We are anonymous, we are legion

National IG Mechanisms – Looking at Some Key Design Issues

praskrishna — 2012-12-09T00:50:46Z

The Centre for Internet & Society is coorganizing this workshop along with Brazilian Internet Steering Committee, Institute for System Analysis, Russian Academy of Sciences, et.al., at the seventh Internet Governance Forum 2012 in Azerbaijan. The workshop will be held in Conference Room 4, from 2.30 p.m. to 4.00 p.m. Pranesh Prakash is a panelist for this workshop.

Workshop Theme:
Other
Theme Question:
It is a workshop on national level IG mechanisms, and does not directly address any main theme questions

Concise Description of Workshop:

Such is the unique nature of the Internet that its governance often calls for institutional innovations. The proposed workshop will look at a range of national level IG mechanisms across the world. While the discussion will refer to good models and practices in different countries, it will not be organized around simple show-casing of different national IG mechanisms. The discussion will centre around key contexts, requirements, challenges and possibilities. It will be directed towards examining key institutional design issues, functions and outcomes with regard to national level IG mechanisms with the purpose to help countries make appropriate decisions in their specific contexts. Some of these are; - How should the national commons of Internet resources be managed?- What kinds of mechanisms are appropriate for technical matters, what for those that are partly technical and partly social, and what for larger public policy matters, requiring more political responses? - Should there be a common single mechanism to address all the above kinds of issues, or different ones? How to coordinate different mechanisms, and different parts of the national governance machinery dealing with different aspects or kinds of IG issues? - How to ensure meaningful participation of all stakeholders in a manner that focuses on public interest?- How can the surplus from domain name registration fees etc collected by national IG agencies be employed for public interest purposes, especially, for taking up Internet related research.

Organiser(s) Name:

Centre for Internet and Society, Bangalore - Civil SocietyBrazilian Internet Steering Committee - National level governance bodyInstitute for System Analysis, Russian Academy of Sciences - Academic InsitutionCentre for Community Informatics Research, Development and Training (CCIRDT), Vancouver, BC CANADA - Civil Society Instituto NUPEF , Rio de Janeiro - Civil SocietyIT for Change, Bangalore - Civil Society.

Previous Workshop(s):

See in the workshops section in IGF 2011IG4D Workshop 183: A Possible Framework for Global Net Neutrality.

Submitted Workshop Panelists:

Carlos Afonso, Insituto NUPEF, Board Member, Brazilian Steering CommiteeEmily Taylor, Independent Consultant, Formerly with NOMINETAlice Munya, Chairperson, Kenya Internet Steering CommiteeVictor Tishchenko, Institute of Advanced Systems, Russian Academy of Sciences,Sunil Abraham, Centre for Internet and Society,Moderator, Micheal Gurstein, Centre for Community Informatics Research, Development and Training, Canada.

Name of Remote Moderator(s):

Ginger Paque

Read the original published on the IGF website here

For more details visit https://cis-india.org/internet-governance/national-ig-mechanisms

National Health Stack: Data For Data’s Sake, A Manmade Health Hazard

Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar — 2018-09-16T05:01:18Z

On Oct. 5, 2017, an HIV positive woman was denied admission in Hyderabad’s Osmania General Hospital even though she was entitled to free treatment under India’s National AIDS Control Organisation programme. Another incident around the same time witnessed a 24-year-old pregnant woman at Tikamgarh district hospital in Madhya Pradesh being denied treatment by hospital doctors once she tested positive for HIV. The patient reportedly delivered the twins outside the maternity ward after she was turned away by the hospital, but her newborn twin girls died soon after.

The op-ed was published in Bloomberg Quint on August 14, 2018.

Apart from facing the severity of their condition, patients afflicted with diseases such as HIV, tuberculosis, and mental illnesses, are often subject to social stigma, sometimes even leading to the denial of medical treatment. Given this grim reality would patients want their full medical history in a database?

The ‘National Health Stack’ as described by the NITI Aayog in its consultation paper, is an ambitious attempt to build a digital infrastructure with a “deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem”. If the government is to create a database of individuals’ health records, then it should appreciate the differential impact that it could have on the patients.

The collection of health data, without sensitisation and accountability, has the potential to deny healthcare to the vulnerable.

We have innumerable instances of denial of services due to Aadhaar and there is a real risk that another database will lead to more denial of access to the most vulnerable.

Earlier, we had outlined some key aspects of the NHS, the ‘world’s largest’ government-funded national healthcare scheme. Here we discuss some of the core technical issues surrounding the question of data collection, updating, quality, and utilisation.

Resting On A Flimsy Foundation: The Unique Health ID

The National Health Stack envisages the creation of a unique ID for registered beneficiaries in the system — a ‘Digital Health ID’. Upon the submission of a ‘national identifier’ and completion of the Know Your Customer process, the patient would be registered in the system, and a unique health ID generated.

This seemingly straightforward process rests on a very flimsy foundation. The base entry in the beneficiary registry would be linked to a ‘strong foundational ID’. Extreme care needs to be taken to ensure that this is not limited to an Aadhaar number. Currently, the unavailability of Aadhaar would not be a ground for denial of treatment to a patient only for their first visit; the patient must provide Aadhaar or an Aadhaar enrolment slip to avail treatment thereafter. This suggests that the national healthcare infrastructure will be geared towards increasing Aadhaar enrollment, with the unstated implication that healthcare is a benefit or subsidy — a largess of government, and not, as the courts have confirmed, a fundamental right.

Not only is this project using government-funded infrastructure to deny its citizens the fundamental right to healthcare, it is using the desperate need of the vulnerable for healthcare to push the ‘Aadhaar’ agenda.

Any pretence that Aadhaar is voluntary is slowly fading with the government mandating it at every step of our lives.

Aadhaar Seva kendra. (Source: Aadhaar Official Account/Facebook

Is The Health ID An Effective And Unique Identifier?

Even if we choose to look past the fact that the validity of Aadhaar is still pending the test of legality before the apex court, a foundational ID would mean that the data contained within that ID is unique, accurate, incorruptible, and cannot be misused. These principles, unfortunately, have been compromised by the UIDAI in the Aadhaar project with its lack of uniqueness of identity (i.e, fake IDs and duplicity), failure to authenticate identity, numerous alleged data leaks (‘alleged’ because UIDAI maintains that there haven’t been any leaks), lack of connectivity to be able to authenticate identity and numerous instances of inaccurate information which cannot be corrected.

Linking something as crucial and basic as healthcare data with such a database is a potential disaster.

There is a real risk that incorrect linking could cause deaths or inappropriate medical care.

The High Risk Of Poor Quality Data

The NITI Aayog paper envisages several expansive databases that are capable of being updated by different entities. It includes enrollment and updating processes but seems to assume that all these extra steps will be taken by all the relevant stakeholders and does not explain the motivation for stakeholders to do so.

In a country where government doctors, hospitals, wellness centres, etc are overburdened and understaffed, this reliance is simply not credible. For instance, all attributes within the registries are to be digitally signed by an authorised updater, there must be an audit trail for all changes made to the registries, and surveyors will be tasked with visiting providers in person to validate the data. Identifying these precautions as measures to assure accurate data is a great step towards building a national health database, but this seems an impossible task.

Who are these actors and what will incentivise them to ensure the accuracy and integrity of data?

In other words, what incentive and accountability structures will ensure that data entry and updating is accurate, and not approached from a more ‘jugaad’ ‘let’s just get this done for the sake of it’ attitude that permeates much of the country. How will patients have access to the database to be able to check its accuracy? Is it possible for a patient (who will presumably be ill) to gain easy access to an updater to change their data? If so, how? It is worth noting that the patient’s ‘right’ to check her data assumes that they have access to a computer that is connected to the internet as well as a good level of digital literacy, which is not the case in India for a significant section of the population. Even data portability loses its potential benefits if the quality of data on these registries is not reliable. In this case, healthcare providers will need to verify their patients’ health history using physical records instead, rendering the stack redundant.

Who will be liable to the patient for misdiagnosis based on the database?

A sonographic image is displayed on a monitor as a patient undergoes an ultrasound scan in Bikaner, Rajasthan, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Leaving the question of accountability vague opens updaters to the possibility of facing dangerous and unnecessarily punitive measures in the future. The NITI Aayog paper fails to address this key issue which arose recently. Despite being a notifiable disease, there are reports that numerous doctors from the private sector failed to notify or update TB cases to the Ministry of Health and Family Welfare ostensibly on the grounds that they did not receive consent from their patients to share their information with the government. This was met with a harsh response from the government which stated that clinical establishment that failed to notify tuberculosis patients would face jail time. According to a few doctors, the government’s new move would coerce patients to go to ‘underground clinics’ to receive treatment discreetly and hence, would not solve the issue of TB.

The document also offers no specific recommended procedures regarding how inaccurate entries will be corrected or deleted.

It is then perhaps not a stretch to imagine that these scenarios would affect the quality of the data stored; defeating NITI Aayog’s objective of researchers using the stack for high-quality medical data.

The reason why the quality and integrity of data is at the head of the table is that all the proposed applications of the NHS (analytics, fraud detection etc.) assume a high quality, accurate dataset. At the same time, the enrolment process, updating process and disclosed measures to ensure data quality will effectively lead to poor quality data. If this is the case, then applications derived from the NHS dataset should assume an imperfect data, rather than an accurate dataset, which should make one wonder if no data is better than data that is certainly inaccurate.

Lack Of Data Utilisation Guidelines

Issues with data quality are exacerbated depending on how and where it is used, and who uses it. The paper has identified some users to be health-sector stakeholders such as healthcare providers (hospitals, clinics, labs etc), beneficiaries, doctors, insurers and accredited social health activists but misses laying down utilisation guidelines. The foresight to create a dataset that can be utilised by multiple actors for numerous applications is commendable, but potentially problematic -- especially if guidelines on how this data is to be used by stakeholders (especially the private sector) are ignored.

In order to bridge this knowledge gap, India has the opportunity to learn from the legal precedent set by foreign institutions. As an example, one could examine the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. which sets out strict guidelines for how businesses are to handle sensitive health data in order to maintain the individual’s privacy and security. It goes one step further to also lay down incentive and accountability structures in order that business associates necessarily report security breaches to their respective covered entities.

If we do not take necessary precautions now, we not only run the risk of poor security and breach of privacy but of inaccurate data that renders the national health data repository a health risk for the whole patient population.

There’s also the lack of clarity on who is meant to benefit from using such a database or whether the benefits are equal to all stakeholders, but more on that in a subsequent piece.

A medical team uses a glucometer to check the blood glucose level of a patient at a mobile clinic in Pancharala, on the outskirts of Bengaluru, India. (Photographer: Dhiraj Singh/Bloomberg)

It’s Your Recipe, You Try It First!

If the NITI Aayog and the government are sure that there is a need for a national healthcare database, perhaps they can start using the Central Government Health Scheme (which includes all current and retired government employees and their families) as a pilot scheme for this. Once the software, database and the various apps built on it are found to be good value for money and patients benefit from excellent treatment all over the country, it could be expanded to those who use the Employees’ State Insurance system, and then perhaps to the armed forces. After all, these three groups already have a unique identifier and would benefit from the portability of healthcare records since they are likely to be transferred and posted all over the country. If, and only if, it works for these groups and the claimed benefits are observed, then perhaps it can be expanded to the rest of the country’s healthcare systems.

Murali Neelakantan is an expert in healthcare laws. Swaraj Barooah is Policy Director at The Centre for Internet and Society. Swagam Dasgupta and Torsha Sarkar are interns at The Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-murali-neelakantan-swaraj-barooah-swagam-dasgupta-torsha-sarkar-august-14-2018-national-health-stack-data-for-datas-sake-a-manmade-health-hazard

National Elections 2014: How Technology Powered Campaigns

praskrishna — 2014-05-20T07:03:51Z

HasGeek and the Centre for Internet and Society (CIS) welcome you to a presentation on how technology powered politicial campaigns in the recently concluded 2014 national elections. Developers, advocacy organizations and the general public are invited to participate. The event will be held at CIS on May 23, 2014, 6.00 p.m. to 8.30 p.m.

During the 2014 Indian general elections, technology was widely used for candidate and party campaigns. The purpose of these technology-driven campaigns was to help voters make more informed decisions before casting their votes. Voter responses to these campaigns continuously helped individual candidates and political parties (via their technology teams and consultants) to rework messaging till the very end.

HasGeek and CIS are organizing three presentations followed by an interactive Q&A session to understand how technology spurred campaigns during the 2014 elections, and how voters will have to get smarter just as parties are becoming smart in reaching out to them.

Sessions

Campaigning in the pre-Internet and Internet Era (Talk)

Vijay Grover, founder of Bangalore Media Foundation and television journalist since 17 years, will compare the past and present to explain how internet technologies have changed campaigning stratgies. Grover will argue that voters need to get smart in sifting information and making choices as more and more parties use social media and information technologies in reaching out to them.

Technology-driven campaigns (Talk)

Viral Shah, part of Nandan Nilekani's campaign management team, will talk about how India is placed in the global scene with respect to technology-driven political campaigns. Viral will also discuss how to design a campaign with technology and how technology was used to power Nilekani's campaign.

Tools used for powering campaigns and attracting volunteers (Talk)

BG Mahesh, founder and managing director at Oneindia.in, will talk about the tools used during Narendra Modi's campaign. Apart from informing voters about the candidate, volunteers were also enlisted through the drives. BG Mahesh will throw light on how technology made this possible.

Schedule

Time	Sessions
18.00 18.15	Introductions: HasGeek, CIS, The Fifth Elephant
18.15 18.45	Vijay Grover: Campaigning in the pre-Internet and Internet Era
18.45 19.15	Viral Shah: Technology-driven campaigning
19.15 19.45	B.G.Mahesh: Tools used for powering campaigns and attracting volunteers
19.45 20.15	Q & A Session
20.15 20.30	Snacks

For more details visit https://cis-india.org/events/national-elections-2014-how-technology-powered-campaigns

National Cyber Defence Summit 2016

praskrishna — 2016-10-10T12:54:29Z

National Cyber Defence Summit – 2016 was organized by the National Cyber Safety and Security Standards in association with State & Central Governments, Ministry of Defence, Government of India, AICTE & Anna University on 30 September and 1 October 2016 in Chennai. Vanya Rakesh attended the summit.

The Summit focused on multiple issues linked with the current use of cyberspace by the various stake holders and creating awareness of the responsibility associated with the judicious use of this significant and powerful tool, without endangering the fragile security and social framework. The mission of the Summit is to establish a multi-stakeholder consortium that brings together Industry, Government, and Academic interests in an effort to improve the state of Cyber Security on both a domestic and international level. Primarily, the Summit focuses on multiple issues linked with the current use of cyberspace by the various stake holders and creating awareness of the responsibility associated with the judicious use of this significant and powerful tool, without endangering the fragile security and social framework.

In fact this is the one and only High Level Summit which gathers the presence of Multi-Stakeholders from State/Central Governments, Defence, MNCs, PSUs, Academics, PSBs, Intelligence Agencies, Enforcement Agencies and etc. For more info see the website here. Agenda can be viewed here.

For more details visit https://cis-india.org/internet-governance/news/national-cyber-defence-summit-2016

National Consultation on Media Law

praskrishna — 2014-09-30T06:52:50Z

The Law Commission of India and the National University, Delhi have joined hands to organize the National Consultation on Media Law at the India Habitat Centre in New Delhi on September 27 and 28, 2014. Nehaa Chaudhari participated in this event.

Click to view the:

For more details visit https://cis-india.org/internet-governance/news/national-consultation-on-media-law

Nasscom wants board to protect Net neutrality, regulate pricing

praskrishna — 2016-01-31T09:25:09Z

The debate against differential pricing of data services at the cost of net neutrality doesn’t seem to be getting over yet. While internet activists have gone out on streets in Bengaluru and Hyderabad to protest in favour of net neutrality, industry experts believe that differential pricing, when regulated could be tailored for public interest.

The article by Shadma Shaikh was published in Asian Age on January 7, 2016. Pranesh Prakash was quoted.

Given the current situation of low internet and broadband penetration along with lower levels of digital literacy and limited local language support in the country, IT industry body Nasscom said that protection of net neutrality is essential to fight these monumental challenges that require continuous innovation, both in technology solutions and business models.

“We strongly oppose any model where TSPs or their partners have a say or discretion in choosing content that is made available at favourable rates, speed,” Nasscom President R. Chandrashekhar said in a statement.

However, Nasscom also suggested a suitable oversight mechanism in the form of “an independent not-for-profit entity with an independent board to manage proposed differential pricing programs that are deemed to be in the public interest and are philanthropic in nature.”

In view of regulator Trai’s proposal to question the fairness of zero-rating—a practice of not counting certain traffic towards a subscriber's regular Internet usage, Pranesh Prakash, Centre for Internet and Society said, all forms of zero-rating result in some form of discrimination, but not all zero-rating is harmful, nor does all zero-rating need to be prohibited.

Prakash says that Trai’s paper has been inappropriately reduced to a referendum, by both parties—supporters of differential pricing programme as well as internet activists fighting zero-rating. Content-agnostic zero-rating models are not harmful, he says, adding “some traffic, such as government or public interest sites could be made free.”

Facebook’s Free Basics app that aims to provide ‘free Internet access’ to users who cannot afford data packs, has run into trouble for being against net neutrality principle. Trai, while evaluating the zero-rating proposal has asked Reliance Communications, the official telecom partner for Free Basics to put the service on hold.

After drawing flak from critics and citizens over its Free Basics program and its extensive advertisement in the media and on Facebook itself to influence the decision of Trai in favour of zero-rating program, Zuckerberg reached out to Indian readers through an opinion piece he published in an Indian daily newspaper.

Facebook’s justification for Free Basics lies in comparing internet as a service similar to education and healthcare. Free schools, free libraries and public hospitals may not provide the best of services, but their existence is essential to cater to a large set of audience who cannot afford expensive healthcare or education. In the same way, says Facebook founder Mark Zuckerberg, everyone deserves access to free basic internet service.

Calling Facebook’s Free Basics programme as an illusion, Nikhil Pahwa, founder MediaNama and volunteer at savetheinternet.in said “Facebook’s Free Basics is not free internet.” The choice to determine what data or content to browse should be left to the internet users, he says.

For more details visit https://cis-india.org/internet-governance/news/asian-age-january-7-2016-shadma-shaikh-nasscom-wants-board-to-protect-net-neutrality-regulate-pricing

Nasscom chief saying full data protection isn’t possible should wake us from our digital slumber

praskrishna — 2017-03-17T01:47:25Z

Considering India is rapidly moving towards a digital economy, the hurdles not withstanding, data and identity security are topics which have to be taken very seriously. Since the demonetisation, a large part of the population who would never bother with digital transactions has suddenly come online. But there is no such thing as complete security of personal data, according to Nasscom chief R Chandrashekhar.

This was published by First Post on March 16, 2017. Pranesh Prakash was quoted.

Attending the World Consumer Rights Day, R Chandrashekhar said that personal data of online consumers cannot be completely secure and stressed on the need to have strict enforcement of consumer protection laws. Speaking to PTI, Chandrashekhar said, “More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT.”

It’s high time we call a spade, a spade

R Chandrashekhar, President Nasscom. Image: PIB

Coming from the head of Nasscom, this announcement pertaining to security is very important. According to Chandrashekhar one cannot expect complete cyber security, but there are definitely ways in which such attacks and incidents can be minimised. He very rightly said that that protecting the online consumer data, specially looking at how rapidly e-commerce is growing in the country, is of prime importance.

One cannot help but agree with Chandrashekhar, specially considering the fact India does not have a privacy law ecosystem that is present in countries such as the US and the UK, where online consumer protection is taken very seriously. Germany and other EU nations have always been at the forefront, when it comes to protecting data privacy, and it has ensured that consumer-facing technology companies do not run roughshod when it comes to protecting user data.

Chandrashekhar stated that there was no need for separate regulations for e-commerce sites, but the priority was ensuring means to enforce consumer laws in the digital world.

Lack of dedicated privacy laws

According to cyberlaw and cybersecurity expert, Pavan Duggal, “Going forward, there is an urgent need for India to take a strong view on privacy in terms of legislative frameworks. Unfortunately, at the time of writing, India does not have a dedicated law on privacy.”

Image: Foamy Media

Social media websites for instance have a lot of user data. But what happens when they suddenly change their privacy policies? For instance, a lot of users signed on to WhatsApp when it was an independent company. But post the Facebook acquisition, there have been a lot of instances where WhatsApp has updated its terms and conditions to suit its parent Facebook.

That’s not completely illegal one may say. Loss of privacy is a price you pay for free services. But what if, I as a consumer of WhatsApp do not want the app to share any of my data with Facebook? The only option I am left with is to delete WhatsApp. But then again, I do not know if my data is also deleted from WhatsApp servers or it has already been shared. Social media apps, only let you know what updates are being added. Consent is only required to update the app. You can stall that, up to a point. But there will come a time when you will have to update an app. Then by default you have given approval to all the terms and conditions associated with the app.

Two students had challenged WhatsApp’s revision to its privacy policy before Delhi High Court. The Court dismissed the petition insisting that users could opt out by deleting their accounts.

When a similar challenge was mounted before the authorities in UK, Facebook had to put a pause on their data sharing – and this was because of its strong data protection policy. Under the UK data protection law, the company has to inform the authority established under the Act of any changes in the use of user data. In the case of WhatsApp, the UK authority objected to such sharing.

Aadhaar – the 12-digit biometric storehouse

Aadhaar card is being used for many financial and non financial transactions. Also the Aadhaar number associated with an individual also holds a lot of personal and biometric data. So when recently, there was news about a possible Aadhaar data breach when UIDAI filed a police complaint against Axis Bank, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, it was naturally a shock to many.

Unlike a password which can be changed, with biometric information there is no scope to do that if it is compromised. Although UIDAI claims that there are multiple levels of security and firewalls to ensure there is no breach of Aadhaar information of an individual, one can only hope that it is robust enough to withstand any attack. Collection of biometric data by the government to form a database, for instance, was debated and ultimately not used in the UK.

Pranesh Prakash, policy director of the Centre for Internet and Society, expressed concern about the pace at which we are progressing when it comes to having a legal and regulatory framework when it comes to the Digital India push. “While the security architecture of Aadhaar Enabled Payment Systems (AEPS) might in itself be good, the idea of providing your fingerprints to merchants for financial transactions is a terrible idea since that is like asking you to give your bank password to a merchant, and the merchant can reuse that password, and you can’t ever change the password,” said Prakash.

Enforcing the correct processes

Last year, a malware affected the systems of Hitachi Payment Services, which provides back end services to ATM machines and Point of Sale nodes across India. As a result of this, around 32 lakh debit cards were compromised including those issued by SBI, HDFC, Yes Bank, Axis, BOB and ICICI. Security experts and consultants have pointed out various holes in the electronic transaction systems in place in India. Intel has also warned that ATM machines in India are vulnerable to malicious attacks. Intel points out that countries in the Asia Pacific region are developing and are particularly vulnerable because of old systems and machines being used.

Image: REUTERS/Amit Dave

According to Mahesh Patel, president and group CTO, AGS Transact Technologies this was more of a governance issue of the data centre than any technical error. “It is not about the software, but it is about the processes and procedures you put in place to ensure that the system is secure. Everything from physical security to computing security to admin management, etc should be process driven. So somewhere there could have been a weak link there. Cloud has to be secure and encrypted which suffices the use case of payments. This cloud is different from the ones used by e-commerce sites to display all their products,” said Patel.

We may have the best of software and security measures, but ensuring that they are implemented the right way is equally important. Plugging the loopholes in current regulations is also important.

Existing laws and regulations, not enough

According to Duggal, “The Information Technology Act, 2000 hardly has effective provisions to protect any data and personal privacy in the digital ecosystem. The Indian Government needs to come up with strong privacy law which can protect both personal privacy and data privacy in an effective manner.”

One may find it really shocking to hear the head of Nasscom saying something to the extent that full data protection for online consumers is not possible, but there is definitely truth to the matter. It will require concerted efforts from not only regulators, governments, digital wallet players and banking industry to come up with these privacy laws, but also you the consumer has to ensure that you are aware of the dangers lurking in the digital world. Educating oneself of the various ways in which your data can be compromised is a good way to protect your online self.

Because, let’s face it, for all practical purposes if you are online, your privacy is dead.

For more details visit https://cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber

Nasscom against differential pricing for data services

praskrishna — 2016-01-06T15:12:17Z

The National Association of Software and Services Companies says it should be the regulator that decides on such content, not firms.

The article by Moulishree Srivastava was published in Livemint on January 5, 2016. Pranesh Prakash gave inputs.

India’s top software lobby on Monday said if select web content needs to be provided cheaper for some Indians, it must be the regulator that decides on such content, not companies.

In its response to a consultation paper by the Telecom Regulatory Authority of India (Trai) on differential pricing for data usage, the National Association of Software and Services Companies (Nasscom) objected to plans such as Free Basics and Airtel Zero where companies choose content to be provided at different speeds and prices, but backed powers for the regulator to allow such a model if the regulator deems they are in “public interest”, while adhering to principles of net neutrality.

“We strongly oppose any model where telecom service providers (TSPs) or their partners have a say or discretion in choosing content that is made available at favourable rates, speed... any differential pricing by TSP either directly such as Airtel Zero or indirectly as in the case of Free Basics through a platform provider which limits access to the internet services or websites (selected by the TSP or by the partners) violate the idea of net neutrality,” said R. Chandrashekhar, president, Nasscom.

“But when we recognize the reality of India as a country which has low internet penetration and even lower broadband penetration, apart from low levels of digital literacy and limited local language content... there may be a need to provide certain services in public interest at differential or lower prices which the regulator feels are necessary,” he said.

“Therefore, it is important that the regulator should have the power to allow differential pricing for certain types or classes of services that are deemed to be in public interest and based on mandatory prior approvals,” he said. “Any such programmes should abide by the principles of net neutrality and not constrain innovation in any way and not constrain innovation in any way.”

Differential pricing for data usage means offering services at different price points to different users. However, analysts say it could lead to an anti-competitive environment, hurting small companies and start-ups, while giving the TSPs and their partner platforms near-monopolistic access to the vast amount of user data that has potential commercial value in a country such as India where privacy laws are not strong.

Differential pricing is a significant aspect of the net neutrality debate that erupted in India in 2015, when Trai released a consultation paper in April. Soon, telecom operator Bharti Airtel Ltd launched Zero, a marketing platform that allows customers to access mobile applications for free but charges the application providers.

Facebook’s Free Basics service (the new name for Internet.org) aims to offer people without the Internet free access to a handful of websites and a range of services through mobile phones, which net neutrality activists say will violate the core principle that everyone should have unrestricted access to Internet and it should not be regulated by a company.

Following the outrage, Trai put Free Basics on hold, asking Reliance Communications Ltd to furnish the detailed terms and conditions of its Free Basics service. The next step will be announced later this month.

In an op-ed in the Times of India last week, Nandan Nilekani, co-founder of Infosys Ltd. and former chairman of Unique Identification Authority of India, publicly criticized Facebook’s Free Basics, calling it a walled garden.

“The walled garden of Free Basics goes against the spirit of openness on the internet, and in the guise of being pro-poor, balkanises it. Only Free Basics-approved websites will be accessible for free,” he said in the article which he co-authored with Viral Shah who led the design of government’s subsidy platforms using Aadhaar. “In theory, anyone meeting the technical guidelines today can participate. However, services that may potentially compete with telco offerings may not join Free Basics. Since Facebook does not currently subsidise free usage, telcos will have to foot the bill by raising prices.”

He said schemes such as direct benefit transfer for Internet data packs would be better compared to programmes such as Free Basics.

Nasscom, in its response, recommended “mandatory prior approval of such services by the regulator and sharing of periodic information on tariff plans seek to lower the price as well as zero rating services,” adding that these programmes should abide by the principle of net neutrality, meaning it should not limit consumers access to pre-defined set of services or websites.

“Any such differential pricing programs should have explicit approval of the regulator—and should be deemed to be in the public interest and the onus of proving it to be in the public interest in the first instance would be on service provider and before Trai arrives at a final decision a public consultation is also advised because of the dangers involved,” Nasscom said. “Even after the approval, suitable oversight mechanism should be maintained by the regulator in all such case.”

Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), said Nasscom’s approach to make differential pricing plans and options as an exception rather than the rule was quite reasonable. “It says that if differential pricing services adhere to the guidelines of being non-discriminatory, non-anti-competitive, non-predatory, non-ambiguous and transparent, they can be allowed under the supervision of the regulator, which is similar to the position adopted by CIS,” he said.

“Though some of their positions are ambiguous—for instance what they mean by non-discriminatory, and whether they are okay with differential pricing between classes of applications, are unclear—and some of their recommendations increase regulatory complexity, such as their proposal for independent not-for-profit entities with independent boards to own and manage such differential pricing programs, by and large it is a useful submission,” Prakash added.

For more details visit https://cis-india.org/internet-governance/news/livemint-moulishree-srivastava-january-5-2016-nasscom-against-differential-pricing-for-data-services

Narendra Modi’s personal app sparks India data privacy row

Admin — 2018-03-28T16:17:32Z

PM’s NaMo app sends user data to third party in US, says researcher.

Sunil Abraham was quoted in the article published by Financial Times on March 28, 2018.

“People are outraged that there is a peephole,” says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, a non-profit research organisation. “They are not outraged that anyone has looked into the peephole — because there is no evidence of that yet.”

For Mr Abraham, however, the controversy demonstrates that “Indian political parties have a voracious appetite for political data. If unchecked by law or public outrage, they will continue to hoover up as much data as they can from our devices.”

“Privacy is definitely a political issue,” says Mr. Abraham. “Political parties are reacting not because they will get into trouble under the law. They are reacting because they areafraid their supporters may not like it.”

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-28-2018-narendra-modi-personal-app-sparks-india-data-privacy-row

Nanny state rules porn bad for you

praskrishna — 2015-08-05T01:39:28Z

The article by Anahita Mukherji was published in the Times of India on August 4, 2015. Pranesh Prakash gave his inputs.

Half a century ago, India banned the DH Lawrence classic, Lady Chatterley's Lover. The ban, though lambasted for its Victorian view of modesty and obscenity, was fair and square; the matter was debated in the Supreme Court, which upheld the ban. Over 50 years later, a diverse spectrum of civil society has slammed a much more insidious and far less transparent ban on internet pornography.

For starters, the 857 sites that vanished from India's internet sphere haven't been officially banned, they just don't show up when you type the url. The order blocking them isn't public. For a list of the 857 sites, one must rely on leaked documents put out on Twitter by Pranesh Prakash, policy director, Centre for Internet and Society. "The ban on Lady Chatterley's Lover was public. As for the blocked websites, the government has gone out of its way to hide the list of sites pulled down. A secret order banning material violates all principles of transparency in a democracy," says Prakash.

The document, with 'Restricted' written on it, is a letter from the department of telecom asking ISPs to disable 857 sites as they bear content related to "morality" and "decency," violating Article 19 (2).

Strangely, the order's been issued under Sec 79 (3)(b) of the IT Act dealing with intermediaries having to remove material used to commit unlawful acts. "Watching porn isn't illegal in India. Disseminating 'obscene' content can be illegal, but for that, the government must file a case against the sites, and they must be allowed a representation," says Prakash.

"Sec 79 (3)(b) of the IT act isn't the section under which governments can block sites. It should use Sec 69 that has a review process," says Nikhil Pahwa, a champion of internet freedom.

The government drew up its list of 857 sites even as SC is in the process of hearing a petition to ban porn and is yet to pass an order. It includes playboy.com that, says Prakash, is a legitimate adult site. Pahwa points to the ban's "bizarrely moralistic undertones".

"As society evolves, government and regulatory regime are stuck in medieval ages," he says, adding a ban on websites will be rendered ineffective, pushing users to VPNs, a black hole for government monitoring mechanisms.

"A government that hasn't succeeded with Make in India is trying to prevent Make out in India," says venture capitalist Mahesh Murthy, who earlier backed net neutrality.

"The government is blocking websites to keep Rightwing lunatic fringes happy after its unsuccessful bid to pass the land bill," says Murthy.

"It isn't merely looking at blocking porn, but is trying to bring back Sec 66A (IT Act), ruled unconstitutional by the SC," he adds. "It's part of the bid to restrict individual freedom, create an artificial separation between Indian culture and anything erotic, driven by a diktat from Hindutva forces. It's ironic as Modi came to power as someone looking to activate individual agency. Now he's wary about where that leads to," says Subir Sinha, professor at the School of Oriental and African Studies (London). Murthy and Sinha believe the issue stems from a refusal to accept Indian culture in totality. "Victorian morality is considered Hindu, Khajuraho isn't," says Murthy.

"The government seems to be acting in a more high-handed manner than previous ones. The press and public opinion should wake up to this," says sociologist Andre Beteille.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-august-4-2015-anahita-mukherji-nanny-state-rules-porn-bad-for-you

Namaste, Mr. Eric Schmidt

praskrishna — 2013-03-21T08:48:48Z

An article by R. Jai Krishna published in the Wall Street Journal on March 20, 2013 quotes Sunil Abraham.

Read the original published by the Wall Street Journal on March 20, 2013.

Sandwiched between a January visit to North Korea and a stop in Myanmar at the end of this week Google Inc.'s GOOG +0.42% executive chairman, Eric Schmidt, is visiting India until Thursday.

The world’s largest democracy might seem to have little in common with the two authoritarian states.

But free speech advocates say recent developments in India are troubling and observers are waiting to see whether Mr. Schmidt addresses them during two events over the next couple of days.

At issue is a debate in India over the limits to free speech. In 2011, India’s government, angered at the spread of inflammatory material online, passed a law that allows it to hold Internet companies liable for “offensive” material posted by users. Parts of the law are being challenged in India’s Supreme Court, which has yet to rule.

In December 2011, India’s then-telecoms minister, Kapil Sibal, urged Google Facebook Inc. FB -2.67% and other Internet companies to screen derogatory material from their sites. The requests came amid official anger over content that parodied Prime Minister Manmohan Singh and Sonia Gandhi, president of the ruling Congress party, as well as other leading politicians.

A journalist, Vinay Rai, subsequently filed criminal cases in a Delhi court against Internet firms including Google, alleging material they hosted was defamatory, obscene and promoted enmity among different religious and ethnic groups. The companies are challenging the validity of the case in a higher court. The lower court is expected to begin hearings next month.

Google and the others deny wrongdoing. Google has said it makes unavailable to Indian users any content that violates its terms of services or local laws.

Mr. Schmidt is unlikely to address the ongoing lawsuits. But he might take the opportunity to push India to reconsider its position on free speech, say activists.

“He will obviously make a case..but the government is unlikely to take it seriously,” said Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society. “It’s much more complicated.”

Mr. Schmidt is set to speak at two technology conferences – one organized by the country’s software industry body, the National Association of Software and Services Companies, or Nasscom, on Wednesday, and another by Google on Thursday.

Paroma Roy Chowdhury, a spokeswoman for Google India said: “The Google India team is very happy to host him here.”

Mr. Schmidt’s India visit follows his private visit to North Korea in January where he urged its officials to drop barriers to global Internet access if they hope to develop their economy. He is likely to travel to Myanmar on March 22, after his India trip.

Google is facing other legal challenges in India. They include a federal anti-trust probe on alleged anticompetitive practices by Google’s online advertising business. Google says it has done nothing wrong.

For Google, India is an important market for its Internet services as well as mobile-devices software Android.

Market research firm ComScore Inc. SCOR -0.41% said in June that Google reached 95% of online users in India. “Visitors spent 2.5 hours on Google sites, with YouTube accounting for a major share,” it said.

More and more Indians have started taking to the Internet to express their views. India has about 62 million people in urban areas using social media platforms, according to a recent study by the Internet and Mobile Association of India, a trade body, and market-research agency, IMRB. That is expected to rise to 66 million by June.

Demographically, the report said, the “highest proportion’ of social media usage was among young men and college students, representing 84% and 82% of the total internet users, respectively.

Last year, New Delhi issued a series of guidelines on how government departments should use social media to reach out to people and to ensure public participation in policy framing.

The ruling Congress-led coalition government has now started embracing these networks.

For example, Finance Minister P. Chidambaram earlier this month interacted with citizens during the annual budget proposal using social media platform Google+.

For many, this was seen as a move to counter Gujarat Chief Minister Narendra Modi’s use of online platforms during his successful re-election campaign late last year. Mr. Modi, widely expected to be named the prime ministerial candidate for the main opposition Bharatiya Janata Party in 2014, is scheduled to attend Google’s event Thursday.

For more details visit https://cis-india.org/news/wsj-r-jai-krishna-march-20-2013-namaste-mr-eric-schmidt

Myanmar Digital Rights Forum proposes a path away from 66(d)

praskrishna — 2017-01-10T15:09:21Z

This was published by Coconuts Yangon on December 14, 2016. Sunil Abraham was quoted.

Nica Dumlao from the Philippine Internet Freedom Alliance speaks at the forum. Photo: Phandeeyar

Over the last two years, Myanmar has experienced a connectivity revolution; tens of millions of people have hopped onto the web all at once. However, recent events have highlighted how vulnerable people in Myanmar are when communicating and sharing information online.

Daw Ei Myat Noe Khin, a Phandeeyar associate and co-organizer of the event, explained: “Myanmar’s laws and regulations were changed to enable millions of people to get connected. However, not nearly enough has been done to protect the rights of these users. Urgent legislative action is needed to ensure that the rights and freedoms that the Myanmar people now enjoy offline are also protected when they are using the internet.”

Rights groups and media organizations have noted the threats to freedom of speech posed by the arrest under Article 66(d) of Myanmar’s Telecommunications Law of journalists and ordinary citizens for Facebook posts.

Nay Phone Latt, the former political prisoner and free speech activist who now serves in the Yangon Region parliament, called for changes to Myanmar’s laws, which are now being used to sue people for as actions as little as leaving a comment on social media.

“Even though I am now an MP, my opinion on free speech has not changed,” he said.

He also called on Union-level lawmakers to attend similar forums and ultimately improve the laws relating to digital rights.

However, Article 66(d) is only one of many issues that need to be addressed. According to speakers at the forum, other critical issues include information privacy, the right to information, online hate speech, cyberbullying, revenge porn and phishing scams.

Vicky Bowman, director of Myanmar Center for Responsible Business, recounted the story from a few years ago of an NGO leader who gave away $80,000 of his organization’s money when he was duped by a phishing scam online.

“Are Myanmar people aware of digital rights? I don’t think so. They’re excited about SIM cards and gadgets, but they’re probably not reading the terms and conditions.”

There is still a lot to worry about in the realm of digital rights in Myanmar, she said.

In this challenging environment, the forum’s attendees are working to develop specific policy recommendations, strategies and campaigns to ensure digital rights to the people of Myanmar.

“The benefits of connectivity won’t be realized if people are scared to use the internet. The objective of the Myanmar Digital Rights Forum is to raise awareness about the importance of these issues and to develop concrete plans to address them,” said Daw Htaike Htaike Aung, executive director of Myanmar ICT for Development Organization (MIDO).

Some speakers offered the experiences of other countries as models for what Myanmar might be able to do to protect internet users. Sunil Abraham, the executive director of the Bangalore-based Center for Internet and Society, urged against thinking of companies and governments as monoliths. There are people in government, he said, who do have the rights of citizens in mind. He also advised digital rights campaigners to pursue change on all sides of the political spectrum, just as free-software activists found support in India’s communist and nationalist parties.

Ms Cheekay Cinco, a program manager for Engage Media, said: “This is not a Myanmar problem. Hyper-connectivity in the region has led to greater criminalization of online activities. Over the years, spaces in Southeast Asia have been created to talk about these issues. We can only spark development and change when these spaces continue to flourish and have participation from different sectors.”

For more details visit https://cis-india.org/internet-governance/news/coconuts-yangon-december-14-2016-myanmar-digital-rights-forum-proposes-a-path-away-from-66d

Myanmar Digital Rights Forum

praskrishna — 2016-12-17T00:44:25Z

Sunil Abraham was a speaker at the Myanmar Digital Rights Forum in Myanmar on December 14 and 15, 2016. The two day event was organized by Phandeeyar, You Can Do IT, Engage Media and Myanmar Centre for Responsible Business with support form the Embassy of Sweden.

More than 55 representatives from technology companies, government, media and civil society organizations gathered at the innovation lab Phandeeyar to participate in the Myanmar Digital Rights Forum. The event was organized to address critical digital rights challenges in Myanmar. Participants discussed the issues raised by the increasing access, in recent years, of large numbers of Myanmar citizens to the internet, social media and mobile phones. For more info see here.

Click to read the agenda

For more details visit https://cis-india.org/internet-governance/news/myanmar-digital-rights-forum

My Experiment with Scam Baiting

sahana — 2012-03-13T10:43:28Z

Today, as I am sure many of you have experienced, Internet scams are widespread and very deceptive. As part of my research into privacy and the Internet, I decided to follow a scam and attempt to fully understand how Internet scams work, and what privacy implications they have for Internet users. Though there are many different types of scams that take place over the Internet —identity scams, housing scams, banking scams— just to name a few. I decided to look in depth at the lottery scam.

Day 1: July 4, 2011

On July 4, I received a spam mail from Shell BP Manchester England (lamarc65@cs.com). The e-mail informed me that my e-mail address had won a sum of $550,000 which was held on July 3, 2011 in England. In order to claim my prize the e-mail instructed me to confirm the receipt of the mail by submitting a few of my personal details to one Dr. Mohammed Al Maliki. This is an extract from the letter asking for my information:

Information Requested:

Your full Name:
Contact address:
Your Telephone:
Your Age:
Your occupation:
Your country of origin:

Congratulations.
Yours Sincerely,
Mrs Roseline Lott
Shell Prize announcer, England.

Deciding to reply to the email and see what happened, I responded to Dr. Mohammed Al Maliki (dr.mohamedmalik@gmail.com) with the information that the e-mail had asked, only I substituted my real information with the following fake information:

Shaiza Sarkar
B-196, CR Park, New Delhi - 110019
09916000603
23 yrs old
India

To my surprise he replied to my mail the same day at 4:59pm. In this mail he informed me that he had sent my details to Lloyds Bank who would be responsible for the payment of my prize. He asked me to inform him after I receive a mail from the bank. The e-mail contained a phone number for me to call. I tried to call the number mentioned in the mail but there was no reply.

Again to my surprise, I received a mail from Lloyds Bank at 6:58 p.m. the same day with a list of documents and details that I was supposed to send them to claim the prize money. Lloyds Bank had also attached a deposit certificate to ‘prove’ that Shell Petroleum Development Company had deposited the prize money in the bank. Below is an extraction of the e-mail I received from Lloyds Bank.

"FROM THE DESK OF DR. MOHAMED MALIK
REGIONAL CLAIMS AGENT,
SHELL PETROLEUM INTERNATIONAL LOTTERY PROGRAM.
Regional Office:
St James Court, Great Park Road,
Almondsbury Park, Bradley Stoke,
Bristol BS32 4QJ, England
Contact: +447035974608
“LLOYDS BANK PLC
ADMINISTRATIVE HEADQUARTERS.
LONDON, ENGLAND, UNITED KINGDOM.
REF...FILENOS2345/LTB
ATTENTION: SARKAR SHAIZA
*REGARDING YOUR PRIZE FROM SHELL PETROLEUM DEVELOPMENT COMPANY*
PLEASE SEND US THE DOCUMENTS BELOW;
1. A CERTIFICATE OF AWARD FROM SHELL PETROLEUM CONTACT DR MOHAMED MALIK
2. A SCANNED COPY OF EITHER YOUR DRIVERS LICENSE OR YOUR INTERNATIONAL PASSPORT OR WORK I.D CARD.
3. A SWORN AFFIDAVIT OF CLAIM FROM THE CROWN COURT HERE IN LONDON,YOU ARE REQUIRED TO CONTACT [DR MOHAMED MALIK]YOUR AGENT FOR ALL THIS.
SIR PAUL WISCONFIELD.
HEAD OF OPERATIONS.
LLOYDS TSB BANK PLC

Day 2: July 5, 2011

The next day I informed Dr. Mohammed Al Maliki of the above letter from the bank, as instructed to at 8:58 p.m. At 9:45 p.m., Dr. Mohammed Al Maliki emailed me back with the certificate of award from Shell Petroleum Development Company with my fake name printed on it.

Though the first two documents that Lloyds Bank required me to obtain were standard enough, the turning point in this entire scam was the third document that Lloyds Bank asked me to acquire. The third document asked me to present a sworn affidavit of claim from the Crown Court in London. Following the instructions given by the bank, I again emailed Dr. Mohammed Al Maliki. He replied with instructions for me to contact Barrister Wilson Burrows (ESQ) of Wilson and Co. Law Chambers for this document. I tried to search for Wilson and Co. Chambers on the Internet and found that no company with such a name exists.

This is the certificate of award provided to me by Dr. Mohammed Al Maliki:

Day 3: July 6, 2011

At 1:47 p.m. I mailed Wilson and Co. Law Chambers informing them about the sworn affidavit that I required in order to claim the lottery prize. The same day at 8:25 p.m. the Law Chambers sent me the following mail with an application form, and asked me to transfer 520 pounds through a Western Union Money Transfer to the Chamber’s Accountant Mr. Preston Doyle. I checked the address provided in the mail to see if it existed. The Google map showed that the given pin code “L14JJ”- London - was a pin code for Liverpool, Merseyside UK, which is not London , and not where Wilson and Co. Law Chambers claimed to be based. Additionally, the Law Chambers attached a form for the affidavit in this mail.

Below is an extract from the email I received from Wilson and Co. Law Chambers:
“The Principal Attorney
Wilson and co Chambers
#18 Harms Road Manchester
L14JJ - London.
Supreme Solicitors, Principal Attorneys and Property Managers
Kind Attention: Client,
As stated in the attached form, the completed form should be returned with the Court Oath Fee. For further processing, see below fees;
Court Oath Fee: 250 Pounds
Attorney Fee: 270 Pounds
------------------------------------------
Total Fee: 520 Pounds
-----------------------------------------
To send this money, go to any WESTERN UNION MONEY TRANSFER OFFICE nearest to you and make the payment to the Chamber's Accountant - Mr. Preston Doyle with the following details -
Receiver's Name: Mr. Preston Doyle
Receiver's Location: London, United Kingdom.
Receiver's Address: #18 Harms Road Manchester, L14JJ – London
Amount: £ 520.00 (Five Hundred and Twenty Pounds)
Regards,
Mrs.Wilson Burrows(ESQ)
(Registrar)
Mrs. Ivon Samuel (KBE) (Secretary)”

Day 4: July 7, 2011

After receiving the e-mail asking for a money transfer, I was curious and wished to probe more. Thus, I wrote to Wilson and Co Law Chambers and explained that a Western Union Transfer was not available in my village. The same day at 6:48 p.m. the Law Chambers sent me a mail saying that the Honourable Chamber recognizes only Western Union Transfer as the safest mode for transactions. I did not reply to this mail, as I knew I would not be able to go any further with my investigation. Though I was disappointed because this was the end to my investigation into lottery scams, and I still had questions that I wanted answered, the last e-mail the Law Chambers sent me was very interesting. In the last email sent to me by the Law Chambers requested (in a very pushy tone) that I should not tell anyone about my prize money, and that it was in fact in my best interest not to tell anyone.

Below is the extract of this mail:

“So do not discuss your winning with anybody until your prize has been transferred to you. It is for your own good. And it is at that time alone that you can be used for advert purposes by our company. So the success of this transfer lies sorely in your hands. These are the exact words from the Director this morning.”

Regards,

Mrs.Wilson Burrows (ESQ)

(Registrar)

His Lordship, Justice Ivon Samuel (KBE) (Secretary)

Day 5: July 8, 2011

Originally I wrote to the Law Chambers telling them I did not have access to a Western Union for the purpose of seeing if they use other mediums to receive money. Surprisingly, at 1:47 p.m. Wilson and Co. Law Chambers emailed me. The e-mail said that they would grant me the privilege of using a direct deposit of the 250 pounds into their correspondents account in India. In the mail they asked me to confirm that I would use this method of payment, and that once confirmed, that they would furnish me with their correspondent’s account details. Interested, I confirmed. After my e-mail confirmation at 9:47 p.m. they emailed me the details of their correspondent in India.

Below are the details of the account that I was supposed to transfer the money into:

This is the account details you will deposit the money into:
Account Name: L. MOHAN SINGH
Bank name: HDFC BANK
Branch: DELHI
Account number: 0609190004391
Ifsc Code : HDFC0000609
Pan Card: DDMPS9075M

Day 6: July 11, 2011

I did not deposit the money (obviously) and I did not e-mail the bank or the Law Chambers, I did receive a mail from Wilson and Co. Law Chambers informing me that their reputable organization would not tolerate my laxity. Unfortunately, because I could not pay the fee to their correspondent and obtain the affidavit, I was unable to follow the scam any further. Despite this dead end I was curious to know if they would provide me with the phone number of their Indian correspondent. Thus, I wrote them a mail to humbly apologise for the delay. I further asked them to provide me with the correspondent’s phone number claiming that the bank was rejecting his profile due to security protocols.

Day 7: July 12, 2011

The Law Chambers responded, informing me that they did not wish to give the correspondents number. In their e-mail they made it quite clear that for online banking all that is needed is the IFSC code. Therefore, I had to stop here.

This is the extract of the mail they sent me when I asked for the phone number:

The Principal Attorney
Wilson and co Chambers
#18 Harms Road Manchester
L14JJ - London.
Supreme Solicitors, Principal Attorneys and Property Managers

Kind Attention: Client,
This Honorable Chambers is in receipt of your mail. It is very important for you to know that laxity will not be accepted anymore. For the online transfer of this payment, you do not need any phone number, all you need is the IFSC Code already supplied to you. Once more, the IFSC Code is HDFC0000609. That is all you need to make an online transfer.

While I stopped following the scam at this point, many people might have continued with the process without any knowledge of it being a scam. Thus, one should be very sceptical about individuals or organizations who ask for personal and banking information.

Conclusions

In my experiment with scam baiting, I realized that:

They introduced me to various parties to make this entire scheme look professional. I initially assumed that I would have to carry out the process with the Shell Petroleum Development Company alone.
In the beginning of the experiment I initially thought the scam was about taking my account number and hacking into it. During my experiment I realized that the scam was not designed to make money by emptying my bank account, but instead was designed to profit off of the various admission fees such as the Sworn Affidavit.
Due to the speed by which they were able to respond to my emails, I realized that they had pre-prepared fake documents – ready to send to anyone who emailed them regarding claiming the offered lottery prize.
Throughout all of our e-mail exchanges I noticed that the individuals behind the scam only used a G-mail account. Curious, I checked their IP address – hoping to find out more information and possibly track their location – but found that Google does not reveal senders IP address information (which is in fact a very good thing in terms of privacy protection!)

For a detailed understanding of different types of scams visit here.

For more details visit https://cis-india.org/internet-governance/blog/privacy/scam-baiting

MWC19 Shanghai AI and Trust in APAC and China

Admin — 2019-06-05T07:10:50Z

Sunil Abraham will be making a presentation at the summit on AI and Trust in APAC and China at MWC19 Shanghai on June 27, 2019. Sunil has been invited as a speaker on panel ‘Framing AI for Digital Upstarts’.

MWC Shanghai is a three-day conference and exhibition bringing together over 200 AI business leaders, 65,000 attendees, and 550 companies from across different industries and perspectives to address business and technical concerns in the Intelligent Connectivity era and debate tough problems for today and tomorrow. More info here. For event details see this page.

For more details visit https://cis-india.org/internet-governance/news/mwc19-shanghai-ai-and-trust-in-apac-and-china