million blogs on the internet; it doesn’t seem much in comparison to 600 million Facebook users. On Facebook, it takes just a few seconds to upload a picture. A “thumbs up” is all it takes to “like” a photo or a comment. A personal update becomes part of the newsflash on friends’ homepages. Facebook’s “Notes” can satisfy the desire to write long, random and personal outpourings. “Tagging” friends in these notes assures one of a readership. Sharing so little with so many has never been this effortless. Blogs, defined as a format of writing, where pieces are arranged in a reverse chronological order, are no longer the preferred tool for the personal.

Technorati reports that the significant growth of mobile blogging is a key trend in 2010. Though the smartphone may still be relatively new in India, bloggers have reported that mobile blogging has lead to shorter posts and to a growing preference for Facebook and Twitter. Kiruba Shankar, CEO of Business Blogging Pvt Ltd, a social media consultancy in Chennai, and a once-prolific blogger, says, “Five years back, I was averaging two posts a day. In 2010, which was my worst year in blogging, I did one post every two months! It’s not that I stopped writing. I just moved my updates to Twitter and Facebook.” Shankar has even written an entire book in 140-character capsules on the merits of collaborative work: Crowdsourcing Tweet. He explains, “I love reading smaller books. I love tweeting my thoughts. I wanted to eat the elephant in smaller bites and so I jotted down points in tweets.”

On the Web, none of these social mediums work in isolation, each is connected with the other. Facebook and Twitter have also become ways to promote blogs, with people often posting their links and thereby increasing their readership and the scope of the conversation.

With blogs moving beyond the personal, the rise of the modern blogger writing for a niche audience is of particular interest. Mumbai-based Chandrahas Choudhury, author of The Middle Stage, a blog of essays on Indian and world literature, says, “Blogs have matured over the years in India. People who are serious have kept it. Lots of the press indulge in the criticism that blogs are not edited. But I’ve seen many great blogs. It’s a very good way of learning how to write good prose.” The Middle Stage provides an important space for literary criticism at a time when newspapers are squeezing out literary columns. Blogs give “maximum freedom”, says Choudhury, as one can increase the content through links; they also allow one to quote freely from other texts, which newspapers do not allow.

Shankar emphasises that search engines give more importance to any site with fresh content, and that blogs have high “archival value”, compared with “Facebook or Twitter where old updates seem to fall off the face of the earth”. The Google requisite for new content has made the group blog a better option than the personal as it makes it easier to generate content regularly. Successful group blogs are making an impact.

Little Design Book, “an online journal of design, visual culture and material culture”, is run by Ruchita Madhok, Aditya Palsule, Avinash Rajagopal and Shreyas Krishnan. The editors, who are based in London, New York, and Bangalore respectively, work collaboratively and communicate through Skype. Through smart and pithy posts, they describe designs that are too good to be true and those which are too awful to seem probable. On this team blog, art and design interact in meaningful ways, producing discussions and insights. Speaking from New York on the behalf of his team, Rajagopal feels that design blogs have taken off recently in India. “The Web is a great place to discuss design because it is an inherently democratic medium. Anyone can have their say.”

Others, who have made use of the democratic and immediate nature of the internet, include Pavitra Mohan, who runs the successful blog Masala Chai, a “creative collective that features south Asian art and design”. These blogs about Indian art and design are few but they are playing an important role in the promotion and criticism of the arts. Mohan says, “There’s high art and low art. They are both provided a uniform platform on the Web.” Started three years ago, the blog recently became a physical reality, with Masala Chai opening its first outlet in Chennai.

Rajagopal feels, however, that there’s still scope for editorialising content. “Many blogs post images of design objects, and say a few obligatory words. This has its necessary place in the blogging world. But we also need many strident, opinionated voices.”

Strident voices with trenchant opinions ring in collective blogs like Kafila, run by no single CEO but by 22 members. Speaking only for himself and not on behalf of Kafila, Shivam Vij, writer and member, says, “Blogging is ‘self-publishing’. To read blogs (and today, together with social media) is to get an uncut view of what a society thinks, without the frame of the organised media. This allows people to use blogging and social media to influence opinion, and thus cause change, good or bad.”

While blogs can be viewed as enjoyable entertainment or a platform for serious discussion and debate, blogs can also change lives. It can make famous the anonymous man stooped over a keyboard, with a prank in his head and spunk in his prose. Anupam Mukerji, the Fake IPL Player whose anonymous blog fooled thousands of cricket fans and administrators, and who revealed his identity in August last year, says, “I am still the same guy, but people respond to me differently. The blog changed my life.”

Blogging was also the “perfect tonic” for actor Lisa Ray, who started writing The Yellow Diaries once she’d been diagnosed with multiple myeloma, a cancer of the white blood cells, in June 2009. Her blog posts, written with heart and without fuss, chronicled her battle with the disease, from being a “cancer intern” to a “cancer survivor”. In what ways did the blog help her? “In every way,” she says. “It helped me process what I was going through. It helped me be honest with myself and face my fears head on. It also helped me connect with others by sharing a very human experience. It helped dilute my fear.” Her blog also helped others, obvious in the hundreds of comments left by readers. Talking about readers’ responses, she says, “I do remember thinking that we suffer from the ‘pathology of perfection’ in contemporary society and the only antidote is to celebrate our ‘humanness’ in all forms. To embrace the hurt and pain as much as the joys and success.”

Blogging was also a tonic for Indian Homemaker or Seema Rao, blogger and mother of Tejaswee Rao, a 19-year-old journalism student who passed away last year. Seema has been a frequent blogger for the last three years and now maintains her daughter’s blog In My Arrogant Opinion. She feels her daughter lives on through her presence on the Web. Sitting in a Gurgaon living room, surrounded by photos of her daughter, Rao says, “The family wanted a memorial gathering. But I know people will talk about her illness, they’ll say you should have gone to another hospital. I feel the blogosphere is more mature. A memorial would have been traumatic. I get support from bloggers, from people who don’t even know my name. On Tejaswee’s birthday, a mother in Hyderabad sent me a cake, with TJ written on it. I don’t know how I would have coped without the blogs.”

The original article was published in the Indian Express

For more details visit https://cis-india.org/news/new-kids

New internet rules open to arbitrary interpretation

praskrishna — 2011-05-06T04:58:57Z

Six years after an e-commerce CEO's arrest for a pornographic CD sold from his website, the government has introduced a liability on intermediaries such as Facebook and Google to "act within 36 hours" of receiving information about offensive content. This article by Manoj Mitta & Javed Anwer was published in the Times of India on April 27, 2011.

Under the rules notified on April 11 under the Information Technology Act, the intermediaries are required to work with the internet user "to disable such information that is in contravention" of the prescribed restrictions. While most of the restrictions in the rules are based on the criminal law (stuff that is blasphemous, obscene, defamatory, paedophilic, etc), some are so loosely worded that they could easily be misused against netizens accustomed to speaking their mind freely, whether on politics or otherwise.

One glaring example of an ill-thought-out provision is the prohibition on saying something that is "insulting any other nation". Since this expression has been mentioned without any qualifications, it could be invoked against anybody who talks disparagingly about other countries.

Apart from encroaching on free speech, the subjective notion of insulting a nation â€” as opposed to valid criticism â€” opens scope for arbitrariness and politically motivated interpretation. The authorities may not, for instance, take action against any content that is bashing Pakistan but may be touchy about similar attacks on the US.

Since such violations and the remedial action taken on them could become a subject of police probe, the rules state that "the intermediary shall preserve such information and associated records for at least 90 days for investigation purposes".

Given their legal repercussions, activists termed the new rules "draconian". Pranesh Prakash of Centre of Internet and Society alleged, "The rules seek to expand government's reach to control content on the internet. This is neither reasonable nor constitutional as the rules undermine the free speech guaranteed by the Constitution."

The intermediaries are also required to appoint a grievance officer and publish his contact details as well as the mechanism by which "users or any victim who suffers" can notify their complaints. The grievance officer is required to redress the complaints within one month of the receipt of the complaint.

Industry sources hold that the 36-hour deadline imposed on the intermediaries to take action on complaints would unduly affect their freedom as service providers in the Indian jurisdiction. A Google spokesperson told TOI that the proposed guidelines could be "particularly damaging to the abilities of Indians who are increasingly using the internet in order to communicate, and the many businesses that depend upon online collaboration to prosper."

Read the original article published by the Times of India here

For more details visit https://cis-india.org/news/internet-rules-arbitary-interpretation

New intermediary guidelines: The good and the bad

TorShark — 2021-03-15T13:52:46Z

In pursuance of the government releasing the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, this blogpost offers a quick rundown of some of the changes brought about the Rules, and how they line up with existing principles of best practices in content moderation, among others.

This article originally appeared in the Down to Earth magazine. Reposted with permission.

-------

The Government of India notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The operation of these rules would be in supersession of the existing intermediary liability rules under the Information Technology (IT) Act, made back in 2011.

These IL rules would have a significant impact on our relationships with internet ‘intermediaries’, i.e. gatekeepers and getaways to the internet, including social media platforms, communication and messaging channels.

The rules also make a bid to include entities that have not traditionally been considered ‘intermediaries’ within the law, including curated-content platforms such as Netflix and Amazon Prime as well as digital news publications.

These rules are a significant step-up from the draft version of the amendments floated by the Union government two years ago; in this period, the relationship between the government around the world and major intermediaries changed significantly.

The insistence of these entities in the past, that they are not ‘arbiters of truth’, for instance, has not always held water in their own decision-makings.

Both Twitter and Facebook, for instance, have locked the former United States president Donald Trump out of their platforms. Twitter has also resisted to fully comply with government censorship requests in India, spilling into an interesting policy tussle between the two entities. It is in the context of these changes, therefore, that we must we consider the new rules.

What changed for the good?

One of the immediate standouts of these rules is in the more granular way in which it aims to approach the problem of intermediary regulation. The previous draft — and in general the entirety of the law — had continued to treat ‘intermediaries’ as a monolithic entity, entirely definable by section 2(w) of the IT Act, which in turn derived much of its legal language from the EU E-commerce Directive of 2000.

Intermediaries in the directive were treated more like ‘simple conduits’ or dumb, passive carriers who did not play any active role in the content. While that might have been the truth of the internet when these laws and rules were first enacted, the internet today looks much different.

Not only is there a diversification of services offered by these intermediaries, there’s also a significant issue of scale, wielded by a few select players, either by centralisation or by the sheer number of user bases. A broad, general mandate would, therefore, miss out on many of these nuances, leading to imperfect regulatory outcomes.

The new rules, therefore, envisage three types of entities:

There are the ‘intermediaries’ within the traditional, section 2(w) meaning of the IT Act. This would be the broad umbrella term for all entities that would fall within the ambit of the rules.
There are the ‘social media intermediaries’ (SMI), as entities, which enable online interaction between two or more users.
The rules identify ‘significant social media intermediaries’ (SSMI), which would mean entities with user-thresholds as notified by the Central Government.

The levels of obligations vary based on these hierarchies of classification. For instance, an SSMI would be obligated with a much higher standard of transparency and accountability towards their users. They would have to fulfill by publishing six-monthly transparency reports, where they have to outline how they dealt with requests for content removal, how they deployed automated tools to filter content, and so on.

I have previously argued how transparency reports, when done well, are an excellent way of understanding the breadth of government and social media censorships. Legally mandating this is then perhaps a step in the right direction.

Some other requirements under this transparency principle include giving notice to users whose content has been disabled, allowing them to contest such removal, etc.

One of the other rules from the older draft that had raised a significant amount of concern was the proactive filtering mandate, where intermediaries were liable to basically filter for all unlawful content. This was problematic on two counts:

Developments in machine learning technologies are simply not up there to make this a possibility, which would mean that there would always be a chance that legitimate and legal content would get censored, leading to general chilling effect on digital expression
The technical and financial burden this would impose on intermediaries would have impacted the competition in the market.

The new rules seemed to have lessened this burden, by first, reducing it from being mandatory to being best endeavour-basis; and second, by reducing the ambit of ‘unlawful content’ to only include content depicting sexual abuse, child sexual abuse imagery (CSAM) and duplicating to already disabled / removed content.

This specificity would be useful for better deployment of such technologies, since previous research has shown that it’s considerably easier to train a machine learning tool on corpus of CSAM or abuse, rather than on more contextual, subjective matters such as hate speech.

What should go?

That being said, it is concerning that the new rules choose to bring online curated content platforms (OCCPs) within the ambit of the law by proposals of a three-tiered self-regulatory body and schedules outlining guidelines about the rating system these entities should deploy.

In the last two years, several attempts have been made by the Internet and Mobile Association of India (IAMAI), an industry body consisting of representatives of these OCCPs, to bring about a self-regulatory code that fills in the supposed regulatory gap in the Indian law.

It is not known if these stakeholders were consulted before the enactment of these provisions. Some of this framework would also apply to publishers of digital news portals.

Noticeably, this entire chapter was also missing from the old draft, and introducing it in the final form of the law without due public consultations is problematic.

Part III and onwards of the rules, which broadly deal with the regulation of these entities, therefore, should be put on hold and opened up for a period of public and stakeholder consultations to adhere to the true spirit of democratic participation.

The author would like to thank Gurshabad Grover for his editorial suggestions.

For more details visit https://cis-india.org/internet-governance/blog/new-intermediary-guidelines-the-good-and-the-bad

New Indian Rules May Make Online Censorship Easier

praskrishna — 2011-04-01T15:57:20Z

Draft rules proposed by the Indian government for intermediaries such as telecommunications companies, Internet service providers and blogging sites could in effect aid censorship, according to experts. The article by John Ribeiro was published in Yahoo News on March 7, 2011.

Under the draft rules, intermediaries will have to notify users of their services not to use, display, upload, publish, share or store a variety of content, for which the definition is very vague, and liable to misuse.

Content that is prohibited under these guidelines ranges from information that may "harm minors in any way" to content that is "harmful, threatening, abusive."

Some of the terms are so vague that to stay on the right side of the law, intermediaries may in effect remove third-party content that is even mildly controversial, said Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court.

While the definition of some of the terms like obscenity have been ruled on by India's Supreme Court, some of the other terms do not have a precise legal definition, said Pranesh Prakash, program manager at the Centre for Internet and Society, a research and advocacy group focused on consumer and citizen rights on the Internet.

"Would creating a Facebook profile for a minor, for example be considered as harming a minor ?" Duggal said.

The draft rules are secondary legislation framed by the government under the country's Information Technology (Amendment) Act of 2008. Under the IT Act, an intermediary is not liable for any third-party information, data, or communication link made available or hosted by him, if among other things, he has observed due diligence under the draft rules.

The new rules will give rise to subjective interpretations, thus giving a lot of discretion to non-judicial authorities in the country to decide whether the intermediary has observed due diligence or not, Duggal said.

According to the draft rules, an intermediary has to inform users that in case of non-compliance of its terms of use of the services and privacy policy, it has the right to immediately terminate the access rights of the users to its site. After finding out about infringing content, either on its own or through the authorities, the intermediary has to work with the user or owner of the information to remove access to the information.

Rather than recognizing the diversity of the businesses of intermediaries, the draft rules use a "one-size, fits all" set of rules across a variety of intermediaries including telecom service providers, online payment sites, e-mail service providers, and Web hosting companies, Duggal said.

An intermediary such as a site with user-generated content, like Wikipedia, would need different terms of use from an intermediary such as an e-mail provider, because the kind of liability they accrue are different, Prakash wrote in his blog.

The draft rules also add new provisions that appear designed to give the government easier access to content from intermediaries. Intermediaries will be required to provide information to authorized government agencies for investigative, protective, cybersecurity or intelligence activity, according to the rules.

Information will have to be provided for the purpose of verification of identity, or for prevention, detection, prosecution and punishment of offenses, on a written request stating clearly the purpose of seeking such information, the rules add.

The IT Act already has specific procedures in this connection for very specific information requirements, but the draft rules have broadened this to a general requirement for intermediaries to provide information, Prakash said. The new rule could in fact be a way of circumventing the earlier laws, he added.

The draft rules assume significance in the context of recent moves by the Indian government to get Research In Motion to provide access to information on BlackBerry services in India. While providing lawful access to its consumer services like BlackBerry Messenger, RIM has declined to provide access to its corporate service, BlackBerry Enterprise Server, claiming that it does not have access to customers' encryption keys.

The Indian government has previously also said it would demand lawful access from Google's Gmail and Skype, but has not taken any action so far in this direction.

The draft rules will require compliance from a number of entities who until now had thought they were outside the ambit of compliance, Duggal said.

Google did not immediately respond to e-mailed requests for its comments on the new rules. Microsoft said that the government should set the policy objectives and provide directional framework, and still allow flexibility to intermediaries to set the data protection measures as they deem fit for different situations and services.

"We believe that the intermediary should be obliged to take down non-compliant content on being notified of the same as well as terminate access rights for those who use these platforms for dissemination of non-compliant content," Microsoft said in an e-mailed statement. Non-compliance include, but is not limited to, copyrights, it added.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service.

Read the original in Yahoo News here

For more details visit https://cis-india.org/news/online-censorship

New Document on India's Central Monitoring System (CMS) - 2

maria — 2014-01-30T12:40:31Z

For more details visit https://cis-india.org/internet-governance/blog/new-cms-doc-2

New Delhi Expands Curbs on Web Content

praskrishna — 2012-08-24T13:16:22Z

India on Thursday broadened recent efforts to regulate the Internet with moves to block Twitter accounts of some prominent journalists and content from mainstream news organizations, sparking a backlash across social media in the country.

This article by R Jai Krishna and Rumman Ahmed was published in the Wall Street Journal on August 23, 2012. Sunil Abraham is quoted.

Since last week, the government has blocked content that it claims has fueled continuing communal violence in the northeast of the country. That fighting, between Muslim settlers and members of an indigenous group in the state of Assam, has left more than 80 people dead and sent ripples of tension across India.

The government confirms it has blocked around 250 Web pages it says were inciting Muslims to attack northeasterners, including sites carrying doctored photos purporting to show Muslim victims of fighting in Assam. Officials say these images on the sites, coupled with mass SMS phone messages threatening reprisals, have caused panicked northeasterners to flee their homes in a number of large Indian cities.

In recent days, though, the government has quietly widened its offensive, drawing up lists of journalists' Twitter accounts and news stories by local and foreign media organizations to be blocked. The lists, some of which were reviewed by The Wall Street Journal and confirmed by two telecom operators, include Twitter handles of journalists who have been critical of the government and some who have parodied Prime Minister Manmohan Singh.

The government didn't respond to requests for comment.

The government's actions caused an uproar on Twitter, where hashtags such as #GOIBlocks and #Emergency2012 were trending Thursday. "The Emergency" refers to a period in the 1970s when Prime Minister Indira Gandhi cracked down on media freedoms and civil liberties.

"The government's move to block several Twitter handles is a clear case of administrative overreach," said Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society. "This action means citizens are less likely to believe that the government can use its powers responsibly."

Government officials said Internet curbs are necessary to maintain harmony in a multicultural nation of 1.2 billion people.

Pankaj Pachauri, a spokesman for Mr. Singh, acknowledged the government had asked for Twitter's help to block six accounts that impersonate the prime minister. One of those accounts appeared on the government's lists. Twitter, based in San Francisco, has agreed to review the requests, he said. A Twitter spokeswoman declined to comment. Mr. Pachauri said earlier this week that Indian cyber authorities unilaterally blocked those six accounts.

Those six Twitter accounts faced government scrutiny because they made remarks that could have increased tensions, not because they poked fun at the prime minister, Mr. Pachauri said. "We're all for media freedom and encourage criticism by the media," he added. "But when it comes to inciting trouble between communities then we have to take firm action."

U.S. State Department spokeswoman Victoria Nuland said on Tuesday that "we are always on the side of full freedom of the Internet." She added that "we also always urge the government to maintain its own commitment to human rights, fundamental freedoms, rule of law."

India's Constitution allows restrictions on free speech for a number of reasons, including defense of "the sovereignty and integrity" of the country and in order to maintain "public order, decency or morality." Critics say the government has used the vague framing of the Constitution to clamp down on a widening array of Internet material, threatening India's democratic traditions.

Last year, the government framed new rules that require Internet companies to remove within 36 hours material that falls into a range of subjective categories—for instance, anything "ethnically objectionable," "grossly harmful," "defamatory" or "blasphemous."

India's telecoms minister, Kapil Sibal, in December urged Google Inc., and other Internet companies to screen derogatory material from their sites. The requests came amid anger over content that parodied Mr. Singh and Sonia Gandhi, president of the ruling Congress party, as well as other leading politicians.

"One always wonders if the government is using the garb of hate speech and communalism to…limit political criticism online," said Apar Gupta, a cyberlaw expert at Advani & Co., a Delhi-based law firm.

Google and Facebook executives are facing criminal charges in a New Delhi court for allegedly hosting objectionable material on their sites. If found guilty, the executives could face jail time or fines. The companies have petitioned to have the charges dropped, arguing that they shouldn't be held liable for material posted by users. Both firms have said they will remove material that contravenes their own standards or local laws.

Google, Facebook and Twitter again came under fire from India this week amid violence in Assam. Google and Facebook said Tuesday that they were complying with Indian government requests to remove content. Twitter hasn't commented.

Kanchan Gupta, a columnist who has been a fierce critic of the Congress party-led government, said his Twitter account had been temporarily blocked Wednesday night and Thursday. His name was on the government lists. "They thought they could do this slyly," he said. "They didn't anticipate the backlash on Twitter."

Raghavan Jagannathan, editor in chief of FirstPost.com, an Indian news portal that was on the lists, said some of its stories had been blocked.

"We understand that the government wants to stop the circulation of incendiary material that may inflame passions, but should it be blocking news and opinions on the subject?" he said. "I am not sure the decisions are well-thought-out."

Doha, Qatar-based Al Jazeera, an international cable-news organization, was also on the list. An Al Jazeera spokesman said the company was seeking a response from the government on reports of media restrictions affecting it and other outlets.

The government appeared unmoved. "Every company whether it's a construction company or an entertainment company or a social media company, it has to operate within the laws of the given country," Junior Minister for Communications Sachin Pilot told reporters on Wednesday.

For more details visit https://cis-india.org/news/wsj-com-jai-krishna-and-rumman-ahmed-aug-23-2012-new-delhi-expands-curbs-on-web-content

New Bill to decide on individual’s right to privacy

praskrishna — 2012-02-07T07:19:07Z

A group of experts would identify issues relating to privacy and prepare a report to facilitate authoring the Privacy Bill. Vishwajoy Mukherjee's article was published in Tehelka on 6 February 2012.

American jurist William J Brennan once famously remarked, “If the right to privacy means anything, it is the right of the individual to be free from unwarranted governmental intrusion.” Now the Government of India is on the verge of formulating, for the first time, a Privacy Bill that will lay down a specific framework to adjudicate an individual’s right to privacy.

The Planning Commission has constituted a small group of experts under the chairmanship of Justice A P Shah, former Chief Justice of the Delhi High Court, to identify issues relating to privacy and prepare a paper to facilitate authoring the Privacy Bill. The group will be studying the privacy laws and related bills promulgated by other countries and will also be analysing the impact of various programmes being implemented by the government, from the perspective of their impact on privacy. A detailed report with suggestions and remarks will then be handed to the Planning Commission by 31 March.

In the run-up to the formulation of a new Privacy Bill in India, an All India Privacy Symposium was held on 4 February to discuss aspects of privacy in the context of transparency, national security and internet banking. One of the most vociferous oppositions to the idea of privacy becoming an enshrined right for individuals, has come from those who believe that national security is of paramount importance. “The notion that one has to choose between privacy and national security is a false dichotomy of choice… When the judiciary adjudicates between privacy and surveillance, privacy in almost all cases loses. Especially when the word terrorism is invoked,” said Oxblood Ruffin, a member of the Cult of the Dead Cow, an information security and publishing collective. Speaking at the conference Ruffin stressed on the idea that the State shouldn’t act as a “peeping Tom” but instead respect the “sovereignty of its people.”

One of the more stark examples, in recent years, of the State clamping down on individual rights, such as the right to privacy, on the pretext of national security, is the Patriot Act in America. The Patriot Act was passed in the United States of America in the immediate aftermath of the September 2001 attacks on the twin towers, and allowed the government to scrutinise everything from “suspicious” bank accounts to wire-tapping lines of communication. Menaka Guruswamy, a lawyer at the Supreme Court of India, believes that unlike America, India does not yet have a codified view on privacy. “Privacy is a vast, fragile, and an open space in the Indian justice system,” she told Tehelka.

Though India doesn’t have clearly defined laws dealing with the issue of privacy, it does have certain directives under which surveillance methods such as wire-tapping can be done. Wire-tapping, which is regulated under the Telegraph Act of 1885, saw a major overhaul in a 1996 Supreme Court judgment, which ruled that wire-taps are a "serious invasion of an individual's privacy." The Supreme Court (SC) recognised the fact that the right to privacy is an integral part of the fundamental right to life enshrined under Article 21 of the Constitution, and therefore laid down guidelines defining who can tap phones and under what circumstances. Only the Union Home Secretary, or his counterpart in the states, can issue an order for a tap, and the government is also required to show that the information sought cannot to be obtained through any other means. The SC mandated the development of a high-level committee to review the legality of each wire-tap.

“Interceptions and intrusions by the state have often gone on to help exonerate people who have been falsely accused, so I think it would be unfair to demonise wire-tapping in general. One does have to ensure though, that those who intercept exchanges do not exceed limits,” said a former chief of the Research and Analysis Wing (RAW).

Besides the dimension of privacy versus surveillance, another important aspect which comes under the scanner when privacy laws are discussed is Internet banking. Details of personal bank accounts and other highly sensitive information of individuals have been whizzing around the cyber space with the advent of E-banking. Everything from booking tickets for movies and flights, to transferring money between accounts is happening via computers, and is happening fast. This growing trend has sparked a major debate on how safe is our information on the web, and what can the government do to secure it? In May 2000, the government passed the Information Technology Act, which laid down a set of laws intended to provide a comprehensive regulatory environment for electronic commerce.

The Act also addressed computer crimes such as hacking, damage to computer source code, breach of confidentiality and viewing of pornography and created a Cyber Appellate Tribunal to oversee and adjudicate cyber crimes. However, at the same time, the legislation gave broad discretion to law enforcement authorities through several provisions, such as Section 69, allowing the interception of any information transmitted through a computer resource and mandates that users disclose encryption keys or face a jail sentence up to seven years. Section 80 of the Act allows deputy superintendents of police to conduct searches and seize suspects in public spaces without a warrant.

“Confidentiality between banker and customer is the golden rule of traditional banking, but with the coming of E-banking, banks are using confidentiality as an excuse for not putting out data that shows how vulnerable they are to cyber crimes like hacking,” said N Vijayashankar, an E-business consultant, and a front runner in raising awareness about cyber laws in India. He said, “When framing privacy laws one has to ensure that banks are mandated to disclose data on breach of Internet security. That is the only way to ensure that banks take the necessary steps to secure customer information.” Malavika Jairam, a lawyer who focuses on technology and intellectual property, believes that allowing private participation in what should essentially be a sovereign State function is a dangerous path to tread on. “Tesco, a major retail chain in England, is now into E-banking… There are numerous examples of such private banking entities sharing customer information with insurance policy firms. These details are often used as markers for the kind of premium that will be set for a person,” Jairam said.

With the current pace of technological advancements fast thinning the line between individual privacy and public content, it remains to be seen what kind of privacy laws India will frame to keep up.

The original was published by Tehelka, Malavika Jayaram, a Fellow at CIS is quoted in it.

For more details visit https://cis-india.org/news/new-bill-to-decide-on-individual2019s-right-to-privacy

New Approaches to Information Privacy – Revisiting the Purpose Limitation Principle

amber — 2016-11-09T13:54:28Z

Article on Aadhaar throwing light on privacy and data protection.

This was published in Digital Policy Portal on July 13, 2016.

Introduction

Last year, Mukul Rohatgi, the Attorney General of India, called into question existing jurisprudence of the last 50 years on the constitutional validity of the right to privacy.¹ Mohatgi was rebutting the arguments on privacy made against Aadhaar, the unique identity project initiated and implemented in the country without any legislative mandate.² The question of the right to privacy becomes all the more relevant in the context of events over the last few years—among them, the significant rise in data collection by the state through various e-governance schemes,³ systematic access to personal data by various wings of the state through a host of surveillance and law enforcement initiatives launched in the last decade,⁴ the multifold increase in the number of Indians online, and the ubiquitous collection of personal data by private parties.⁵

These developments have led to a call for a comprehensive privacy legislation in India and the adoption of the National Privacy Principles as laid down by the Expert Committee led by Justice AP Shah.⁶ There are privacy-protection legislation currently in place such as the Information Technology Act, 2000 (IT Act), which was enacted to govern digital content and communication and provide legal recognition to electronic transactions. This legislation has provisions that can safeguard—and dilute—online privacy. At the heart of the data protection provisions in the IT Act lies section 43A and the rules framed under it, i.e., Reasonable security practices and procedures and sensitive personal data information.⁷Section 43A mandates that body corporates who receive, possess, store, deal, or handle any personal data to implement and maintain ‘reasonable security practices’, failing which, they are held liable to compensate those affected. Rules drafted under this provision also mandated a number of data protection obligations on corporations such the need to seek consent before collection, specifying the purposes of data collection, and restricting the use of data to such purposes only. There have been questions raised about the validity of the Section 43A Rules as they seek to do much more than mandate in the parent provisions, Section 43A— requiring entities to maintain reasonable security practices.

Privacy as control?

Even setting aside the issue of legal validity, the kind of data protection framework envisioned by Section 43A rules is proving to be outdated in the context of how data is now being collected and processed. The focus of Section 43 A Rules—as well as that of draft privacy legislations in India⁸—is based on the idea of individual control. Most apt is Alan Westin’s definition of privacy: “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to other.”⁹ Westin and his followers rely on the normative idea of “informational self- determination”, the notion of a pure, disembodied, and atomistic self, capable of making rational and isolated choices in order to assert complete control over personal information. More and more this has proved to be a fiction especially in a networked society.

Much before the need for governance of information technologies had reached a critical mass in India, Western countries were already dealing with the implications of the use of these technologies on personal data. In 1973, the US Department of Health, Education and Welfare appointed a committee to address this issue, leading to a report called ‘Records, Computers and Rights of Citizens.’¹⁰ The Committee’s mandate was to “explore the impact of computers on record keeping about individuals and, in addition, to inquire into, and make recommendations regarding, the use of the Social Security number.” The Report articulated five principles which were to be the basis of fair information practices: transparency; use limitation; access and correction; data quality; and security. Building upon these principles, the Committee of Ministers of the Organization for Economic Cooperation and Development (OECD) arrived at the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980.¹¹ These principles— Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation and Accountability—are what inform most data protection regulations today including the APEC Framework, the EU Data Protection Directive, and the Section 43A Rules and Justice AP Shah Principles in India.

Fred Cate describes the import of these privacy regimes as such:

“All of these data protection instruments reflect the same approach: tell individuals what data you wish to collect or use, give them a choice, grant them access, secure those data with appropriate technologies and procedures, and be subject to third-party enforcement if you fail to comply with these requirements or individuals’ expressed preferences”¹²

This is in line with Alan Westin’s idea of privacy exercised through individual control. Therefore the focus of these principles is on empowering the individuals to exercise choice, but not on protecting individuals from harmful or unnecessary practices of data collection and processing. The author of this article has earlier written¹³ about the sheer inefficacy of this framework which places the responsibility on individuals. Other scholars like Daniel Solove,¹⁴ Jonathan Obar¹⁵ and Fred Cate¹⁶ have also written about the failure of traditional data protection practices of notice and consent. While these essays dealt with the privacy principles of choice and informed consent, this paper will focus on the principles of purpose limitation.

Purpose Limitation and Impact of Big Data

The principles of purpose limitation or purpose specification seeks to ensure the following four objectives:

Personal information collected and processed should be adequate and relevant to the purposes for which they are processed.
The entities collect, process, disclose, make available, or otherwise use personal information only for the stated purposes.
In case of change in purpose, the data’s subject needs to be informed and their consent has to be obtained.
After personal information has been used in accordance with the identified purpose, it has to be destroyed as per the identified procedures.

The purpose limitation along with the data minimisation principle—which requires that no more data may be processed than is necessary for the stated purpose—aim to limit the use of data to what is agreed to by the data subject. These principles are in direct conflict with new technology which relies on ubiquitous collection and indiscriminate uses of data. The main import of Big Data technologies on the inherent value in data which can be harvested not by the primary purposes of data collection but through various secondary purposes which involve processing of the data repeatedly.¹⁷Further, instead to destroying the data when its purpose has been achieved, the intent is to retain as much data as possible for secondary uses. Importantly, as these secondary uses are of an inherently unanticipated nature, it becomes impossible to account for it at the stage of collection and providing the choice to the data subject.

Followers of the discourse on Big Data would be well aware of its potential impacts on privacy. De-identification techniques to protect the identities of individuals in dataset face a threat from an increase in the amount of data available either publicly or otherwise to a party seeking to reverse-engineer an anonymised dataset to re-identify individuals. ¹⁸ Further, Big Data analytics promise to find patterns and connections that can contribute to the knowledge available to the public to make decisions. What is also likely is that it will lead to revealing insights about people that they would have preferred to keep private.¹⁹In turn, as people become more aware of being constantly profiled by their actions, they will self-regulate and ‘discipline’ their behaviour. This can lead to a chilling effect.²⁰ Meanwhile, Big Data is also fuelling an industry that incentivises businesses to collect more data, as it has a high and growing monetary value. However, Big Data also promises a completely new kind of knowledge that can prove to be revolutionary in fields as diverse as medicine, disaster-management, governance, agriculture, transport, service delivery, and decision-making.²¹ As long as there is a sufficiently large and diverse amount of data, there could be invaluable insights locked in it, accessing which can provide solutions to a number of problems. In light of this, it is important to consider what kind of regulatory framework is most suitable which could facilitate some of the promised benefits of Big Data and at the same time mitigate its potential harm. This, coupled with the fact that the existing data protection principles have, by most accounts, run their course, makes the examination of alternative frameworks even more important. This article will examine some alternate proposals made to the existing framework of purpose limitation below.

Harms-based approach

Some scholars like Fred Cate²² and Daniel Solove²³ have argued that there is a need for the primary focus of data protection law to move from control at the stage of data collection to actual use cases. In his article on the failure of Fair Information Practice Principles,²⁴Cate puts forth a proposal for ‘Consumer Privacy Protection Principles.’ Cate envisions a more interventionist role of the data protection authorities by regulating information flows when required, in order to protect individuals from risky or harmful uses of information. Cate’s attempt is to extend the principles of consumer protection law of prevention and remedy of harms.

In a re-examination of the OECD Privacy Principles, Cate and Viktor Mayer Schöemberger attempt to discard the use of personal data to only purposes specified. They felt that restricting the use of personal to only specified purposes could significantly threaten various research and beneficial uses of Big Data. Instead of articulating a positive obligations of what personal data collected could be used for, they attempt to arrive at a negative obligation of use-cases prevented by law. Their working definition of the Use specification principle broaden the scope of use cases by only preventing use of data “if the use is fraudulent, unlawful, deceptive or discriminatory; society has deemed the use inappropriate through a standard of unfairness; the use is likely to cause unjustified harm to the individual; or the use is over the well-founded objection of the individual, unless necessary to serve an over-riding public interest, or unless required by law.”²⁵

While most standards in the above definition have established understanding in jurisprudence, the concept of unjustifiable harm is what we are interested in. Any theory of harms-based approach goes back to John Stuart Mill’s dictum that the only justifiable purpose to exert power over the will of an individual is to prevent harm to others. Therefore, any regulation that seeks to control or prevent autonomy of individuals (in this case, the ability of individuals to allow data collectors to use their personal data, and the ability of data collectors to do so, without any limitation) must clearly demonstrate the harm to the individuals in question.

Fred Cate articulates the following steps to identify tangible harm and respond to its presence:²⁶

Focus on Use — Actual use of the data should be considered, not mere possession. The assumption is that the collection, possession, or transfer of information do not significantly harm people, rather it is the use of information following such collection, possession, or transfer.
Proportionality — Any regulatory measure must be proportional to the likelihood and severity of the harm identified.
Per se Harmful Uses — Uses which are always harmful must be prohibited by law
Per se not Harmful Uses — If uses can be considered inherently not harmful, they should not be regulated.
Sensitive Uses — In case where the uses are not per se harmful or not harmful, individual consent must be sought for using that data for those purposes.

The proposal by Cate argues for what is called a ‘use based system’, which is extremely popular with American scholars. Under this system, data collection itself is not subject to restrictions; rather, only the use of data is regulated. This argument has great appeal for both businesses who can reduce their overheads significantly if consent obligations are done away with as long as they use the data in ways which are not harmful, as well as critics of the current data protection framework which relies on informed consent. Lokke Moerel explains the philosophy of ‘harms based approach’ or ‘use based system’ in United States by juxtaposing it against the ‘rights based approach’ in Europe.²⁷ In Europe, rights of individuals with regard to processing of their personal data is a fundamental human right and therefore, a precautionary principle is followed with much greater top-down control upon data collection. However, in the United States, there is a far greater reliance on market mechanisms and self-regulating organisations to check inappropriate processing activities, and government intervention is limited to cases where a clear harm is demonstrable.²⁸

Continuing research by the Centre for Information Policy Leadership under its Privacy Risk Framework Project looks at a system of articulating what harms and risks arising from use of collected data. They have arrived a matrix of threats and harms. Threats are categorised as —a) inappropriate use of personal information and b) personal information in the wrong hands. More importantly for our purposes, harms are divided into: a) tangible harms which are physical or economic in nature (bodily harm, loss of liberty, damage to earning power and economic interests); b) intangible harms which can be demonstrated (chilling effects, reputational harm, detriment from surveillance, discrimination and intrusion into private life); and c) societal harm (damage to democratic institutions and loss of social trust).²⁹For any harms-based system, a matrix like above needs to emerge clearly so that regulation can focus on mitigating practices leading to the harms.

Legitimate interests

Lokke Moerel and Corien Prins, in their article “Privacy for Homo Digitalis – Proposal for a new regulatory framework for data protection in the light of Big Data and Internet of Things”³⁰ use the ideal of responsive regulation which considers empirically observable practices and institutions while determining the regulation and enforcement required. They state that current data protection frameworks—which rely on mandating some principles of how data has to be processed—is exercised through merely procedural notification and consent requirements. Further, Moerel and Prins feel that data protection law cannot only involve a consideration of individual interest but also needs to take into account collective interest. Therefore, the test must be a broader assessment than merely the purpose limitation articulating the interests of the parties directly involved, but whether a legitimate interest is achieved.

Legitimate interest has been put forth as an alternative to the purpose limitation. Legitimate is not a new concept and has been a part of the EU Data Protection Directive and also finds a place in the new General Data Protection Regulation. Article 7 (f) of the EU Directive³¹ provided for legitimate interest balanced against the interests or fundamental rights and freedoms of the data subject as the last justifiable reason for use of data. Due to confusion in its interpretation, the Article 29 Working Party, in 2014,³²looked into the role of legitimate interest and arrived at the following factors to determine the presence of a legitimate interest— a) the status of the individual (employee, consumer, patient) and the controller (employer, company in a dominant position, healthcare service); b) the circumstances surrounding the data processing (contract relationship of data subject and processor); c) the legitimate expectations of the individual.

Federico Ferretti has criticised the legitimate interest principle as vague and ambiguous. The balancing of legitimate interest in using the data against fundamental rights and freedoms of the data subject gives the data controllers some degree of flexibility in determining whether data may be processed; however, this also reduces the legal certainty that data subject have of their data not being used for purposes they have not agreed to.³³However, it is this paper’s contention that it is not the intent of the legitimate interest criteria but the lack of consensus on its application which creates an ambiguity. Moerel and Prins articulate a test for using legitimate interest which is cognizant of the need to use data for the purpose of Big Data processing, as well as ensuring that the rights of data subjects are not harmed.

As demonstrated earlier, the processing of data and its underlying purposes have become exceedingly complex and the conventional tool to describe these processes ‘privacy notices’ are too lengthy, too complex and too profuse in numbers to have any meaningful impact.³⁴The idea of information self-determination, as contemplated by Westin in American jurisprudence, is not achieved under the current framework. Moerel and Prins recommend five factors³⁵ as relevant in determining the legitimate interest. Of the five, the following three are relevant to the present discussion:

Collective Interest — A cost-benefit analysis should be conducted, which examines the implications for privacy for the data subjects as well as the society, as a whole.
The nature of the data — Rather than having specific categories of data, the nature of data needs to be assessed contextually to determine legitimate interest.
Contractual relationship and consent not independent grounds — This test has two parts. First, in case of contractual relationship between data subject and data controller: the more specific the contractual relationship, the more restrictions apply to the use of the data. Second, consent does not function as a separate principle which, once satisfied, need not be revisited. The nature of the consent (opportunities made available to data subject, opt in/opt out, and others) will continue to play a role in determining legitimate interest.

Conclusion

Replacing the purpose limitation principles with a use-based system as articulated above poses the danger of allowing governments and the private sector to carry out indiscriminate data collection under the blanket guise that any and all data may be of some use in the future. The harms-based approach has many merits and there is a stark need for more use of risk assessments techniques and privacy impact assessments in data governance. However, it is important that it merely adds to the existing controls imposed at data collection, and not replace them in their entirety. On the other hand, the legitimate interests principle, especially as put forth by Moerel and Prins, is more cognizant of the different factors at play — the inefficacy of existing purpose limitation principles, the need for businesses to use data for purposes unidentified at the stage of collection, and the need to ensure that it is not misused for indiscriminate collection and purposes. However, it also poses a much heavier burden on data controllers to take into account various factors before determining legitimate interest. If legitimate interest has to emerge as a realistic alternative to purpose limitation, there needs to be greater clarity on how data controllers must apply this principle.

Endnotes

Prachi Shrivastava, “Privacy not a fundamental right, argues Mukul Rohatgi for Govt as Govt affidavit says otherwise,” Legally India, Jyly 23, 2015, http://www.legallyindia.com/Constitutional-law/privacy-not-a-fundamental-right-argues-mukul-rohatgi-for-govt-as-govt-affidavit-says-otherwise.
Rebecca Bowe, “Growing Mistrust of India’s Biometric ID Scheme,” Electronic Frontier Foundation, May 4, 2012, https://www.eff.org/deeplinks/2012/05/growing-mistrust-india-biometric-id-scheme.
Lisa Hayes, “Digital India’s Impact on Privacy: Aadhaar numbers, biometrics, and more,” Centre for Democracy and Technology, January 20, 2015, https://cdt.org/blog/digital-indias-impact-on-privacy-aadhaar-numbers-biometrics-and-more/.
“India’s Surveillance State,” Software Freedom Law Centre, http://sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india/.
“Internet Privacy in India,” Centre for Internet and Society, http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india.
Vivek Pai, “Indian Government says it is still drafting privacy law, but doesn’t give timelines,” Medianama, May 4, 2016, http://www.medianama.com/2016/05/223-government-privacy-draft-policy/.
Information Technology (Intermediaries Guidelines) Rules, 2011,
http://deity.gov.in/sites/upload_files/dit/files/GSR314E_10511%281%29.pdf.
Discussion Points for the Meeting to be taken by Home Secretary at 2:30 pm on 7-10-11 to discuss the drat Privacy Bill, http://cis-india.org/internet-governance/draft-bill-on-right-to-privacy.
Alan Westin, Privacy and Freedom (New York: Atheneum, 2015).
US Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens, http://www.justice.gov/opcl/docs/rec-com-rights.pdf.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
Fred Cate, “The Failure of Information Practice Principles,” in Consumer Protection in the Age of the Information Economy, ed. Jane K. Winn (Burlington: Aldershot, Hants, England, 2006) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1156972.
Amber Sinha and Scott Mason, “A Critique of Consent in Informational Privacy,” Centre for Internet and Society, January 11, 2016, http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy.
Daniel Solove, “Privacy self-management and consent dilemma,” Harvard Law Review 126, (2013): 1880.
Jonathan Obar, “Big Data and the Phantom Public: Walter Lippmann and the fallacy of data privacy self management,” Big Data and Society 2(2), (2015), doi: 10.1177/2053951715608876.
Supra Note 12.
Supra Note 14.
Paul Ohm, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006; Arvind Narayanan and Vitaly Shmatikov, “Robust De-anonymization of Large Sparse Datasets” available at https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf.
D. Hirsch, “That’s Unfair! Or is it? Big Data, Discrimination and the FTC’s Unfairness Authority,” Kentucky Law Journal, Vol. 103, available at: http://www.kentuckylawjournal.org/wp-content/uploads/2015/02/103KyLJ345.pdf
A Marthews and C Tucker, “Government Surveillance and Internet Search Behavior”, available at http://ssrn.com/abstract=2412564; Danah Boyd and Kate Crawford, “Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon”, Information, Communication & Society, Vol. 15, Issue 5, (2012).
Scott Mason, “Benefits and Harms of Big Data”, Centre for Internet and Society, available at http://cis-india.org/internet-governance/blog/benefits-and-harms-of-big-data#_ftn37.
Cate, “The Failure of Information Practice Principles.”
Solove, “Privacy self-management and consent dilemma,” 1882.
Cate, “The Failure of Information Practice Principles.”
Fred Cate and Viktor Schoenberger, “Notice and Consent in a world of Big Data,” International Data Privacy Law 3(2), (2013): 69.
Solove, “Privacy self-management and consent dilemma,” 1883.
Lokke Moerel, “Netherlands: Big Data Protection: How To Make The Draft EU Regulation On Data Protection Future Proof”, Mondaq, March 11. 2014, http://www.mondaq.com/x/298416/data+protection/Big+Data+Protection+How+To+Make+The+Dra%20ft+EU+Regulation+On+Data+Protection+Future+Proof%20al%20Lecture.
Moerel, “Netherlands: Big Data Protection.”
Centre for Information Policy Leadership, “A Risk-based Approach to Privacy: Improving Effectiveness in Practice,” Hunton and Williams LLP, June 19, 2014, https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/white_paper_1-a_risk_based_approach_to_privacy_improving_effectiveness_in_practice.pdf.
Lokke Moerel and Corien Prins, “Privacy for Homo Digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and Internet of Things”, Social Science Research Network, May 25, 2016, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2784123.
EU Directive 95/46/EC – The Data Protection Directive, https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-2/93.htm.
Article 29 Data Protection Working Party, “Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC,” http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf.
Frederico Ferretti, “Data protection and the legitimate interest of data controllers: Much ado about nothing or the winter of rights?,” Common Market Law Review 51(2014): 1-26. http://bura.brunel.ac.uk/bitstream/2438/9724/1/Fulltext.pdf.
Sinha and Mason, “A Critique of Consent in Informational Privacy.”
Moerel and Prins, “Privacy for Homo Digitalis.”

For more details visit https://cis-india.org/internet-governance/blog/digital-policy-portal-july-13-2016-new-approaches-to-information-privacy-revisiting-the-purpose-limitation-principle

New $1 Billion RIC Project Casts Doubts on Aadhaar

praskrishna — 2013-04-04T08:28:51Z

The Indian Government is going ahead with a new project dubbed RIC that will effectively undermine the existing UIDAI – Unique Identification Authority of India project and will cost a whopping $1 billion.

This was published in AEG India on March 16, 2013. Sunil Abraham is quoted.

The National Population Register and the Unique Identification Authority of India (UIDAI) are the two organizations which will capture the biometric details of the citizens and will develop the resident identity card (RIC) and create the unique identifier number (UID) popularly known as Aadhar number respectively.

Both the RIC and UID projects are designed to unify the distribution of social and welfare services to the citizens. Sunil Abraham, Executive Director of Centre for Internet and Society India, said that the ID number and the ID smartcard are both different and are not at all complementary as declared by the Indian Government previously.

The ID number and the ID smart card are two completely separate visions. They cannot be mixed up together to make some kind of salad which can be consumed partly, added Abraham.

He said that it was easy for the Indian government to proceed simultaneously with both the projects rather than cancelling the much criticized Aadhaar project.

Minister P. Karunakaran, on March 12 in the Lok Sabha, asked R.P.N. Singh, the Minister of State, to clarify the confusion over the proposed biometric identity card and the UID (Aadhaar number). The government has planned to spend more than US$1 billion to issue the Indian citizens a resident identity card (RIC) which will also feature the Aadhaar number as well.

For more details visit https://cis-india.org/news/aeg-india-march-16-2013-new-dollar-one-billion-ric-project-casts-doubts-on-aadhar

Networks: What You Don’t See is What You (for)Get

nishant — 2014-05-28T09:30:45Z

When I start thinking about DML (digital media and learning) and other such “networks” that I am plugged into, I often get a little confused about what to call them.

The blog entry was originally published in DML Central on April 17, 2014 and mirrored in Hybrid Publishing Lab on May 13, 2014.

Are we an ensemble of actors? A cluster of friends? A conference of scholars? A committee of decision makers? An array of perspectives? A group of associates? A play-list of voices? I do not pose these questions rhetorically, though I do enjoy rhetoric. I want to look at this inability to name collectives and the confusions and ambiguity it produces as central to our conversations around digital thinking. In particular, I want to look at the notion of the network. Because, I am sure, that if we were to go for the most neutralised digital term to characterise this collection that we all weave in and out of, it would have to be the network. We are a network.[1]

But, what does it mean to say that we are a network? The network is a very strange thing. Especially within the realms of the Internet, which, in itself, purports to be a giant network, the network is self-explanatory, self-referential and completely denuded of meaning. A network is benign, and like the digital, that foregrounds the network aesthetic, the network is inscrutable. You cannot really touch a network or name it. You cannot shape it or define it. You can produce momentary snapshots of it, but you can never contain it or limit it. The network cannot be held or materially felt.

And yet, the network touches us. We live within networked societies. We engage in networking – network as a verb. We are a network – network as a noun. We belong to networks – network as a collective. In all these poetic mechanisms of network, there is perhaps the core of what we want to talk about today – the tension between the local and the global and the way in which we will understand the Internet and then the frameworks of governance and policy that surround it.

Let me begin with a genuine question. What predates the network? Because the network is a very new word. The first etymological trace of the network is in 1887, where it was used as a verb, within broadcast and communications models, to talk about an outreach. As in ‘to cover with a network.’ The idea of a network as a noun is older where in the 1550s, the idea of ‘net-like arrangements of threads, wires, etc.’ was first identified as a network. In the second half of the industrial 19th Century, the term network was used for understanding an extended, complex, interlocking system. The idea of network as a set of connected people emerged in the latter half of the 20thCentury. I am pointing at these references to remind us that the ubiquitous presence of the network, as a practice, as a collective, and as a metaphor that seeks to explain the rest of the world around us, is a relatively new phenomenon. And we need to be aware of the fact, that the network, especially as it is understood in computing and digital technologies, is a particular model through which objects, individuals and the transactions between them are imagined.

For anybody who looks at the network itself – especially the digital network that we have accepted as the basis on which everything from social relationships on Facebook to global financial arcs are defined – we know that the network is in a state of crisis.

Networks of crises: The Bangalore North East Exodus

Let me illustrate the multiple ways in which the relationship between networks and crisis has been imagined through a particular story. In August 2012, I woke up one morning to realise that I was living in a city of crisis. Bangalore, which is one of my homes, where the largest preoccupations to date have been about bad roads, stray dogs, and occasionally, the lack of a nightlife, was suddenly a space that people wanted to flee and occupy simultaneously.

Through the technology mediated gossip mill that produced rumours faster than the speed of a digital click, imagination of terror, danger, and material harm found currency. The city suddenly witnessed thousands of people running away from it, heading back to their imagined homelands. It was called the North East exodus, where, following an ethnic-religious clash between two traditionally hostile communities in Assam, there were rumours that the large North East Indian community in Bangalore was going to be attacked by certain Muslim factions at the end of Ramadan.
The media spectacle of the exodus around questions of religion, ethnicity, regionalism and belonging only emphasised the fact that there is a new way of connectedness that we live in – the network society that no longer can be controlled, contained or corrected by official authorities and their voices. Despite a barrage of messages from law enforcement and security authorities, on email, on large screens on the roads, and on our cell phones, there was a growing anxiety and a spiralling information explosion that was producing an imaginary situation of precariousness and bodily harm. For me, this event, was one of the first signalling how to imagine the network society in a crisis, especially when it came to Bangalore, which is supposed to represent the Silicon dreams of an India that is shining brightly. While there is much to be unpacked about the political motivations and the ecologies of fear that our migrant lives in global cities are enshrined in, I want to specifically focus on what the emergence of this network society means.

There is an imagination, especially in cities like Bangalore, of digital technologies as necessarily plugging in larger networks of global information consumption. The idea that technology plugs us into the transnational circuits is so huge that it only tunes us toward an idea of connectedness that is always outward looking, expanding the scope of nation, community and body.

However, the ways in which information was circulating during this phenomenon reminds us that digital networks are also embedded in local practices of living and survival. Most of the time, these networks are so natural and such an integral part of our crucial mechanics of urban life that they appear as habits, without any presence or visibility. In times of crises – perceived or otherwise – these networks make themselves visible, to show that they are also inward looking. But in this production of hyper-visible spectacles, the network works incessantly to make itself invisible.

Which is why, in the case of the North East exodus, the steps leading to the resolution of the crisis, constructed and fuelled by networks is interesting. As government and civil society efforts to control the rumours and panic reached an all-time high and people continued to flee the city, the government eventually went in to regulate the technology itself. There were expert panel discussions about whether the digital technologies are to be blamed for this rumour mill. There was a ban on mass-messaging and there was a cap on the number of messages which could be sent on a day by each mobile phone subscriber. The Information and Broadcast Ministry along with the Information Technologies cell, started monitoring and punishing people for false and inflammatory information.

Network as Crisis: The unexpected visibility of a network

What, then, was the nature of the crisis in this situation? It is a question worth exploring. We would imagine that this crisis was a crisis about the nationwide building of mega-cities filled with immigrant bodies that are not allowed their differences because they all have to be cosmopolitan and mobile bodies. The crisis could have been read as one of neo-liberal flatness in imagining the nation and its fragments, that hides the inherent and historical sites of conflict under the seductive rhetoric of economic development. And yet, when we look at the operationalization of the resolutions, it looked as if the crisis was the appearance and the visibility of the hitherto hidden local networks of information and communication.

In her analysis of networks, Brown University’s Wendy Chun posits that this is why networks are an opaque metaphor. If the function of metaphor is to explain, through familiarity, objects which are new to us, the network as an explanatory paradigm presents a new conundrum. While the network presumes and exteriority that it seeks to present, while the network allows for a subjective interiority of the actor and its decisions, while the network grants visibility and form to the everyday logic of organisation, what the network actually seeks to explain is itself. Or, in less evocative terms, the network is not only the framework through which we analyse, but it is also the object of analyses. Once the network has been deployed as a paradigm through which to understand a crisis, once the network has made itself visible, all our efforts are driven at explaining and strengthening, and almost like digital mothers, comfort the network back into its peaceful existence as infrastructure. We develop better tools to regulate the network. We define new parameters to mine the data more effectively. We develop policies to govern and govern through the network with greater transparency and ease.

Thus, in the case of the North East exodus, instead of addressing the larger issues of conservative parochialism, an increasing backlash by right-wing governments and a growing hostility that emerges from these cities that nobody possesses and nobody belongs to, the efforts were directed at blaming technology as the site where the problem is located and the network as the object that needs to be controlled. What emerged was a series of corrective mechanisms and a set of redundant regulations that controlled the number of text messages that people were able to send per day or policing the Internet for spreading rumours. The entire focus was on information management, as if the reason for the mass exodus of people from the NE Indian states and the sense of fragility that the city had been immersed in, was all due to the pervasive and ubiquitous information gadgets and their ability to proliferate in p2p (peer-to-peer) environments outside of the government’s control. This lack of exteriority to the network is something that very few critical voices have pointed out.

Duncan Watts, the father of network computing, working through the logic of nodes, traffic and edges, has suggested there is a great problem in the ways in which we understand the process of network making. I am paraphrasing his complex mathematical text that explains the production of physical networks – what he calls the small worlds – and pointing out his strong critique about how the social scientists engage with networks. In the social sciences’ imagination of networks, there is a messy exteriority – fuzzy, complex and often not reducible to patterns or basic principles. The network is a distilling of the messy exteriority, a representation of the complex interplay between different objects and actors, and a visual mapping of things as they are. Which is to say, we imagine there is a material reality and the network is a tool by which this reality, or at least parts of this reality, are mapped and represented to us in patterns which can help us understand the true nature of this reality.

Drawing from practices of network modelling and building, Watts proved, that we have the equation wrong. The network is not a representation of reality but the ontology of reality. The network is not about trying to make sense of an exteriority. Instead, the network is an abstract and ideological map that constructs the reality in a particular way. In other words, the network precedes the real, and because of its ability to produce objective, empiricist and reductive principles (constantly filtering out that which is not important to the logic or the logistics of the network design), it then gives us a reality that is produced through the network principles. To make it clear, the network representation is not the derivative of the real but the blue-print of the real. And the real as we access it, through these networked tools, is not the raw and messy real but one that is constructed and shaped by the network in those ways. The network, then, needs to be understood, examined and critiqued, not as something that represents the natural, but something that shapes our understanding of the natural itself.

In the case of the Bangalore North East Exodus, the network and its visibility created a problem for us – and the problem was, that the network, which is supposed to be infrastructure, and hence, by nature invisible, had suddenly become visible. We needed to make sure that it was shamed, blamed, named and tamed so that we can go back to our everyday practices of regulation, governance and policy.

The Intersectional Network

What I want to emphasise, then, is that this binary of local versus the global, or local working in tandem with global, or the quaintly hybridised glocal are not very generative in thinking of policy and politics around the Internet. What we need is to recognise what gets hidden in this debate. What becomes visible when it is not supposed to? What remains invisible beyond all our efforts? And how do we develop a framework that actually moves beyond these binary modes of thinking, where the resolution is either to collapse them or to pretend that they do not exist in the first place? Working with frameworks like the network makes us aware of the ways in which these ideas of the global and the local are constructed and continue to remain the focus of our conversations, making invisible the real questions at hand.

Hence, we need to think of networks, not as spaces of intersection, but in need of intersections. The networks, because of their predatory, expanding nature, and the constant interaction with the edges, often appear as dynamic and inclusive. We need to now think of the networks as in need of intersections – or of intersectional networks. Developing intersections, of temporality, of geography and of contexts are great. But, we need to move one step beyond – and look at the couplings of aspiration, inspiration, autonomy, control, desire, belonging and precariousness that often mark the new digital subjects. And our policies, politics and regulations will have to be tailored to not only stop the person abandoning her life and running to a place of safety, not only stop the rumours within the Information and communication networks, not only create stop-gap measures of curbing the flows of gossip, but to actually account for the human conditions of life and living.

[1]. This post has grown from conversations across three different locations. The first draft of this talk was presented at the Habits of Living Conference, organised by the Centre for Internet & Society and Brown University, in Bangalore. A version of this talk found great inputs from the University of California Humanities Research Institute in Irvine, where I found great ways of sharpening the focus. The responses at the Milton Wolf Seminar at the America Austria Foundation, Austria, to this story, helped in making it more concrete to the challenges that the “network” throws to our digital modes of thinking. I am very glad to be able to put the talk into writing this time, and look forward to more responses.

For more details visit https://cis-india.org/internet-governance/blog/dml-central-april-17-2014-nishant-shah-networks-what-you-dont-see-is-what-you-for-get

Networking? Not working

praskrishna — 2011-04-02T11:12:33Z

Concerns about privacy, wastage of time and trivialized communication are some reasons ‘refuseniks’ are going off sites such as Facebook and MySpace, writes Shreya Ray in Livemint.

Pune-based law student Arjun Khera, 24, broke many a Facebook stalker’s heart in April when he announced his decision to quit the network one fine afternoon on his status message. “Guys, I’m deleting my Facebook account. Please send me all your email and phone details,” he said. Almost immediately, there was an explosion of concern in his notification window. Why was the effervescent and popular part-time actor and full-time Facebook enthusiast committing Facebook suicide? “What happenedddddd?” (sic)
“Everything ok, dude?”

“It was eating into my life,” Khera says. “I was always logged on, always leaving or commenting on status messages, waiting a few minutes to see if there had been any responses to my comments, and comment some more. I didn’t go out for a walk any more, didn’t get photographs developed because I was only too busy seeing them on Facebook.” Khera signed up for his account in July 2007.

Then, it was the one platform through which he could locate and reconnect with all his long-lost friends. He loved the fact that he could have a pictorial chronicle of his life; that he could “compare friends”, find out if indeed he was a glass of wine (and not a pint of beer) and fit a Shakespearean insult to his current mood. “With time, I got tired of those lame quizzes. I got sick of what it was doing to my time. I hated how it trivialized communication,” he says.

Khera is part of a growing cult of social networking “refuseniks”. Although figures for sites such as MySpace, Orkut, Facebook and Twitter show an overall increase, some recent statistics suggest that not everyone wants to socialize this way. According to a study by TechCrunch Europe, the number of visitors to MySpace, UK, halved in just six months, from “just under 10 million at the start of the year to around 5 million as of the end of June 2010”, leading to a round of layoffs at its London office. “It would appear to show a pretty staggering decline,” says the report, released on 6 July.

The privacy factor

Environmental researcher Maddipatla Rajshekhar, 33, alumnus of the University of Sussex, UK, used Facebook to keep in touch with former classmates. On 31 May, however, along with the 30,000-odd people who had had enough of Facebook changing its privacy policies, he quit. “It was getting increasingly intrusive. Its latest feature let me see what some of my friends said on the walls of their friends—(who were) complete strangers to me,” he said.

Although the Quit Facebook group wasn’t a success in numerical terms (30,000 isn’t even close to a drop in the 450-million ocean), it successfully sent a message to Facebook CEO Mark Zuckerberg, who held a press conference in the last week of May on new privacy policies and changes.

A May report brought out by the Pew Centre for Internet and American Life Project (of the Pew Research Centre, Washington, DC) finds that social media plays a “central role” in building one’s online identity. Quite naturally, privacy becomes a big issue. “Many users are learning and refining their approach as they go—changing privacy settings on profiles, customizing who can see certain updates and deleting unwanted information about them that appears online,” says the report. Interestingly, it also finds that young adults are more likely than older users to restrict what information is available and to whom, contrary to popular perception.

The next level

Privacy is not the refuseniks’ only issue, however. What social networking does to actual relationships is another, as Khera notes. Mumbai-based social worker Maya Ganesh, 35, too got tired of the constant blurring between friends and acquaintances, and having to constantly update her “limited” lists. “I regularly ignored friend requests but there were some requests not easy to ignore, especially some work connections. I also wanted a break from all the hectic ‘social activity’ that Facebook is about,” she says of her three-year-old account, which she abandoned in May.

Ganesh had reached what Sunil Abraham, executive director, Center for Internet and Society, Bangalore, refers to as the end of the “hype cycle”. All technology goes through a standard process, says Abraham: People get hooked to it, then get tired of it, and it disappears. “Some tend to be sticky and last longer; the particular advantage of social networking sites like Facebook, Orkut and MySpace is that they bring a critical mass of community to individual users. It’s now difficult for people to get off a network simply because all their friends are on it,” he says.

Conversely, though, he cites Harvard-based social networking researcher Danah Boyd, who says the reducing exclusivity quotient has also put many people off. “Parents getting online also... acts as a self-censorship mechanism,” Abraham adds.

Most of the people who have deleted their accounts are happy with the way their non-virtual life now takes centre stage. Khera enjoys sitting at home and doing nothing; Ganesh says she doesn’t miss being out of the loop. It may take a bit more effort to share holiday photographs or write an email every time you feel the need to connect; but as Rajshekhar says, “Anything for not losing touch, anything for richer conversations.”

Varuni Khosla contributed to this story.

See the original article in livemint.

For more details visit https://cis-india.org/news/networking-not-working

Networking its way to better governance

praskrishna — 2011-04-01T15:13:04Z

New policy to regulate Government presence on social media. This article by Deepa Kurup was published in the Hindu on March 28, 2011.

The official Facebook page of the Karnataka Criminal Investigation Department, “DGPCIDKARNATAKA”, is a string of one-sided comments punctuated with official-ese, or newspaper links of some prominent crime or an article by the officials.

The Twitter account, also started around June 2010, has all of 38 tweets, and barely any interaction with “common” men/women. Started with much fanfare, these are among the very few State Government agencies that took to social media, but haven't taken it beyond mere formalities. On the brighter side, blogs by a few Ministers — most prominently, Higher Education Minister V.S. Acharya and Minister for Law and Parliamentary Affairs S. Suresh Kumar — are lively and even interactive, in spurts. A few government departments too have blogs, but none remarkable.

Though the Indian Government's tryst with social media is fairly new — it took a few Twitter controversies, courtesy former Minister @ShashiTharoor, to make the government sit up and take note — some departments such as IndiaPost, the Delhi Traffic Police, Census India and even the Planning Commission, have been able to take it beyond mere posturing and have interacted with citizens, even tried to solve problems. IndiaPost's Twitter page is a good example of how agencies can engage with stakeholders, at least to an extent.

A draft policy

Twitter recently hit headlines again when foreign secretary Nirupama Sen logged on with an official ID and interacted with Indians stranded in Libya looking to make their way back. All these examples, that have earned these departments accolades, has prompted the Indian Government to come up with a new policy for social media.

The e-governance group of the Department of Information Technology (DIT) held a meeting this week to draw up guidelines to “regulate” Government presence on social media sites.

Speaking to The Hindu, a DIT official said this had been on the Government's agenda because efforts in this direction had been all too scattered, and some of the success stories had convinced them that it could be a good platform for interaction. The official added that the feedback they got on the 12th Planning Commission's Facebook page was seen as a good example of how these tools could be leveraged.

But why regulate at all? Regulating social media use by government officials is imperative mainly to ensure that use of information or data is compliant with existing laws.

Consistency needed

Sunil Abraham, director of the Centre for Internet and Society, a Bangalore-based non-governmental organisation, points out that with no general rules in place, the use of Twitter or Facebook account varies according to the bureaucrats heading the departments. “This cannot be the case as the channel of communication has to be a continuous thing, and the data shared with citizens has to be accurate; which means the same standards need to be applied to online sharing of data as is applied to offline data handling. Departments should also be obliged to back-up online data periodically,” he says.

For instance, a traffic police department announced that citizens could share pictures of traffic rule offenders on Facebook or on its website, to facilitate tracking of offenders. “Such a move could have huge privacy implications, and may also lead to vigilante activism,” warns Mr. Abraham, adding that we need a policy so that all activity, however casual it may seem, is compliant with existing law governing data protection and privacy.

With the Government jumping on to the 2.0 bandwagon (often under pressure like in Mumbai where citizens created a Facebook page for the police forcing them to create a real one), it is time to really make it official. So, while the idea of giving a face to government agencies and pushing for transparency and greater interaction with citizens, standardisation of social media use is indeed the way forward.

Read the original article in the Hindu here

For more details visit https://cis-india.org/news/networking-better-governance

Networked Economies and Gender Action Learning

Admin — 2018-10-02T03:10:02Z

Elonnai Hickok, Sunil Abraham and Ambika Tandon participated in a meeting organized by IDRC for grantees under their networked economies programme to discuss gender-based outputs and development outcomes in their work. The event was held in Ottawa on September 20 - 21, 2018, facilitated by Gender at Work.

Sunil Abraham, Swaraj Paul Barooah and Ambika Tandon also attended a workshop on Gender Action Learning on September 24 - 25, 2018, which discussed strategies to work on gender under a grant for Cyber Policy Centres. Other organizations present at the workshop were Research ICT Africa, Lirne Asia, and Centre Latam Digital at CIDE, Mexico. Gender at Work facilitated this workshop as well, and will be working with all the grantees over a period of 18 months.

For more details visit https://cis-india.org/internet-governance/news/networked-economies-and-gender-action-learning

Network Neutrality Regulation across South Asia: A Roundtable on Aspects of Differential Pricing

praskrishna — 2016-01-17T02:41:13Z

The Centre of Internet and Society (CIS) in association with Observer Research Foundation, and IT For Change in collaboration with the Annenberg School for Communications at the University of Pennsylvania is pleased to announce a roundtable on ‘Network Neutrality Regulation Across South Asia: Aspects of Differential Pricing” that will take place on January 22, 2016 from 11.00 a.m. to 5.00 p.m. at TERI in Bangalore.

Download the Invite

The objective of this roundtable will be to look into the issue of differential pricing in light of TRAI’s recent consultation process, with the specific intention of research building. The network neutrality debate has gained significant momentum in India during the past year, with competing interests of internet service providers, OTTs and the public giving rise to important questions of ICT regulation and policy.

With Facebook looking to expand its zero rated walled garden, Free Basics, into nascent markets, differential pricing is an important point of regulatory policy not just in India, but in jurisdictions across South Asia. These countries have limited connectivity, large consumer potential and low internet penetration which bring to the fore questions of access, diversity, competition and innovation. To this end, the roundtable will seek to address the regulatory and market aspects of differential pricing as well as the impact on rights. Broadly, the roundtable will be forward looking and seek to build future research agendas.

Draft Agenda

11:00 – 11:30	Tea and Registration
11:30 – 12:30	Roundtable 1: Framing the issue: The practice of differential pricing Examples of differential pricing Stakeholder perspectives Competition and market effect of differential pricing Larger social consequences of differential pricing
12:30 – 1:00	Lunch
1:00 – 2:30	Roundtable 2: Regulatory response: Discerning governmental actions Locating public interest Moving from research to action
2:30 – 3:00	Tea
3:00 – 4:30	Roundtable 3: Impact on rights: Access Freedom of expression Privacy Equity and Social Justice
4:30 – 5:00	Discussion and research agenda building

Roundtable Questions:

Roundtable 1: FRAMING THE ISSUE:

What is differential pricing and how does it work? What are the technical components and policy components of differential pricing? What are examples of differential pricing?
What has been the response from different stakeholders to differential pricing schemes? What are the arguments for/against differential pricing?
What could be the market effect of differential pricing?
What are possible larger social impacts of differential pricing?

Roundtable 2: REGULATORY RESPONSE:

How have governments responded to differential pricing? What can these responses tell us about the position of governments?
What are the different components for consideration with developing a regulatory response? What are different forms of regulation for differential pricing?
What type of policy research around differential pricing can drive meaningful action?

Roundtable 3: IMPACT ON RIGHTS:

How does differential pricing impact the right to access, freedom of expression, privacy, and equity and social justice?
Are there ways to mitigate this impact through regulation? Market incentives? Company policy?
What are forms of redress that individuals could seek in the context of differential pricing?

For more details visit https://cis-india.org/internet-governance/events/network-neutrality-regulation-across-south-asia-a-roundtable-on-aspects-of-differential-pricing