We are anonymous, we are legion

Multinational Cyber Security Forum at University of Haifa

Admin — 2017-11-27T14:34:59Z

Sunil Abraham participated in a meeting in Israel on Multinational Cyber Security Forum hosted by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative.

The workshop was held from November 5 to 7, 2017. The objective of the workshop was to facilitate a free and open exchange among participants under the Chatham House Rules. The workshop sought to identify areas of agreement and dissent pertaining to cyber security regulation and to explore issues that require further research, clarification and development.

For more details visit https://cis-india.org/internet-governance/news/multinational-cyber-security-forum-at-university-of-haifa

Multi-stakeholder Models of Internet Governance within States: Why, Who & How?

geetha — 2014-06-16T14:27:38Z

Internet governance, for long a global exercise, has found new awareness within national frameworks in recent times. Especially relevant for developing countries, effective national IG mechanisms are important to raise awareness and ensure multi-stakeholder participation at technical, infrastructural and public policy levels.

This post is a surface-level overview of national IG bodies, and is intended to inform introductory thoughts on national IG mechanisms.

A Short Introduction

The previous decade has seen a proliferation of regional, sub-regional and national initiatives for Internet governance (IG). Built primarily on the multi-stakeholder model, these initiatives aim at creating dialogue on issues of regional, local or municipal importance. In Asia, Bangladesh has instituted a national IGF, the Bangladesh IGF, with the stated objective of creating a national multi-stakeholder forum that is specialized in Internet governance issues, and to facilitate informed dialogue on IG policy issues among stakeholders. India, too, is currently in the process of instituting such a forum. At this juncture, it is useful to consider the rationale and modalities of national IG bodies.

The Internet has long been considered a sphere of non-governmental, multi-stakeholder, decentralized, bottom-up governance space. The Declaration of Independence of Cyberspace, John Perry Barlow’s defiant articulation of the Internet’s freedom from governmental control, is a classic instance of this. The Internet is a “vast ocean”, we claimed; “no one owns it”.[1] Even today, members of the technical community insist that everyone ought to “let techies do their job”: a plea, if you will, of the complexity of cyber-walls and –borders (or of their lack).

But as Prof. Milton Mueller argues in Ruling the Root, the Internet has always been a contentious resource: battles over its governance (or specifically, the governance of the DNS root, both the root-zone file and the root servers) have leapt from the naïveté of the Declaration of Independence to a private-sector-led, contract-based exploitation of Internet resources. The creation of ICANN was a crucial step in this direction, following arbitrary policy choices by Verizon and entities managing the naming and numbering resources of the Internet.

The mushrooming of parallel tracks of Internet governance is further evidence of the malleability of the space. As of today, various institutions – inter-governmental and multi-stakeholder – extend their claims of governance. ICANN, the World Summit of Information Society, the World Conference on International Telecommunications, the Internet Governance Forum and the Working Group on Enhanced Cooperation under the ECOSOC Committee for Science, Technology and Development are a few prominent tracks. As of today, the WSIS process has absorbed various UN special bodies (the ITU, UNESCO, UNCTAD, UNDP are but a few), with the UNESCO instituting a separate study on Internet-related issues. A proposal for a multilateral Committee on Internet-Related Policies remains stillborn.

Amongst these, the Internet Governance Forum (IGF) remains a strong contender for a truly multi-stakeholder process facilitating dialogue on IG. The IGF was set up following the recommendation of the Working Group of Internet Governance (WGIG), constituted after the Geneva phase of the WSIS.

Rationale: Why Have National IG bodies?

The issue of national multi-stakeholder cooperation/collaboration in IG is not new; it has been alive since the early 2000s. The Tunis Agenda, in paragraph 80, encourages the “development of multi-stakeholder processes at the national, regional and international levels to discuss and collaborate on the expansion and diffusion of the Internet as a means to support development efforts to achieve internationally agreed development goals and objectives, including the Millennium Development Goals” (emphasis supplied).

In its June 2005 Report, the Working Group on Internet Governance (WGIG) emphasizes that “global Internet governance can only be effective if there is coherence with regional, subregional and national-level policies”. Towards this end it recommends that “coordination be established among all stakeholders at the national level and a multi-stakeholder national Internet governance steering committee or similar body be set up” (emphasis supplied). The IGF, whose creation the WGIG recommended, has since been commended for its impact on the proliferation of national IGFs.

The rationale, then, was that multi-stakeholder steering committees at the national level would help to create a cohesive body to coordinate positions on Internet governance. In Reforming Internet Governance, WGIG member Waudo Siganga writes of the Internet Steering Committee of Brazil as a model, highlighting lessons that states (especially developing countries) may learn from CGI.br.

The Brazilian Internet Steering Committee (CGI.br) was set up in 1995 and is responsible, inter alia, for the management of the .br domain, distribution of Internet addresses and administration of metropolitan Internet exchange points. CERT.br ensures network security and extends support to network administrators. Siganga writes that CGI.br is a “well-structured multistakeholder entity, having representation from government and democratically chosen representatives of the business sector, scientific and technological community and an Internet expert”.

Why is CGI.br a model for other states? First, CGI.br exemplifies how countries can structure in an effective manner, a body that is involved in creating awareness about IG issues at the national level. Moreover, the multi-stakeholder nature of CGI.br shows how participation can be harnessed effectively to build capacity across domestic players. This also reflects the multi-stakeholder aspects of Internet governance at the global level, clarifying and implementing the WSIS standards (for instance). Especially in developing countries, where awareness and coordination for Internet governance is lacking at the national level, national IG committees can bridge the gap between awareness and participation. Such awareness can translate into local solutions for local issues, as well as contributing to an informed, cohesive stance at the global level.

Stakeholders: Populating a national IG body

A national IG body – be in steering committee, IGF or other forum – should ideally involve all relevant stakeholders. As noted before, since inception, the Internet has not been subject to exclusive governmental regulation. The World Summit on Information Society recognized this, but negotiations amongst stakeholders resulted in the delegation of roles and responsibilities: the controversial and much-debated paragraph 35 of the Tunis Agenda reads:

Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.
The private sector has had, and should continue to have, an important role in the development of the Internet, both in the technical and economic fields.
Civil society has also played an important role on Internet matters, especially at community level, and should continue to play such a role.
Intergovernmental organizations have had, and should continue to have, a facilitating role in the coordination of Internet-related public policy issues.
International organizations have also had and should continue to have an important role in the development of Internet-related technical standards and relevant policies.

This position remains endorsed by the WSIS process; the recent WSIS+10 High Level Event endorsed by acclamation the WSIS+10 Vision for WSIS Beyond 2015, which “respect mandates given by Tunis Agenda and respect for the multi-stakeholder principles”. In addition to government, the private sector and civil society, the technical community is identified as a distinct stakeholder group. Academia has also found a voice, as demonstrated by stakeholder-representation at NETmundial 2014.

A study of the Internet Society (ISOC) on Assessing National Internet Governance Arrangements, authored by David Souter, maps IG stakeholders at the global, regional and national levels. At the global level, primary stakeholders include ICANN (not-for-profit, private sector corporation involved in governance and technical coordination of the DNS), the IETF, IAB and W3C (technical standards), governments and civil society organizations, all of which participate with different levels of involvements at the IGF, ICANN, ITU, etc.

At the national/municipal level, the list of stakeholders is as comprehensive. Governmental stakeholders include: (1) relevant Ministries (in India, these are the Ministry of Information and Broadcasting, and the Ministry of Communications and Information Technology – the Department of Electronics and Information Technology under the MCIT is particularly relevant), and (2) regulators, statutory and independent (the Telecom Regulatory Authority of India, for example). At the national level, these typically seek inputs from other stakeholders while making recommendations to governments, which then enact laws or make policy. In India, for instance, the TRAI conducts consultations prior to making recommendations to the government.

Within the private sector, there may be companies (1) on the supply-side, such as infrastructure networks, telecommunications service companies, Internet Service Providers, search engines, social networks, cybercafés, etc., and (2) on the demand-side, online businesses, advertising/media, financial service providers, etc. who use the Internet. There may also be national registries managing ccTLDs, such as the Registro.br or the National Internet Exchange of India (NIXI). There may also the press and news corporations representing both corporate and public interest under specific circumstances (media ownership and freedom of expression, for distinct examples).

Civil society organisations, including consumer organisations, think-tanks and grassroots organisations, participate at various levels of policy-making in the formal institutional structure, and are crucial in representing users and public interest. The complexity of stakeholders may be seen from Souter’s report, and this enumeration is but a superficial view of the national stakeholder-population.

Processes: Creating effective national IG bodies

National IG bodies – be they steering committees, IGFs, consultative/working groups or other forums – may be limited by formal institutional governmental settings. While limited by the responsibility-gradient in paragraph 35 of the Tunis Agenda, an effective national IG body requires robust multi-stakeholder participation, as Souter notes, in technical governance, infrastructure and public policy issues. Its effectiveness also lies in governmental acquiescence of its expertise and recommendations; in short, in the translation of the IG body’s decisions into policy.

How do these stakeholders interact at the national level? In addition to the Brazilian example (CGI.br), an ISOC study by Souter and Monica Kerretts-Makau, Internet Governance in Kenya: An Assessment, provides a detailed answer. At the technical level, the registry KENIC manages the .ke domain, while the Kenya Computer Incident Response Team Coordination Centre coordinates national responses to incidents and collaborates internationally on cyber-security issues. A specific IPv6 Force to promote Kenya’s transition to IPv6 was also created.

At the infrastructural level, both the government and the private sector play important roles. Directly, ministries and government departments consult with infrastructure providers in creating policy. In India, for instance, the TRAI conducts multi-stakeholder consultations on issues such as telecom tariffs, colocation tariffs for submarine cable stations and mobile towers, etc. The government may also take a lead in creating infrastructure, such as the national optic fibre networks in India and Kenya, as also creating investment opportunities such as liberalizing FDI. At the public policy level, there may exist consultations initiated by government bodies (such as the TRAI or the Law Commission), in which other stakeholders participate.

As one can see, government-initiated consultations by ministries, regulators, law commissions or specially constituted committees. Several countries have also set up national IGFs, which typically involve all major stakeholders in voluntary participation, and form a discussion forum for existing and emerging IG issues. National IGFs have been considered particularly useful to create awareness within the country, and may best address IG issues at the domestic policy level. However, Prof. Mueller writes that what is necessary is a “reliable mechanism reliable mechanisms for consistently feeding the preferences expressed in these forums to actual global policy-making institutions like ICANN, RIRs, WIPO, and WTO which impact distributional outcomes”.

[1] M. Mueller, Ruling the Root: Internet Governance and the Taming of Cyberspace 57 (2002).

For more details visit https://cis-india.org/internet-governance/blog/multi-stakeholder-models-of-internet-governance-within-states-why-who-how

Multi-stakeholder Internet Governance: The Way Ahead

praskrishna — 2014-07-29T07:08:04Z

The Centre for Internet and Society (CIS) in partnership with Software Freedom Law Centre (SFLC.in) is organizing a workshop "Multi-stakeholder Internet Governance: The Way Ahead" on August 6, 2014, 10.30 a.m. to 12.00 p.m., at during the APrIGF event to be held at Crown Plaza, Greater Noida.

Thematic Area of Interest

Enhanced Cooperation & the Multi-stakeholder model

Introduction:
Today, multi-stakeholderism is the catchphrase in Internet governance. With the display of a multi-stakeholder model at NETmundial, controversies and opinions regarding the meaning, substance and benefits of multi-stakeholderism have deepened. As the recent meeting of the Working Group on Enhanced Cooperation of the United Nations Commission on Science, Technology and Development demonstrates, questions and concerns regarding meaning of multi-stakeholderism, the

legitimacy and desirability of its processes, and the successes and disappointments of its outcomes now dominate the discussion. At this juncture, clarity and consensus are imperative to determine the future of multi-stakeholderism in Internet governance.

Roles and responsibilities of stakeholders:
The debates surrounding stakeholder-roles in Internet governance began with ¶ 49 of the Geneva Declaration of Principles and ¶ 35 of the Tunis Agenda, which delineated clear roles and responsibilities. It created a ‘contributory’ multi-stakeholder model, where states held sovereign authority over public policy issues, while business and civil society were contributed to ‘important roles’ at the ‘technical and economic fields’ and the ‘community level’, respectively. At the same time, it set forth an agenda for enhanced cooperation.

As the WGEC meeting (April 30-May 2, 2014) demonstrated, there is as yet no consensus on stakeholder-roles. Certain governments remain strongly opposed to equal roles of other stakeholders, emphasizing their lack of accountability and responsibility. Civil society is similarly splintered, with a majority opposing the Tunis Agenda delineation of stakeholder-roles, while others remain dubious of permitting the private sector an equal footing in public policy-making. Still others question the wisdom of seeking a ‘fix’ when ‘nothing is broken’. In this session, we aim to interrogate the benefits and disadvantages of an ‘equal footing’ model, as opposed to a ‘contributory’ model.

Specific Issues of Discussions & Description

Who are the stakeholders? Should a multi-stakeholder model of Internet governance grant all stakeholders ‘equal footing’? Should such ‘equal footing’ be relegated to issues other than substantive public policy-making? On the other hand, is a ‘contributory’ model safer? Are states better equipped to represent interests inclusively? How can governments and businesses best perform their role as trustees of the public interest of interest users?

In view of the formidable consolidation by the private sector at NETmundial, while civil society splintered on issues of intellectual property and intermediary liability, can a ‘participative model’ better prevent detrimental outcomes?

Multi-stakeholderism beyond NETmundial:
As important as the meaning of multi-stakeholderism is the process of its execution. The need to fashion safe and sustainable processes for multi-stakeholder participation was highlighted by the successes and failures of private sector and civil society at NETmundial. From the ICANN and IGF models to stakeholder coalitions, premeeting coordination and governmental policy participation, this session shall expand on the quest for effective and beneficial stakeholder participation and representation in both the ‘equal footing’ and ‘contributory’ models, with a focus on enhancing developing country participation.

Particularly, lessons that Internet governance may draw from multi-stakeholder governance processes across areas shall be discussed. For instance, deliberative democracy, enterprise associations or unions (such as in the International Labour Organisation) may all be of value. Similarly, multi-stakeholder processes in environmental and corporate governance and the development sector may benefit Internet governance. In determining the value of these processes to Internet governance, public interest of users is an important consideration. The capability and initiative of governments to implement an effective bottom-up model of Internet governance is equally important and will be considered.

We aim to conduct a 90-minute workshop (2 panels of 45 minutes each), inclusive of 15-30 minutes in all for Q&A from audience, panellists and moderators.

For more details visit https://cis-india.org/internet-governance/events/multi-stakeholder-internet-governance-the-way-ahead

Multi-Stakeholder Consultation on ‘Internet Rights, Accessibility, Regulation & Ethics’

praskrishna — 2012-07-25T10:22:48Z

Digital Empowerment Foundation, Association for Progressive Communications, Department of Information Technology and National Internet Exchange of India came together to organize an event on "Internet Rights, Accessibility, Regulation & Ethics". This was held at Mirza Ghalib Hall, SCOPE Complex, New Delhi from 9.00 a.m. to 2.30 p.m. on May 3, 2012. Pranesh Prakash was a speaker.

The core aim of the dedicated half-day consultation programme was to discuss, deliberate and debate over the internet related concerns, covering the larger theme of internet and outlining India’s progress towards ‘Internet Access for All’, and specific areas of concern – right to information, internet & information access, internet governance, Internet regulation, content specifications, cyber law, and appropriate policy framework.

The consultation was an effort to encourage stakeholders to adopt relevant, appropriate and time bound measures to accelerate the availability, affordability and accessibility of the internet and address issues around it.*

Video

External Links

*See the original info published at Digital Empowerment Foundation, Multi-Stakeholder Consultation on ‘Internet Rights, Accessibility, Regulation & Ethics’ : Digital Empowerment Foundation, http://bit.ly/OGyYeg, last accessed on June 29, 2012.
Click here for the Event Agenda
See the video on YouTube

For more details visit https://cis-india.org/internet-governance/internet-rights-accessibility-regulation-ethics

Multi-stakeholder Advisory Group Analysis

jyoti — 2016-04-12T10:02:31Z

This analysis has been done to see the trend in the selection and rotation of the members of the Multistakeholder advisory group (MAG) in the Internet Governance Forum (IGF). The MAG has been functional for nine years from 2006-2015. The analysis is based on data procured, collated and organised by Pranesh Prakash and Jyoti Panday. Shambhavi Singh, Law Student, NLU Delhi who was interning with CIS at the time also assisted with the organisation and analysis of the data.

The researcher has collected the data from the lists of members available in the public domain from 2010-2015. The lists prior to 2010 have been procured by the Centre for Internet and society from the UN Secretariat of the Internet Governance Forum (IGF).

This research is based solely upon the members and the nature of their stake holding has been analysed in the light of MAG terms of reference. No data has been made available regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG (The IGF Secretariat does not share this data).

According to the analysis, in these six years, the MAG has had around 182 members from various stakeholder groups.

We have divided it into five stakeholder groups, Government, Civil Society, Industry, Technical Community and Academia. Any overlap between two or more of these groups has also been taken into account, for example- A member of the Internet Society (ISOC) being both in the Civil Society and Technical Community.

According to the MAG Terms of Reference[1], it is the prerogative of the UN Secretary General to select MAG Members. The general policy is that the MAG members are appointed for a period of one year, which is automatically renewed for 2 more years consecutively depending on their engagement in MAG activities.

There is also a policy of rotating off 1/3^rd members of MAG every year for diversity and taking new viewpoints in consideration. There is also an exceptional circumstance where a person might continue beyond three years in case there is a lack of candidates fitting the desired area.

However, it seems like the exception has become the norm as a whopping number of members have continued beyond 3 years, ranging from 4 years up to as long as 8 years, this figure rounds up to around 49. No doubt some of them are exceptional talents and difficult to replace. However, the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the usual term.

S. No.	Stakeholder	Number of years	Total Members continuing beyond 3 years
1	Civil Society	8, 6, 6, 4, 4,	5
2	Government/Industry	4, 5	2
3	Technical community/ Civil society	8, 8, 8, 6, 6, 4, 4, 4, 4,4	10
4	Industry/ Civil society	8, 6,	2
5	Industry	8, 7, 7, 6, 6, 4,	6
6	Industry/Tech Community/ Civil Society	8,	1
7	Government	7, 7, 7, 6, 6, 6, 6, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4,	19
8	Academia	6, 6, 5,	3
9	Industry/ Tech community	6,	1

The stakeholders that have continued beyond 8 years have around 39% members from Government and related agencies. The next being Technical Community/Civil Society with around 20% representation, followed by Industry at 12%, 10% from the Civil Society, 6% from Academia, 4% from Government/Industry, 4% from Industry/Civil Society and 2% each from Industry/Technical Community and Industry/Technical Community/Civil Society respectively.

Table with overlapping interests merged

S. No.	Stakeholder	Total Members continuing beyond 3 years
1	Civil Society	7 + 9 + 1+1 = 18
2	Government	19
3	Tech Community	9 + 1 + 1+1 = 12
4	Industry	6 + 2 + 1 + 1+2 = 13
5	Academia	3

When the overlap is grouped separately, as in if a Technical Community/Civil Society person is placed both in Technical Community and Civil Society groups individually, then the representation of stakeholder representation is as follows(approximate values)-

Government- 29%

Civil Society- 28%

Industry- 20%

Technical Community-17%

Academia-5%

This clearly shows us that stakeholders from academia generally did not stay on MAG beyond 3 years. Even when all members that have ever been on MAG are taken into consideration, only around 8% representation has been from the academic community. This needs to be taken into account when new MAG members are selected in 2016.

The researcher has also looked at the MAG Representation based on gender and UN Regional Groups. The results of the analysis were as follows-

The ratio of male members is to female members is approximately 16:9 in the MAG and the approximate value in percentage being 64% and 36% respectively.

Now coming to the UN Regional Groups, the results that the analysis yielded were as follows-

The Western European and Others Group (WEOG) has the highest representation in MAG, a large number of members being from Switzerland, USA and UK. This is followed by the Asia Pacific Group which has 20% representation. The third largest is the African group with 19% representation followed by Latin American and Caribbean Group (GRULAC) and Eastern European Group with 13% and 12% representation respectively.

The representation of developed, developing and Least Developed Countries is as follows-

Developed countries have approximately 42% representation, developing countries having 53% and LDCs having a mere 5% representation. There should be some effort to strive for better LDC representation as they are the most backward when it comes to Global ICT Penetration. [2]

[1] Intgovforum.org, 'MAG Terms Of Reference' (2015) <http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference> accessed 13 July 2015.

[2] ICT Facts And Figures (1st edn, International Telecommunication Union 2015) <http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf> accessed 11 July 2015.

For more details visit https://cis-india.org/internet-governance/blog/mag-analysis

Much at stake for tech sector in UID project

praskrishna — 2011-12-12T13:10:49Z

With the Parliamentary Standing Committee on Finance raising a red flag against the National Identification Authority of India ( NIAI) Bill to grant the UID (or Aadhar) project legal status, the project looks set for a slowdown. That could have broad implications for the tech sector that had laid substantial hope on it, especially when global markets are slowing down.

The UID project is estimated to offer IT companies a Rs 15,000-Rs 20,000-crore opportunity. This includes building an ecosystem around the project, comprising biometrics, databases, smartcards, storage and system integration.

Since the UIDAI implements an open-system, plugand-play approach, entrepreneurs and startups can develop applications in numerous areas. Some of the applications of Aadhar is seen in areas such as food distribution, financial inclusion, and know-your-customer services.

The parliamentary committee has said that the project might be too expensive and duplicates the National Population Register's (NPR) efforts to collect biometric and other data for the national census. Some have also called for a change of collection of data from biometric data, which they consider insecure for smart cards (as fraudsters can take your fingerprints from objects that you touch). The Cabinet need not accept the committee's recommendations.

Thus it is unclear if the UID project will be scrapped, watered down or persisted with in its current form. Some contracts have been granted to tech majors. According to the said current contracts are not significantly large in size and their cancellation will not make a big dent in the companies' books. He added that scrapping of project from a longer term perspective could be a negative.

Government public services initiatives like public distribution system UIDAI website, Wipro in March 2011 won a contract to supply, install, and commission hardware and software for data centres at Bangalore and NCR. MindTree in April 2010 won a contract for application software development, maintenance and support. TCS, Accenture, HP, Satyam, Intelenet Global, HCL Infosystems, Geodesic are some others that have won contracts.

Ankur Rudra, IT sector analyst at Ambit Capital, (PDS) and e-governance schemes are expected to spark off more projects requiring technology enablement.

Sunil Abraham, ED of the Centre for Internet and Society, said if changes are incorporated to the Bill, it would not necessarily be anti-technology. The organization had raised concerns about security issues around biometric data. "There might be a change in the design of the UID project, but technology will remain a critical element," he added. Siddharth Pai, MD of global sourcing advisory firm Technology Partners International (TPI) India, said that the UID project is a very critical infrastructure from a national perspective and chances of the project being scrapped are little.

He added that tech companies might experience delay in government spends and see a delay in project execution. This may lead to delays in revenue yields. IT company officials also acknowledge that there could be delays in projects which could increase costs for them. None wanted to be quoted on this issue.

This article by Pranav Nambiar was published in the Economic Times on 12 December 2011. Sunil Abraham has been quoted in this. Read the original here

For more details visit https://cis-india.org/news/much-at-stake-for-tech-sector

MPs to be taught ‘draconian’ IT Act Rules as India.net support galvanises for annul motion

praskrishna — 2012-04-25T10:39:48Z

The blog post by Prachi Shrivastava was published in Legally India on April 23, 2012.

Rajya Sabha’s member of parliament (MP) from Kerala, P Rajeeve, whose statutory motion to annul the IT (Intermediaries Guidelines) Rules 2011 is slated for discussion in Parliament tomorrow, aims to convene a meeting of MPs, internet societies, and bloggers in the first week of May to create awareness against the draconian effect of the rules.

“Most of the MPs need to know about this,” Rajeeve told Legally India, explaining that statutory motions are generally not easy to pass. “Actually we are trying to create awareness by organizing a session. The issue will be the IT Rules 2011 and how it is against the constitution, how it is against natural justice, how it is against due process of law.”

“The motion has been accepted. The committee has allotted time for discussion on the twenty fourth. Thereafter it will come to the house. In this part of the session I am trying to coordinate other MPs to get support”, he said.

Rajeeve’s motion of 23 March 2012, as first reported by CIS-India, was not his first attempt at bringing the IT rules into the spotlight. When the rules were in draft stage, he had made a zero hour mention against them for being in violation of freedom of speech and expression, by over-scrutinising bloggers, over-authorising intermediaries, and letting the government, individuals and institutions by-pass the due process of law.

Rajeeve was one of the nine panelists in the open discussion on “Resisting Internet Censorship”, organised by the Centre for Internet and Society (CIS) and Foundation for Media Professionals, in Bangalore on Saturday, 21 April. The discussion, addressing an audience of 40, was moderated by veteran journalist Paranjoy Guha Thakurta.

Other panelists included Mahesh Murthy, founder of digital marketing website Pinstorm, Sudhir Krishnaswamy, founding member of Centre for Law and Policy Research, Na Vijayashankar, director of Cyber Law College, and Siddharth Narain from the Alternative Law Forum.

Also on the panel were Rishabh Dara, Google policy fellow who conducted a study last year on intermediary liability in India and its chilling effects on free expression, BG Mahesh, founder of Oneindia.com, Ram Bhat, co-founder of community media collective Maraa, and Pranesh Prakash, programme manager at CIS.

Prakash said that the discussion brought together different perspectives, even those of the entrepreneur, like BG Mahesh and Mahesh Murthy. “Transparency in the terms of censorship is good. We are not saying all censorship is bad, but that it should be transparent.”

Prakash told Legally India about the various experiences shared by panelists, of the lack of transparency in the present system of censorship. While one faced harassment by the police over trivial procedural compliances, there was complaint for defamation against an article syndicated by another from a different publication’s press release. “And we read the article over and over and over again but couldn’t find anything which was remotely defamatory.”

Legal experts on the panel, Kirshnaswamy and Vijayashankar, spoke about the constitutionalism behind free speech provisions. Narain shed light on the fact that while excessive energy has been expended on highlighting which content should not be banned, little has been spent on examining the operative procedures behind censorship.

Dara spoke about his research and how it not only revealed that content was being frivolously removed on complaints to intermediaries, but also that the people whose content was being removed were not being informed of the same. There was no public notice of the removal.

Bhat’s discourse drew attention to the history of censorship in India and elicited the fact that the Indian press has in fact been censored in an upsetting manner even since the revolt of 1857.

Murthy made the observation that statistically speaking, in India the number of internet users exceeds television watchers, which has made social media unfathomably important while the internet is no longer elitist.

A number of related Indian initiatives have been gathering momentum in recent months, such as signature campaigns for internet freedom, and offline protests such as the Free Software Movement in Karnataka and the Save your Voice in Delhi, are the order of the day. Other actions include writing to MPs, asking them to vote in favor of Rajeeve’s statutory motion for annulment of the IT rules.

Kerala-based advocate Shojan Jacob filed the first ever writ challenging the rules in the Kerala High Court last month.

The rules enable any individual or public or private institution to get content removed from websites, in most cases simply by notifying the website owners or intermediaries such as Google, Yahoo and others.

Takedown requests can be based on any of 15 vaguely drafted parameters, without stating any reasons or requiring any judicial or quasi-judicial order in support.

Click to read the original.

For more details visit https://cis-india.org/news/draconian-it-rules

MPs oppose curbs on internet; Sibal promises discussions

praskrishna — 2012-05-24T10:25:35Z

With MPs raising concerns over open-ended interpretations of restrictive terms in the rules seeking to regulate social media and internet, the government promised to evolve a consensus on points of contention.

Pranesh Prakash is quoted in this article published by the Times of India on May 18, 2012

Telecom minister Kapil Sibal's assurance came at the end of an engrossing debate in Rajya Sabha on a motion moved by CPM MP P Rajeeve who said the rules violated freedom of expression and free speech.

He found support from leader of opposition Arun Jaitley who picked several examples to point out that terms or descriptions like "harmful", "blasphemous" and "defamatory" did not lend themselves to precise legal definitions.

Jaitley said what the government may find defamatory may not be seen in similar light by its critics. He also pointed to the difficulties of controlling technology and asked if it was desirable to do so.

Assuring MPs who sought the annulment of 'rules' which are aimed at regulating internet content, Sibal said, "My assurance to the House is that I will request the MPs to write letters to me objecting to any specific words. I will then call a meeting of the members as well as the industry and all stakeholders. We will have a discussion and whatever consensus emerges, we will implement it."

The move to put rules in place flows from the government's annoyance with what it sees as scurrilous and disrespectful comments about senior Congress leaders. It had suggested pre-screening of content which service providers were reluctant to consider.

The motion for annulling the Information Technology (Intermediaries Guidelines) Rules notified in April 2011 was, however, defeated by a voice vote. Justifying the rules, the minister said "these are sensitive issues" as most internet companies were registered abroad and not subjected to Indian laws.

TOI was first to report about the new rules that put a lot of the onus on intermediaries like internet service providers, Facebook and Twitter, to manage and monitor content produced by their users. Web activists believe the IT rules are open to arbitrary interpretation and can be misused to silence freedom of speech.

Google, which participated in the public consultative process before the rules were framed, had told TOI, "If Internet platforms are held liable for third party content, it would lead to self-censorship and reduce the free flow of information."

Moving the motion, Rajeeve said, "I am not against any regulation on internet but I am against any control on internet... In control, there is no freedom... These rules attempt to control internet and curtail the freedom of expression."

Complimenting the CPM member, Jaitley said, "I think he (Rajeeve) deserves a compliment for educating us on this rule that Parliament has a supervisory control as far as subordinate legislations are concerned, and, if need be, we can express our vote of disapproval to the subordinate legislations."

MPs felt the government should consider a regime where offensive content can be removed immediately after being posted rather than trying to sieve it out.

Noting that it is extremely difficult, if not impossible, to defy technology and that the days of withholding information have gone, Jaitley urged the minister to "reconsider the language of restraints" to prevent its misuse. He pointed to certain words - harmful, harassing, blasphemous, defamatory - used in the rules, explaining how these could be interpreted/misinterpreted at any stage.

The MPs did note that the internet had a risk of inciting hate speech and frenzy in society and therefore it needed to be restrained but the device could be swift identification of objectionable content.

Pranesh Prakash of Centre for Internet and Society, an organization that has been advocating withdrawal of the rules, said he was sad with the outcome in Rajya Sabha. "The IT minister has promised to hold consultations but the ideal way to do so would have been to scrap the rules and start from scratch," he said.

"It's not only about language in these rules. There is a problem with provisions like the one that empowers intermediaries to remove content without notifying the user who had uploaded the content or giving users a chance to explain themselves."

For more details visit https://cis-india.org/news/mps-oppose-curbs-on-internet

Moving Towards a Surveillance State

atreya — 2013-07-15T05:57:15Z

The cyberspace is a modern construct of communication and today, a large part of human activity takes place in cyberspace. It has become the universal platform where business is executed, discourse is conducted and personal information is exchanged. However, the underbelly of the internet is also seen to host activities and persons who are motivated by nefarious intent.

Note: The original tender document of the Assam Police dated 28.02.2013 along with other several other tender documents for procurement of Internet and Voice Monitoring Systems is attached as a zip folder.

As highlighted in the International Principles on the Application of Human Rights to Communications Surveillance, logistical barriers to surveillance have decreased in recent decades and the application of legal principles in new technological contexts has become unclear. It is often feared that in light of the explosion of digital communications content and information about communications, or "communications metadata," coupled with the decreasing costs of storing and mining large sets of data and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale. Communications surveillance in the modern environment encompasses the monitoring, interception, collection, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person's communications in the past, present or future.[*] These fears are now turning into a reality with the introduction of mass surveillance systems which penetrate into the lives of every person who uses any form of communications. There is ample evidence in the form of tenders for Internet Monitoring Systems (IMS) and Telecom Interception Systems (TCIS) put out by the Central government and various state governments that the Indian state is steadily turning into an extensive surveillance state.

While surveillance and intelligence gathering is essential for the maintenance of national security, the creation and working of a mass surveillance system as it is envisioned today may not necessarily be in absolute conformity with the existing law. A mass surveillance system like the Central Monitoring System (CMS) not only threatens to completely eradicate any vestige of the right to privacy but in the absence of a concrete set of procedural guidelines creates a tremendous risk of abuse.

Although information regarding the Central Monitoring System is quite limited on the public forum at the moment it can be gathered that a centralized system for monitoring of all communication was first proposed by the Government of India in 2009 as indicated by the press release of the Ministry of Communications & Information. Implementation of the system started subsequently as indicated by another government press release and the Center for Development of Telematics (C-DOT) was entrusted with the responsibility of implementing the system. As per the C-DOT annual report 2011-12, research, development, trials and progressive scaling up of a Central Monitoring System were conducted by the organization in the past 4 years and the requisite hardware and CMS solutions which support voice and data interception have been installed and commissioned at various Telecom Service Providers (TSP) in Delhi and Haryana as part of the pilot project. Media reports indicate that the project will be fully functional by 2014. While an extensive surveillance system is being stealthily introduced by the state, several concerns with regard to its extent of use, functioning, and real world impact have been raised owing to ambiguities and wide gaps in procedure and law. Moreover, the lack of a concrete privacy legislation coupled with the absence of public discourse indicates the lack of interest of the state over the rights of an ordinary citizen. It is under these circumstances that awareness must first be brought regarding the risks of the mass surveillance on civil liberties which in the absence of established procedures protecting the rights of the citizens of the state can result in the abuse of powers by the state or its agencies and lead to the demise of civil freedoms even in democratic states.

The architecture and working of a proposed Internet Monitoring System must be examined in an attempt to better understand the functioning, capabilities and possible impact of a Central Monitoring System on our society and lives. This can perhaps allow more open discourse and a committed effort to preserve the rights of the citizens especially the right to privacy can be made while allowing for the creation of strong procedural guidelines which will help maintain legitimate intelligence gathering and surveillance.

Internet Monitoring System: Setup and Working
Very broadly, The Internet Monitoring System enables an agency of the state to intercept and monitor all content which passes through the Internet Service Provider’s (ISP) server which includes all electronic correspondence (emails, chats or IM’s, transcribed call logs), web forms, video and audio files, and other forms of internet content. The electronic data is stored and also subject to various types of analysis. While Internet Monitoring Systems are installed locally and their function is limited to specific geographic region, the Central Monitoring System will consolidate the data acquired from the different voice and data interception systems located across the country and create a centralized architecture for interception, monitoring and analysis of communications. Although the exact specifications and functions of the central monitoring system still remain unclear and ambiguous, some parallels regarding the functioning of the CMS can be drawn from the the specifications revealed in the Assam Police tender document for the procurement of an Internet Monitoring System.

Setup
The deployment architecture of an Internet Monitoring System (IMS) contains probe servers which are installed at the Internet Service Provider’s (ISP) premises and the probes are installed at various tapping points within the entire ISP network. A collection server is also installed and hosted at the site of the ISP. The collection server is used to either collect, analyze, filter or simple aggregate the data from the ISP servers and the data is transferred to a master aggregation server located a central data center. The central data center may also contain more servers specifically for analysis and storage. This type of architecture is being referred to as a ‘high availability clustered setup’ which is supposed to provide security in case of a failure or outage.

The Assam Police Internet Monitoring System tender document specifically indicates that the deployment in the state of Assam shall require 8 taps or probes to be installed at different ISPs, out of which 6 taps/probes shall be of 10 GBPS and 2 taps are of 1 GBPS. The document however mentions that the specifications are preliminary and subject to change.

Types of data
The proposed internet monitoring system of the Assam state can provide network traffic interception and a variety of internet protocols including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) and Session Initiation Protocol (SIP), Voice over Internet Protocol (VoIP) can be intercepted and monitored. The system can also support monitoring of Internet Relay Chat and various other messaging applications (such as Google Talk, Yahoo Chat, MSN Messenger, ICQ, etc.). The system can be equipped to capture and display multiple file types like text (.doc, .pdf), zipped (.zip) and executable applications (.exe). Further, information regarding login details, login pattern, login location, DNS address, routing address can be acquired along with the IP address and other details of the user.

Web crawling capabilities can be installed on the system which can provide data from various data sources like social networking sites, web based communities, wikis, blogs and other forms of web content. Social media websites (such as Twitter, Facebook, Orkut, MySpace etc.), web pages and data on hosted applications can also be intercepted, monitored and analyzed. The system also allows capture of additional pages if updated; log periodical updates and other changes. This allows the monitoring agencies the capability of gathering internet traffic based on several parameters like Protocols, Keywords, Filters and Watch lists. Keyword matching is achieved by including phonetically similar words in various languages including local languages.

More specific functions of the IMS can include complete email extraction which will disclose the address book, inbox, sent mail folder, drafts folder, personal folders, delete folders, custom folders etc. and can also provide identification of dead drop mails. The system can also be equipped to allow country wise tracking of instant messages, chats and mails.

Regarding retention and storage of data, the tender document specifies that the system shall be technically capable of retaining the metadata of Internet traffic for at least one year and the defined traffic/payload/content is to be retained in the storage server at least for a week. However, the data may be retained for a longer period if required. The metadata and qualified data after analysis are integrated to a designated main intelligence repository for storage.

Types of Analysis
The Internet Monitoring System apart from intercepting all the data generated through the Internet Service Providers is essentially equipped for various types of data analysis. The solutions that are installed in the internet monitoring system provide the capability for real time as well as historical analysis of network traffic, network perimeter devices and internal sniffers. The kinds of analysis based on ‘slicing and dicing of data’ range from text mining, sentiment analysis, link analysis, geo-spatial analysis, statistical analysis, social network analysis, transaction analysis, locational analysis and fusion based analysis, CDR analysis, timeline analysis and histogram based analysis from various sources.

The solutions installed in the IMS can enable monitoring of specific words or phrases (in various languages) in blogs, websites, forums, media reports, social media websites, media reports, chat rooms and messaging applications, collaboration applications and deep web applications. Phone numbers, addresses, names, locations, age, gender and other such information from content including comments and such can also be monitored. Specifically with regard to social media, the user’s profile and information related to it can be extracted and a detailed ontology of all the social media profiles of the user can be created.

Based on the information, the analysis supposed to provide the capability to identify suspicious behavior based on existing and new patterns as they emerge and are continuously applied to combine incoming and existing information on people, profiles, transactions, social network, type of websites visited, time spent on websites, type of content download or view and any other type of gatherable information. The solutions on the system are also supposed to create single or multiple or parallel scenario build-ups that may occur in blogs, social media forums, chat rooms, specific web hosting server locations or URL, packet route that may be defined from time to time and such scenario build-ups can be based on parameters like sentiments, language or expressions purporting hatred or anti-national expressions, and even emotions like expression of joy, compassion and anger, which as may be defined by the agency depending on operational and intelligence requirement. Based on these parameters, automated alerts can be generated relating to structured or unstructured data (including metadata of contents), events, pattern discovery, phonetically similar words or phrases or actions from users.

Based on the data analysis, reports or dossiers can be generated and visual analysis allowing a wide variety of views can be created. Further, real time visualization showing results from real-time data can be generated which allows alerts, alert categories or discoveries to be ranked (high, medium, and low priority, high value asset, low value asset, moderate value asset, verified information, unverified information, primary evidence, secondary evidence, circumstantial evidence, etc.) based on criteria developed by the agency. The IMS solutions can also be capable of offering web-intelligence and open source intelligence and allow capabilities like simultaneous search capabilities which can be automated providing a powerful tool for exploration of the intercepted data.

Another important requirement mentioned in the tender document is the systems capability to integrate with other interception and monitoring systems for 2G, 3G/UMTS and other evolving mobile carrier technologies including fixed line and Blackberry services and encrypted IP services like Skype services.

Conclusion
It is clear that a system like IMS with its extensive interception and analysis capabilities gives complete access to an agency or authority of all information that is accessed or transmitted by a person on the internet including information which is private and confidential such as email and instant messages. Although the state has the power to issue directions for interception or monitoring of information under the Information Technology Act, 2000 and certain rules are prescribed under section 69B, they are wholly inadequate compared to the scope and extent of the Internet Monitoring System and its scale of operations. The interception and monitoring systems that are either proposed or already in place effectively bypass the existing procedures prescribed under the Information Technology Act.

The issues, concerns and risks are only compounded when it comes to the Central Monitoring System. The solutions installed in present day interception and monitoring systems give the state unprecedented powers to intercept, monitor and analyze all the data of any person who access the internet. Tools like deep packet inspection and extensive data mining solutions in the absence of concrete safeguards and when deployed through a centralized system can be misused to censor any content including legitimate discourse. Also, the perception that access to a larger amount of data or all data can help improve intelligence can also be sometimes misleading and it must be asked whether the fundamental rights of the citizens of the state can be traded away under the pretext of national security. Furthermore, it is essential for the state to weigh the costs of such a project both economically and morally and balance it with sufficient internal measures as well as adequate laws so that the democratic values are persevered and not endangered by any act of reckless force.

Reiterating what has been said earlier, while it is important for the state to improve its intelligence gathering tools and mechanisms, it must not be done at the cost of a citizen’s fundamental right. It is the duty of the democratic state to endure and maintain a fine balance between national interest and fundamental rights through timely creation of equitable laws.

[*]. http://necessaryandproportionate.net/#_edn2

For more details visit https://cis-india.org/internet-governance/blog/moving-towards-surveillance-state

Move over Kolaveri di, here comes Gowda

praskrishna — 2011-11-28T06:58:54Z

Transparency is the buzzword in governance and chief minister DV Sadananda Gowda is eager to set a new benchmark. You could soon watch what the chief minister is doing at office, live on YouTube. This article was published in dailybhaskar.com on November 28, 2011.

Cameras are being installed at the chief minister's office in Vidhana Soudha and his home office, Krishna. The live footage will be uploaded to YouTube. "I always wanted to maintain transparency in my functioning. Very soon, I will put it to work, when people can watch me live at what I am doing when inoffice. Let the people see who come to meet me, what I do and how I work. This will set a new example, but there will be no compulsion for my colleagues to emulate me. It is entirely up to them whether to follow me or not," said Gowda on Sunday.

Kerala chief minister Oommen Chandy has already set a precedent by installing cameras in his office. On July 1 this year, the day Chandy's experiment went 'live', one lakh visitors logged in. Talking to The New York Times earlier this year, Sunil Abraham, executive director of the Centre for Internet and Society, Bangalore, said "He applauded Chandy's webcams, even if the effort amounted to no more than tokenism."This type of tokenism is also quite useful," The NYT reported Abraham as saying.

In Karnataka, the much-hyped Citizens' Charter would be implemented after the state legislature, which begins on December 6, ends. The cabinet had already cleared the proposal and the bill on time-bound delivery of public services would be introduced in the session, added Gowda.

The proposed bill will make it mandatory for officials in government offices to deliver public services within stipulated period of time and failure to do so would make them liable for penal action and fine to be computed for every day of delay.

Already, Bescom chief P Manivannan has installed a webcam in his office. The NYT earlier reported Manivannan as saying that "he was installing a 'hemispheric' camera that would capture the goings-on in his entire office rather than just show his visitors."

Read the original published in dailybhaskar.com here

For more details visit https://cis-india.org/news/here-comes-gowda

Mothers discuss kids, music, fashions, on Net

praskrishna — 2011-04-02T01:25:28Z

Among the many conversations about behavioural problems seen among teenage children and the benefits of organic foods, there is one that raves about a baby-sitter who takes care of pets too, and one that reviews newly opened art classes in the city. These are not the usual face-to-face discussions among women at a gathering, but threads that run on parenting websites and ‘mommy' blogs that have captured the imagination of many mothers in Chennai.

Many parenting forums register more than a thousand threads of interaction each every day from the city alone, with a variety of localised pages on Yahoo, Facebook, and netlog dedicated to facilitate communication between mothers.

Baby growth charts, immunisation schedules, home-made remedies, reviews of schools, summer camps, information on doctors and a collection of articles from the mothers themselves — these forums have it all.

Many mothers feel that going through related threads on various parenting sites before attending the PTA meetings helps to know what rest of the parents feel about issues.

“My daughter does not like me talking to her classmates' parents at meetings; discussing online helps to talk to parents without the interference of children,” says Shobana Mahadevan, a blogger and a mother.

Discussing concerns, especially those regarding increase in fees, change in examination patterns, homework, and school announcements with hundreds of other mothers on the internet helps them understand matters at hand and form opinions, she says.

Many of these forums have threads on car-pooling in selected areas where parents decide on turns to drop children at schools.

Subbiah Arunachalam, a distinguished fellow at the Centre for Internet and Society, says that with the computer finding its way into many urban households, an increasing number of mothers are focussing more on their children's performance in school.

The social network they form on the net provides the mothers a platform to be “collectively enlightened” about everything from culinary innovations to popular music and fashion trends, he says.

On “Babycentre”, a forum that monitors child's growth and gives regular inputs on expected child behaviour, Sangeetha Vijay (38), mother of a two-year-old says,

“It is like an elderly person helping you get prepared for everything from teething problems to allergies in children.”

Many mothers say that though communication on parenting forums starts out as a medium to interact with those who share similar concerns, it soon goes beyond the confines of the internet. “We have groups of ‘internet mothers' who often meet, hold competitions and spend time together,” says Penithia Selvi (32), mother of a five year old girl.

“These sites and blogs give mothers a platform to write, discuss their interests and talk openly, which is a priceless experience,” she adds.

“It is very much an urban phenomenon,” says Savithri. J., child counsellor with schools, “Since many working mothers have access to the internet for more hours, they try tracking their children's activities, and also explore the net in their own way,” she says. Many concerns such as addiction to gaming seen among children, are better discussed with mothers who experience similar problems, says Ranjitha Kumaran (32).

“Since mothers as young as 23 to those in their sixties share their experiences on these sites, the issues are approached with a lot of sensitivity and understanding,” she says.

Read the original in the Hindu

For more details visit https://cis-india.org/news/kids-music-fashion-on-net

Most emerging firms low on cyber security: Experts

praskrishna — 2015-06-29T16:02:51Z

When Pavitra Badrinath saw that the upgrade to a shopping application on her smartphone asked access to her contacts and messages, she decided against it. "Laws on privacy are not clear in India. So I am doing what I can to protect my information," the 26-year-old technology firm employee said.

The article by Malavika Murali and Payal Ganguly was published in the Economic Times on June 24, 2015. Sunil Abraham gave his inputs.

Are users taking a risk by allowing applications to gain access to personal data shadowed by an upgrade? "Most definitely ," said Bikash Barai, cofounder and chief executive of security firm iViz Security .

With at least 10 alleged breaches and hacks into the databases of startups such as Ola and Gaana this year, the alarm bells are going off.

Experts warn that emerging businesses are lax with security frameworks, which is especially worrying as millions more Indians are shopping online, including on their phones, exposing crucial personal and financial data to fraud.

More than 70 per cent of Indian companies are under-prepared when it comes to cyber security, according to a report by CISO Platform, a social platform for security experts where Barai is chief adviser.

India's largest cab-hailing company, Ola denied hackers' claims in an email response to ET, stating that its data were not compromised.

Music service Gaana.com, in response to being hacked by a person in Pakistan calling himself MakMan, said it had strengthened its security team and offerings in recent weeks. "In addition, we are working on a `bug bounty' program, which will allow individuals to point out any potential vulnerability in a safe way," said Pawan Agarwal, business head at Gaana.com.

According to Google India, the number of online shoppers is expected to cross 100 million by the end of next year, from 35 million ear, from 35 million n 2014. But lack of roust regulations and ata privacy laws as ell as the fragmentd nature of the starup ecosystem, do not llow much scope for esearch on cyber seurity , said experts."Under the Indian "Under the Indian regime, there are no self-regulatory mechanisms for putting out breach notifications," said Sunil Abraham, executive director of the Centre for Internet and Society. "The numbers available with a central body like Data Security Council of India will be a gross underestimation of the cases of breach."

"Most of the startups in India want to do everything in-house. This can lead to a potential compromise or lack of expertise on the security front, even if it is made priority," said Harshit Agarwal, founder and chief executive of Singapore-based Appknox, which provides security services to Paytm, Freecharge and Myntra among other clients.

Jabong founder and managing director Praveen Sinha said the online fashion retailer spends 15-20 per cent of its revenue on cyber security. But other startups contended that budgets and teams sizes are not accurate indicators of security preparedness.

"We do not work with any external security firms as we have realised that the average report is as good as our internal team can make," said Mukesh Singh, chief executive officer of online grocer ZopNow.

For more details visit https://cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts

More urban Indian women are acting against offensive calls and text messages

Aria Thaker — 2019-03-10T02:24:46Z

More Indian women are fighting back against sexual harassment they face over phone calls and text messages, a survey shows.

The blog post by Aria Thaker was published in Quartz India on March 8, 2019. Ambika Tandon was quoted.

In an India-based survey by the Swedish phone-identification app Truecaller, nearly 40% of respondents who had faced sexual harassment via calls and SMSes said they’d filed police complaints against it in 2019—a sharp increase from 10% when the company conducted the same survey just one year ago.

Truecaller’s survey, conducted with global market research firm Ipsos, asked detailed questions to over 2,100 women from metro areas across India. All respondents had to be users of the Truecaller app.

The survey, published yesterday (March 07), showed the staggering scale of phone-based harassment of women in India. One in three respondents reported receiving “sexual and inappropriate” calls or SMSes. This is the same figure as when Truecaller conducted the survey last year.

Women’s responses to phone harassment took various forms. While 62% of women reported having “taken measures against” harassment in 2018, 74% did this year. Some of the steps women took this year included blocking numbers, calling mobile operators to request “do not disturb” activation, ignoring calls, and changing one’s number.

Blocking numbers, the most popular step women took, also saw a substantial increase in popularity from last year. While 65% of women who experienced harassment reported blocking offending numbers in 2018, 92% did so in 2019.

Women who faced harassment also reported being more willing to “name and shame” perpetrators on social media—with 7% reporting having done so last year, and 16% this year. In a recent, high-profile instance of this, when television journalist Barkha Dutt experienced a torrent of phone-based harassment, she published screenshots from her perpetrators’ messages on Twitter.

Why this increase?

Some say that this increase in willingness among women to take action may be in part due to the influence of the MeToo movement, which took India by storm last year.

“MeToo had a huge impact across India,” said Gayatri Sethi, the business head of WhiteBalance, a Delhi-based creative studio that Truecaller partnered with on an anti-harassment media campaign called #ItsNotOK. Now, Sethi said, “women can step up and can tell the world about these issues, and understand that they should not just ignore (harassment).”

Truecaller believes that the Indian government’s initiatives to tackle harassment may also be partly responsible for the increased reports to police. “There’s been a major shift in the approachability of the police, and there are several helplines for women to call and report,” Lindsey LaMont, Truecaller’s global brand manager, told Quartz. “I think this has made a big difference.” In October, as #MeToo gripped India, the country’s National Commission for Women launched helplines and a dedicated email address to field harassment complaints.

It is important to note, however, that Truecaller’s survey—of which around 97% of respondents come from the highest socioeconomic classification group in India—cannot at all be considered nationally representative. “One of their criteria for targeting respondents is that they need to be using Truecaller, which is in itself a very limited sample set,” said Ambika Tandon, a policy officer who researches gender and tech issues for the think tank Centre for Internet and Society.

Indian women of lower socioeconomic strata, Tandon suggested, would be more likely to respond to harassment “by going offline or not accessing mobile phones at all, because they don’t have the kinds of support structures that would exist for communities where there is a larger level of access or skill.”

Tandon also cautioned against the survey’s clubbing together of different ways that women are taking action against harassment, for example, by including steps like ignoring calls or blocking numbers next to filing police complaints. This conflation, she said, could risk being seen as similar to instances of law enforcement bias, in which police sometimes tell women to simply block harassers’ numbers—while “not dealing with (the complaint) as rigorously as they would with a physical harassment complaint.”

For more details visit https://cis-india.org/internet-governance/news/more-urban-indian-women-are-acting-against-offensive-calls-and-text-messages

More than a Hundred Global Groups Make a Principled Stand against Surveillance

elonnai — 2013-07-31T14:26:38Z

For some time now there has been a need to update understandings of existing human rights law to reflect modern surveillance technologies and techniques.

Nothing could demonstrate the urgency of this situation more than the recent revelations confirming the mass surveillance of innocent individuals around the world.

To move toward that goal, today we’re pleased to announce the formal launch of the International Principles on the Application of Human Rights to Communications Surveillance. The principles articulate what international human rights law – which binds every country across the globe – require of governments in the digital age. They speak to a growing global consensus that modern surveillance has gone too far and needs to be restrained. They also give benchmarks that people around the world can use to evaluate and push for changes in their own legal systems.

The product of over a year of consultation among civil society, privacy and technology experts, including the Centre for Internet and Society (read here, here, here and here), the principles have already been co-signed by over hundred organisations from around the world. The process was led by Privacy International, Access, and the Electronic Frontier Foundation. The process was led by Privacy International, Access, and the Electronic Frontier Foundation.

The release of the principles comes on the heels of a landmark report from the United Nations Special Rapporteur on the right to Freedom of Opinion and Expression, which details the widespread use of state surveillance of communications, stating that such surveillance severely undermines citizens’ ability to enjoy a private life, freely express themselves and enjoy their other fundamental human rights. And recently, the UN High Commissioner for Human Rights, Nivay Pillay, emphasised the importance of applying human right standards and democratic safeguards to surveillance and law enforcement activities.

"While concerns about national security and criminal activity may justify the exceptional and narrowly-tailored use of surveillance programmes, surveillance without adequate safeguards to protect the right to privacy actually risk impacting negatively on the enjoyment of human rights and fundamental freedoms," Pillay said.

The principles, summarised below, can be found in full at necessaryandproportionate.org. Over the next year and beyond, groups around the world will be using them to advocate for changes in how present laws are interpreted and how new laws are crafted.

We encourage privacy advocates, rights organisations, scholars from legal and academic communities, and other members of civil society to support the principles by adding their signature.

To sign, please send an email to rights@eff.org, or visit https://www.necessaryandproportionate.org/about

Summary of the 13 principles

Legality: Any limitation on the right to privacy must be prescribed by law.
Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.
Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim.
Adequacy: Any instance of communications surveillance authorised by law must be appropriate to fulfill the specific legitimate aim identified.
Proportionality: Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to users’ rights and to other competing interests.
Competent judicial authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.
Due process: States must respect and guarantee individuals' human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public.
User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorisation.
Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers.
Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.
Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information.
Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.
Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public and private actors.

For more details visit https://cis-india.org/internet-governance/blog/more-than-hundred-global-groups-make-principled-stand-against-surveillance

More errors in Aadhaar data in Andhra Pradesh than in voter database

Admin — 2018-05-20T14:04:00Z

As much as eight per cent of Aadhaar data collected in Andhra Pradesh has errors, mostly related to name, address and date of birth, which is more than the errors in the voter ID database. But still, 87% of rural residents approve mandatory linking of the unique ID with various schemes and services.

The article by U Sudhakar Reddy was published in the Times of India on May 18, 2018.

This was revealed in the State of Aadhaar report 2017-18 based on a survey carried out in three states — Andhra Pradesh, Rajasthan and West Bengal. The survey revealed that a majority of people in AP and Rajasthan preferred Aadhaar-based PDS delivery as they believed biometric authentication prevents identity fraud. On the flip side, at least 3 lakh people, which is 0.8% of PDS beneficiaries, were denied ration benefits due to Aadhaar issues, it found.

The survey found that among the three states, it was easiest to enrol for Aadhaar in AP. As many was 67% of people used Aadhaar as proof for opening bank accounts and 17% used it for Know Your Customer (KYC) verification. The survey also found that 96% of respondents valued privacy and wanted to know what the government will do with their data.

“The survey covered 2,947 rural households in 21 districts across the three states from Nov 2017 and Feb 2018,” the report by IDinsight, a development analytics firm, said. “Compared to voter IDs, the error-rate in Aadhaar was 1.5 times higher. While exclusion from PDS due to Aadhaar-related factors is significant, it is lower than exclusion explained by factors unrelated to Aadhaar,” said Ronald Abraham of IDinsight.

Reacting to the findings, Dr Ajay Bhushan Pandey, CEO of UIDAI, said: “The report highlights that Aadhaar has wide-scale support from people. Exclusion from PDS is due to failure of the local administration and should be taken very seriously.”

But critics found fault with the survey methodology. “If IDinsight asked respondents whether they preferred the UK system where you can get a SIM card without KYC or the Indian system with mandatory biometric authentication, then 100% of respondents would have opted for the UK approach. They have got an endorsement for use of biometrics due to their disingenuous survey design,” said Sunil Abraham, executive director, Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-may-18-2018-u-sudhakar-reddy-more-errors-in-aadhaar-data-in-andhra-pradesh-than-in-voter-database