We are anonymous, we are legion

NE exodus: List containing 309 blocked URLs leaks online

praskrishna — 2012-08-24T13:37:21Z

Latest reports coming in have confirmed that a list containing 309 URLs, whose ban the government had sought in light of the Assam violence and the subsequent NE exodus, has been leaked online.

Published in tech2. Pranesh Prakash's analysis is quoted.

The aforementioned URLs comprise URLs, Twitter accounts, img tags, blog posts, blogs and a handful of websites, and were blocked between August 18, 2012 till August 21, 2012. In an analysis that Pranesh Prakash, programme manager at the Centre for Internet and Society (CIS), carried of the leaked items, among other things in his post, he wrote that, "It is clear that the list was not compiled with sufficient care."

In his post, he further noted that the censorship process itself has been riddled with egregious mistakes. Giving instances of the egregious mistakes, he added that even some people and posts debunking the rumours were blocked as part of the censorship. Further, he wrote that some of the items that were blocked were not even web addresses (e.g., a few HTML img tags were included). In his findings, Prakash also found that despite there having been a clear warning issued by the DIT pertaining to the blocking of "above URLs only" and not that of main websites, like www.facebook.com, www.youtube.com, some ISPs (like Airtel) went "overboard in their blocking". This incident, in particular pertains to yesterday's reports, wherein it had been revealed that Airtel had blocked the entire YouTube short URL youtu.be in some cities.

On account of the sensitivity of the issue, he writes that it "would be premature to share the whole list." He, however, writes that CIS plans to make the entire list public soon. The list that CIS has released, however includes -

ABC.net.au
AlJazeera.com
AllVoices.com
WN.com
AtjehCyber.net
BDCBurma.org
Bhaskar.com
Blogspot.com
Blogspot.in
Catholic.org
CentreRight.in
ColumnPK.com
Defence.pk
EthioMuslimsMedia.com
Facebook.com
Farazahmed.com
Firstpost.com
HaindavaKerelam.com
HiddenHarmonies.org
HinduJagruti.org
Hotklix.com
HumanRights-Iran.ir
Intichat.com
Irrawady.org
IslamabadTimesOnline.com
Issuu.com
JafriaNews.com
JihadWatch.org
KavkazCenter
MwmJawan.com
My.Opera.com
Njuice.com
OnIslam.net
PakAlertPress.com
Plus.Google.com
Reddit.com
Rina.in
SandeepWeb.com
SEAYouthSaySo.com
Sheikyermami.com
StormFront.org
Telegraph.co.uk
TheDailyNewsEgypt.com
TheFaultLines.com
ThePetitionSite.com
TheUnity.org
TimesofIndia.Indiatimes.com
TimesOfUmmah.com
Tribune.com.pk
Twitter.com
TwoCircles.net
Typepad.com
Vidiov.info
Wikipedia.org
Wordpress.com
YouTube.com
YouTu.be

Further, in response to the question - as to why some items could still be accessed that were supposed to be blocked, he wrote that there are several errors in the list, making it difficult to apply. And the order has to be put into action by hundreds of ISPs. He adds that some ISPs may not have begun enforcing the blocks yet. "This analysis is based on the orders sent around to ISPs, and not on the basis of actual testing of how many of these have actually been blocked by Airtel, BSNL, Tata, etc. Additionally, if you are using Twitter through a client (on your desktop, mobile, etc.) instead of the web interface, you will not notice any of the Twitter-related blocks," he elaborated further.

For more details visit https://cis-india.org/news/tech-2-in-com-ne-exodus

Navigating the 'Reconsideration' Quagmire (A Personal Journey of Acute Confusion)

Padmini Baruah and Geetha Hariharan — 2016-11-30T13:48:41Z

An earlier analysis of ICANN’s Documentary Information Disclosure Policy already brought to light our concerns about the lack of transparency in ICANN’s internal mechanisms. Carrying my research forward, I sought to arrive at an understanding of the mechanisms used to appeal a denial of DIDP requests. In this post, I aim to provide a brief account of my experiences with the Reconsideration Request process that ICANN provides for as a tool for appeal.

Backdrop: What is the Reconsideration Request Process?

The Reconsideration Request process has been laid down in Article IV, Section 2 of the

ICANN Bylaws. Some of the key aspects of this provision have been outlined below^{^[1]},

ICANN is obligated to institute a process by which a person materially affected by ICANN action/inaction can request review or reconsideration.

To file this request, one must have been adversely affected by actions of the staff or the board that contradict ICANN’s policies, or actions of the Board taken up without the Board considering material information, or actions of the Board taken up by relying on false information.
A separate Board Governance Committee was created with the specific mandate of reviewing Reconsideration requests, and conducting all the tasks related to the same.
The Reconsideration Request must be made within 15 days of:
- FOR CHALLENGES TO BOARD ACTION: the date on which information about the challenged Board action is first published in a resolution, unless the posting of the resolution is not accompanied by a rationale, in which case the request must be submitted within 15 days from the initial posting of the rationale;
- FOR CHALLENGES TO STAFF ACTION: the date on which the party submitting the request became aware of, or reasonably should have become aware of, the challenged staff action, and
- FOR CHALLENGES TO BOARD OR STAFF INACTION: the date on which the affected person reasonably concluded, or reasonably should have concluded, that action would not be taken in a timely manner

.The Board Governance Committee is given the power to summarily dismiss a reconsideration request if:
- the requestor fails to meet the requirements for bringing a Reconsideration Request;
- it is frivolous, querulous or vexatious; or
- the requestor had notice and opportunity to, but did not, participate in the public comment period relating to the contested action, if applicable

If not summarily dismissed, the Board Governance Committee proceeds to review and reconsider.
A requester may ask for an opportunity to be heard, and the decision of the Board Governance Committee in this regard is final.

The basis of the Board Governance Committee’s action is public written record information submitted by the requester, by third parties, and so on.
The Board Governance Committee is to take a decision on the matter and make a final determination or recommendation to the Board within 30 days of the receipt of the Reconsideration request, unless it is impractical to do so, and it is accountable to the Board to make an explanation of the circumstances that caused the delay.
The determination is to be made public and posted on the ICANN website.

ICANN has provided a neat infographic to explain this process in a simple fashion, and I am reproducing it here:

(Image taken from https://www.icann.org/resources/pages/accountability/reconsiderationen)

Our Tryst with the Reconsideration Process

The Grievance
Our engagement with the Reconsideration process began with the rejection of two of our requests (made on September 1, 2015) under ICANN’s Documentary Information Disclosure Policy. The requests sought information about the registry and registrar compliance audit process that ICANN maintains, and asked for various documents pertaining to the same^{^[2]}:

Copies of the registry/registrar contractual compliance audit reports for all the audits carried out as well as external audit reports from the last year (20142015).
A generic template of the notice served by ICANN before conducting such an audit.
A list of the registrars/registries to whom such notices were served in the last year.
An account of the expenditure incurred by ICANN in carrying out the audit process.
A list of the registrars/registries that did not respond to the notice within a reasonable period of time.
Reports of the site visits conducted by ICANN to ascertain compliance.
Documents which identify the registries/registrars who had committed material discrepancies in the terms of the contract.
Documents pertaining to the actions taken in the event that there was found to be some form of contractual noncompliance.
A copy of the registrar selfassessment form which is to be submitted to ICANN.

ICANN integrated both the requests and addressed them via one response on 1 October, 2015 (which can be found here). In their response, ICANN inundated us with already available links on their website explaining the compliance audit process, and the processes ancillary to it, as well as the broad goals of the programme none of which was sought for by us in our request. ICANN then went on to provide us with information on their ThreeYear Audit programme, and gave us access to some of the documents that we had sought, such as the preaudit notification template, list of registries/registrars that received an audit notification, the expenditure incurred to some extent, and so on .

Individual contracted party reports were denied to us on the basis of their grounds for nondisclosure. Further, and more disturbingly, ICANN refused to provide us with the names of the contracted parties who had been found under the audit process to have committed discrepancies. Therefore, a large part of our understanding of the way in which the compliance audit process works remains unfinished.

What we did

Dissatisfied with this response, I went on to file a Reconsideration request (number 1522) as per their standard format on November 2, 2015. (The request filed can be accessed here).As grounds for reconsideration, I stated that “As a part of my research I was tracking the ICANN compliance audit process, and therefore required access to audit reports in cases where discrepancies where formally found in their actions. This is in the public interest and therefore requires to be disclosed...While providing us with an array of detailed links explaining the compliance audit process, the ICANN staff has not been able to satisfy our actual requests with respect to gaining an understanding of how the compliance audits help in regulating actions of the registrars, and how they are effective in preventing breaches and discrepancies.” Therefore, I requested them to make the records in question publicly available “We request ICANN to make the records in question, namely the audit reports for individual contracted parties that reflect discrepancies in contractual compliance, which have been formally recognised as a part of your enforcement process. We further request access to all documents that relate to the expenditure incurred by ICANN in the process, as we believe financial transparency is absolutely integral to the values that ICANN stands by.”

The Board Governance Committee’s response³

The determination of the Board Governance Committee was that our claims did not merit reconsideration, as I was unable to identify any “misapplication of policy or procedure by the ICANN Staff”, and my only issue was with the substance of the DIDP Response itself, and substantial disagreements with a DIDP response are not proper bases for reconsideration

(emphasis supplied).

The response of the Board Governance Committee was educative of the ways in which they determine Reconsideration Requests. Analysing the DIDP process, it held that ICANN was well within its powers to deny information under its defined Conditions for NonDisclosure, and denial of substantive information did not amount to a procedural violation. Therefore, since the staff adhered to established procedure under the DIDP, there was no basis for our grievance, and our request was dismissed..

Furthermore, as a postscript, it is interesting to note that the Board Governance Committee delayed its response time by over a month, by its own admission “In terms of the timing of the BGC’s recommendation, it notes that Section 2.16 of Article IV of the Bylaws provides that the BGC shall make a final determination or recommendation with respect to a reconsideration request within thirty days, unless impractical. To satisfy the thirtyday deadline, the BGC would have to have acted by 2 December 2015. However, due to the timing of the BGC’s meetings in November and December, the first practical opportunity for the BGC to consider Request 1522 was 13 January 2016.”⁴

Whither do I wander now?

To me, this entire process reflected the absurdity of the Reconsideration request structure as an appeal mechanism under the Documentary Information Disclosure Policy. As our experience indicated, there does not seem to be any way out if there is an issue with the substance of ICANN’s response. ICANN, commendably, is particular about following procedure with respect to the DIDP. However, what is the way forward for a party aggrieved by the flaws in the existing policy? As I had analysed earlier, the grounds for ICANN to not disclose information are vast, and used to deny a large chunk of the information requests that they receive. How is the hapless requester to file a meaningful appeal against the outcome of a bad policy, if the only ground for appeal is noncompliance with the procedure of said bad policy? This is a serious challenge to transparency as there is no other way for a requester to acquire information that ICANN may choose to withold under one of its myriad clauses. It cannot be denied that a good information disclosure law ought to balance the free disclosure of information with the holding back of information that truly needs to be kept private.^{^[3]}^{^[4]} However, it is this writer’s firm opinion that even instances where information is witheld, there has to be a stronger explanation for the same, and moreover, an appeals process that does not take into account substantive issues which might adversely affect the appellant falls short of the desirable levels of transparency. Global standards dictate that grounds for appeal need to be broad, so that all failures to apply the information disclosure law/policy may be remedied.⁶ Various laws across the world relating to information disclosure often have the following as grounds for appeal: an inability to lodge a request, failure to respond to a request within the set time frame, a refusal to disclose information, in whole or in part, excessive fees and not providing information in the form sought, as well as a catchall clause for other failures.⁷

Furthermore, independent oversight is the heart of a proper appeal mechanism in such situations^{^[5]}; the power to decide the appeal must not rest with those who also have the discretion to disclose the information, as is clearly the case with ICANN, where the Board Governance Committee is constituted and appointed by the ICANN Board itself [one of the bodies against whom a grievance may be raised].

Suggestions

We believe ICANN, in keeping with its global, multistakeholder, accountable spirit, should adopt these standards as well, especially now that the transition looms around the corner. Only then will the standards of open, transparent and accountable governance of the Internet upheld by ICANN itself as the ideal be truly, meaningfully realised. Accordingly, the following standards ought to be met with:

Establishment of an independent appeals authority for information disclosure cases
Broader grounds for appeal of DIDP requests
Inclusion of disagreement with the substantive content of a DIDP response as a ground for appeal.
Provision of proper reasoning for any justification of the witholding of information that is necessary in the public interest.

[1] Article IV, Section 2, ICANN Bylaws, 2014 available at https://www.icann.org/resources/pages/governance/bylawsen/#IV

[2] Copies of the request can be found here and here.

[3] Katherine Chekouras, Balancing National Security with a Community's RighttoKnow: Maintaining

Public Access to Environmental Information Through EPCRA 's NonPreemption Clause, 34 B.C. Envtl. Aff. L. Rev 107, (2007).

[4] Toby Mendel, Freedom of Information: A Comparative Legal Study 151 (2nd edn, 2008).

Id, at 152

³4 Available here. https://www.icann.org/en/system/files/files/reconsideration1522cisfinaldetermination13jan16en.pdf

[5] Mendel, supra note 6.

For more details visit https://cis-india.org/internet-governance/blog/navigating-reconsideration-quagmire-a-personal-journey-of-acute-confusion

National Stakeholders Consultation on the National Digital Health Blueprint

Admin — 2019-08-07T14:21:29Z

Ambika Tandon and Aayush Rathi attended the National Stakeholders Consultation on the National Digital Health Blueprint organised by the Ministry of Health and Family Welfare on 6 August 2019 at Constitution Club of India in New Delhi.

It was also attended by representatives from MeitY apart from industry and civil society. We raised questions about the provisions for privacy andinteroperability in the NDHB, in relation to provisions in the DISHA Act and the Srikrishna report. The public call for the event can be found here.

For more details visit https://cis-india.org/internet-governance/news/national-stakeholders-consultation-on-the-national-digital-health-blueprint

National Seminar on Cyber Security & Cyber Laws - Issues and Concerns

praskrishna — 2014-12-31T02:04:37Z

Sharath Chandra Ram was a panelist at this seminar organized by the Advanced Centre for Research, Development & Training in Cyber Laws & Forensics on December 27 and 28, 2014 at the National Law School of India University in Bangalore.

Sharath was part of a plenary session on "Multi-Disciplinary Challenges in Ensuring Cyber Security". He spoke about 'multi-stakeholderim in cyber security and CERT programs of nations'.

PROGRAMME SCHEDULE

Day 1 - 27^th December 2014
09:00- 10:00	REGISTRATION
10:00- 11:00 INAUGURAL SESSION AT SHRI. KRISHNAPPA MEMORIAL HALL [ACADEMIC BLOCK]	Welcome & Introduction: Dr. Nagarathna. A., Seminar Director Inaugural Address: Shri. Pratap Reddy, IPS, IGP, Internal Security Division, Karnataka Police, Bangalore Key Note Address: Dr. R. Venkata Rao, Vice Chancellor, NLSIU Vote of Thanks: Dr. T. V. Subba Rao, Senior Professor, NLSIU
11:00-11:45	GROUP PHOTO & TEA BREAK
11:45-01:00 PLENARY SESSION AT SHRI. KRISHNAPPA MEMORIAL HALL [ACADEMIC BLOCK]	THEME: "MULTI-DISCIPLINARY CHALLENGES IN ENSURING CYBER SECURITY" Members of the Panel: 1. Mr. Subrahmanya Boda, CISO, GMR 2. Mr. Sunil Varkey, CISO, WIPRO 3. Mr. Ramesh Kauta , CISO, GE [India] 4. Mr. T T Thomas, CTO Synergia Technologies, 5. Mr. Rahul Matthan, Partner, Trilegal. 6. Sharath Chandra Ram (Sharathchandra Ramakrishnan), Researcher at Centre for Internet & Society 7. Mr. Srinivas P, CISO, Infosys & Anchor, DSCI Bangalore Chapter [Moderator of the session]
01:00-02:00	LUNCH BREAK
venue	Shri Krishnappa Memorial Hall (Academic Block)		International Training Centre
02:00-03:30	Technical Session 1		Technical Session 2
03:30-04:00	TEA BREAK
04:00-05:30	Technical Session 3		Technical Session 4
6:00 to 7. 00	CULTURAL EVENING Venue: Quad, Academic Block
Day 2 - 28^th December 2014
08:00-09:00	BREAK FAST
venue	Shri Krishnappa Memorial Hall (Academic Block)	International Training Centre		MPP Class Room (Academic Block)
09:30- 11:00	Technical Session 5	Technical Session 6		Technical Session 7
11:00- 11:30	TEA BREAK
	Shri Krishnappa Memorial Hall (Academic Block)	International Training Centre		MPP Class Room (Academic Block)
11:30-1:30	Technical Session 8	Technical Session 9		Technical Session 10
01:30-02:30	LUNCH BREAK
02:30-03. 45 PLENARY SESSION AT SHRI. KRISHNAPPA MEMORIAL HALL [ACADEMIC BLOCK]	THEME: "SECURING CYBER SPACE THROUGH INSTITUTIONAL INVOLVEMENT" Members of the Panel: 1. Dr. Kamble, Director, Computer Emergency Response Team [CERT] India, Dept of Electronics & IT, Ministry of IT, Government of India 2. Dr. S.B.N. Prakash, Senior Professor of Law, NLSIU 3. Mr. Naa Vijay Shankar, Cyber Law Consultant, Bangalore 4. Mr. Balasubramanya, Vice President, Tata Consultancy Services, Bangalore 5. Mr. Ranganath, Delivery Project Executive, IBM, Bangalore 6. Mr. Venkatesh Murthy, Senior Manager, Cyber Forensics, Data Security Council of India [DSCI], Bangalore. 7. Mr. M. D. Sharath, Dy. S. P., Cyber Police, Bangalore 8. Dr. Nagarathna. A., Senior Assistant Prof of Law, NLSIU [Moderator]
3. 45 to 4. 00	TEA BREAK
04:00-05:00 AT SHRI. KRISHNAPPA MEMORIAL HALL [ACADEMIC BLOCK]	VALEDICTORY SESSION Seminar Resolutions: Dr. T. V. Subba Rao, Senior Professor, NLSIU Valedictory Address & Distribution of Certificates: : Dr. R. Venkata Rao, Vice Chancellor, NLSIU Vote of thanks: Dr. Nagarathna. A., Seminar Director

For more details visit https://cis-india.org/internet-governance/news/national-seminar-cyber-security-and-cyber-laws

National Privacy Workshop

Admin — 2017-12-05T14:24:16Z

Centre for Internet & Society is organizing a round-table to discuss the potential impact of numerous policy developments with wide ranging implications for recognition and governance of privacy in India. The round-table will be held on December 9, 2017 at India International Centre in New Delhi, 10.30 a.m. to 5.00 p.m.

Background

The recent past in India has seen numerous policy developments with wide ranging implications for recognition and governance of privacy in India. The emphatic and unanimous avowal of the right to privacy by the Supreme Court, the government’s stated commitment to a data protection law and the formation of the Sri Krishna Committee are developments which will continue to inform policymaking around privacy in India for a long time to come. The Supreme Court’s conception of a robust right to privacy encompassing different element - spatial, decisional and informational, and its guidance on strict limiting tests may have a wide impact on a range of issues. The impact of this judgment and a data protection law on informational privacy in India will be immense and it is important to delve in challenges and issues that it may throw up. In last year, we have also seen instances of purported conflict between the transparency instruments such as the right to information and the right to informational privacy. How these conflicts are resolved in law and practice will be key to these two essential human rights in the modern information society. Further, while these general consensus on privacy principles, the appropriate ways to govern and enforce privacy remains an open issue, and the success of any data protection framework will depend as much on what kind of privacy governance models are adopted.This roundtable will look to discuss the potential impact of these policy decisions, what theories should guide the data protection law in India, what models of privacy governance are workable and how privacy can co-exist with transparency principle and robust RTI regime.

Agenda

10.30 - 11.00	Tea
11.00 - 11.30	Welcome and setting the scene
11.30 - 12.30	Session 1: Policy Developments around Informational Privacy in India What do different policy developments indicate about privacy in India? What are the (potential) impacts of these developments? What questions are being asked and are these the right questions to ask? How do we expect the ‘state of privacy’ to change in India in response to these policy developments?
12.30 - 13.30	Session 2: Approaches to Privacy and Data Protection for India What are different approaches to privacy and government the Indian government can take? What cultural/political etc. aspects should be taken into consideration when thinking through this question? What are the pros and cons to different approaches? What are the pros and cons to the below approaches: - Privacy as control - Data as property - Utilitarian approaches - Technological Solutions
13.30 - 14.30	Lunch
14.30 - 15.30	Session 3: Transparency and Privacy How can transparency from the private sector enable the right to privacy? What are key principles that can guide this relationship? Where is transparency from the private sector most needed with respect to privacy? What are incentives that governments can adopt to encourage privacy?
15.30 - 16.30	Governance Models for Data Protection What kind of institutional framework is required for governance of privacy in India? How do we address questions of liability, penalties and enforcement? What role do sectoral players have in a data governance framework? What is best way for other stakeholders like industry, civil society and academia in collaborative governance of privacy?
16.30 - 17.00	Tea and snacks

Speakers

Usha Ramanathan
Rahul Sharma
Apar Gupta
Malavika Raghavan
Shankar Narayanan
Ujwala Uppaluri
Rebecca MacKinnon
Nikhil Pahwa
Kamlesh Bajaj
Manasa Venkatraman
Smitha K Prasad

Download the Agenda

For more details visit https://cis-india.org/internet-governance/events/national-privacy-workshop-at-india-international-centre

National IG Mechanisms – Looking at Some Key Design Issues

praskrishna — 2012-12-09T00:50:46Z

The Centre for Internet & Society is coorganizing this workshop along with Brazilian Internet Steering Committee, Institute for System Analysis, Russian Academy of Sciences, et.al., at the seventh Internet Governance Forum 2012 in Azerbaijan. The workshop will be held in Conference Room 4, from 2.30 p.m. to 4.00 p.m. Pranesh Prakash is a panelist for this workshop.

Workshop Theme:
Other
Theme Question:
It is a workshop on national level IG mechanisms, and does not directly address any main theme questions

Concise Description of Workshop:

Such is the unique nature of the Internet that its governance often calls for institutional innovations. The proposed workshop will look at a range of national level IG mechanisms across the world. While the discussion will refer to good models and practices in different countries, it will not be organized around simple show-casing of different national IG mechanisms. The discussion will centre around key contexts, requirements, challenges and possibilities. It will be directed towards examining key institutional design issues, functions and outcomes with regard to national level IG mechanisms with the purpose to help countries make appropriate decisions in their specific contexts. Some of these are; - How should the national commons of Internet resources be managed?- What kinds of mechanisms are appropriate for technical matters, what for those that are partly technical and partly social, and what for larger public policy matters, requiring more political responses? - Should there be a common single mechanism to address all the above kinds of issues, or different ones? How to coordinate different mechanisms, and different parts of the national governance machinery dealing with different aspects or kinds of IG issues? - How to ensure meaningful participation of all stakeholders in a manner that focuses on public interest?- How can the surplus from domain name registration fees etc collected by national IG agencies be employed for public interest purposes, especially, for taking up Internet related research.

Organiser(s) Name:

Centre for Internet and Society, Bangalore - Civil SocietyBrazilian Internet Steering Committee - National level governance bodyInstitute for System Analysis, Russian Academy of Sciences - Academic InsitutionCentre for Community Informatics Research, Development and Training (CCIRDT), Vancouver, BC CANADA - Civil Society Instituto NUPEF , Rio de Janeiro - Civil SocietyIT for Change, Bangalore - Civil Society.

Previous Workshop(s):

See in the workshops section in IGF 2011IG4D Workshop 183: A Possible Framework for Global Net Neutrality.

Submitted Workshop Panelists:

Carlos Afonso, Insituto NUPEF, Board Member, Brazilian Steering CommiteeEmily Taylor, Independent Consultant, Formerly with NOMINETAlice Munya, Chairperson, Kenya Internet Steering CommiteeVictor Tishchenko, Institute of Advanced Systems, Russian Academy of Sciences,Sunil Abraham, Centre for Internet and Society,Moderator, Micheal Gurstein, Centre for Community Informatics Research, Development and Training, Canada.

Name of Remote Moderator(s):

Ginger Paque

Read the original published on the IGF website here

For more details visit https://cis-india.org/internet-governance/national-ig-mechanisms

National Health Stack: Data For Data’s Sake, A Manmade Health Hazard

Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar — 2018-09-16T05:01:18Z

On Oct. 5, 2017, an HIV positive woman was denied admission in Hyderabad’s Osmania General Hospital even though she was entitled to free treatment under India’s National AIDS Control Organisation programme. Another incident around the same time witnessed a 24-year-old pregnant woman at Tikamgarh district hospital in Madhya Pradesh being denied treatment by hospital doctors once she tested positive for HIV. The patient reportedly delivered the twins outside the maternity ward after she was turned away by the hospital, but her newborn twin girls died soon after.

The op-ed was published in Bloomberg Quint on August 14, 2018.

Apart from facing the severity of their condition, patients afflicted with diseases such as HIV, tuberculosis, and mental illnesses, are often subject to social stigma, sometimes even leading to the denial of medical treatment. Given this grim reality would patients want their full medical history in a database?

The ‘National Health Stack’ as described by the NITI Aayog in its consultation paper, is an ambitious attempt to build a digital infrastructure with a “deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem”. If the government is to create a database of individuals’ health records, then it should appreciate the differential impact that it could have on the patients.

The collection of health data, without sensitisation and accountability, has the potential to deny healthcare to the vulnerable.

We have innumerable instances of denial of services due to Aadhaar and there is a real risk that another database will lead to more denial of access to the most vulnerable.

Earlier, we had outlined some key aspects of the NHS, the ‘world’s largest’ government-funded national healthcare scheme. Here we discuss some of the core technical issues surrounding the question of data collection, updating, quality, and utilisation.

Resting On A Flimsy Foundation: The Unique Health ID

The National Health Stack envisages the creation of a unique ID for registered beneficiaries in the system — a ‘Digital Health ID’. Upon the submission of a ‘national identifier’ and completion of the Know Your Customer process, the patient would be registered in the system, and a unique health ID generated.

This seemingly straightforward process rests on a very flimsy foundation. The base entry in the beneficiary registry would be linked to a ‘strong foundational ID’. Extreme care needs to be taken to ensure that this is not limited to an Aadhaar number. Currently, the unavailability of Aadhaar would not be a ground for denial of treatment to a patient only for their first visit; the patient must provide Aadhaar or an Aadhaar enrolment slip to avail treatment thereafter. This suggests that the national healthcare infrastructure will be geared towards increasing Aadhaar enrollment, with the unstated implication that healthcare is a benefit or subsidy — a largess of government, and not, as the courts have confirmed, a fundamental right.

Not only is this project using government-funded infrastructure to deny its citizens the fundamental right to healthcare, it is using the desperate need of the vulnerable for healthcare to push the ‘Aadhaar’ agenda.

Any pretence that Aadhaar is voluntary is slowly fading with the government mandating it at every step of our lives.

Aadhaar Seva kendra. (Source: Aadhaar Official Account/Facebook

Is The Health ID An Effective And Unique Identifier?

Even if we choose to look past the fact that the validity of Aadhaar is still pending the test of legality before the apex court, a foundational ID would mean that the data contained within that ID is unique, accurate, incorruptible, and cannot be misused. These principles, unfortunately, have been compromised by the UIDAI in the Aadhaar project with its lack of uniqueness of identity (i.e, fake IDs and duplicity), failure to authenticate identity, numerous alleged data leaks (‘alleged’ because UIDAI maintains that there haven’t been any leaks), lack of connectivity to be able to authenticate identity and numerous instances of inaccurate information which cannot be corrected.

Linking something as crucial and basic as healthcare data with such a database is a potential disaster.

There is a real risk that incorrect linking could cause deaths or inappropriate medical care.

The High Risk Of Poor Quality Data

The NITI Aayog paper envisages several expansive databases that are capable of being updated by different entities. It includes enrollment and updating processes but seems to assume that all these extra steps will be taken by all the relevant stakeholders and does not explain the motivation for stakeholders to do so.

In a country where government doctors, hospitals, wellness centres, etc are overburdened and understaffed, this reliance is simply not credible. For instance, all attributes within the registries are to be digitally signed by an authorised updater, there must be an audit trail for all changes made to the registries, and surveyors will be tasked with visiting providers in person to validate the data. Identifying these precautions as measures to assure accurate data is a great step towards building a national health database, but this seems an impossible task.

Who are these actors and what will incentivise them to ensure the accuracy and integrity of data?

In other words, what incentive and accountability structures will ensure that data entry and updating is accurate, and not approached from a more ‘jugaad’ ‘let’s just get this done for the sake of it’ attitude that permeates much of the country. How will patients have access to the database to be able to check its accuracy? Is it possible for a patient (who will presumably be ill) to gain easy access to an updater to change their data? If so, how? It is worth noting that the patient’s ‘right’ to check her data assumes that they have access to a computer that is connected to the internet as well as a good level of digital literacy, which is not the case in India for a significant section of the population. Even data portability loses its potential benefits if the quality of data on these registries is not reliable. In this case, healthcare providers will need to verify their patients’ health history using physical records instead, rendering the stack redundant.

Who will be liable to the patient for misdiagnosis based on the database?

A sonographic image is displayed on a monitor as a patient undergoes an ultrasound scan in Bikaner, Rajasthan, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Leaving the question of accountability vague opens updaters to the possibility of facing dangerous and unnecessarily punitive measures in the future. The NITI Aayog paper fails to address this key issue which arose recently. Despite being a notifiable disease, there are reports that numerous doctors from the private sector failed to notify or update TB cases to the Ministry of Health and Family Welfare ostensibly on the grounds that they did not receive consent from their patients to share their information with the government. This was met with a harsh response from the government which stated that clinical establishment that failed to notify tuberculosis patients would face jail time. According to a few doctors, the government’s new move would coerce patients to go to ‘underground clinics’ to receive treatment discreetly and hence, would not solve the issue of TB.

The document also offers no specific recommended procedures regarding how inaccurate entries will be corrected or deleted.

It is then perhaps not a stretch to imagine that these scenarios would affect the quality of the data stored; defeating NITI Aayog’s objective of researchers using the stack for high-quality medical data.

The reason why the quality and integrity of data is at the head of the table is that all the proposed applications of the NHS (analytics, fraud detection etc.) assume a high quality, accurate dataset. At the same time, the enrolment process, updating process and disclosed measures to ensure data quality will effectively lead to poor quality data. If this is the case, then applications derived from the NHS dataset should assume an imperfect data, rather than an accurate dataset, which should make one wonder if no data is better than data that is certainly inaccurate.

Lack Of Data Utilisation Guidelines

Issues with data quality are exacerbated depending on how and where it is used, and who uses it. The paper has identified some users to be health-sector stakeholders such as healthcare providers (hospitals, clinics, labs etc), beneficiaries, doctors, insurers and accredited social health activists but misses laying down utilisation guidelines. The foresight to create a dataset that can be utilised by multiple actors for numerous applications is commendable, but potentially problematic -- especially if guidelines on how this data is to be used by stakeholders (especially the private sector) are ignored.

In order to bridge this knowledge gap, India has the opportunity to learn from the legal precedent set by foreign institutions. As an example, one could examine the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. which sets out strict guidelines for how businesses are to handle sensitive health data in order to maintain the individual’s privacy and security. It goes one step further to also lay down incentive and accountability structures in order that business associates necessarily report security breaches to their respective covered entities.

If we do not take necessary precautions now, we not only run the risk of poor security and breach of privacy but of inaccurate data that renders the national health data repository a health risk for the whole patient population.

There’s also the lack of clarity on who is meant to benefit from using such a database or whether the benefits are equal to all stakeholders, but more on that in a subsequent piece.

A medical team uses a glucometer to check the blood glucose level of a patient at a mobile clinic in Pancharala, on the outskirts of Bengaluru, India. (Photographer: Dhiraj Singh/Bloomberg)

It’s Your Recipe, You Try It First!

If the NITI Aayog and the government are sure that there is a need for a national healthcare database, perhaps they can start using the Central Government Health Scheme (which includes all current and retired government employees and their families) as a pilot scheme for this. Once the software, database and the various apps built on it are found to be good value for money and patients benefit from excellent treatment all over the country, it could be expanded to those who use the Employees’ State Insurance system, and then perhaps to the armed forces. After all, these three groups already have a unique identifier and would benefit from the portability of healthcare records since they are likely to be transferred and posted all over the country. If, and only if, it works for these groups and the claimed benefits are observed, then perhaps it can be expanded to the rest of the country’s healthcare systems.

Murali Neelakantan is an expert in healthcare laws. Swaraj Barooah is Policy Director at The Centre for Internet and Society. Swagam Dasgupta and Torsha Sarkar are interns at The Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-murali-neelakantan-swaraj-barooah-swagam-dasgupta-torsha-sarkar-august-14-2018-national-health-stack-data-for-datas-sake-a-manmade-health-hazard

National Elections 2014: How Technology Powered Campaigns

praskrishna — 2014-05-20T07:03:51Z

HasGeek and the Centre for Internet and Society (CIS) welcome you to a presentation on how technology powered politicial campaigns in the recently concluded 2014 national elections. Developers, advocacy organizations and the general public are invited to participate. The event will be held at CIS on May 23, 2014, 6.00 p.m. to 8.30 p.m.

During the 2014 Indian general elections, technology was widely used for candidate and party campaigns. The purpose of these technology-driven campaigns was to help voters make more informed decisions before casting their votes. Voter responses to these campaigns continuously helped individual candidates and political parties (via their technology teams and consultants) to rework messaging till the very end.

HasGeek and CIS are organizing three presentations followed by an interactive Q&A session to understand how technology spurred campaigns during the 2014 elections, and how voters will have to get smarter just as parties are becoming smart in reaching out to them.

Sessions

Campaigning in the pre-Internet and Internet Era (Talk)

Vijay Grover, founder of Bangalore Media Foundation and television journalist since 17 years, will compare the past and present to explain how internet technologies have changed campaigning stratgies. Grover will argue that voters need to get smart in sifting information and making choices as more and more parties use social media and information technologies in reaching out to them.

Technology-driven campaigns (Talk)

Viral Shah, part of Nandan Nilekani's campaign management team, will talk about how India is placed in the global scene with respect to technology-driven political campaigns. Viral will also discuss how to design a campaign with technology and how technology was used to power Nilekani's campaign.

Tools used for powering campaigns and attracting volunteers (Talk)

BG Mahesh, founder and managing director at Oneindia.in, will talk about the tools used during Narendra Modi's campaign. Apart from informing voters about the candidate, volunteers were also enlisted through the drives. BG Mahesh will throw light on how technology made this possible.

Schedule

Time	Sessions
18.00 18.15	Introductions: HasGeek, CIS, The Fifth Elephant
18.15 18.45	Vijay Grover: Campaigning in the pre-Internet and Internet Era
18.45 19.15	Viral Shah: Technology-driven campaigning
19.15 19.45	B.G.Mahesh: Tools used for powering campaigns and attracting volunteers
19.45 20.15	Q & A Session
20.15 20.30	Snacks

For more details visit https://cis-india.org/events/national-elections-2014-how-technology-powered-campaigns

National Cyber Defence Summit 2016

praskrishna — 2016-10-10T12:54:29Z

National Cyber Defence Summit – 2016 was organized by the National Cyber Safety and Security Standards in association with State & Central Governments, Ministry of Defence, Government of India, AICTE & Anna University on 30 September and 1 October 2016 in Chennai. Vanya Rakesh attended the summit.

The Summit focused on multiple issues linked with the current use of cyberspace by the various stake holders and creating awareness of the responsibility associated with the judicious use of this significant and powerful tool, without endangering the fragile security and social framework. The mission of the Summit is to establish a multi-stakeholder consortium that brings together Industry, Government, and Academic interests in an effort to improve the state of Cyber Security on both a domestic and international level. Primarily, the Summit focuses on multiple issues linked with the current use of cyberspace by the various stake holders and creating awareness of the responsibility associated with the judicious use of this significant and powerful tool, without endangering the fragile security and social framework.

In fact this is the one and only High Level Summit which gathers the presence of Multi-Stakeholders from State/Central Governments, Defence, MNCs, PSUs, Academics, PSBs, Intelligence Agencies, Enforcement Agencies and etc. For more info see the website here. Agenda can be viewed here.

For more details visit https://cis-india.org/internet-governance/news/national-cyber-defence-summit-2016

National Consultation on Media Law

praskrishna — 2014-09-30T06:52:50Z

The Law Commission of India and the National University, Delhi have joined hands to organize the National Consultation on Media Law at the India Habitat Centre in New Delhi on September 27 and 28, 2014. Nehaa Chaudhari participated in this event.

Click to view the:

For more details visit https://cis-india.org/internet-governance/news/national-consultation-on-media-law

Nasscom wants board to protect Net neutrality, regulate pricing

praskrishna — 2016-01-31T09:25:09Z

The debate against differential pricing of data services at the cost of net neutrality doesn’t seem to be getting over yet. While internet activists have gone out on streets in Bengaluru and Hyderabad to protest in favour of net neutrality, industry experts believe that differential pricing, when regulated could be tailored for public interest.

The article by Shadma Shaikh was published in Asian Age on January 7, 2016. Pranesh Prakash was quoted.

Given the current situation of low internet and broadband penetration along with lower levels of digital literacy and limited local language support in the country, IT industry body Nasscom said that protection of net neutrality is essential to fight these monumental challenges that require continuous innovation, both in technology solutions and business models.

“We strongly oppose any model where TSPs or their partners have a say or discretion in choosing content that is made available at favourable rates, speed,” Nasscom President R. Chandrashekhar said in a statement.

However, Nasscom also suggested a suitable oversight mechanism in the form of “an independent not-for-profit entity with an independent board to manage proposed differential pricing programs that are deemed to be in the public interest and are philanthropic in nature.”

In view of regulator Trai’s proposal to question the fairness of zero-rating—a practice of not counting certain traffic towards a subscriber's regular Internet usage, Pranesh Prakash, Centre for Internet and Society said, all forms of zero-rating result in some form of discrimination, but not all zero-rating is harmful, nor does all zero-rating need to be prohibited.

Prakash says that Trai’s paper has been inappropriately reduced to a referendum, by both parties—supporters of differential pricing programme as well as internet activists fighting zero-rating. Content-agnostic zero-rating models are not harmful, he says, adding “some traffic, such as government or public interest sites could be made free.”

Facebook’s Free Basics app that aims to provide ‘free Internet access’ to users who cannot afford data packs, has run into trouble for being against net neutrality principle. Trai, while evaluating the zero-rating proposal has asked Reliance Communications, the official telecom partner for Free Basics to put the service on hold.

After drawing flak from critics and citizens over its Free Basics program and its extensive advertisement in the media and on Facebook itself to influence the decision of Trai in favour of zero-rating program, Zuckerberg reached out to Indian readers through an opinion piece he published in an Indian daily newspaper.

Facebook’s justification for Free Basics lies in comparing internet as a service similar to education and healthcare. Free schools, free libraries and public hospitals may not provide the best of services, but their existence is essential to cater to a large set of audience who cannot afford expensive healthcare or education. In the same way, says Facebook founder Mark Zuckerberg, everyone deserves access to free basic internet service.

Calling Facebook’s Free Basics programme as an illusion, Nikhil Pahwa, founder MediaNama and volunteer at savetheinternet.in said “Facebook’s Free Basics is not free internet.” The choice to determine what data or content to browse should be left to the internet users, he says.

For more details visit https://cis-india.org/internet-governance/news/asian-age-january-7-2016-shadma-shaikh-nasscom-wants-board-to-protect-net-neutrality-regulate-pricing

Nasscom chief saying full data protection isn’t possible should wake us from our digital slumber

praskrishna — 2017-03-17T01:47:25Z

Considering India is rapidly moving towards a digital economy, the hurdles not withstanding, data and identity security are topics which have to be taken very seriously. Since the demonetisation, a large part of the population who would never bother with digital transactions has suddenly come online. But there is no such thing as complete security of personal data, according to Nasscom chief R Chandrashekhar.

This was published by First Post on March 16, 2017. Pranesh Prakash was quoted.

Attending the World Consumer Rights Day, R Chandrashekhar said that personal data of online consumers cannot be completely secure and stressed on the need to have strict enforcement of consumer protection laws. Speaking to PTI, Chandrashekhar said, “More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT.”

It’s high time we call a spade, a spade

R Chandrashekhar, President Nasscom. Image: PIB

Coming from the head of Nasscom, this announcement pertaining to security is very important. According to Chandrashekhar one cannot expect complete cyber security, but there are definitely ways in which such attacks and incidents can be minimised. He very rightly said that that protecting the online consumer data, specially looking at how rapidly e-commerce is growing in the country, is of prime importance.

One cannot help but agree with Chandrashekhar, specially considering the fact India does not have a privacy law ecosystem that is present in countries such as the US and the UK, where online consumer protection is taken very seriously. Germany and other EU nations have always been at the forefront, when it comes to protecting data privacy, and it has ensured that consumer-facing technology companies do not run roughshod when it comes to protecting user data.

Chandrashekhar stated that there was no need for separate regulations for e-commerce sites, but the priority was ensuring means to enforce consumer laws in the digital world.

Lack of dedicated privacy laws

According to cyberlaw and cybersecurity expert, Pavan Duggal, “Going forward, there is an urgent need for India to take a strong view on privacy in terms of legislative frameworks. Unfortunately, at the time of writing, India does not have a dedicated law on privacy.”

Image: Foamy Media

Social media websites for instance have a lot of user data. But what happens when they suddenly change their privacy policies? For instance, a lot of users signed on to WhatsApp when it was an independent company. But post the Facebook acquisition, there have been a lot of instances where WhatsApp has updated its terms and conditions to suit its parent Facebook.

That’s not completely illegal one may say. Loss of privacy is a price you pay for free services. But what if, I as a consumer of WhatsApp do not want the app to share any of my data with Facebook? The only option I am left with is to delete WhatsApp. But then again, I do not know if my data is also deleted from WhatsApp servers or it has already been shared. Social media apps, only let you know what updates are being added. Consent is only required to update the app. You can stall that, up to a point. But there will come a time when you will have to update an app. Then by default you have given approval to all the terms and conditions associated with the app.

Two students had challenged WhatsApp’s revision to its privacy policy before Delhi High Court. The Court dismissed the petition insisting that users could opt out by deleting their accounts.

When a similar challenge was mounted before the authorities in UK, Facebook had to put a pause on their data sharing – and this was because of its strong data protection policy. Under the UK data protection law, the company has to inform the authority established under the Act of any changes in the use of user data. In the case of WhatsApp, the UK authority objected to such sharing.

Aadhaar – the 12-digit biometric storehouse

Aadhaar card is being used for many financial and non financial transactions. Also the Aadhaar number associated with an individual also holds a lot of personal and biometric data. So when recently, there was news about a possible Aadhaar data breach when UIDAI filed a police complaint against Axis Bank, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, it was naturally a shock to many.

Unlike a password which can be changed, with biometric information there is no scope to do that if it is compromised. Although UIDAI claims that there are multiple levels of security and firewalls to ensure there is no breach of Aadhaar information of an individual, one can only hope that it is robust enough to withstand any attack. Collection of biometric data by the government to form a database, for instance, was debated and ultimately not used in the UK.

Pranesh Prakash, policy director of the Centre for Internet and Society, expressed concern about the pace at which we are progressing when it comes to having a legal and regulatory framework when it comes to the Digital India push. “While the security architecture of Aadhaar Enabled Payment Systems (AEPS) might in itself be good, the idea of providing your fingerprints to merchants for financial transactions is a terrible idea since that is like asking you to give your bank password to a merchant, and the merchant can reuse that password, and you can’t ever change the password,” said Prakash.

Enforcing the correct processes

Last year, a malware affected the systems of Hitachi Payment Services, which provides back end services to ATM machines and Point of Sale nodes across India. As a result of this, around 32 lakh debit cards were compromised including those issued by SBI, HDFC, Yes Bank, Axis, BOB and ICICI. Security experts and consultants have pointed out various holes in the electronic transaction systems in place in India. Intel has also warned that ATM machines in India are vulnerable to malicious attacks. Intel points out that countries in the Asia Pacific region are developing and are particularly vulnerable because of old systems and machines being used.

Image: REUTERS/Amit Dave

According to Mahesh Patel, president and group CTO, AGS Transact Technologies this was more of a governance issue of the data centre than any technical error. “It is not about the software, but it is about the processes and procedures you put in place to ensure that the system is secure. Everything from physical security to computing security to admin management, etc should be process driven. So somewhere there could have been a weak link there. Cloud has to be secure and encrypted which suffices the use case of payments. This cloud is different from the ones used by e-commerce sites to display all their products,” said Patel.

We may have the best of software and security measures, but ensuring that they are implemented the right way is equally important. Plugging the loopholes in current regulations is also important.

Existing laws and regulations, not enough

According to Duggal, “The Information Technology Act, 2000 hardly has effective provisions to protect any data and personal privacy in the digital ecosystem. The Indian Government needs to come up with strong privacy law which can protect both personal privacy and data privacy in an effective manner.”

One may find it really shocking to hear the head of Nasscom saying something to the extent that full data protection for online consumers is not possible, but there is definitely truth to the matter. It will require concerted efforts from not only regulators, governments, digital wallet players and banking industry to come up with these privacy laws, but also you the consumer has to ensure that you are aware of the dangers lurking in the digital world. Educating oneself of the various ways in which your data can be compromised is a good way to protect your online self.

Because, let’s face it, for all practical purposes if you are online, your privacy is dead.

For more details visit https://cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber

Nasscom against differential pricing for data services

praskrishna — 2016-01-06T15:12:17Z

The National Association of Software and Services Companies says it should be the regulator that decides on such content, not firms.

The article by Moulishree Srivastava was published in Livemint on January 5, 2016. Pranesh Prakash gave inputs.

India’s top software lobby on Monday said if select web content needs to be provided cheaper for some Indians, it must be the regulator that decides on such content, not companies.

In its response to a consultation paper by the Telecom Regulatory Authority of India (Trai) on differential pricing for data usage, the National Association of Software and Services Companies (Nasscom) objected to plans such as Free Basics and Airtel Zero where companies choose content to be provided at different speeds and prices, but backed powers for the regulator to allow such a model if the regulator deems they are in “public interest”, while adhering to principles of net neutrality.

“We strongly oppose any model where telecom service providers (TSPs) or their partners have a say or discretion in choosing content that is made available at favourable rates, speed... any differential pricing by TSP either directly such as Airtel Zero or indirectly as in the case of Free Basics through a platform provider which limits access to the internet services or websites (selected by the TSP or by the partners) violate the idea of net neutrality,” said R. Chandrashekhar, president, Nasscom.

“But when we recognize the reality of India as a country which has low internet penetration and even lower broadband penetration, apart from low levels of digital literacy and limited local language content... there may be a need to provide certain services in public interest at differential or lower prices which the regulator feels are necessary,” he said.

“Therefore, it is important that the regulator should have the power to allow differential pricing for certain types or classes of services that are deemed to be in public interest and based on mandatory prior approvals,” he said. “Any such programmes should abide by the principles of net neutrality and not constrain innovation in any way and not constrain innovation in any way.”

Differential pricing for data usage means offering services at different price points to different users. However, analysts say it could lead to an anti-competitive environment, hurting small companies and start-ups, while giving the TSPs and their partner platforms near-monopolistic access to the vast amount of user data that has potential commercial value in a country such as India where privacy laws are not strong.

Differential pricing is a significant aspect of the net neutrality debate that erupted in India in 2015, when Trai released a consultation paper in April. Soon, telecom operator Bharti Airtel Ltd launched Zero, a marketing platform that allows customers to access mobile applications for free but charges the application providers.

Facebook’s Free Basics service (the new name for Internet.org) aims to offer people without the Internet free access to a handful of websites and a range of services through mobile phones, which net neutrality activists say will violate the core principle that everyone should have unrestricted access to Internet and it should not be regulated by a company.

Following the outrage, Trai put Free Basics on hold, asking Reliance Communications Ltd to furnish the detailed terms and conditions of its Free Basics service. The next step will be announced later this month.

In an op-ed in the Times of India last week, Nandan Nilekani, co-founder of Infosys Ltd. and former chairman of Unique Identification Authority of India, publicly criticized Facebook’s Free Basics, calling it a walled garden.

“The walled garden of Free Basics goes against the spirit of openness on the internet, and in the guise of being pro-poor, balkanises it. Only Free Basics-approved websites will be accessible for free,” he said in the article which he co-authored with Viral Shah who led the design of government’s subsidy platforms using Aadhaar. “In theory, anyone meeting the technical guidelines today can participate. However, services that may potentially compete with telco offerings may not join Free Basics. Since Facebook does not currently subsidise free usage, telcos will have to foot the bill by raising prices.”

He said schemes such as direct benefit transfer for Internet data packs would be better compared to programmes such as Free Basics.

Nasscom, in its response, recommended “mandatory prior approval of such services by the regulator and sharing of periodic information on tariff plans seek to lower the price as well as zero rating services,” adding that these programmes should abide by the principle of net neutrality, meaning it should not limit consumers access to pre-defined set of services or websites.

“Any such differential pricing programs should have explicit approval of the regulator—and should be deemed to be in the public interest and the onus of proving it to be in the public interest in the first instance would be on service provider and before Trai arrives at a final decision a public consultation is also advised because of the dangers involved,” Nasscom said. “Even after the approval, suitable oversight mechanism should be maintained by the regulator in all such case.”

Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), said Nasscom’s approach to make differential pricing plans and options as an exception rather than the rule was quite reasonable. “It says that if differential pricing services adhere to the guidelines of being non-discriminatory, non-anti-competitive, non-predatory, non-ambiguous and transparent, they can be allowed under the supervision of the regulator, which is similar to the position adopted by CIS,” he said.

“Though some of their positions are ambiguous—for instance what they mean by non-discriminatory, and whether they are okay with differential pricing between classes of applications, are unclear—and some of their recommendations increase regulatory complexity, such as their proposal for independent not-for-profit entities with independent boards to own and manage such differential pricing programs, by and large it is a useful submission,” Prakash added.

For more details visit https://cis-india.org/internet-governance/news/livemint-moulishree-srivastava-january-5-2016-nasscom-against-differential-pricing-for-data-services

Narendra Modi’s personal app sparks India data privacy row

Admin — 2018-03-28T16:17:32Z

PM’s NaMo app sends user data to third party in US, says researcher.

Sunil Abraham was quoted in the article published by Financial Times on March 28, 2018.

“People are outraged that there is a peephole,” says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, a non-profit research organisation. “They are not outraged that anyone has looked into the peephole — because there is no evidence of that yet.”

For Mr Abraham, however, the controversy demonstrates that “Indian political parties have a voracious appetite for political data. If unchecked by law or public outrage, they will continue to hoover up as much data as they can from our devices.”

“Privacy is definitely a political issue,” says Mr. Abraham. “Political parties are reacting not because they will get into trouble under the law. They are reacting because they areafraid their supporters may not like it.”

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-28-2018-narendra-modi-personal-app-sparks-india-data-privacy-row

Nanny state rules porn bad for you

praskrishna — 2015-08-05T01:39:28Z

The article by Anahita Mukherji was published in the Times of India on August 4, 2015. Pranesh Prakash gave his inputs.

Half a century ago, India banned the DH Lawrence classic, Lady Chatterley's Lover. The ban, though lambasted for its Victorian view of modesty and obscenity, was fair and square; the matter was debated in the Supreme Court, which upheld the ban. Over 50 years later, a diverse spectrum of civil society has slammed a much more insidious and far less transparent ban on internet pornography.

For starters, the 857 sites that vanished from India's internet sphere haven't been officially banned, they just don't show up when you type the url. The order blocking them isn't public. For a list of the 857 sites, one must rely on leaked documents put out on Twitter by Pranesh Prakash, policy director, Centre for Internet and Society. "The ban on Lady Chatterley's Lover was public. As for the blocked websites, the government has gone out of its way to hide the list of sites pulled down. A secret order banning material violates all principles of transparency in a democracy," says Prakash.

The document, with 'Restricted' written on it, is a letter from the department of telecom asking ISPs to disable 857 sites as they bear content related to "morality" and "decency," violating Article 19 (2).

Strangely, the order's been issued under Sec 79 (3)(b) of the IT Act dealing with intermediaries having to remove material used to commit unlawful acts. "Watching porn isn't illegal in India. Disseminating 'obscene' content can be illegal, but for that, the government must file a case against the sites, and they must be allowed a representation," says Prakash.

"Sec 79 (3)(b) of the IT act isn't the section under which governments can block sites. It should use Sec 69 that has a review process," says Nikhil Pahwa, a champion of internet freedom.

The government drew up its list of 857 sites even as SC is in the process of hearing a petition to ban porn and is yet to pass an order. It includes playboy.com that, says Prakash, is a legitimate adult site. Pahwa points to the ban's "bizarrely moralistic undertones".

"As society evolves, government and regulatory regime are stuck in medieval ages," he says, adding a ban on websites will be rendered ineffective, pushing users to VPNs, a black hole for government monitoring mechanisms.

"A government that hasn't succeeded with Make in India is trying to prevent Make out in India," says venture capitalist Mahesh Murthy, who earlier backed net neutrality.

"The government is blocking websites to keep Rightwing lunatic fringes happy after its unsuccessful bid to pass the land bill," says Murthy.

"It isn't merely looking at blocking porn, but is trying to bring back Sec 66A (IT Act), ruled unconstitutional by the SC," he adds. "It's part of the bid to restrict individual freedom, create an artificial separation between Indian culture and anything erotic, driven by a diktat from Hindutva forces. It's ironic as Modi came to power as someone looking to activate individual agency. Now he's wary about where that leads to," says Subir Sinha, professor at the School of Oriental and African Studies (London). Murthy and Sinha believe the issue stems from a refusal to accept Indian culture in totality. "Victorian morality is considered Hindu, Khajuraho isn't," says Murthy.

"The government seems to be acting in a more high-handed manner than previous ones. The press and public opinion should wake up to this," says sociologist Andre Beteille.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-august-4-2015-anahita-mukherji-nanny-state-rules-porn-bad-for-you