We are anonymous, we are legion

In Twitter India’s Arbitrary Suspensions, a Question of What Constitutes a Public Space

torsha — 2019-12-12T16:54:05Z

A discussion is underway about the way social media platforms may have to operate within the tenets of constitutional protections of free speech.

The article by Torsha Sarkar was published in the Wire on December 7, 2019.

On October, 26 2019, Twitter suspended the account of senior advocate Sanjay Hegde. The reason? He had previously put up the famous photo of August Landmesser refusing to do the Nazi salute in a sea of crowd in the Blohm Voss shipyard.

According to the social media platform, the image violated Twitter’s ‘hateful imagery’ guidelines, despite the photo being around for decades and usually being recognised as a sign of resistance against blind authoritarianism.

August Landmesser. Photo: Public Domain

Twitter briefly revoked the suspension on October 27, but promptly suspended Hegde’s account again. This time, the action was prompted by Hegde quote-tweeting parts of a poem by Gorakh Pandey, titled ‘Hang him’, which was written in protest of the first death penalties given to two peasant revolutionaries in an independent India. This time, Hegde was informed that his account would not be restored.

Spurred by what he believed was Twitter’s arbitrary exercise of power, he proceeded to file a legal notice with Twitter, and asked the Ministry of Electronics and Information Technology (MeitY) to intervene in the matter. It is the subject matter of this ask that becomes of interest.

In his complaint, Hegde first outlines how the content shared by him did not violate any of Twitter’s community guidelines. He then goes on to highlight how his fundamental right of dissemination and receipt of information under Article 19(1)(a) were obstructed by the action of Twitter. Here, he places reliance to several key decisions of the Indian and the US Supreme court on media freedom, which provided thrust to his argument that a citizen’s right to free speech is meaningless if control was concentrated in the hands of a few private parties.

Vertical or horizontal?

One of the first things we learn about fundamental rights is that they are enforceable against the government, and that they allow the individual to have a remedy against the excesses of the all-powerful state. This understanding of fundamental rights is usually called the ‘vertical’ approach – where the state, or the allied public authority is at the top and the individual, a non-public entity is at the bottom.

However, there is another, albeit underdeveloped, thread of constitutional jurisprudence that argues that in certain circumstances these rights can be claimed against another private entity. This is called the ‘horizontal’ application of fundamental rights.

In that note, Hegde’s contention essentially becomes this – claiming an enforceable remedy against the private entity for supposedly violating his fundamental right. This is clearly an ask for the Centre to consider a horizontal application of Article 19(1)(a) against large social media companies.

What could this mean?

Lawyer Gautam Bhatia has argued that there are several ways in which a fundamental right can be enforced against another private entity. It must be noted that he derives this classification on the touchstone of existing judicial decisions, which is different from seeking an executive intervention. Nevertheless, it is interesting to consider the logic of his arguments as a thought exercise. Bhatia points out that one of the ways in which fundamental rights can be applied to a private entity is by assimilating the concerned entity as a ‘state’ as per Article 12.

There is a considerable amount of jurisprudence on the nature of the test to determine whether the assailed entity is state. In 2002, the Supreme Court held that for an entity to be deemed state, it must be ‘functionally, financially and administratively dominated by or under the control of the Government’. If we go by this test, then a social media platform would most probably not come within the ambit of Article 12.

However, there is a thread of recent developments that might be interesting to consider. Earlier this year, a federal court of appeals in the US ruled that the First Amendment prohibits President Donald Trump, who used his Twitter for government purposes, from blocking his critics. The court further held that when a public official uses their account for official purposes, then the account ceases to be a mere private account. This judgment has a sharp bearing in the current discussion, and the way social media platforms may have to operate within the tenets of constitutional protections of free speech.

Although the opinion of the federal court clearly noted that they did not concern themselves with the application of the First Amendment rights to the social media platforms, one cannot help but wonder – if the court rules that certain spaces in a social media account are ‘public’ by default, and that politicians cannot exclude critiques from those spaces, then can the company itself block or impede certain messages? If the company does it, can an enforceable remedy then be made against them?

A US court ruled that Donald Trump cannot block people on his Twitter account. Photo: Reuters

What can be done?

Of course, there is no straight answer to this question. On one hand, social media platforms, owing to the enormous concentration of power and opaque moderating policies, have become gatekeepers of online speech to a large extent. If such power is left unchecked, then, as Hegde’s request demonstrates, a citizen’s free speech rights are meaningless.

On the other hand, if we definitively agree that in certain circumstances, citizens should be allowed to claim remedies against these companies’ arbitrary exercise of power, then are we setting ourselves for a slippery slope? Would we make exceptions to the nature of spaces in the social media based on who is using it? If we do, then what would be the extent to which we would limit the company’s power of regulating speech in such space? How would such limitation work in consonance with the company’s need to protect public officials from targeted harassment?

At this juncture, given the novelty of the situation, our decisions should also be measured. One way of addressing this obvious paradigm shift is by considering the idea of oversight structures more seriously.

I have previously written about the possibility of having an independent regulator as a compromise between overtly stern government regulation and allowing social media companies to have free reign over the things that go on their platforms. In light of the recent events, this might be a useful alternative to consider.

Hegde had also asked the MeitY to issue guidelines to ensure that any censorship of speech in these social media platforms is to be done in accordance with the principles of Article 19.

If we presume that certain social media platforms are large and powerful enough to be treated akin to public spaces, then having an oversight authority to arbitrate and ensure the enforcement of constitutional principles for future disputes may just be the first step towards more evidence-based policymaking.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-torsha-sarkar-december-7-2019-twitter-arbitrary-suspension-public-space

Cyber security tips for small businesses

Theres Sudeep — 2019-12-05T23:35:59Z

It is important to have good cyber security practices, experts recommend.

The article by Theres Sudeep was published in the Deccan Herald on December 1, 2019. Arindrajit Basu was quoted.

Many times small businesses don’t allocate any of their budgets to cybersecurity. This is due to the common misconception that it’s only larger companies and governments that need to worry about attacks by hackers and the like.

This is not the case as Arindrajit Basu of The Centre for Internet and Society explains, “The kind of risks that smaller players are vulnerable to may not be on the scale of threats that larger companies encounter, but it is equally important for them to have good cybersecurity practices,” he says.

Phishing, an attempt to obtain sensitive information by disguising oneself as a trustworthy entity, and ransomware, a type of malware that threatens to publish the victim’s data or block access to it unless a ransom is paid, are the two most common kinds of attacks on small business according to Basu.

He adds that many hackers see small businesses as an easy way into a larger network. Once the smaller nodes are breached, they can easily get to the bigger players on the network.

Bengaluru, the startup capital of the country, has many such small businesses that need to better their cybersecurity practices.

The first and foremost step recommended by Basu is to create a strategy within your business plan and revise it periodically. This must include employee training and guidelines on what to if there is a breach.

Apart from this owners and employees are advised to routinely change passwords and back up their data on a device that doesn’t connect to the internet.

Owners are also advised to monitor access to admin accounts.

Many small businesses and startups don’t have offices of their own, which means employees end up working at a cafe or the like.

When working at these venues, make sure to carry your own WiFi or use the hotspot from your phone. Open WiFi networks are vulnerable to attacks.

Basu concludes by saying that small businesses must be periodically audited by an independent cybersecurity firm.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-december-1-2019-theres-sudeep-cyber-security-tips-for-small-businesses

Why having more CCTV cameras does not translate to crime prevention

Manasa Rao — 2019-12-05T23:26:25Z

Can technology substitute addressing social, psychological, economic and other individual factors that largely lead to criminality? And what are the perils of over-reliance on technology to fight crime?

The article by Manasa Rao was published the News Minute on September 3, 2019. Pranav M. Bidare was quoted.

In August, a couple from Tamil Nadu’s Tirunelveli district made national headlines for their bravery. True to the Tamil adage ‘vallavanukku pullum aayudham’ (for the strong man, even a blade of grass is a weapon), when thieves entered their home, they fought them with chairs, slippers and even a bucket. Despite being armed with sickles, the masked miscreants fled the scene unable to match the counter-attack mounted by 70-year-old Shanmugavel and 65-year-old Senthamarai. The incident was caught on CCTV camera and the couple, whose video quickly went viral, was celebrated for their valour and made for the perfect social media feel-good story. However, as the news cycle was focused on them, senior police officers from the state and many commentators pointed to the importance of the CCTV camera footage. After all, the whole world watched their courage thanks to the CCTV camera affixed on the couple's front yard.

Since 2017, the Tamil Nadu Police has been aggressively pushing for citizens to install CCTV cameras. A techno-futuristic awareness campaign video released last year even roped in popular Kollywood star Vikram to help the police force. “If there are CCTV cameras, crimes are prevented, evidenced and importantly, it provides evidence in court. So, each of us will compulsorily fix a CCTV camera wherever we are,” says Vikram. In a bold declaration, the motto of the campaign affirms, “With CCTV everywhere, Tamil Nadu has become a place without crime.” At the end of the video Vikram suggests Big Brother is watching, stating, “Everything. Everywhere. We're watching.”

But do more CCTV cameras necessarily translate to crime prevention and deterrence? Can technology substitute addressing social, psychological, economic and other individual factors that largely lead to criminality? And what are the perils of over-reliance on technology to fight crime?

What the numbers say

A study released in August by tech research group Comparitech ranked Chennai as 32nd out of 50 of the most surveilled cities in the world. The research group, with the use of government reports, police websites and news articles, puts the total number of cameras in the city at 50,000. With a 2016 estimated population of 1.07 crore in Chennai, that is 4.67 cameras per 1,000 people.

With the help of Numbeo, a crowd-sourced database of perceived crime rates, the study puts Chennai’s crime index at 40.39. On a scale of 0 to 100, this is an estimation of overall level of crime in a given city. This score means Chennai’s crime index is ranked ‘moderate’. Similarly, on a 100 point scale, the city's safety index— quite the opposite of crime index— is at 59.61. The higher the safety index, the safer a city is considered to be.

The two other Indian cities on the list of 50 are New Delhi ranked No. 20 with 1,79,000 cameras for 1.86 crore people (9.62 cameras per 1,000 people) and Lucknow ranked at No. 40 with 9,300 cameras for 35.89 lakh people (2.59 cameras per 1,000 people). The capital's crime index is at 58.77 while its safety index is 41.23. The UP city on the other hand has a crime index of 45.30 and a safety index of 54.70.

Stating that the higher number of cameras ‘just barely correlates’ with a higher safety index and lower crime index, the study concludes, “Broadly speaking, more cameras doesn’t necessarily result in people feeling safer.” While the presence of CCTV cameras may not inherently be bad, experts say that they cannot become a substitute for tackling crime and its causes which transcend the realm of technology. These involve tailored and specific approaches which stem from community building.

The infallible CCTV myth

Pranav MB, policy officer at the Centre for Internet and Society in Bengaluru observes that in the long run, over-reliance on CCTV cameras would merely propel criminals to innovate, as opposed to helping deter the crime from taking place. He says, “While it seems intuitive that the presence of a CCTV camera will have a deterring effect on criminal activity, numerous studies over the past decade have concluded that this is not really the case. The idea of a deterring effect also relies on the assumption that the actors are making educated intelligent choices about their future, which is often not the case with persons that commit criminal acts. So the deterring effect of CCTV cameras is not likely to be much more than the already deterring effect that exists because of criminal law and law enforcement.”

Busting the myth that CCTV cameras are foolproof, Pranav adds that public infrastructure as simple as a streetlight could aid in safer neighbourhoods. “The fact remains, however, that if you are not using advanced technology, a simple mask will render you unidentifiable by most basic CCTV cameras. As more advanced and more expensive technology is used, you are only necessitating the need for innovation among criminals to identify new loopholes that they can exploit in the technology. This is not an argument that generally holds against the use of technology, but in the case of CCTV cameras, it has been seen that simple street lights much better serve the goal of deterrence of crimes,” he says.

However, cops disagree with the findings. One IPS officer who works with the police’s Law and Order department in Chennai tells TNM that the presence of CCTV cameras has helped them nab a range of criminals from chain-snatchers to stalkers who have hacked women to death. Praising the use of facial recognition software like FaceTagr that was introduced a few years ago, the officer says, “CCTV cameras have a dissuading effect on criminals. At the very least they serve as a warning but in most cases, we can easily match them to criminals on our existing local, station-wise database. Especially when it comes to areas like T Nagar, Purasawalkam or other crime-prone suburbs, CCTV cameras are an invaluable tool for law enforcement.”

“Even in cases of sexual abuse, street harassment or trafficking, private CCTV cameras have been helpful. Shop owners or residents have come forward with the footage in public interest,” he says, admitting that the Centre’s release of the long-pending National Crime Records Bureau (NCRB) statistics could show a correlation between the push to install CCTVs and crime rates.

With a lack of NCRB data, there are no statistical answers to whether indeed installation of CCTV cameras has helped lowering of crime rates. However, as per one report in The Hindu, the police report a 30% drop in the crime rate in the city following the installation of CCTV cameras. According to their estimate for chain snatching alone, the city police claims that the number of cases have dropped from 792 in 2012 to 538 following the installation of CCTV cameras in 2018.

Over-reliance on technology

Agreeing that law enforcement must be cautious while employing technology to solve crimes, Dr M Priyamvadha, associate professor at the Department of Criminology, University of Madras says her detailed interviews with over 200 incarcerated burglars across Tamil Nadu reveal that they are always on the lookout for a CCTV camera. “They simply use a jammer worth Rs 2,000 (a handy device that disrupts the signal range of a camera) to skirt the presence of a CCTV camera,” she reports. However, the professor cautions that one must not over-sell the capabilities of a CCTV camera in crime prevention.

“We must remember that CCTV cameras don't deter all crimes. If there is family or domestic violence, there won't be a CCTV camera inside the four walls of a house to reveal it. For burglaries, robberies and such offences, you can rely on CCTV cameras. How far it helps is a question mark. You can neither completely say it prevents crime nor that it is a waste,” she says.

The professor points out that even when deploying CCTV cameras across the city, law enforcement does not account for wear and tear and maintenance which forms an important part of monitoring security.

Echoing the sentiment, Pranav says that CCTV cameras primarily serve as sources of electronic evidence in criminal cases. “Their deterring effect has repeatedly been observed to not balance out the costs of installing and running them.”

Privacy, data protection concerns

Chennai-based independent tech researcher Srikanth points to the inherent surveillance dangers thanks to the centralised way in which the city police collects the CCTV data. “There is something concerning especially about Chennai City Traffic Police and other various city police’s approach to CCTV. The fundamental shift is that, at least in the city, these cameras are connected to the police control room. So data gets centrally collated. When centralization kicks in, power abuse isn't far away. This way it is far easier for police to destroy evidence,” he alleges.

Srikanth also points out, “CCTVs (especially connected ones) are usually funded by residents and/or merchants who spend their money in putting up the infrastructure, but freely give away the data to the police (often in good faith). There is no oversight on usage, storage, retention of this data and by sheer monopoly on law and order, the police is able to connect a vast number of private CCTVs on to its network.”

Significantly, he expresses concerns about there being no laws that govern the usage of CCTV footage by the police. “Even if one gives into the legitimate state aim to control crime, even if one can argue violation of privacy is proportional, there is no law around use of CCTV by police, let alone using them in investigations. That the state engages with private vendors (such as FaceTagr) and many others also provides these service providers access to data,” he explains.

Pranav also warns, “Furthermore, CCTV cameras also result in compromising the privacy of individuals, and if implemented by the state (as in the case of law enforcement), creates added surveillance risks. Compounding on this is the issue of the recorded video footage, which if stored/transmitted/managed in an non-secure manner creates data protection risks as well. This is especially true in India, where it is difficult to obtain the required infrastructure and expertise in running an effective and secure CCTV camera system.”

'Technology cannot replace interpersonal relationships'

Advising pragmatic thinking when it comes to crime prevention, professor Priyamvadha says that technology should complement what she calls the ‘human touch'. Junking the ‘holistic’ one-size-fits-all approach that is often paraded as a solution, the criminologist says that each crime requires a tailored method of tackling it. “For each and every crime, there is a different strategy. There maybe crimes committed by juveniles, crimes committed against women. For example, if female foeticide is rampant in a village, it is important to understand the village, the preferences of the people there and the caste practices present among them,” she observes.

While technology often allows law enforcement to cover more ground in cases of limited manpower, there’s also a chance the cameras could be seen as a substitute for forging interpersonal relationships between police and the people they seek to protect. “With quick transferring of cops nowadays, the local police station doesn’t have an understanding of the ongoings. Interpersonal relationships are more important than technological advances,” she notes.

For more details visit https://cis-india.org/internet-governance/news/why-having-more-cctv-cameras-does-not-translate-to-crime-prevention

A Deep Dive into Content Takedown Timeframes

torsha — 2020-06-26T11:59:06Z

Since the 1990s, internet usage has seen a massive growth, facilitated in part, by growing importance of intermediaries, that act as gateways to the internet. Intermediaries such as Internet Service Providers (ISPs), web-hosting providers, social-media platforms and search engines provide key services which propel social, economic and political development. However, these developments are also offset by instances of users engaging with the platforms in an unlawful manner. The scale and openness of the internet makes regulating such behaviour challenging, and in turn pose several interrelated policy questions.

In this report, we will consider one such question by examining the appropriate time frame for an intermediary to respond to a government content removal request. The way legislations around the world choose to frame this answer has wider ramifications on issues of free speech and ease of carrying out operations for intermediaries. Through the course of our research, we found, for instance:

An one-size-fits-all model for illegal content may not be productive. The issue of regulating liability online contain several nuances, which must be considered for more holistic law-making. If regulation is made with only the tech incumbents in mind, then the ramifications of the same would become incredibly burdensome for the smaller companies in the market.
Determining an appropriate turnaround time for an intermediary must also consider the nature and impact of the content in question. For instance, the Impact Assessment on the Proposal for a Regulation of the European Parliament and of the Council on preventing the dissemination of terrorist content online cites research that shows that one-third of all links to Daesh propaganda were disseminated within the first one-hour of its appearance, and three-fourths of these links were shared within four hours of their release. This was the basic rationale for the subsequent enactment of the EU Terrorism Regulation, which proposed an one-hour time-frame for intermediaries to remove terrorist content.
Understanding the impact of specific turnaround times on intermediaries requires the law to introduce in-built transparency reporting mechanisms. Such an exercise, performed periodically, generates useful feedback, which can be, in turn used to improve the system.

Corrigendum: Please note that in the section concerning 'Regulation on Preventing the Dissemination of Terrorist Content Online', the report mentions that the Regulation has been 'passed in 2019'. At the time of writing the report, the Regulation had only been passed in the European Parliament, and as of May 2020, is currently in the process of a trilogue.

Disclosure: CIS is a recipient of research grants from Facebook India.

Click to download the research paper by Torsha Sarkar (with research assistance from Keying Geng and Merrin Muhammed Ashraf; edited by Elonnai Hickok, Akriti Bopanna, and Gurshabad Grover; inputs from Tanaya Rajwade)

For more details visit https://cis-india.org/internet-governance/blog/torsha-sarkar-november-30-2019-a-deep-dive-into-content-takedown-timeframes

Proposals to regulate social media run into multiple roadblocks

Saumya Tewari and Abhijit Ahaskar — 2019-11-28T14:16:25Z

The Cambridge Analytica scandal, the Pegasus spyware attack on WhatsApp and the growing misuse of social media platforms to spread misinformation have made governments world over, including in India, realise the limitations of existing laws in dealing with the misuse of these platforms.

The article by Saumya Tewari and Abhijit Ahaskar was published by Livemint on November 27, 2019. Gurshabad Grover was quoted.

“The draft guidelines are already in place and we have invited comments from all stakeholders across the country for the same. We have already conducted nationwide discussion with social activists, platforms and states and committed to the court that we will submit the intermediary guidelines by 15 January," said N.N. Kaul, media adviser to electronics and information technology minister Ravi Shankar Prasad.

The need for greater regulation of social media companies stems from the growing feeling that they are not doing enough to curb the misuse of their platforms. In recent times, many of them have been involved in brushes with the government and courts. For instance, short-video app TikTok was accused of promoting pornography among teens and temporarily banned from app stores following a Madras high court order; WhatsApp was slammed for not being able to curb fake messages which led to several cases of mob lynchings in 2018 and, more recently, for the Pegasus spyware attack. Twitter too has been criticised for failing to curb hate speech.

While the draft talks about intermediaries as a whole and doesn’t specify any particular segment, the proposals that apply to social media companies include setting up an India office and having a nodal officer for liaising with the government, furnishing information within 24 hours and tracing the source of a post or information. While forcing companies to have a nodal officer in the country can make these platforms more accountable to legal requests, it also makes them vulnerable to government pressure.

“Having offices in India allows the government to exert extralegal pressure on the company officials by forcing them to comply with informal requests. It is only useful if the intermediaries are willing to push back on the pressure and not entertain any informal request from the government," said Gurshabad Grover, research manager at the Centre for Internet and Society.

China-based TikTok, in a statement, emphasised that it is committed to respecting local laws and actively coordinates with law enforcement agencies through an India-based grievance officer. TikTok claims to have removed six million videos between July 2018 and April 2019 for violation of its guidelines.

Some of these proposals have been flagged on grounds of privacy. For instance, the traceability clause is going to have a huge impact on specific platforms such as WhatsApp and Telegram that encrypt all messages and calls. Enforcing traceability and deploying technology-based automated tools to proactively identify and disable public access to malicious content will force them to break or lower the encryption as has been pointed out by industry in the past.

WhatsApp maintained its official stance from February and reiterated that what is contemplated by the rules is not possible today given the end-to-end encryption that it provides. The rules would require the company to re-architect WhatsApp, which would lead to a different product, one that would not be fundamentally private.

“The fact that India doesn’t have an encryption law per say also complicates the scenario. In fact, section 84A (introduced after an amendment in 2008) of IT Act 2000 has specific provisions authorizing central government for coming up with a policy on encryption. It has been 11 years but there is still no law on it," said Pavan Duggal, a cyberlaw expert.

Further, to ensure that companies abide by the proposed rules and furnish information within 24 hours, the government will have to address hurdles in mutual legal assistance treaty between India and the US, which is why many of these requests take a lot of time to process. “The target of the government should be having an executive agreement with the US under the Cloud Act. The US has significant stakes in the data localization debate as many of the companies are based in the US, and that can be used as leverage to negotiate such an agreement. That will allow law enforcement agencies in India to have expedited access to information held by platforms which are based outside the country," Grover said.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-27-2019-saumya-tewari-and-abhijit-ahaskar-proposals-to-regulate-social-media-run-into-multiple-roadblocks

Project on Gender, Health Communications and Online Activism with City University

ambika — 2019-12-02T09:38:21Z

CIS is a partner on the project 'Gender, Health Communications and Online Activism in the Digital Age'. The project is lead by Dr. Carolina Matos, Senior Lecturer in Sociology and Media in the Department of Sociology at City University.

It is funded by the Global Challenges Research Fund. Ambika Tandon, Policy Officer at CIS, conducted fieldwork for the project in May and June 2019 as a research assistant.

The goal of the project is to advance research on how new communication technologies (ICTs) can be used to create awareness of gender equality and sexual and reproductive rights. It aims to assess how the use of technologies, by women's groups and feminist NGOs can empower women in developing countries to advance citizen and human rights with the intent to influence policy at the global and local level. More information on the preliminary findings of the project can be found in the downloadable presentation."

You may find Dr. Carolina Matos's presentation here.

For more details visit https://cis-india.org/internet-governance/blog/project-on-gender-health-communications-and-online-activism-with-city-university

Cybersecurity Visuals Media Handbook: Launch Event

saumyaa — 2019-12-06T09:27:37Z

6th December | 6 pm | Centre for Internet and Society, Bangalore

The existing cybersecurity imagery in media publications has been observed to be limited in its communication of the discourse prevailing in cybersecurity policy circles, relying heavily on stereotypes such as hooded men, padlocks, and binary codes.

In order to enable a clearer, more nuanced representation of cybersecurity concepts, we, at CIS, along with Design Beku are launching the Cybersecurity Visuals Media Handbook. This handbook has been conceived to be a concise guide for media publications to understand the specific concepts within cybersecurity and use it as a reference to create visuals that are more informative, relevant, and look beyond stereotypes.

We will be launching the interactive digital handbook on 6th December, 2019, at the Centre for Internet and Society, Bangalore, at 6 pm. The event would include a discussion on the purpose, process, and concepts behind this illustrated guide by CIS researchers and Design Beku.

The launch will be followed by a panel discussion on Digital Media Illustrations & the Politics of Technology. We will be joined by Padmini Ray Murray, Paulanthony George, and Kruthika N S in the panel. It will be moderated by Saumyaa Naidu.

Padmini Ray Murray

Padmini founded the Design Beku collective in 2018 to help not-for-profit organisations explore their potential through research-led design and digital development. Trained as an academic researcher, Padmini currently as the head of communications at Obvious, a design studio. She regularly gives talks and publishes on the necessity of technology and design to be decolonial, local, and ethical.

Paulanthony George

Paulanthony hates writing bios in the third person.
My research focuses on the relationships between made objects, the maker and the behaviour of making, in the context of spreadable digital media (and behaviours stemming from it). I study internet memes inside and outside of India and phenomenon such as dissent, satire, free expression and ambivalent behaviour fostered by them. The research is at the intersection of digital ethnography, culture studies, human-computer interaction, humour studies and critical theory. I spend my time watching people. I draw them, the way they are, the way some people want to be and sometimes I have interesting conversations with them.

Kruthika N S

Kruthika NS is a lawyer at LawNK and researcher at the Sports Law & Policy Centre, Bengaluru. She uses art as a medium to explore the intersections of the law and society, with gender justice featuring as the central theme of her work. Her art has included subjects such as the #MeToo movement in India, and the feminist principles of the internet, among several other doodles.

Saumyaa Naidu

Saumyaa is a designer and researcher at the Centre for Internet and Society.

Agenda
6:00 - 6:15 pm - Introduction
6:15 - 6:45 pm - Presentation on the Media Handbook by Paulanthony George
6:45 - 7:00 pm - Tea/ Coffee
7:00 - 8:00 pm - Panel discussion on Digital Media Illustrations & the Politics of Technology
8:00 - 8:30 pm - Tea/ Coffee and Snacks

The interactive version of handbook can be accessed here. The print versions of the handbook can be accessed at: Single Scroll Printing, Tiled-Paste Printing.

For more details visit https://cis-india.org/internet-governance/blog/cybersecurity-visuals-media-handbook-launch-event

Blockchain: A primer for India

Anusha Madhusudhan — 2020-03-30T13:32:58Z

This report is presently being updated.

For more details visit https://cis-india.org/internet-governance/blog/blockchain-a-primer-for-india

Activists demand judicial probe into WhatsApp snooping

KV Kurmanath — 2019-11-15T00:53:02Z

Calls for Parliamentary supervision over Government interception, legal hacking.

The article by K.V. Kurmanath was published in the Hindu Businessline on November 1, 2019. Sunil Abraham was quoted.

With reports of Israeli spyware being used to snoop on scores of WhatsApp subscribers, cyber security activists have appealed to the Supreme Court to take up the issue suo moto and order an inquiry. Kiran Chandra, a leader of the Free Software Movement of India, has said that the Government should rein in WhatsApp and mandate it to submit the source code, stating that the privacy of individuals is at stake.

Though reports of a breach of the WhatsApp network hit the headlines in the US six months ago, it is only in the last few days that the impact in India has become a burning issue.

“We, for long, have been arguing that the privacy of individuals on the Internet is at risk. The Government should have enough safeguards to ensure their safety,” said Chandra.

Sunil Abraham, Executive Director of the Centre for Internet and Society, has called for a dedicated law to ensure Parliamentary supervision for all Government interception and legal hacking programmes. "The data protection law which is being contemplated by the current administration will not address the surveillance policy question in totality," he pointed out.

"It is a truly worrying development that members of civil society are being targeted using sophisticated surveillance technologies without proper legal basis and without any oversight," he said.

Cyber security and privacy experts took to social media to express concern about the vulnerabilities that expose people to potential risks.

Srinivas Kodali, a privacy activist, said the use of Israeli firm NSO Group’s Pegasus spyware to monitor human rights defenders and academics is a clear violation of their fundamental rights. “The Supreme Court judgement on right to privacy has been very loud and clear that Indians’ fundamental rights can’t be exempted under national security without defining it,” he said, responding to a query on the breach of WhatsApp subscribers’ privacy.

“The operations of national security agencies are completely hidden and are not subjected to any legislative or judicial oversight. This cannot continue as they misuse the powers bestowed on themselves without any law on surveillance from Parliament,” he said.

The Internet Freedom Foundation has expressed concerns about the breaches. It wanted the Government to explain on how this spyware was used in India to hack citizens.

“The Government must issue an official public statement providing complete information. It must also clarify which law empowers it to install such spyware,” it said in a statement.

The US-based social media platform has started sending messages to subscribers whose accounts may have been compromised. It contains information about the breach and a link with a to-do list to stay safe.

The victims of the attack, which purportedly took place in April-May 2019, included human rights activists, journalists and Dalit activists.

At least two victims of the spyware attack confirmed receipt of alert messages from WhatsApp. “I received a call (from abroad) in the first week of October. But I ignored it as it was from an unknown number. I received a message from WhatsApp, alerting me about a probable intrusion,” a civil rights lawyer said.

How it happened

“In May, we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted, and we want to make sure you know how to keep your mobile phone secure,” the message received by the victim said.

WhatsApp, a Facebook arm, sent these special messages to about 1,400 users who may have been impacted by the spyware attack. It is working with The Citizen Lab, a research group with the University of Toronto’s Munk School, to assess the impact of the attack on civil society.

In a statement, WhatsApp said: “We provide end-to-end encryption for all messages and calls by default. (But) This attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power our mobile phones.”

WhatsApp moved a US court against the Israeli company NSO Group, and its parent company Q Cyber Technologies, alleging that they violated both US and California laws and WhatsApp’s Terms of Service, which prohibited such intrusions.

For more details visit https://cis-india.org/internet-governance/news/hindu-businessline-november-1-2019-kv-kurmanath-activists-demand-judicial-probe-into-whatsapp-snooping

Cyber law experts asks why CERT-In removed advisory warning about WhatsApp vulnerability

Megha Mandavia — 2019-11-15T00:48:00Z

On the missing web page note, CERT-In had provided a detailed explanation of the vulnerability, which could be exploited by an attacker by making a decoy voice call to a target.

The article by Megha Mandavia was published in ET Tech.com on November 4, 2019. Pranesh Prakash was quoted.

Cyber law experts have asked the government to explain why the Indian computer emergency response team (CERT-In) removed from its website two days ago an advisory it had put out in May warning users of a vulnerability that could be used to exploit WhatsApp on their smartphones.

“This is merely further evidence that the explanation is to be provided by GoI (Government of India) instead of blame shifting and politicizing the issue,” said Mishi Choudhary, the legal director of the New York-based Software Freedom Law Center. “India is a surveillance state with no judicial oversight.”

On the missing web page note, CERT-In had provided a detailed explanation of the vulnerability, which could be exploited by an attacker by making a decoy voice call to a target.

It had warned WhatsApp users that the vulnerability could allow an attacker to access information on the system, such as logs, messages and photos, and could further compromise it. CERT-In rated the severity “high” and asked users to upgrade to the latest version of the app.

It also listed links to hackernews and cyber security firm Check Point Software that pointed to the alleged involvement of Israeli cyber software firm NSO Group in the hacking of WhatsApp messenger.

CERT-In Director-General Sanjay Bahl did not respond to ET’s mails or calls seeking clarity on why the advisory was pulled from its website.

The Times of India reported first the development.

The government had blamed WhatsApp for not informing it about the attack and asked the Facebook-owned company to respond by November 4.

In response, WhatsApp sources pointed out that it had informed CERT-in in May about the vulnerability and updated in September that 121 Indian nationals were targeted using the exploit, ET reported on Sunday.

“We should not read too much into it. It could just be bad website management. The vulnerability was public knowledge. It was reported by the Common Vulnerabilities and Exposures (CVE) organization in May,” said Pranesh Prakash, fellow at the Centre of Internet and Society, a non-profit organisation.

The government has also questioned the timing of the disclosure, as it comes amid a request by it to the Supreme Court seeking three months to frame rules to curb misuse of social media in the country.

The government has categorically told WhatsApp that it wants the platform to bring in a mechanism that would enable tracing of the origin of messages, a demand that the instant messaging platform has resisted citing privacy concerns.

For more details visit https://cis-india.org/internet-governance/news/et-tech-megha-mandavia-november-4-2019-cyber-law-experts-asks-why-cert-in-removed-advisory-warning-about-whatsapp-vulnerability

India facial recognition: How effective will it be?

Admin — 2019-11-15T00:42:35Z

India is trying to build what could be the world's largest facial recognition system.

New Delhi says the system could help fight crime and find missing children.

The technology has already been launched at a few Indian airports.

Police in New Delhi says it has identified nearly 3,000 missing children during a trial period last year.

But not everyone is convinced.

Internet freedom advocates say there is little information about where and what the system will be used for and how data will be stored.

The use of facial recognition software is already common in places like China.

But there are questions about how effective it is, with one British study revealing that the technology could be highly inaccurate.

Pranesh Prakash joins Al Jazeera from Bengaluru in India. He is a fellow at the Centre for Internet and Society but is talking to us in a personal capacity

Video

For more details visit https://cis-india.org/internet-governance/news/al-jazeera-video-november-8-2019-india-facial-recognition

Should online political advertising be regulated?

P.J. George — 2019-11-13T15:12:46Z

Micro-targeting could have potentially damaging results in the context of political advertising.

The article by P.J. George was published in the Hindu on November 8, 2019. Pranesh Prakash was interviewed.

On October 31, Twitter announced that it will no longer carry political advertisements as the power of Internet advertising “brings significant risks to politics, where it can be used to influence votes”. On the other hand, Facebook has said it will not fact-check political advertisements as it does not want to stifle free speech. In a conversation moderated by P.J. George, Pranesh Prakash (board member, The Centre for Internet and Society) and Kiran Chandra (General Secretary, Free Software Movement of India) discuss how platforms and constitutional authorities can deal with the challenges posed by online political advertising to democracies. Edited excerpts:

We have always had political advertising. What is it that makes online political advertisements different or maybe even problematic?

Pranesh Prakash: There are two things that make online political advertising different. One is targeting. Online advertising allows, especially on social networks, for a kind of targeting that wasn’t possible at the same level before. Earlier, if you wanted to target a particular segment of people for your political messaging, you could find out what kind of magazines they subscribe to and put fliers in those magazines. But you couldn’t engage in personalised targeting based on multiple attributes that is possible through platforms like Facebook and Twitter. The second is the invisibility of this kind of advertising. If there’s a billboard in the real world, everyone gets to see it. However, if there’s targeted advertising on a social media platform, not everyone gets to know of it.

Kiran Chandra: App-based organisations have designed advertisement models to specifically allow targeting. Facebook, for instance, allowed you to choose a person from a particular caste and also from a particular class in the same caste. If somebody wants to look at an advertisement for an Audi, they can go to one class of newspapers or look at billboards in some localities; the very existence of the product is not opaque to society. But targeted advertising makes it possible for two people connected to the Internet from the same source, using the same equipment, studying in the same school or college, working in the same workplace, and living in the same habitat to get two different advertisements. And micro-targeting has got potentially damaging results in the context of political advertising, particularly for elections. These platforms make it possible to go from manufacturing consent to manipulating consent. A person is continuously fed with information to vote for a particular party.

Twitter said it will no longer carry political advertisements, considering the repercussions seen in the U.S. in the past elections. On the contrary, Facebook says political advertisements are necessary and that people should see if their politicians are lying. How culpable is a platform in the case of a problematic online political advertisement?

KC: Platforms, particularly Facebook, have been washing their hands of the issue saying they are only intermediaries providing space; that the content is being generated by the people to be consumed by the people, and they have no role to play. But this is false. If you look at the complete business model of Facebook, Google, or any of the platforms, they clearly provide micro-targeting, or allow people to be manipulated for a particular purpose. So, these platforms can’t just wash their hands of the issue. In the Maharashtra election, you saw a lot of advertisements coming out which are untraceable. How can this happen without the platform itself allowing for such a possibility? The Election Commission (EC) needs to step in on all these issues. These corporations need to be very transparent in the context of elections. They need to bring out all the ways in which advertisements are displayed and also the money associated with it.

When somebody publishes it [an ad] on a Facebook wall, it is as good as publishing it in a newspaper. So, all the legislation that apply now for reasonable restrictions and freedom of speech and the freedom of press also apply to these platforms. These platforms are culpable when the very intent of their business model allows such subversion of the democratic process. They need to be brought in line to ensure that Indian democracy is safe.

PP: I completely disagree with Kiran on a number of points. For instance, those who are running a platform shouldn’t automatically be liable for what people are seeing on those platforms. The people who are actually saying things should be liable, not necessarily those who are carrying it without knowing what they’re carrying most of the time. Kiran also mentioned manipulation. The job of all advertising is to manipulate. The job of newspapers is to manipulate public opinion. And there’s always money associated with this. Newspapers carry advertisements as well. You don’t necessarily know who has paid for each ad in the newspaper. What online platforms are able to provide is actually greater transparency in this regard, at least based on what Facebook is attempting to do with its ad library. Calling this manipulation doesn’t quite work. Because then you have to specify why certain categories of things you think of as manipulating, while other categories you think of as influencing.

Second, as far as I know, Facebook does not ask for your caste. Nor does it actually allow advertisers to use caste as a category for advertising. To address the larger question of whether to carry political advertisements or not, I don’t think there are simple answers. For instance, in different jurisdictions there are different rules as to whether different kinds of media are allowed to carry political advertisements or not. In the U.S., all broadcasters are required by law not to censor on the basis of the content of political advertising. Which means that broadcasters in the U.S. cannot say to a candidate, ‘this advertisement that you’ve sent to us contains a lie and we’re not going to associate ourselves with the lie and we’re not going to carry it’. Now, when a platform like Facebook says that it will voluntarily adopt a similar standard as applies to broadcast organisations by law, all hell breaks loose. And again, there might be good reasons for it. But to say that political advertising should not contain lies, and hence should be censored, is not a viable opinion across the board.

KC: I would like to clarify one thing here. There is a clear distinction between Facebook asking your caste and Facebook allowing you to micro-target people based on their caste and class. In 2016, I created an advertisement with a tag called Brahmin bags and it allowed inclusion and exclusion based on caste and economic status. And now, after this had been made an issue for the last three years, Facebook says that advertisers can select topics that are specific to a particular caste. For instance, Dalit topics, Iyengar topics, etc. So Facebook, in its design, allows such kind of sensitivities to be used for micro-targeting. And one should not confuse general advertising with political advertising. If the advertisement is just about manipulating for buying a particular product, that has something to do with the business houses; even if one agrees with it or not. But when you speak about political advertising, when people come to participate and engage in a democratic process, the EC and The Representation of the People Act (RPA) mandate that people should be allowed to take a very clear stand, to look at what has happened in the last five years, and decide how to vote, freely and fairly. That is why the RPA clearly lists a certain set of things for free and fair elections, where even the use of money and manipulation should not be allowed to happen. Yes, the U.S. has a different context. American democracy is different from Indian democracy. We have got our own statute. This methodology in which these platforms have got their business models and are engaging deeply in subverting the Indian democratic process is a serious cause of concern. The EC should come up with new methodologies, if the existing ones are not sufficient.

Can you elaborate on how the EC can play a role in this?

KC: We brought these issues to the notice of the EC prior to the 2019 general election. The EC said it does not have enough manpower to deal with this situation for now. The EC does not have power over the police or the administration; but once the elections are on, it has the capability to take in different departments and ensure that such subversion of the democratic process does not happen. A fundamental problem with the EC’s method is that it said it was in discussion with the digital platforms to make more people vote in the election. And that itself is problematic. How is it going to be done? The EC should make public the way in which this advertising is being conducted, the money associated with it, and the people who are being reached with it. For instance, if we look at TV channels for ads during primetime, there is a mechanism, like TRP ratings, which allows them to understand and evaluate the target sections. If you look at the Maharashtra election, the advertiser itself is not known. Have people been sent communal messages? Have people been targeted based on caste, which can disqualify the contestant? The EC should reach out to the Government of India and look at the departments that are capable of handling this. If they don’t exist, it should start creating infrastructure that will be able to look into all these aspects. Also, concrete guidelines should be given to these digital platforms. And whatever comes in contradiction, or comes in the way of implementing the RPA, the EC should stop the platforms from doing it.

PP: For me, it’s not clear to what extent I would draw a distinction between advertising and other things which the EC has not been able to curtail, such as paid news and political ownership of media, which allow for very skewed viewpoints to be expressed. But insofar as what can be done about online platforms — and again, only online platforms which deal in advertising — the biggest source of online political messaging in India is WhatsApp. So, excluding the elephant in the room from this discussion, what the EC could do is bring the largest platforms together to get transparency commitments from them. Then this information needs to be made publicly available, so that the invisibility which happens with targeting gets countered. The second thing... Given that elections are geographical in nature in India, if you want to engage in advertising, you have to do it on the basis of geography, not on the basis of specific kinds of attributes of a person. And let’s also be aware that most of these attributes or guesses about people that these platforms are making are based on what people post on social media platforms, what they click. So, the one thing that can be done on a global level is transparency and restrictions on various targeting but anything else such as limitations on, say, lying in political advertising, I don't think that can or should be sold on a global level. It’s dependent far too much on each country and their models and how they interpret freedom of expression.

For more details visit https://cis-india.org/internet-governance/news/hindu-pj-george-november-8-2019-should-online-political-advertising-be-regulated

Cultivating India’s Cyber Defense Strategy

Admin — 2019-11-13T14:39:19Z

For more details visit https://cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy

Open Workshop on 'Digital Empire(s): Perspectives from Asia and Africa

Admin — 2019-11-13T14:36:03Z

Monish will be a part of a collaborative network which is organising an open workshop on 'Digital Empire(s): Perspectives from Asia and Africa', on December 4, 2019 at Centre de Sciences Humaines (CSH) Delhi.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/open-workshop-on-digital-empire-s-perspectives-from-asia-and-africa

Advancing Cyberstability Final Report

Admin — 2019-11-13T14:25:59Z

Centre for Internet & Society (CIS) was acknowledged in the final report of the Global Commission on Stability of Cyberspace

CIS had engaged with the Commission throughout the process. An issue brief authored by Elonnai Hickok and Arindrajit Basu was published by them last year. A submission made by Gurshabad Grover, Elonnai Hickok, Karan Saini and Arindrajit Basu was also acknowledged. See the list of acknowledgements here.

For more details visit https://cis-india.org/internet-governance/news/advancing-cyberstability-final-report