We are anonymous, we are legion

MHRD IPR Chair Series: Information Received from Delhi University

nehaa — 2016-05-15T12:18:40Z

This post provides a factual description about the operation of Ministry of Human Resource Development IPR Chair’s Intellectual Property Education, Research and Public Outreach (IPERPO) scheme in Delhi University.

The author has analysed all the data received through which, the author seeks to trace the presence of unjustified underutilisation of funds by the aforementioned university as provided by the MHRD during the period of 2013-2014. To collect the information for the given study, an RTI application was filed to Delhi University on 09/02/2015 by the Centre for Internet and Society. The reply to RTI application was received on 25/02/2015.

These are the documents received by CIS from Delhi University:

For the response to the RTI application click here

Hereinafter, in order to receive any information about Delhi School of Economics, Delhi University’s RTI reply, kindly refer to the above mentioned links. Following are the queries mentioned in the RTI application along with their replies.

Reports on the implementation of the IPERPO scheme of the Ministry of Human Resource Development and the implementation of the MHRD IPR Chair funded under the scheme at the Delhi School of Economics.
Reply: The University submitted that there are no reports on the implementation of the IPERPO scheme or the MHRD IPR Chair funded under the same. Additionally, the implementation of the scheme commended at Delhi University w.e.f 20th Feb., 2014. Dr. Rekha Chaturvedi joined as the IPR Chair (Technical) on the same date.
Documents on the release of grants to the MHRD IPR Chairs under the IPERPO scheme at the Delhi University, Delhi School of Economics for the year 2013-14.
Reply: The University submitted that there has been no release of grants by the Human Resource and Development Ministry under the IPERPO Scheme.
Documents relating to receipts of utilization certificates and audited expenditure statements and matters related to all financial sanctions with regard to funds granted to the MHRD IPR Chair established under the IPERPO Scheme for the year 2013-14 at the Delhi University, Delhi School of Economics.
Reply: The University replied that as there has been no release of grants under the IPERPO scheme, the question of utilization certificates and audited expenditure or any other matter related to financial sanctions with regard to the funds does not arise.
Documents regarding all matters related to finance and budget related to the MHRD IPR Chair under the IPERPO scheme 2013-14 established at Delhi University, Delhi School of Economics.
Reply: The University did not submit any documents in this regard and asserted that the information sought is not specific.

Comparative Analysis between University Response and the guidelines of MHRD Scheme Document
The Scheme Document of MHRD (http://copyright.gov.in/Documents/scheme.pdf) is a comprehensive document which consists of guidelines regarding Intellectual Property Education, Research and Public Outreach. It talks about a list of objectives, purposes, conditions and eligibility criteria for a University to ensure in order to implement IPERPO in a truest sense. This document provides the procedural as well as qualifying conditions for an Institute to ensure or fulfil before applying for the MHRD grant. Some of these conditions include maintenance of utilization certificates, audit reports, expenditure statements and event information which would be open to access on demand by MDHR or Comptroller and Auditor General of India.

A. Objectives
The University has not provided any documents detailing any activities undertaken to further the objectives of the IPERPO scheme.

B. Eligibility
Delhi School of Economics, Delhi University is recognized by the University Grants Commission. Therefore, it fulfils the eligibility criteria mentioned in the scheme document.

Financial Analysis

The University has not provided any documents on this subject.

For more details visit https://cis-india.org/a2k/blogs/mhrd-ipr-chair-series-information-received-from-delhi-university

Why The New Government Policy Mandating Panic Buttons On Phones Isn’t Going To Protect Women

praskrishna — 2016-05-15T09:45:36Z

Recently, the Union Minister for Communications and Information Technology Mr Ravi Shankar Prasad tweeted about new rules mandating a panic button in every cell phone sold in the country from January 2017. To keep ladies safe, of course.

The story by Madhura Kadaba was published in the Ladies Finger on May 14, 2016. Rohini Lakshané was quoted.

According to a statement released by the Telecommunications Ministry, the panic button will be activated by pressing a designated button on a smartphone or by holding down both ‘5’ and ‘9’ keys on a basic phone. Pressing the panic button is expected to alert police and designated friends or relatives, similar to apps launched previously by police departments like Himmat.

It followed remarks from the Union Minister for Women and Child Development, Ms Maneka Gandhi, in the Lok Sabha in December 2015. “Every cell phone will have an in-built panic button. Now, all new cell phones will be made with panic buttons. But in case of all old cell phones, you can go to the person who owns the company or the dealer and they will adjust it for you. If a woman is in trouble, she can just press the button on the cell phone and she will immediately get help.”

Two days later, reacting to concerns that the mandate could increase mobile phone costs, Mr Ravi Shankar Prasad said, “Manufacturers… have given their support. My expectation is that they will render their support in social justice and women security.”

After a point, it almost becomes a farce — the government’s continuous search for grand, one-stop solutions to dealing with sexual violence. We had the vast coffers of the Nirbhaya fund, which went nowhere. It had tech solutions coming out of its 1000-crore ears. It included plans for setting up control rooms in 114 cities within 9 months back in 2014 and surveillance cameras in all public transport vehicles including autos! Who was going to be watching the feed of these cameras, if ever by some vast change in the face of humanity such a thing happened, you may wonder? Or as journalist Revati Laul wrote, “Given that police stations across the country are short staffed, given how many of them cannot even afford paper to file a first information report (FIR) or fuel for the police personnel’s motorbike, just how will the appearance of these control rooms change that? How will switchboards help if police stations in even big cities like Varanasi have too few vehicles to cater to the existing load of emergencies they have to deal with?” But hush, don’t interrupt when Daddy is talking.

Recently, we published an investigation into the one-stop centres promised by the Nirbhaya fund. These centres are supposed to provide services like assistance in lodging FIRs, medical assistance for medical examinations, and therapy. On paper, Delhi is supposed to have 6. Good luck locating them because they don’t exist. Most of the staff of the hospitals where the centers were to be located were clueless about the program.

But perhaps we should forget the tiresome past and move to the shiny button-filled future. We asked Rohini Lakshane, a technology expert and Program Officer at the Centre for Internet and Society what she thought of panic buttons. Recently she reviewed a bunch of personal safety apps geared toward women and was very unimpressed. About the government’s new plan, she said, “GPS accuracy in India can sometimes be patchy and not very accurate, and continuous location tracking drains the battery, something that could be problematic for people with phones that do not have good GPS hardware or a long battery life.” Lakshane added, “The app would also enable tracking by family members, which can increase the chance of intimate partner abuse and violence. There have been instances in which apps that provide real-time location or periodic updates of the location of a person to a contact have enabled abuse by intimate partners or by members of the family.” In short, you are unlikely to get the help you need in case of stranger danger and continue to face whatever oppression you maybe facing from your ‘loved ones’.

Which brings us to the biggest problem with panic buttons, the idea that what Indian women should live in fear of scary strangers outside the house.

The story by Madhura Kadaba was published in The Ladies Finger on May 14, 2016. Rohini Lakshane was quoted. The story by Madhura Kadaba was published in the Ladies Finger on May 14, 2016. Rohini Lakshane was quoted.

In fact, carefully conducted research shows over and over again that Indian women are most likely to face violence from their families, within their homes. The Mumbai programme RAHAT’s report shows that 91 percent of the accused in reported cases of rape were by known persons. Add on the fact if you have even a fleeting acquaintance with a man who attacks you the police are additionally reluctant to do anything.

Not that the police like to file complaints if you have been raped by a stranger. That way they are quite equal opportunity about ignoring complaints.

Perhaps we should have a panic button in our phones after all. A daily reminder that you should fear rape, in case for a moment you had decided to stop worrying. A daily reminder that if you do get raped you must remember to press a button that goes nowhere. A great metaphor for how we deal with victims of sexual violence in India.

For more details visit https://cis-india.org/internet-governance/news/why-the-new-government-policy-mandating-panic-buttons-on-phones-isn2019t-going-to-protect-women

Geospatial Info Regulation Bill will hurt start-ups, small firms

praskrishna — 2016-05-13T15:46:13Z

The Geospatial Information Regulation Bill, 2016, whose draft outlaws the acquisition of geospatial information without the government’s permission, is expected to impact smaller companies rather more than the large ones.

The article by Varun Aggarwal was published in Hindu BusinessLine on May 10, 2016. Sumandro Chattapadhyay was quoted.

Experts said that the law is being created to keep large corporates in check, but if implemented in its current form, its biggest impact would be on start-ups and smaller firms that use or create geospatial data.

“While companies such as Uber and Google can survive by getting all their maps vetted by the government, smaller companies will be impacted. This will act as a big entry barrier in favour of the dominant players such as Google and Microsoft,” said Sumandro Chattapadhyay, research director at Centre for Internet and Society.

“Smaller companies have no means to know what kind of geospatial information they can store and what they cannot. Moreover, if a start-up requires three months to get approvals for your data before you can use it, it’ll be as good as dead,” Chattapadhyay said.

Google declined to comment on the draft Bill.

U-turn by Centre

Sanjay Kumar, president of the Association of Geospatial Industries, recalled that Prime Minister Narendra Modi had in a speech in September last highlighted the importance of geospatial data in everyday life of the common man. “But now, the government seems to be taking a U-turn,” he said.

The Association has hundreds of members, including Google, offering various geospatial services.

“The PM’s campaigns on skill development, digital India and enhancement of the transport sector are heavily dependent on geospatial data. There are several private sector companies that provide services for these projects. If this Bill is passed as drafted, all this development process will be stalled,” said Kumar.

For more details visit https://cis-india.org/internet-governance/news/hindu-businessline-may-10-2016-varun-aggarwal-geospatial-info-regulation-bill-will-hurt-start-ups-small-firms

Identity of the Aadhaar Act: Supreme Court and the Money Bill Question

Vanya Rakesh and Sumandro Chattapadhyay — 2016-05-09T11:52:44Z

A writ petition has been filed by former Union minister Jairam Ramesh on April 6 challenging the constitutionality and legality of the treatment of this Act as a money bill. The Supreme Court heard the matter on April 25 and invited the Union government to present its view. It is our view that the Supreme Court can not only review the Lok Sabha speaker’s decision, but should also ask the government to draft the Aadhaar Bill again, this time with greater parliamentary and public deliberation. Vanya Rakesh and Sumandro Chattapadhyay wrote this article on The Wire.

Published by and cross-posted from The Wire.

The Aadhaar Act 2016, passed in the Lok Sabha on March 16, 2016, faced opposition ever since it was tabled in parliament. In particular, the move to introduce it as a money bill has been vehemently challenged on grounds of this being an attempt to bypass the Rajya Sabha completely. A writ petition has been filed by former Union minister Jairam Ramesh on April 6 challenging the constitutionality and legality of the treatment of this Act as a money bill. The Supreme Court heard the matter on April 25 and invited the Union government to present its view.

It is our view that the Supreme Court can not only review the Lok Sabha speaker’s decision, but should also ask the government to draft the Aadhaar Bill again, this time with greater parliamentary and public deliberation.

The money bill question

M.R. Madhavan has argued that the Aadhaar Act contains matters other than “only” those incidental to expenditure from the consolidated fund, as it establishes a biometrics-based unique identification number for beneficiaries of government services and benefits, but also allows the number to be used for other purposes beyond service delivery. While Pratap Bhanu Mehta calls this a subversion of “the spirit of the constitution”, P.D.T. Achary, former secretary general of the Lok Sabha, expressed concern about the attempts to pass off financial bills like Aadhaar as money bills as a means to circumvent and erode the supervisory role of the Rajya Sabha. Arvind Datar has further emphasised that when the primary purpose of a bill is not governed by Article 110(1), then certifying it as a money bill is an unconstitutional act.

Article 110(1) of the Constitution identifies a bill as a money bill if it contains “only” provisions dealing with the following matters, or those incidental to them:

imposition and regulation of any tax,
financial obligations undertaken by Indian Government,
payment into or withdrawal from the Consolidated Fund of India (CFI) or Contingent Fund of India,
appropriation of money and expenditure charged on the CFI or receipt, and
custody, issue or audit of money into CFI or public account of India.

However, the link of the Act with the Consolidated Fund of India is rather tenuous, since it depends on the Union or state governments declaring a certain subsidy to be available upon verification of the Aadhaar number. The objectives and validity of the Act would not actually change if the Aadhaar number no longer was directly connected to the delivery of services. The use of the word “if” in section 7 explicitly leaves scope for a situation where the government does not declare an Aadhaar verification as necessary for accessing a subsidy. In such a scenario, the Act will still be valid but without any formal connection with any charges on the Consolidated Fund of India.

A case of procedural irregularity?

The constitution of India borrows the idea of providing the speaker with the authority to certify a bill as money bill from British law, but operationalises it differently. In the UK, though the speaker’s certificate on a money bill is conclusive for all purposes under section 3 of the Parliament Act 1911, the speaker is required to consult two senior members, usually one from either side of the house, appointed by the committee from amongst those senior MPs who chair general committees. In India, the speaker makes the decision on her own.

Although article 110 (3) of the Indian constitution states that the decision of the speaker of the Lok Sabha shall be final in case a question arises regarding whether a bill is a money bill or not, this does not restrict the Supreme Court from entertaining and hearing a petition contesting the speaker’s decision. As the Aadhaar Act was introduced in the Lok Sabha as a money bill even though it does not meet the necessary criteria for such a classification, this treatment of the bill may be considered as an instance of procedural irregularity.

There is ample jurisprudence on what happens when the Supreme Court’s power of judicial review comes up against Article 122 – which states that the validity of any proceeding in the parliament can (only) be called into question on the grounds of procedural irregularities. In the crucial judgment of Raja Ram Pal vs Hon’ble Speaker, Lok Sabha and Others (2007), the court evaluated the scope of judicial review and observed that although parliament is supreme, unlike Britain, proceedings which are found to suffer from substantive illegality or unconstitutionality, cannot be held protected from judicial scrutiny by article 122, as opposed to mere irregularity. Deciding upon the scope for judicial intervention in respect of exercise of power by the speaker, in Kihoto Hollohan vs Zachillhu and Ors. (1992), the Supreme Court held that though the speaker of the house holds a pivotal position in a parliamentary democracy, the decision of the speaker (while adjudicating on disputed disqualification) is subject to judicial review that may look into the correctness of the decision.

Several past decisions of the Supreme Court discuss how the tests of legality and constitutionality help decide whether parliamentary proceedings are immune from judicial review or not. In Ramdas Athawale vs Union of India (2010), the case of Keshav Singh vs Speaker, Legislative Assembly (1964) was referred to, in which the judges had unequivocally upheld the judiciary’s power to scrutinise the actions of the speaker and the houses. It was observed that if the parliamentary procedure is illegal and unconstitutional, it would be open to scrutiny in a court of law and could be a ground for interference by courts under Article 32, though the immunity from judicial interference under this article is confined to matters of irregularity of procedure. These observations were reiterated in Mohd. Saeed Siddiqui vs State of Uttar Pradesh (2014) and Yogendra Kumar Jaiswal vs State of Bihar (2016).

Thus, the decision of the Lok Sabha speaker to pass and certify a bill as a money bill is definitely not immune from judicial review. Additionally, the Supreme Court has the power to issue directions, orders or writs for enforcement of rights under Article 32 of the constitution, therefore, allowing the judiciary to decide upon the manner of introducing the Aadhaar Act in parliament.

National implications demand public deliberation

As the provisions of the Aadhaar Act have far reaching implications for the fundamental and constitutional rights of Indian citizens, the Supreme Court should look into the matter of its identification and treatment as a money bill and whether such decisions lead to the thwarting of legislative and procedural justice.

The Supreme Court may also take this opportunity to reflect on the very decision making process for classification of bills in general. As Smarika Kumar argues, experience with the Aadhaar Act reveals a structural concern regarding this classification process, which may have substantial implications in terms of undermining public and parliamentary deliberative processes. This “trend,” as Arvind Datar notes, of limiting legislative discussions and decisions of national importance within the space of the Lok Sabha must be swiftly curtailed.

Apart from deciding upon the legality of the nature of the bill, it is vital that the apex court ask the government to categorically respond to the concerns red-flagged by the Standing Committee on Finance, which had taken great exception to the continued collection of data and issuance of Aadhaar numbers in its report, and to the recommendations passed in the Rajya Sabha recently. Further, the repeated violation of the Supreme Court’s interim orders – that the Aadhaar number cannot be made mandatory for availing benefits and services – in contexts ranging from marriages to the guaranteed work programme should also be addressed and responses sought from the Union government.

Evidently, the substantial implications of the Aadhaar Act for national security and fundamental rights of citizens, primarily privacy and data security, make it imperative to conduct a duly balanced public deliberation process, both within and outside the houses of parliament, before enacting such a legislation.

For more details visit https://cis-india.org/internet-governance/blog/identity-of-the-aadhaar-act-supreme-court-and-the-money-bill-question

Why India’s attempt to police digital maps and satellite images is a ‘dumb’ idea

praskrishna — 2016-05-08T13:05:48Z

Are we back to the license raj?

The story was published by the News Minute on May 6, 2016. Pranesh Prakash gave inputs.

In a move which is receiving widespread criticism from technology and policy experts, the Indian government has proposed the Geospatial Information Regulation Bill that seeks to regulate the use of ‘geospatial information’ of India. Any violation of the proposed act could attract a penalty of up to 7 years in prison and Rs. 1 crore in fines, and the extreme punishments proposed have also been criticised.

So what is Geospatial information?

Geospatial Information has been defined in the act as

any imagery or data acquired through space or aerial platforms such as satellites, aircrafts, airships, balloons, unmanned aerial - vehicles or graphical or digital data depicting natural or man-made physical features, phenomenon or boundaries of the earth or any information including surveys, charts, maps and terrestrial photos.

To put it simply, any imagery of anything on earth (in India) recorded using machines in the sky will be under the purview of the law.

The law forbids any ‘incorrect representation' of the Indian map. For instance, not showing Pakistan Occupied Kashmir as a part of India will now be illegal and attract a fine and jail-term.

Here’s what the draft bill says,

"No person shall depict, disseminate, publish or distribute any wrong or false topographic information of India, including international boundaries through Internet platforms or online services or in any electronic or physical form."

And further states,

"Whoever acquires any geospatial information of India in contravention of the law shall be punished with a fine ranging from Rs 1 crore to Rs 100 crore and/or imprisonment for a period up to seven years."

And it doesn’t end here.

In what is reminiscent of India’s license raj era, the law also mandates that any person or institution acquiring or disseminating any geospatial imagery will have to first seek permission and license from a government authority. So Google Maps, Wikipedia, OpenStreetMap and others can operate in India only with a specific license from the Indian government.

The government authority will also run “sensitivity checks” on the imagery to protect India’s security and sovereignty.

Technology and policy experts are openly gunning for the bill and are holding no punches back.

“This proposed bill is as dumb as the draft encryption bill of last year which would have made WhatsApp illegal. It is unenforceable and will only serve to make India look like a backward, despotic country,” says Kiran Jonalgadda, founder of HasGeek and a social technologist.

Pranesh Prakash, Director of the Centre for Internet and Society, is of the view that this bill goes against the philosophy of Digital India and is regressive in nature. “It bears semblance to the conditions that prevailed in the License Raj. The bill is a clear over-reaction to legitimate security concerns. The government ought to encourage open mapping and should have limited the security restrictions to a set of officially declared security installations across India,” he says.

While the government's motive may be in the best interest of maintaining national security in order to prevent the misuse of sensitive data, such stringent measures may hinder the operations of navigation services and other applications that rely on geospatial information, and it will be the smaller players who will be affected the most. “Every map maker has to create different maps for different countries and hope they're not shown in the wrong country. Google Maps can afford to do this. OpenStreetMap and Wikipedia cannot. They will effectively become illegal,” adds Jonalgadda.

These stringent rules are not entirely unexpected and the government has cracked down on institutions in the past for ‘wrong’ geographical depiction of India.

The government had taken harsh rebuke against Twitter earlier this year for showing parts of Jammu and Kashmir in Pakistan and China. In another such instance, Al Jazeera was banned from broadcasting by the Information and Broadcasting Ministry because of repeatedly using a wrong map of India and was accused of cartographic aggression. The RSS too carried an inaccurate map of India (without some parts of Jammu and Kashmir) in its mouthpiece, Organiser and later apologised for its inadvertent error.

Nikhil Pahwa of Medianama has an exhaustive explanation and critique of the bill, and tells you how you and your businesses will be affected if the law is enacted. Read his piece here.

Here are his final comments from his piece, and they are pretty scathing.

This looks like a policy made for policing Google maps that has ended up throwing out the baby with the bathwater.

The people involved in drafting this have absolutely no clue about how users and businesses use geospatial data to make users lives easier, and how integral it is to every day life. Data is changing and increasing every single minute, and it is impossible to police it.

Collection and dissemination of realtime data and its utility is what makes location information useful and special. This kills realtime information.

It looks at location information from the myopic viewpoint of businesses and platforms, and ignores crowdsourced information, and indeed, independent crowdsourced maps.

A separate policy regarding just security establishments and their removal from mapping information, as well as the depiction of national boundaries of India was all that is needed.

It’s hypocritical of a government that promised “maximum governance, miminum governance” to try and enforce a License-raj.

Interestingly, even as the government wishes to impose punitive measures on erring private bodies, government organisations will not be regulated by the Geospatial Information Regulation Bill.

For more details visit https://cis-india.org/internet-governance/news/the-newsminute-may-6-2016-why-indias-attempt-to-polic-digital-maps-and-satellite-images-is-a-dumb-idea

Facebook: A Platform with Little Less Sharing of Personal Information

nishant — 2016-06-05T02:38:22Z

As Facebook becomes less personal, what happens to digital friendship?

The article was published in the Indian Express on May 8, 2016.

Facebook is worried. Even though usage is growing, something strange is happening on the social network. For the first time since it started its journey as a website to rate datable people on college campuses, to becoming the global reference point that defined friendship in the connected age, people are sharing less personal information on Facebook. For a social media network that positions itself largely as a space where our everyday, banal doings become newsworthy articulations, this is surprising news. But it is true. On Facebook, the traffic is high, but most of it is now sharing of external information. People are sharing links to news, to listicles, to videos, to blogs entries, to pictures and to information that they find interesting, but they are writing less and less about what it is that they are doing and feeling.

Ironically, this coincides with the latest change in Facebook’s “response” options, where the ubiquitous “Like” button can now expand to other emojis where you can also be appropriately angry, sad, surprised, or happy about the shared content. Even as Facebook is trying to get its users to qualify how they feel and give emotional value to their likes, people seem to be sharing even less of their private lives on Facebook.

One of the key ways of understanding this drop in people sharing their personal information is through the concept of “context collapse”. It has been a concern since the first instances of disembodied digital communication. In our everyday life, we make sense of information based on the different contexts that surround us. The person who authors the information, the setting within which that information reaches us, the emotional state that we are in when encountering the information, our sense of where we are when processing it, and the preparedness we have for receiving this information are all crucial parameters by which we make sense of the meaning of the information and also our response to it.

In the case of Facebook, the context within which information and transactions have made sense is “friendship”. The site’s USP was that you could bring in a variety of information, but you were always sharing it with friends. You could have a large audience, but this audience is formed of people you know, people you trust, people you add to your friend groups — there is a sense of intimacy, privacy, and casualness that marks the flow of information. You are able to talk, in an equal breath, about what you had for breakfast, your crush on a celebrity, your random acts of charity, and your strong political rant, one after the other, without requiring to think about what you are posting and how others will receive it.

However, Facebook is not really a friendship platform. It is a company interested in selling our interactions and data to advertisers who can target us with content and information based on the patterns of our behaviour. To serve its advertisers better, Facebook started privileging “verified” information trying to ensure news and content producers higher attention and more eyeballs. This was further strengthened by their continued integration with third party vendors, who could push and pull information into the social world of Facebook, and is seen as one of the biggest reasons for this drop. Any newsfeed in the last few months has had equal amounts of professional and amateur content, leading to a context collapse, where you no longer feel like your Facebook feed is a private and intimate conversation with friends.

Similarly, Facebook’s expansive integration of its products —WhatsApp chats, Instagram updates, and Tumblr posts all can collapse into one — produced a confusing space where the personal information that you were once happy to share with your friends, is suddenly being shared along with news and information. Also, digital behaviour works on mirroring, and we often shape our updates to match what we see on our timelines. If we more and more see external content rather than personal statuses, we also start sharing more third party news and links, thus producing a domino effect of everybody shying away from extremely personal or intimate moments.

Facebook, for the millennials, has been the context within which friendship got structured. Its own transitions have now collapsed that context, leading people to think of it as a content aggregator. It is going to be interesting to see what happens to our digital friendships and networks if Facebook is no longer the space where they are housed.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-may-8-2016-facebook-a-platform-with-little-less-sharing-of-personal-information

Privacy Issues with DRM

Jalaj Pandey — 2016-05-03T02:41:15Z

This post has been written by Jalaj Pandey interning at CIS. It elaborates upon the various privacy issues with the Digital Rights Management. The author talks about the various ways in which content producers use DRM as a tool to infringe the privacy of the end users.

Nehaa Chaudhari provided inputs and also edited the blog post. Click to download the File.

The ubiquity of internet in today's world has made content and information sharing an easy task. A certain media file can be shared and made public with hardly any technical obstacles. Issues like hacking, unauthorized copying and publication, unlicensed usage have become concerns for content producers, who have employed Digital Rights Management (hereafter DRM) measures to address some of them.

Several instances of the online privacy intrusion by the content producers have been recorded. In such a scenario the balancing the rights of the content producers and the end users becomes an important one. It is imperative to find a common ground to safeguard the interests of both the parties involved. In the recent past DRM has been receiving a lot of flak because of the privacy issues contented by the users.

In the most rudimentary form privacy can be explained as any information about an individual which he/she does not want to be made public. It is important to mention that this information is seen from the perspective of an ordinary reasonable person. The UN Declaration of Human Rights, 1948, defines privacy as a fundamental right of every human. The functioning of the DRM is based on restricting the usage or distribution of the content. Since this restriction is only possible after there is a formal identification of the end user, the content producers end up collecting information about the users. For example: a DRM for a music file might work in a manner where it can only be accessed by one computer from which the user accesses and registers for the first time. DRMs initially identify the IP addresses of the system and make the file functioning on only that IP address. In this way the producer ends up collecting information about the end user. Different DRM models take different ways to collect information of their user. While collecting IP addresses in one of them the other way is tracking the user information via download, browsing activities, subscription service, etc. The usage log of the users is generated and becomes a valuable asset to assess and predict the preferences of the users

Two contentions of privacy have been raised on the privacy issues of DRM -

a) What is the accountability of this process and

b) Whether it puts the content producers in a position where they can control the users.

The information collected is under the control of content producers, who mostly store this information in the form database. BEUC (European Consumer Organization) claimed that the DRM systems technologically enable content providers to monitor private consumption of content, create reports of consumption, and profile users.

The information is at the disposal of the content producers. An assessment of DRM applications under Canadian Privacy showed that the firms did not even recognise privacy issues of the customers as a priority. In fact the firms failed to provide the information that was stored in their databases. This gives an idea about the lack of transparency that exists in collecting the information about users. The question whether users are aware of what information is being collected and to what extent they are being tracked online remains unanswered. The CEN/ISSS (European Committee for Standardization/ Information Society Standardisation System) pointed out that DRMs have a large potential to transmit, generate personal information about users. It has also been characterized by unprecedented levels of monitoring by various content producers.

Further the principled level argumentation to this is on lines of collection of information without any authentication from the user herself/himself. It is essential that if any information is collected or saved by the producers it should only be after taking consent of the user. Surveillance and compelled disclosure of information about intellectual consumption threaten rights to personal integrity.

DRMs take away the anonymity of the consumption. Since the producers can practically monitor the content usage of the user, this has led to wide scale of price discrimination. This means that producers would monitor and assess the preferences of the user and subsequently raise the prices of that particular class of products. In the report of FIPR (Foundation of Information Policy and Research) it was found that Microsoft had been trying to implement their DRM systems in their products using a similar approach to gain a monopoly position as in their strategy of browser implementation.

The Sony BMG copy protection rootkit scandal in 2005 brought much criticism to DRM. It was found out that Sony BMG had introduced illegal and harmful copy protection measure in its CDs. The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. Further more than just the DRM part of it the software also made the user's system open to a number of malwares and created vulnerabilities in the system. Sony was eventually made to compensate consumer costs, etc on the same. However the question of whether the database in the hands of companies can be used in arbitrary manner was intensely discussed after this.

It is essential that an effective framework is brought into effect which caters to privacy interests of the users. Privacy is the basic human right and it is the onus of the State to protect and safeguard this right. It is essential that the State does not compromise and support mechanisms which promote the welfare of the content producers over the users. The balance of users and producers becomes all the more important in a developing country like ours. The lack the awareness and the knowledge coupled with increasing usage of internet can lead to the exploitation of many. It is essential that the States see through these problems and collectively find an all encompassing solution to it.

K. G. Coffman and A. M. Odlyzko, Growth of the Internet, AT&T Labs - Research, July 6, 2001, available at, ( www.dtc.umn.edu/~odlyzko//doc/oft.internet.growth.pdf) (hereinafter Growth).

The Daily Source, The Growing Impact of the Internet, April 4, 2016, available at (https://www.dailysource.org/about/impact).

Corryne Mcsherry, Adobe Spyware Reveals (Again) The Price Of DRM: Your Privacy And Security, Electronic Frontier Foundation, October 17, 2014, available at,

(https://www.eff.org/deeplinks/2014/10/adobe-spyware-reveals-again-price-drm-your-privacy-and-security).

Digital Rights Management: A failure in the developed world, a danger to the developing world, Electronic Frontier Foundation, March 23, 2005, available at,

(https://www.eff.org/wp/digital-rights-management-failure-developed-world-danger-developing-world).

R. Subramanya and Byung k. Yi, Digital Rights Management, available at, ( https://www.academia.edu/8054608/Digital_Rights_Management) (hereinafter Digital Rights Management).

Global internet liberty campaign, privacy and human rights, An International Survey of Privacy Laws and Practice, available at, (http://gilc.org/privacy/survey/intro.html).

Ann Cavoukian, Privacy and Digital Rights Management (DRM): An Oxymoron, Information and Privacy Commissioner Ontario, available at, ( https://www.ipc.on.ca/images/Resources/up-1drm.pdf ) (hereinafter Oxymoron)

Varian, H.R. (1985) 'Price discrimination and social welfare', American Economic Review, Vol. 75, available at, (http://www.economics-ejournal.org/economics/journalarticles/2007-1/references/Varian1985).

Privacy and Digital Rights Management,A position paper for the W3C workshop on Digital Rights Management, January 2001, available at, ( www.w3.org/2000/12/drm-ws/pp/hp-poorvi.html).

Growth supra note, 1.

Digital Rights Management supra note, 5.

Thierry Rayna, Privacy or piracy, why choose? Two solutions to the issues of digital rights management and the protection of personal information, Intellectual Property Management, Vol. X, No. Y, available at,

(www.inderscienceonline.com/doi/abs/10.1504/IJIPM.2008.021138).

Oxymoron supra note, 7.

BEUC, Consumentenbond, and CLCV at DRM Working Group 1 (2002), available at, (https://privacy.org.nz/assets/Files/4558510.pdf).

Natali Helberger and Kristo´f Ker´enyi and Bettina Krings, Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations, available at (citeseerx.ist.psu.edu/showciting?cid=733532).

Knud Bohle, Indicare, Research into unfriendly DRM : A Review, December, 2004,available at, (citeseerx.ist.psu.edu/showciting?cid=733532) (hereinafter Indicare).

European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003.

Indicare supra note, 16.

News Release, "Forrester Technographics Finds Online Consumers Fearful of Privacy Violations" (October 27, 1999 available at, (www.forrester.com/ER/Press/Release/0,1769,177,FF.html).

Julia E. Cohen, Georgetown Law Faculty Publications, DRM and Privacy, January 2010, available at,

(https://www.academia.edu/2164013/DRM_and_Privacy).

Moe, W. and Fader, P. (2004) 'Dynamic conversion behavior at e-commerce sites', Management Science, Vol. 50, available at,

(https://www.researchgate.net/publication/227447618_Dynamic_Conversion_Behavior_at_E-Commerce_Sites).

Privacy or piracy supra note, 21.

Sismeiro, C. and Bucklin, R. (2004) 'Modeling purchase behavior at an e-commerce web site: a task completion approach', Journal of Marketing Research, available at, (citeseerx.ist.psu.edu/showciting?cid=906878).

Ross Anderson, Foundation of Information Policy and Research Consultation Response to DRM (2004), available at, (www. fipr.org/APIG_DRM_submission.pdf).

Otto Helweg, Sony, Rootkits and Digital Rights Management Gone Too Far, Oct, Oct. 31, 2014, available at (https://blogs.technet.microsoft.com/markrussinovich/2005/10/31).

Sony BMG Litigation Info, Electronic Frontier Foundation, available at, (https://www.eff.org/cases/sony-bmg-litigation-info).

For more details visit https://cis-india.org/internet-governance/blog/privacy-issues-with-drm

April 2016 Newsletter

sunil — 2016-05-10T06:26:09Z

Welcome to the CIS newsletter for April 2016. The key issues we worked on this month included the Aadhaar Act 2016, Standard Essential Patents, cyber security of smart grids, and involvement of international agencies in the smart cities project in India.

Early last year, thanks to the fund raising efforts of a friend of CIS - Suhail Kazi, we received Rs. 1.9 lakhs as donations from 19 individuals. In January this year, we set up an online giving feature on our website which would ease the donation process, but we haven’t got a single donation so far! This could be because many of you may be under a false impression that CIS is very wealthy and does not need more support. Unfortunately, this is no longer true. Today, we are unable to find a single donor who is interested in our Accessibility, Telecom, or RAW programmes. In other words, we need your support. Would you to consider making a small donation to CIS? Click here to donate.

Previous issues of the newsletters can be accessed here: http://cis-india.org/about/newsletters.

Highlights
CIS prepared an FAQ on the Aadhaar / UIDAI project and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. Further, two infographics were produced to highlight on the questions of "Can the Aadhaar Act 2016 be Classified as a Money Bill?" and "Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?". NVDA team prepared a report on the progress of the project for the month of April 2016. CIS submitted its comments to the Department of Industrial Policy and Promotion's Discussion Paper on Standard Essential Patents and their Availability on FRAND Terms. CIS has offered its assistance on other matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards the sustained innovation, manufacture and availability of mobile technologies in India. A summary of the comments can be accessed here. Responses to the Discussion Paper is available here. Rohini Lakshané's paper titled Patents and Mobile Devices in India: An Empirical Survey has been accepted for publication by the Vanderbilt Journal of Transnational Law. Kiran A.B. in a blog post has documented the availability and openness of data sets in India that are relevant for monitoring the targets under the SDGs. Low-cost Aakash tablet and its previous iterations in India have gone through several phases of technological changes and ideological experiments wrote Sumandro Chattapadhyay and Jahnavi Phalkey in an article published in the Economic and Political Weekly.

-----------------------------------
CIS in the News
-----------------------------------

CIS gave inputs to the following media coverage:

India's biometric database crosses billion-member mark (AFP and Daily Mail, UK; April 4, 2016).
The Panama Papers and the question of privacy (Big News Network; April 6, 2016). This was originally published by Privacyinternational.org.
Daunting task ahead for investigative agencies with WhatsApp's end-to-end encryption (Neha Alawadhi; Economic Times; April 8, 2016).
PMO’s no to smart cards, insists on Aadhaar (Somesh Jha; Hindu; April 10, 2016).
2014 showed the power of Twitter, now every Indian politician wants a handle (T.V. Jayan, Smitha Verma,Sonia Sarkar and V. Kumara Swamy; Telegraph; April 10, 2016).
Why is the UIDAI cracking down on individuals that hoard Aadhaar data? (Alnoor Peermohamed; Business Standard; April 13, 2016).
You will need a license to create a WhatsApp group in Kashmir (Governance Now; April 19, 2016).
Will Facebook, Twitter relocate servers to India? (Taru Bhatia; Governance Now; April 23, 2016).
Government keeps experts out of cyber security discussions (Amrita Madhukalya; DNA; April 23, 2016).
CCTV plays Sherlock (Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya; The Times of India; April 24, 2016).

CIS members wrote the following pieces:

Sunil Abraham wrote an article in the July 15 edition of Frontline arguing that the Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better.
Amber Sinha wrote an article in The Wire arguing that the Aaddhaar Act is not a money bill, and the Supreme Court may very well question the decision by the Lok Sabha speaker to classify it as such.
Sumandro Chattapadhyay also wrote on The Wire arguing that "the last chance for a welfare state doesn’t rest in the Aadhaar system."
Subhashish Panigrahi's article on the 8 challenges that Indian language Wikipedias have to overcome was published by Global Voices. The article had earlier been published in the Wire.
Elonnai Hickok and Vanya Rakesh co-authored an article on Cyber Security of Smart Grids in India that was published by Dataquest.
Shyam Ponappa in his monthly column published in the Business Standard tell us that it's time the government accepts that current policies are not enough to bring about Digital India.

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

Comments

Comments on Department of Industrial Policy and Promotion Discussion Paper on Standard Essential Patents and their Availability on Frand Terms (Anubha Sinha, Nehaa Chaudhari and Rohini Lakshané; April 23, 2016).
Responses to the DIPP's Discussion Paper on SEPs and their Availability on FRAND Terms (Anubha Sinha, Nehaa Chaudhari and Rohini Lakshané; April 23, 2016).
Summary of CIS Comments to DIPP’s Discussion Paper on SEPs and their availability on FRAND terms (Anubha Sinha; April 26, 2016).

Blog Entries

Global Congress 2015 - A Collection of Resources (Pervasive Technologies Team; April 1, 2016).
Compilation of Mobile Phone Patent Litigation Cases in India (Rohini Lakshané; updated on April 15, 2016).
Joining the Dots in India's Big-Ticket Mobile Phone Patent Litigation (Rohini Lakshané; updated on April 29, 2016).
MHRD IPR Chair Series: Information Received from Tezpur University (Karan Tripathi; April 26, 2016).
National IPR Policy Series : Sectoral Innovation Councils on Intellectual Property Rights – RTI Requests + DIPP Responses (Nehaa Chaudhari and Saahil Dama; April 30, 2016). Nisha S. Kumar assisted in compilation of the document.

Participation in Events

Fifth Annual IP Teaching Workshop (Organised by the Centre for Innovation, Intellectual Property and Competition at National Law University Delhi in association with National Academy of Law Teaching, NLU-D; Delhi; March 31 and April 1, 2016). Nehaa Chaudhari was a speaker.
First Round-table on Innovation, IP and Competition (Organized by the Centre for Innovation, Intellectual Property & Competition (CIIPC) at the National Law University, Delhi; India Habitat Centre; New Delhi; April 1-2, 2016). Nehaa Chaudhari and Anubha Sinha attended the round-table.
Brainstorming Workshop on PG Programme on Media Studies for UGC E-Pathshala Programme (Organized by Jamia Milla Islamia; New Delhi; April 5, 2016).
Sensitization Seminar on IPR for Electronics & ICT Sectors (Organized by Andhra Pradesh Technology Development & Promotion Centre (APTDC) of Confederation of Indian Industry (CII), in association with Department of Electronics and Information Technology (DeitY); Vishakhapatnam; April 21, 2016).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Work Plan

CIS - A2K Work Plan: July 2016 - June 2017 (CIS-A2K Team; April 2, 2016): We have revised the work plan template taking into account the changed proposal plan sent out by WMF and in light of the feedback that we have received from FDC assessment during last proposal application. The FDC feedback is taken into account at the level of design, RoI and ensuring quality for all our activities.

Article

Eight Challenges Indian-Language Wikipedias Need to Overcome (Subhashish Panigrahi; Global Voices; April 21, 2016). A version of this post was previously published on The Wire.

Media Coverage

Odia gets more space in e-world (Anwesha Ambaly; The Telegraph; April 7, 2016).
Exercise to Correct articles in Tulu Wikipedia begins (Raviprasad Kamila; The Hindu; April 28, 2016).

Event Organized

Tulu Wikipedia Editathon to Improve Quality of Articles in Tulu Wikipedia (Shri Ramakrishna PU College; Mangaluru; April 26 - 30, 2016).

-----------------------------------
Openness
-----------------------------------

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Monitoring Sustainable Development Goals in India: Availability and Openness of Data (Part II) (Kiran A.B.; April 12, 2016).

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Cyber Security

Cyber Security of Smart Grids in India (Elonnai Hickok and Vanya Rakesh; April 25, 2016).

►Big Data

Blog Entry

RTI regarding Smart Cities Mission in India (Paul Thottan; April 21, 2016).

►Privacy

Blog Entries

FAQ on the Aadhaar Project and the Bill (Elonnai Hickok, Vanya Rakesh, and Vipul Kharbanda; April 13, 2016).
Aadhaar Act and its Non-compliance with Data Protection Law in India (Vanya Rakesh; April 14, 2016).
Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill? (Pooja Saxena; April 24, 2016).

Articles

Will Aadhaar Act Address India’s Dire Need For a Privacy Law? (Nehaa Chaudhari; Quint; March 31, 2016).
The Last Chance for a Welfare State Doesn’t Rest in the Aadhaar System (Sumandro Chattapadhyay; April 19, 2016).
The Aadhaar Act is Not a Money Bill (Amber Sinha; April 25, 2016).

Participation in Events

RightsCon Silicon Valley 2016 (Organized by RightsCon; March 31 and April 1, 2016). Elonnai Hickok attended the event.
Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security (Organized by Students Christian Movement of India at SCM House; Bangalore; April 25, 2016). Sunil Abraham was a panelist.
The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), organised a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Prasanna S, Apar Gupta, and Dr. Chirashree Dasgupta, Sumandro Chattapadhyay was one of the discussants.
Aadhaar by Numbers (Organized by National Institute of Public Finance and Policy; New Delhi; April 29, 2016). Sunil Abraham was a speaker.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Breakthroughs Needed For Digital India (Shyam Ponappa; Business Standard; April 6, 2016 and Organizing India BlogSpot; April 7, 2016).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Article

Buying into the Aakash Dream - A Tablet’s Tale of Mass Education (Sumandro Chattapadhyay and Jahnavi Phalkey; Economic & Political Weekly; April 23, 2016).

Announcement

Call for Proposal: Big Data for Development – Initial Field Studies (Sumandro Chattapadhyay; April 29, 2016).

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/april-2016-newsletter

Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security

praskrishna — 2016-04-28T17:02:59Z

Sunil Abraham was a speaker at this event organized by Students Christian Movement of India at SCM House in Bangalore on April 25, 2016. Mathew Thomas and Usha Ramanathan also gave talks.

With the passage of the Aadhaar act 2016 is UID / Aadhar mandatory now? How do we understand the issue of Social Security in the context of the new law? What does it mean for those who need to access their senior citizen pension, rations, school and college scholarships, etc.

How does one understand the money bill route for introducing the bill in Parliament? What are implications of this for the validity of the law?

What will happen to the court cases challenging the UID now?

Where are we now on the thorny issues of surveillance, tracking, profiling, biometrics, private and foreign companies and subsidy? What does the law say?

This discussion will revisit the debates around the UID and examine the implications of the new law.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-uid-aadhar-act-2016-and-its-impact-on-social-security

Cyber Security of Smart Grids in India

Elonnai Hickok and Vanya Rakesh — 2016-04-28T15:34:17Z

An integral component of the ambitious flagship programme of the Indian Government- Digital India, which paves way for a digital data avalanche in the country, is a well-designed digital infrastructure ensuring high connectivity and integration of services, the potential areas being smart cities, smart homes, smart energy and smart grids, to list a few. Likewise, the 100 Smart Cities Mission envisions changing the face of urbanization in India, to manage the exponential growth of population in the cities by creating smart cities with ICT driven solutions, along with big data analytics. Smart grid technologies are key for both these schemes.

The article by Elonnai Hickok and Vanya Rakesh was published by Dataquest on April 25, 2016

Smart grid is a promising power delivery infrastructure integrated with communication and information technologies which enables monitoring, prediction and management of energy usages. Establishment of smart grids becomes highly important for the Indian economy, as the present grid losses are one of the highest in the world at upto 50% and costing India upto 1.5% of its GDP. India operates one of the largest synchronous grids in the world – covering an area of over 3 million sq km, 260 GW capacity and over 200 million customers with the estimated demand of India increasing 4 times by the year 2032.

In the year 2013, the Ministry of Power (MoP), in consultation with India Smart Grid Forum and India Smart Grid Task Force released a smart grid vision and roadmap for India, a key policy document aligned to MoP’s overarching objectives of “Access, Availability and Affordability of Power for All”. It lays plans for a framework to address cyber security concerns in smart grids as well. To achieve goals envisaged in the roadmap, the Government of India established the National Smart Grid Mission in the year 2015 for planning, monitoring and implementation of policies and programs related to Smart Grid activities.

A number of smart grid projects have been introduced, and are currently underway. KEPCO in Kerala has established smart meter/intelligent power transmission and distribution equipment system in the year 2011 and the smart grid operations focus on peak reduction, load standardization, reduction in power transmission/distribution loss, response to new/renewable energy and reduction in black-out time. Gujarat was introduced to India’s first modernized electrical grid in the year 2014, to study consumer behaviour of electricity usage and propose a tariff structure based on usage and load on the power utility by installing new meters embedded with SIM card to monitor the data. The Bangalore Electricity Supply Company Ltd. (BESCOM) project in Bangalore envisaged the Smart Grid Pilot Project for integration of renewable and distributed energy resources into the grid, which is vital to meet growing electricity demands of the country, curb power losses, and enhance accessibility to quality power.

Cybersecurity challenges

At the same time, the introduction of a smart grid brings with it certain security risks and concerns, particularly to a nation’s cyber security. Increased interconnection and integration may render the grids vulnerable to cyber threats, putting stored data and computers at great risk.With sufficient cyber security measures, policies and framework in place, a Smart Grid can be made more efficient, reliable and secure as failure to address these problems will hinder the modernization of the existing power system. Smart Grids, comprising of numerous communication, intelligent, monitoring and electrical elements employed in power grid, have a greater exposure to cyber-attacks that can potentially disrupt power supply in a city.

Cyber security and data privacy are some of the key challenges for smart grids in India, as establishment of digital electricity infrastructure entails the challenge of communication security and data management. Digital network and systems are highly prone to malicious attacks from hackers which can lead to misutilisation of consumers’ data, making cyber security the key issue to be addressed. Vulnerabilities allow an attacker to break a system, corrupt user privacy, acquire unauthorized access to control the software, and modify load conditions to destabilize the grid. Hackers or attackers, who compromise a smart meter can immediately alter their energy costs or change generated energy meter readings to monetize it by help of remote PCs. Also, inserting false information could mislead the electric utility into making incorrect decisions about the local usage and capacity.

Initiatives in India

As cybersecurity is critical for Digital India and the Smart City Concept note highlights a smart grid to be resilient to cyber attacks, a National Cyber Coordination Centre is being established by the Indian Government. Also, National Cyber Safety and Security Standards has been started with a vision to safeguard the nation from the current threats in the cyberspace, undertaking research to understand the nature of cyber threats and Cyber Crimes by facilitating a common platform where experts shall provide an effective solution for the complex and alarming problems in the society towards cyber security domain. Innovative strategies and compliance procedures are being developed to curb the increasing complexity of the Global Cyber Threats faced by countries at large.

The National Cyber Security Policy 2013 was released with an umbrella framework for providing guidance for actions related to security of cyberspace, by the Department of Electronics and Information Technology (DeitY). The Working Group on Information Technology established under the Planning Commission has also published a 12 year plan on IT development in India with a road map for cyber security, stating six key priority and focus areas for cyber security including:Enabling Legal Framework ; Security Policy, Compliance and Assurance; Security R&D; Security Incident – Early Warning and Response ; Security awareness, skill development and training, and Collaboration.

In case of Bangalore, to ensure smooth implementation of BESCOM’s vision, the company realised the need to put a cyber-security system in place to protect the smart grid installations in Bangalore city. To ensure security, BESCOM has come out with a separate IT security policy and dedicated trained IT cadre to safeguard its data and servers, becoming one of the few Discoms in India to take such measures for safeguarding the servers and data network from cyber crimes and threats.

Way forward

An electric system like Smart grids has enormous and far-reaching economic and social benefits. However, increased interconnection and integration tends to introduce cyber-vulnerabilities into the grid. With the evolution of cyber threats/attacks over time, it can be said that there are a lot of challenges for implementing cyber security in Indian smart grid. Considering importance of secure smart grid networks for flagship projects in India, the existing regulatory framework does not seem to adequately take into consideration the cyber security implications.

In light of this, the government must aim to develop and adopt high level cybersecurity policy to withstand cyber-attacks. Also, India must focus on skills development in this domain and have a capable workforce to achieve the targets set by Indian Government. The country must look up to develop an overall intelligence framework that brings together industry, governments and individuals with specific capabilities for this purpose.

The National Cyber Security Policy 2013, protecting public and private infrastructure from cyber attacks, along with all kinds of information, such as personal information of web users, banking and financial information,etc. is yet to be implemented by the Government properly. In the Indian Power sector, the cyber security regulations or mandates are absent in the National Electricity Policy (NEP) as well as the Electricity Act 2003 and its amendment in 2007, with no reference to cyber security concerns. These key legislations must be amended to take into account the growing challenges due to increased use of ICT in the power sector.

As the concept of smart grids is still evolving in India, professional intervention from various domains has pushed for adoption and development of standard process and products. Many international standard setting organisations like IEC, IEEE, NIST, CENELEC are engaged in standardization activities of Smart Grids and in India, the Bureau of Indian Standards (BIS) has been rolling out several varieties of standards targeting various technologies. Therefore, BIS must develop standards taking into account the security challenges in the cyberspace as well.

Apart from policy and regulatory measure, the system on which the smart grids are built and networked must be made architecturally strong and secure.One of the areas where due attention is required is making the Supervisory Control and Data Acquisition (SCADA) secure, a system that operates with coded signals to provide control of remote equipment and is entirely based on computer systems and network. Numerous systems also employ the Public Key Infrastructure (PKI) to secure the Smart Grids and address the security challenges by enabling identification, verification, validation and authentication of connected meters for network access. This can be leveraged for securing data integrity, revenue streams and service continuity. The key vulnerable areas prone to cyber attacks on information transmission are network information, data integrity and privacy of information. The information transmission networks must be well-designed as the network unavailability may result in the loss of real-time monitoring of critical smart grid infrastructures and power system disasters.

Addressing these fast growing challenges and cyber security needs of the country by adopting suitable regulatory, policy and architectural steps would help achieve the objectives of Digital India and Smart Cities enabling “Access, Availability and Affordability for All”.

For more details visit https://cis-india.org/internet-governance/blog/dataquest-april-25-2016-vanya-rakesh-and-elonnai-hickok-cyber-security-of-smart-grids-in-india

The Aadhaar Act is Not a Money Bill

Amber Sinha — 2016-04-25T10:51:37Z

While the authority of the Lok Sabha Speaker is final and binding, Jairam Ramesh’s writ petition may allow the Supreme Court to question an incorrect application of substantive principles. This article by Amber Sinha was published by The Wire on April 24, 2016.

Originally published by The Wire on April 24, 2016.

Since its introduction as a money bill in the Lok Sabha in the first week of March [1], the Aadhaar (Targeted delivery of Financial and other subsidies, benefits and services) Bill, 2016 has been embroiled in controversy. The Lok Sabha rejected the five recommendations of the Rajya Sabha and adopted the bill on March 16 and only presidential assent was required for it become to become valid law. However, former Union Minister Jairam Ramesh filed a writ petition contesting the decision to treat the Aadhaar Bill as a money bill. The petition is due to be heard before the Supreme Court on April 25, and should the court decide to entertain the petition, it could have far-reaching implications for the Aadhaar project and the manner in which money bills are passed by the Parliament.

There are three broad categories of bills (all legislations or Acts are known as ‘bills’ till they are passed by the Parliament) that the Parliament can pass. The first kind, Constitution Amendment Bills, are those that seek to amend a provision in the Constitution of India. The second are financial bills which contain provisions on matters of taxation and expenditure. Money bills are a subset of the financial bills which contain provisions only related to taxation, financial obligations of the government, expenditure from or receipt to the Consolidated Fund of India and any matters incidental to the above. The third category is of ordinary bills which includes all other bills. The process for the enactment of all these bills is different. Money bills are peculiar in that they can only be introduced in the Lok Sabha where it can be passed by simple majority. Following this, it is transmitted to the Rajya Sabha. The Rajya Sabha’s powers are restricted to giving recommendations on the Bill and sending it back to the Lok Sabha, which the Lok Sabha is under no obligation to accept. The decision to introduce the Aadhaar Bill as a money bill has been widely seen as an attempt to circumvent the Rajya Sabha where the ruling party is in a minority.

Article 110 (1) of the Constitution defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to them. These are a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. Article 110 is modelled on Section 1(2) of the (UK) Parliament Act, 1911 which also defines the money bills as those only dealing with certain enumerated matters. The use of the word “only” was brought up by Ghanshyam Singh Gupta during the Constituent Assembly Debates. He pointed out that the use of the word “only” limits the scope of money bills to only those legislations which did not deal with other matters. His amendment to delete the word “only” was rejected clearly establishing the intent of the framers of the Constitution to keep the ambit of money bills extremely narrow.

While the Aadhaar Bill does make references to benefits, subsidies and services funded by the Consolidated Fund of India (CFI), even a cursory reading of the bill reveals its main objectives as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. The mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money bill. The bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May’s seminal textbook, ‘Parliamentary Practice” is instructive in this respect and makes it clear that a legislation which simply makes a charge on the Consolidated Fund does not becomes a money bill if otherwise its character is not that of one.

PDT Achary, former secretary general of the Lok Sabha, has expressed concern about the use of Money Bills as a means to circumvent the Rajya Sabha. He has written here [2] and here [3], on what constitutes a money bill and how the attempts to pass off financial bills like the Aadhaar Bill as money bills could erode the supervisory role Rajya Sabha is supposed to play. This is especially true in the case of a legislation like the Aadhaar Bill which has far reaching implications for individual privacy as it governs the identification system conceptualised to provide a unique and lifelong identity to residents of India dealing with both the analog and digital machinery of the state and by virtue of Section 57 of any private entities. Already over 1 billion people have been enrolled under this identification scheme, and the project has been a subject of much debate and a petition before the Supreme Court. The project has been portrayed as both the last hope for a welfare state and surveillance infrastructure. Regardless of which of the two ends of spectrum one leans towards, it is undeniable that the law governing the Aadhaar project deserved a proper debate in the Parliament. Even those who are strong proponents of the project must accept the decision to pass it off as a money bill undermines the importance of democratic processes and is a travesty on the Constitution and a blatant abrogation of the constitutional duties of the speaker.

The petition by Jairam Ramesh would hinge largely on the powers of the judiciary to question the decision of the Speaker of the Lok Sabha. Article 110 (3) is very clear in pronouncing the authority of the Speaker as final and binding. Additionally, Article 122 prohibits the courts from questioning the validity of any proceedings in Parliament on the ground of any alleged irregularity of procedure. The powers of privilege that Parliamentarians enjoy are integral to the principle of separation of powers. However, the courts may be able to make a fine distinction between inquiring into procedural irregularity which is prohibited by the Constitution; and questioning an incorrect application of substantive principles, which I would argue, is the case with the Speaker decision.

References

[1] See: http://thewire.in/2016/03/07/arun-jaitley-introduces-money-bill-on-aadhar-in-lok-sabha-24115/.

[2] See: http://indianexpress.com/article/opinion/columns/show-me-the-money-4/.

[3] See: http://www.thehindu.com/opinion/lead/circumventing-the-rajya-sabha/article7531467.ece.

For more details visit https://cis-india.org/internet-governance/blog/the-aadhaar-act-is-not-a-money-bill

Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?

Pooja Saxena — 2016-04-24T14:15:06Z

In this infographic, we highlight the matters dealt with in the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, and consider if these can be objects of a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Sumandro Chattapadhyay and Amber Sinha.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-matters-dealt-with-in-aadhaar-act-be-objects-of-money-bill

Can the Aadhaar Act 2016 be Classified as a Money Bill?

Pooja Saxena — 2016-04-25T13:48:41Z

In this infographic, we show if the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, can be classified as a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Amber Sinha and Sumandro Chattapadhyay.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-the-aadhaar-act-2016-be-classified-as-a-money-bill

Government keeps experts out of cyber security discussions

praskrishna — 2016-04-24T05:03:34Z

The article by Amrita Madhukalya was published in DNA on April 23, 2016. Pranesh Prakash was quoted.

During India's closed-door discussions on cyber security and Internet policies at the recently-concluded Russia-India-China (RIC) convention, Internet experts fear that the government may be trying to leave out discussions with social stakeholders like social activists, businessmen or the academia. It must be borne in mind that telecom minister Ravi Shankar Prasad in an ICAN meet last year stressed on the role of the government in cyber-security policy measures, despite the need to have an Internet largely unregulated by the government.

Anja Kovacs of the Internet Democracy project feels that India has given away too much, and that India's multi-stakeholder approach in the context of the role of the International Telecommunication Union (ITU) is not too clear. "Russia and China have traditionally, since the 90s, wanted a bigger role for the ITU, despite a pushback from the West. The ITU has had a positive role in the recent past. Yet, when they mention multilateralism, the scope for developing nations is not too wide. The US may have the scope to include several stakeholders from the business community, civil society and academia, but how much scope does a developing country have," says Anja, adding that the mention of internationalising, too, is problematic.

The grouping of the three countries could also be to signal an alliance to counter the US's efforts to ensure the exemption of the UK from the mutual legal assistance treaty (MLAT) system which is headquartered in the United States, says Chinmayi Arun, policy director at the Centre for Communication Governance at NLU Delhi. Under the MLAT process, any request about data that originates in case of a criminal breach from a country is usually routed via US's department of justice, which takes time while following due processes.

"The concerns expressed, understandably, on the growing concerns of cyber terrorism and the efforts to deal with it are needed, but there is no need to exclude other stakeholders in the process," said Chinmayi. "Russia and China have also been pushing for a growing role of the state in policing the government, and are keen to use the UN to facilitate that."

Nikhil Pahwa of Medianama, who steer-headed the net neutrality movement by engaging several stakeholders, says that the government's stance is unclear, as it speaks of both multilateralism and multiple stakeholders, as both are contradictory.

Pranesh Prakash of the Centre for Internet and Society says that he is sceptical of the sentiments expressed on internationalisation of internet governance.

"For instance, there's been a two-year process via which the US's oversight over ICANN and the IANA functions are nominally being removed. But Russia, India, and China have not really pushed for internationalisation, and ICANN and the Internet's root zone system is going to remain subject to US jurisdiction, including US sanctions. If the ministers truly meant what they say, they should intervene in that process and say that we need to internationalise ICANN in practice and spirit, not just in name," he said.

For more details visit https://cis-india.org/internet-governance/news/dna-amrita-madhukalya-april-23-2016-government-keeps-experts-out-of-cyber-security-discussions

CCTV plays Sherlock

praskrishna — 2016-04-24T04:51:04Z

Whether it's the Mercedes hit-and-run in Delhi or the antics of the chaddi baniyan gang in Mumbai, police are increasingly relying on CCTV footage to solve crimes. Sunday Times looks at how the small picture is getting bigger. .

The article by Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya was published by the Times of India on April 24, 2016. Pranesh Prakash was quoted.

In case after high-profile case, cameras have been the big stars of Delhi police investigations in recent months. After the Civil Lines hit-and-run case, where a 17-year-old driving a Mercedes was caught on camera speeding away from his victim, reliable witness to the crime came from a nearby CCTV. A few weeks ago, in the Vikaspuri lynching on Holi eve that threatened to take on communal colours, it was CCTV footage that clinched the case.

Across India, police officials reel off cases where CCTVs have made all the difference in identifying offenders and speeding up investigations. "Petty crimes like snatchings have been brought down by 50% in areas like Chandni Chowk since 2014," estimates Madhur Verma, DCP (north), Delhi Police. "Even if the face cannot be fully recognised, the timing shown on the CCTV grabs, and proof of the accused being present at the spot, can be useful corroborating evidence for the court," says DCP Dhananjay Kulkarni, explaining how CCTV helped nail the infamous "chaddi baniyan gang" in Borivli, Mumbai.

CCTV cameras have proliferated across our public spaces in the last few years, mutely observing our movements. It's not just the police; shops, companies and individuals install them too, and these come in handy for law enforcement. For instance, Delhi has about 1,79,000 CCTV cameras installed around the city, out of which 4,000 have been placed by the Delhi government, and the rest by private agencies who collaborate with the Delhi Police under its 'Eyes and Ears' scheme. "Cameras are a fact of life around the world, there's no going back for the police or for anyone else," says N Ramachandran, a former IPS officer, now president of the Indian Police Academy think-tank.

Whether London, Boston or Bengaluru, it is often a terrorist attack that shocks a city into ramping up its CCTV network. After the Church Street attacks, the police got cracking on surveillance, using crime-mapping techniques and shortlisting vantage points. While they currently use 300 cameras, the police believe the figure must be taken up to 2,500 to keep a better eye on the city.

But does CCTV control crime? To that question, there is only one unsatisfying answer — it depends. The debate is torn between those who see CCTVs as the embodiment of an eerie Orwellian warning, and those who believe that the more cameras there are, the less crime there will be. Studies, though, suggest that CCTV has specific and narrow uses.

Obviously, it helps catch people who have committed an offence, after the event. CCTV networks, though, have no noticeable impact on crime rates according to several reviews in the US and UK. The UK is the most monitored nation in the world, but as a Home Office study in 2005 concluded, there was no statistically significant reduction in crime, once other variables like seasonal and national trends, and other police initiatives, were factored in.

While CCTVs are not easy to isolate as a determining factor in crime control, they are demonstrably effective in some contexts. They can reduce some kinds of disorder and petty crime, particularly in car parks and public transit. Micro-level analyses of aspects like environmental features, camera line-of-sight, enforcement activity, and camera design suggest that the power to deter crime depends greatly on how the CCTV sites are chosen, and police operations designed.

The downsides are well known. The more mundane footage there is, the harder it is for police to sift through. There is often a displacement effect — the presence of a camera pushes the crime off-stage into other areas, or prompting criminals to change tactics in pursuit of the same ends (ie, rather than carry out a drug transaction on the street, arrange online and deliver). What's more, CCTVs can be gamed. In Mumbai, the police has found out that criminals apply toothpaste or flash a torchlight at the lens, or cover up with helmets and burqas, or even steal the digital video recorder in the CCTV. These cameras have to be constantly maintained. "Many believe that CCTV installation is a one-time investment, but it needs to be serviced to yield results," says S. David, who runs an electronics shop and sells CCTV cameras in Chennai's Ritchie Street.

If there is no overwhelming impact on crime prevention, why are India's security forces investing so heavily in CCTVs, and is it worth the inevitable tradeoff with privacy? More worryingly, it is doing so without any comprehensive regulation on their use.

Before this technology of databases and recording, "we seldom had situations where a police official or private detective was trailing you all day, recording your movements, which is more or less the situation with CCTVs now," says Pranesh Prakash of the Centre for Internet and Society. "Yes, you're in a public space, but that doesn't denude you of privacy".

But as Farhad Manjoo, a prominent tech blogger in the US, pointed out, the benefits outweigh our fears about privacy. "When you weigh cameras against other security measures, they emerge as the least costly and most effective choice. In the aftermath of 9/11, it's impossible for you to get into tall buildings, airports, many museums, concerts, and even public celebrations without being subjected to pat-downs and metal detectors. When combined with competent law enforcement, surveillance cameras are more effective, less intrusive, less psychologically draining, and much more pleasant than these alternatives," wrote Manjoo in Slate.

What we need is public oversight over the surveillance apparatus — in other words, we need to watch how they watch us. If there is clear respect for the principles of proportionality, accountability and transparency, "there need not be a conflict between ethical and effective use of these cameras," says Ramachandran.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-raj-shekhar-arun-dev-v-narayan-a-selvaraj-cctv-plays-sherlock