We are anonymous, we are legion

Facebook: A Platform with Little Less Sharing of Personal Information

nishant — 2016-06-05T02:38:22Z

As Facebook becomes less personal, what happens to digital friendship?

The article was published in the Indian Express on May 8, 2016.

Facebook is worried. Even though usage is growing, something strange is happening on the social network. For the first time since it started its journey as a website to rate datable people on college campuses, to becoming the global reference point that defined friendship in the connected age, people are sharing less personal information on Facebook. For a social media network that positions itself largely as a space where our everyday, banal doings become newsworthy articulations, this is surprising news. But it is true. On Facebook, the traffic is high, but most of it is now sharing of external information. People are sharing links to news, to listicles, to videos, to blogs entries, to pictures and to information that they find interesting, but they are writing less and less about what it is that they are doing and feeling.

Ironically, this coincides with the latest change in Facebook’s “response” options, where the ubiquitous “Like” button can now expand to other emojis where you can also be appropriately angry, sad, surprised, or happy about the shared content. Even as Facebook is trying to get its users to qualify how they feel and give emotional value to their likes, people seem to be sharing even less of their private lives on Facebook.

One of the key ways of understanding this drop in people sharing their personal information is through the concept of “context collapse”. It has been a concern since the first instances of disembodied digital communication. In our everyday life, we make sense of information based on the different contexts that surround us. The person who authors the information, the setting within which that information reaches us, the emotional state that we are in when encountering the information, our sense of where we are when processing it, and the preparedness we have for receiving this information are all crucial parameters by which we make sense of the meaning of the information and also our response to it.

In the case of Facebook, the context within which information and transactions have made sense is “friendship”. The site’s USP was that you could bring in a variety of information, but you were always sharing it with friends. You could have a large audience, but this audience is formed of people you know, people you trust, people you add to your friend groups — there is a sense of intimacy, privacy, and casualness that marks the flow of information. You are able to talk, in an equal breath, about what you had for breakfast, your crush on a celebrity, your random acts of charity, and your strong political rant, one after the other, without requiring to think about what you are posting and how others will receive it.

However, Facebook is not really a friendship platform. It is a company interested in selling our interactions and data to advertisers who can target us with content and information based on the patterns of our behaviour. To serve its advertisers better, Facebook started privileging “verified” information trying to ensure news and content producers higher attention and more eyeballs. This was further strengthened by their continued integration with third party vendors, who could push and pull information into the social world of Facebook, and is seen as one of the biggest reasons for this drop. Any newsfeed in the last few months has had equal amounts of professional and amateur content, leading to a context collapse, where you no longer feel like your Facebook feed is a private and intimate conversation with friends.

Similarly, Facebook’s expansive integration of its products —WhatsApp chats, Instagram updates, and Tumblr posts all can collapse into one — produced a confusing space where the personal information that you were once happy to share with your friends, is suddenly being shared along with news and information. Also, digital behaviour works on mirroring, and we often shape our updates to match what we see on our timelines. If we more and more see external content rather than personal statuses, we also start sharing more third party news and links, thus producing a domino effect of everybody shying away from extremely personal or intimate moments.

Facebook, for the millennials, has been the context within which friendship got structured. Its own transitions have now collapsed that context, leading people to think of it as a content aggregator. It is going to be interesting to see what happens to our digital friendships and networks if Facebook is no longer the space where they are housed.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-may-8-2016-facebook-a-platform-with-little-less-sharing-of-personal-information

Privacy Issues with DRM

Jalaj Pandey — 2016-05-03T02:41:15Z

This post has been written by Jalaj Pandey interning at CIS. It elaborates upon the various privacy issues with the Digital Rights Management. The author talks about the various ways in which content producers use DRM as a tool to infringe the privacy of the end users.

Nehaa Chaudhari provided inputs and also edited the blog post. Click to download the File.

The ubiquity of internet in today's world has made content and information sharing an easy task. A certain media file can be shared and made public with hardly any technical obstacles. Issues like hacking, unauthorized copying and publication, unlicensed usage have become concerns for content producers, who have employed Digital Rights Management (hereafter DRM) measures to address some of them.

Several instances of the online privacy intrusion by the content producers have been recorded. In such a scenario the balancing the rights of the content producers and the end users becomes an important one. It is imperative to find a common ground to safeguard the interests of both the parties involved. In the recent past DRM has been receiving a lot of flak because of the privacy issues contented by the users.

In the most rudimentary form privacy can be explained as any information about an individual which he/she does not want to be made public. It is important to mention that this information is seen from the perspective of an ordinary reasonable person. The UN Declaration of Human Rights, 1948, defines privacy as a fundamental right of every human. The functioning of the DRM is based on restricting the usage or distribution of the content. Since this restriction is only possible after there is a formal identification of the end user, the content producers end up collecting information about the users. For example: a DRM for a music file might work in a manner where it can only be accessed by one computer from which the user accesses and registers for the first time. DRMs initially identify the IP addresses of the system and make the file functioning on only that IP address. In this way the producer ends up collecting information about the end user. Different DRM models take different ways to collect information of their user. While collecting IP addresses in one of them the other way is tracking the user information via download, browsing activities, subscription service, etc. The usage log of the users is generated and becomes a valuable asset to assess and predict the preferences of the users

Two contentions of privacy have been raised on the privacy issues of DRM -

a) What is the accountability of this process and

b) Whether it puts the content producers in a position where they can control the users.

The information collected is under the control of content producers, who mostly store this information in the form database. BEUC (European Consumer Organization) claimed that the DRM systems technologically enable content providers to monitor private consumption of content, create reports of consumption, and profile users.

The information is at the disposal of the content producers. An assessment of DRM applications under Canadian Privacy showed that the firms did not even recognise privacy issues of the customers as a priority. In fact the firms failed to provide the information that was stored in their databases. This gives an idea about the lack of transparency that exists in collecting the information about users. The question whether users are aware of what information is being collected and to what extent they are being tracked online remains unanswered. The CEN/ISSS (European Committee for Standardization/ Information Society Standardisation System) pointed out that DRMs have a large potential to transmit, generate personal information about users. It has also been characterized by unprecedented levels of monitoring by various content producers.

Further the principled level argumentation to this is on lines of collection of information without any authentication from the user herself/himself. It is essential that if any information is collected or saved by the producers it should only be after taking consent of the user. Surveillance and compelled disclosure of information about intellectual consumption threaten rights to personal integrity.

DRMs take away the anonymity of the consumption. Since the producers can practically monitor the content usage of the user, this has led to wide scale of price discrimination. This means that producers would monitor and assess the preferences of the user and subsequently raise the prices of that particular class of products. In the report of FIPR (Foundation of Information Policy and Research) it was found that Microsoft had been trying to implement their DRM systems in their products using a similar approach to gain a monopoly position as in their strategy of browser implementation.

The Sony BMG copy protection rootkit scandal in 2005 brought much criticism to DRM. It was found out that Sony BMG had introduced illegal and harmful copy protection measure in its CDs. The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. Further more than just the DRM part of it the software also made the user's system open to a number of malwares and created vulnerabilities in the system. Sony was eventually made to compensate consumer costs, etc on the same. However the question of whether the database in the hands of companies can be used in arbitrary manner was intensely discussed after this.

It is essential that an effective framework is brought into effect which caters to privacy interests of the users. Privacy is the basic human right and it is the onus of the State to protect and safeguard this right. It is essential that the State does not compromise and support mechanisms which promote the welfare of the content producers over the users. The balance of users and producers becomes all the more important in a developing country like ours. The lack the awareness and the knowledge coupled with increasing usage of internet can lead to the exploitation of many. It is essential that the States see through these problems and collectively find an all encompassing solution to it.

K. G. Coffman and A. M. Odlyzko, Growth of the Internet, AT&T Labs - Research, July 6, 2001, available at, ( www.dtc.umn.edu/~odlyzko//doc/oft.internet.growth.pdf) (hereinafter Growth).

The Daily Source, The Growing Impact of the Internet, April 4, 2016, available at (https://www.dailysource.org/about/impact).

Corryne Mcsherry, Adobe Spyware Reveals (Again) The Price Of DRM: Your Privacy And Security, Electronic Frontier Foundation, October 17, 2014, available at,

(https://www.eff.org/deeplinks/2014/10/adobe-spyware-reveals-again-price-drm-your-privacy-and-security).

Digital Rights Management: A failure in the developed world, a danger to the developing world, Electronic Frontier Foundation, March 23, 2005, available at,

(https://www.eff.org/wp/digital-rights-management-failure-developed-world-danger-developing-world).

R. Subramanya and Byung k. Yi, Digital Rights Management, available at, ( https://www.academia.edu/8054608/Digital_Rights_Management) (hereinafter Digital Rights Management).

Global internet liberty campaign, privacy and human rights, An International Survey of Privacy Laws and Practice, available at, (http://gilc.org/privacy/survey/intro.html).

Ann Cavoukian, Privacy and Digital Rights Management (DRM): An Oxymoron, Information and Privacy Commissioner Ontario, available at, ( https://www.ipc.on.ca/images/Resources/up-1drm.pdf ) (hereinafter Oxymoron)

Varian, H.R. (1985) 'Price discrimination and social welfare', American Economic Review, Vol. 75, available at, (http://www.economics-ejournal.org/economics/journalarticles/2007-1/references/Varian1985).

Privacy and Digital Rights Management,A position paper for the W3C workshop on Digital Rights Management, January 2001, available at, ( www.w3.org/2000/12/drm-ws/pp/hp-poorvi.html).

Growth supra note, 1.

Digital Rights Management supra note, 5.

Thierry Rayna, Privacy or piracy, why choose? Two solutions to the issues of digital rights management and the protection of personal information, Intellectual Property Management, Vol. X, No. Y, available at,

(www.inderscienceonline.com/doi/abs/10.1504/IJIPM.2008.021138).

Oxymoron supra note, 7.

BEUC, Consumentenbond, and CLCV at DRM Working Group 1 (2002), available at, (https://privacy.org.nz/assets/Files/4558510.pdf).

Natali Helberger and Kristo´f Ker´enyi and Bettina Krings, Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations, available at (citeseerx.ist.psu.edu/showciting?cid=733532).

Knud Bohle, Indicare, Research into unfriendly DRM : A Review, December, 2004,available at, (citeseerx.ist.psu.edu/showciting?cid=733532) (hereinafter Indicare).

European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003.

Indicare supra note, 16.

News Release, "Forrester Technographics Finds Online Consumers Fearful of Privacy Violations" (October 27, 1999 available at, (www.forrester.com/ER/Press/Release/0,1769,177,FF.html).

Julia E. Cohen, Georgetown Law Faculty Publications, DRM and Privacy, January 2010, available at,

(https://www.academia.edu/2164013/DRM_and_Privacy).

Moe, W. and Fader, P. (2004) 'Dynamic conversion behavior at e-commerce sites', Management Science, Vol. 50, available at,

(https://www.researchgate.net/publication/227447618_Dynamic_Conversion_Behavior_at_E-Commerce_Sites).

Privacy or piracy supra note, 21.

Sismeiro, C. and Bucklin, R. (2004) 'Modeling purchase behavior at an e-commerce web site: a task completion approach', Journal of Marketing Research, available at, (citeseerx.ist.psu.edu/showciting?cid=906878).

Ross Anderson, Foundation of Information Policy and Research Consultation Response to DRM (2004), available at, (www. fipr.org/APIG_DRM_submission.pdf).

Otto Helweg, Sony, Rootkits and Digital Rights Management Gone Too Far, Oct, Oct. 31, 2014, available at (https://blogs.technet.microsoft.com/markrussinovich/2005/10/31).

Sony BMG Litigation Info, Electronic Frontier Foundation, available at, (https://www.eff.org/cases/sony-bmg-litigation-info).

For more details visit https://cis-india.org/internet-governance/blog/privacy-issues-with-drm

April 2016 Newsletter

sunil — 2016-05-10T06:26:09Z

Welcome to the CIS newsletter for April 2016. The key issues we worked on this month included the Aadhaar Act 2016, Standard Essential Patents, cyber security of smart grids, and involvement of international agencies in the smart cities project in India.

Early last year, thanks to the fund raising efforts of a friend of CIS - Suhail Kazi, we received Rs. 1.9 lakhs as donations from 19 individuals. In January this year, we set up an online giving feature on our website which would ease the donation process, but we haven’t got a single donation so far! This could be because many of you may be under a false impression that CIS is very wealthy and does not need more support. Unfortunately, this is no longer true. Today, we are unable to find a single donor who is interested in our Accessibility, Telecom, or RAW programmes. In other words, we need your support. Would you to consider making a small donation to CIS? Click here to donate.

Previous issues of the newsletters can be accessed here: http://cis-india.org/about/newsletters.

Highlights
CIS prepared an FAQ on the Aadhaar / UIDAI project and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. Further, two infographics were produced to highlight on the questions of "Can the Aadhaar Act 2016 be Classified as a Money Bill?" and "Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?". NVDA team prepared a report on the progress of the project for the month of April 2016. CIS submitted its comments to the Department of Industrial Policy and Promotion's Discussion Paper on Standard Essential Patents and their Availability on FRAND Terms. CIS has offered its assistance on other matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards the sustained innovation, manufacture and availability of mobile technologies in India. A summary of the comments can be accessed here. Responses to the Discussion Paper is available here. Rohini Lakshané's paper titled Patents and Mobile Devices in India: An Empirical Survey has been accepted for publication by the Vanderbilt Journal of Transnational Law. Kiran A.B. in a blog post has documented the availability and openness of data sets in India that are relevant for monitoring the targets under the SDGs. Low-cost Aakash tablet and its previous iterations in India have gone through several phases of technological changes and ideological experiments wrote Sumandro Chattapadhyay and Jahnavi Phalkey in an article published in the Economic and Political Weekly.

-----------------------------------
CIS in the News
-----------------------------------

CIS gave inputs to the following media coverage:

India's biometric database crosses billion-member mark (AFP and Daily Mail, UK; April 4, 2016).
The Panama Papers and the question of privacy (Big News Network; April 6, 2016). This was originally published by Privacyinternational.org.
Daunting task ahead for investigative agencies with WhatsApp's end-to-end encryption (Neha Alawadhi; Economic Times; April 8, 2016).
PMO’s no to smart cards, insists on Aadhaar (Somesh Jha; Hindu; April 10, 2016).
2014 showed the power of Twitter, now every Indian politician wants a handle (T.V. Jayan, Smitha Verma,Sonia Sarkar and V. Kumara Swamy; Telegraph; April 10, 2016).
Why is the UIDAI cracking down on individuals that hoard Aadhaar data? (Alnoor Peermohamed; Business Standard; April 13, 2016).
You will need a license to create a WhatsApp group in Kashmir (Governance Now; April 19, 2016).
Will Facebook, Twitter relocate servers to India? (Taru Bhatia; Governance Now; April 23, 2016).
Government keeps experts out of cyber security discussions (Amrita Madhukalya; DNA; April 23, 2016).
CCTV plays Sherlock (Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya; The Times of India; April 24, 2016).

CIS members wrote the following pieces:

Sunil Abraham wrote an article in the July 15 edition of Frontline arguing that the Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better.
Amber Sinha wrote an article in The Wire arguing that the Aaddhaar Act is not a money bill, and the Supreme Court may very well question the decision by the Lok Sabha speaker to classify it as such.
Sumandro Chattapadhyay also wrote on The Wire arguing that "the last chance for a welfare state doesn’t rest in the Aadhaar system."
Subhashish Panigrahi's article on the 8 challenges that Indian language Wikipedias have to overcome was published by Global Voices. The article had earlier been published in the Wire.
Elonnai Hickok and Vanya Rakesh co-authored an article on Cyber Security of Smart Grids in India that was published by Dataquest.
Shyam Ponappa in his monthly column published in the Business Standard tell us that it's time the government accepts that current policies are not enough to bring about Digital India.

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

Comments

Comments on Department of Industrial Policy and Promotion Discussion Paper on Standard Essential Patents and their Availability on Frand Terms (Anubha Sinha, Nehaa Chaudhari and Rohini Lakshané; April 23, 2016).
Responses to the DIPP's Discussion Paper on SEPs and their Availability on FRAND Terms (Anubha Sinha, Nehaa Chaudhari and Rohini Lakshané; April 23, 2016).
Summary of CIS Comments to DIPP’s Discussion Paper on SEPs and their availability on FRAND terms (Anubha Sinha; April 26, 2016).

Blog Entries

Global Congress 2015 - A Collection of Resources (Pervasive Technologies Team; April 1, 2016).
Compilation of Mobile Phone Patent Litigation Cases in India (Rohini Lakshané; updated on April 15, 2016).
Joining the Dots in India's Big-Ticket Mobile Phone Patent Litigation (Rohini Lakshané; updated on April 29, 2016).
MHRD IPR Chair Series: Information Received from Tezpur University (Karan Tripathi; April 26, 2016).
National IPR Policy Series : Sectoral Innovation Councils on Intellectual Property Rights – RTI Requests + DIPP Responses (Nehaa Chaudhari and Saahil Dama; April 30, 2016). Nisha S. Kumar assisted in compilation of the document.

Participation in Events

Fifth Annual IP Teaching Workshop (Organised by the Centre for Innovation, Intellectual Property and Competition at National Law University Delhi in association with National Academy of Law Teaching, NLU-D; Delhi; March 31 and April 1, 2016). Nehaa Chaudhari was a speaker.
First Round-table on Innovation, IP and Competition (Organized by the Centre for Innovation, Intellectual Property & Competition (CIIPC) at the National Law University, Delhi; India Habitat Centre; New Delhi; April 1-2, 2016). Nehaa Chaudhari and Anubha Sinha attended the round-table.
Brainstorming Workshop on PG Programme on Media Studies for UGC E-Pathshala Programme (Organized by Jamia Milla Islamia; New Delhi; April 5, 2016).
Sensitization Seminar on IPR for Electronics & ICT Sectors (Organized by Andhra Pradesh Technology Development & Promotion Centre (APTDC) of Confederation of Indian Industry (CII), in association with Department of Electronics and Information Technology (DeitY); Vishakhapatnam; April 21, 2016).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Work Plan

CIS - A2K Work Plan: July 2016 - June 2017 (CIS-A2K Team; April 2, 2016): We have revised the work plan template taking into account the changed proposal plan sent out by WMF and in light of the feedback that we have received from FDC assessment during last proposal application. The FDC feedback is taken into account at the level of design, RoI and ensuring quality for all our activities.

Article

Eight Challenges Indian-Language Wikipedias Need to Overcome (Subhashish Panigrahi; Global Voices; April 21, 2016). A version of this post was previously published on The Wire.

Media Coverage

Odia gets more space in e-world (Anwesha Ambaly; The Telegraph; April 7, 2016).
Exercise to Correct articles in Tulu Wikipedia begins (Raviprasad Kamila; The Hindu; April 28, 2016).

Event Organized

Tulu Wikipedia Editathon to Improve Quality of Articles in Tulu Wikipedia (Shri Ramakrishna PU College; Mangaluru; April 26 - 30, 2016).

-----------------------------------
Openness
-----------------------------------

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Monitoring Sustainable Development Goals in India: Availability and Openness of Data (Part II) (Kiran A.B.; April 12, 2016).

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Cyber Security

Cyber Security of Smart Grids in India (Elonnai Hickok and Vanya Rakesh; April 25, 2016).

►Big Data

Blog Entry

RTI regarding Smart Cities Mission in India (Paul Thottan; April 21, 2016).

►Privacy

Blog Entries

FAQ on the Aadhaar Project and the Bill (Elonnai Hickok, Vanya Rakesh, and Vipul Kharbanda; April 13, 2016).
Aadhaar Act and its Non-compliance with Data Protection Law in India (Vanya Rakesh; April 14, 2016).
Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill? (Pooja Saxena; April 24, 2016).

Articles

Will Aadhaar Act Address India’s Dire Need For a Privacy Law? (Nehaa Chaudhari; Quint; March 31, 2016).
The Last Chance for a Welfare State Doesn’t Rest in the Aadhaar System (Sumandro Chattapadhyay; April 19, 2016).
The Aadhaar Act is Not a Money Bill (Amber Sinha; April 25, 2016).

Participation in Events

RightsCon Silicon Valley 2016 (Organized by RightsCon; March 31 and April 1, 2016). Elonnai Hickok attended the event.
Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security (Organized by Students Christian Movement of India at SCM House; Bangalore; April 25, 2016). Sunil Abraham was a panelist.
The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), organised a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Prasanna S, Apar Gupta, and Dr. Chirashree Dasgupta, Sumandro Chattapadhyay was one of the discussants.
Aadhaar by Numbers (Organized by National Institute of Public Finance and Policy; New Delhi; April 29, 2016). Sunil Abraham was a speaker.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Breakthroughs Needed For Digital India (Shyam Ponappa; Business Standard; April 6, 2016 and Organizing India BlogSpot; April 7, 2016).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Article

Buying into the Aakash Dream - A Tablet’s Tale of Mass Education (Sumandro Chattapadhyay and Jahnavi Phalkey; Economic & Political Weekly; April 23, 2016).

Announcement

Call for Proposal: Big Data for Development – Initial Field Studies (Sumandro Chattapadhyay; April 29, 2016).

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/april-2016-newsletter

Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security

praskrishna — 2016-04-28T17:02:59Z

Sunil Abraham was a speaker at this event organized by Students Christian Movement of India at SCM House in Bangalore on April 25, 2016. Mathew Thomas and Usha Ramanathan also gave talks.

With the passage of the Aadhaar act 2016 is UID / Aadhar mandatory now? How do we understand the issue of Social Security in the context of the new law? What does it mean for those who need to access their senior citizen pension, rations, school and college scholarships, etc.

How does one understand the money bill route for introducing the bill in Parliament? What are implications of this for the validity of the law?

What will happen to the court cases challenging the UID now?

Where are we now on the thorny issues of surveillance, tracking, profiling, biometrics, private and foreign companies and subsidy? What does the law say?

This discussion will revisit the debates around the UID and examine the implications of the new law.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-uid-aadhar-act-2016-and-its-impact-on-social-security

Cyber Security of Smart Grids in India

Elonnai Hickok and Vanya Rakesh — 2016-04-28T15:34:17Z

An integral component of the ambitious flagship programme of the Indian Government- Digital India, which paves way for a digital data avalanche in the country, is a well-designed digital infrastructure ensuring high connectivity and integration of services, the potential areas being smart cities, smart homes, smart energy and smart grids, to list a few. Likewise, the 100 Smart Cities Mission envisions changing the face of urbanization in India, to manage the exponential growth of population in the cities by creating smart cities with ICT driven solutions, along with big data analytics. Smart grid technologies are key for both these schemes.

The article by Elonnai Hickok and Vanya Rakesh was published by Dataquest on April 25, 2016

Smart grid is a promising power delivery infrastructure integrated with communication and information technologies which enables monitoring, prediction and management of energy usages. Establishment of smart grids becomes highly important for the Indian economy, as the present grid losses are one of the highest in the world at upto 50% and costing India upto 1.5% of its GDP. India operates one of the largest synchronous grids in the world – covering an area of over 3 million sq km, 260 GW capacity and over 200 million customers with the estimated demand of India increasing 4 times by the year 2032.

In the year 2013, the Ministry of Power (MoP), in consultation with India Smart Grid Forum and India Smart Grid Task Force released a smart grid vision and roadmap for India, a key policy document aligned to MoP’s overarching objectives of “Access, Availability and Affordability of Power for All”. It lays plans for a framework to address cyber security concerns in smart grids as well. To achieve goals envisaged in the roadmap, the Government of India established the National Smart Grid Mission in the year 2015 for planning, monitoring and implementation of policies and programs related to Smart Grid activities.

A number of smart grid projects have been introduced, and are currently underway. KEPCO in Kerala has established smart meter/intelligent power transmission and distribution equipment system in the year 2011 and the smart grid operations focus on peak reduction, load standardization, reduction in power transmission/distribution loss, response to new/renewable energy and reduction in black-out time. Gujarat was introduced to India’s first modernized electrical grid in the year 2014, to study consumer behaviour of electricity usage and propose a tariff structure based on usage and load on the power utility by installing new meters embedded with SIM card to monitor the data. The Bangalore Electricity Supply Company Ltd. (BESCOM) project in Bangalore envisaged the Smart Grid Pilot Project for integration of renewable and distributed energy resources into the grid, which is vital to meet growing electricity demands of the country, curb power losses, and enhance accessibility to quality power.

Cybersecurity challenges

At the same time, the introduction of a smart grid brings with it certain security risks and concerns, particularly to a nation’s cyber security. Increased interconnection and integration may render the grids vulnerable to cyber threats, putting stored data and computers at great risk.With sufficient cyber security measures, policies and framework in place, a Smart Grid can be made more efficient, reliable and secure as failure to address these problems will hinder the modernization of the existing power system. Smart Grids, comprising of numerous communication, intelligent, monitoring and electrical elements employed in power grid, have a greater exposure to cyber-attacks that can potentially disrupt power supply in a city.

Cyber security and data privacy are some of the key challenges for smart grids in India, as establishment of digital electricity infrastructure entails the challenge of communication security and data management. Digital network and systems are highly prone to malicious attacks from hackers which can lead to misutilisation of consumers’ data, making cyber security the key issue to be addressed. Vulnerabilities allow an attacker to break a system, corrupt user privacy, acquire unauthorized access to control the software, and modify load conditions to destabilize the grid. Hackers or attackers, who compromise a smart meter can immediately alter their energy costs or change generated energy meter readings to monetize it by help of remote PCs. Also, inserting false information could mislead the electric utility into making incorrect decisions about the local usage and capacity.

Initiatives in India

As cybersecurity is critical for Digital India and the Smart City Concept note highlights a smart grid to be resilient to cyber attacks, a National Cyber Coordination Centre is being established by the Indian Government. Also, National Cyber Safety and Security Standards has been started with a vision to safeguard the nation from the current threats in the cyberspace, undertaking research to understand the nature of cyber threats and Cyber Crimes by facilitating a common platform where experts shall provide an effective solution for the complex and alarming problems in the society towards cyber security domain. Innovative strategies and compliance procedures are being developed to curb the increasing complexity of the Global Cyber Threats faced by countries at large.

The National Cyber Security Policy 2013 was released with an umbrella framework for providing guidance for actions related to security of cyberspace, by the Department of Electronics and Information Technology (DeitY). The Working Group on Information Technology established under the Planning Commission has also published a 12 year plan on IT development in India with a road map for cyber security, stating six key priority and focus areas for cyber security including:Enabling Legal Framework ; Security Policy, Compliance and Assurance; Security R&D; Security Incident – Early Warning and Response ; Security awareness, skill development and training, and Collaboration.

In case of Bangalore, to ensure smooth implementation of BESCOM’s vision, the company realised the need to put a cyber-security system in place to protect the smart grid installations in Bangalore city. To ensure security, BESCOM has come out with a separate IT security policy and dedicated trained IT cadre to safeguard its data and servers, becoming one of the few Discoms in India to take such measures for safeguarding the servers and data network from cyber crimes and threats.

Way forward

An electric system like Smart grids has enormous and far-reaching economic and social benefits. However, increased interconnection and integration tends to introduce cyber-vulnerabilities into the grid. With the evolution of cyber threats/attacks over time, it can be said that there are a lot of challenges for implementing cyber security in Indian smart grid. Considering importance of secure smart grid networks for flagship projects in India, the existing regulatory framework does not seem to adequately take into consideration the cyber security implications.

In light of this, the government must aim to develop and adopt high level cybersecurity policy to withstand cyber-attacks. Also, India must focus on skills development in this domain and have a capable workforce to achieve the targets set by Indian Government. The country must look up to develop an overall intelligence framework that brings together industry, governments and individuals with specific capabilities for this purpose.

The National Cyber Security Policy 2013, protecting public and private infrastructure from cyber attacks, along with all kinds of information, such as personal information of web users, banking and financial information,etc. is yet to be implemented by the Government properly. In the Indian Power sector, the cyber security regulations or mandates are absent in the National Electricity Policy (NEP) as well as the Electricity Act 2003 and its amendment in 2007, with no reference to cyber security concerns. These key legislations must be amended to take into account the growing challenges due to increased use of ICT in the power sector.

As the concept of smart grids is still evolving in India, professional intervention from various domains has pushed for adoption and development of standard process and products. Many international standard setting organisations like IEC, IEEE, NIST, CENELEC are engaged in standardization activities of Smart Grids and in India, the Bureau of Indian Standards (BIS) has been rolling out several varieties of standards targeting various technologies. Therefore, BIS must develop standards taking into account the security challenges in the cyberspace as well.

Apart from policy and regulatory measure, the system on which the smart grids are built and networked must be made architecturally strong and secure.One of the areas where due attention is required is making the Supervisory Control and Data Acquisition (SCADA) secure, a system that operates with coded signals to provide control of remote equipment and is entirely based on computer systems and network. Numerous systems also employ the Public Key Infrastructure (PKI) to secure the Smart Grids and address the security challenges by enabling identification, verification, validation and authentication of connected meters for network access. This can be leveraged for securing data integrity, revenue streams and service continuity. The key vulnerable areas prone to cyber attacks on information transmission are network information, data integrity and privacy of information. The information transmission networks must be well-designed as the network unavailability may result in the loss of real-time monitoring of critical smart grid infrastructures and power system disasters.

Addressing these fast growing challenges and cyber security needs of the country by adopting suitable regulatory, policy and architectural steps would help achieve the objectives of Digital India and Smart Cities enabling “Access, Availability and Affordability for All”.

For more details visit https://cis-india.org/internet-governance/blog/dataquest-april-25-2016-vanya-rakesh-and-elonnai-hickok-cyber-security-of-smart-grids-in-india

The Aadhaar Act is Not a Money Bill

Amber Sinha — 2016-04-25T10:51:37Z

While the authority of the Lok Sabha Speaker is final and binding, Jairam Ramesh’s writ petition may allow the Supreme Court to question an incorrect application of substantive principles. This article by Amber Sinha was published by The Wire on April 24, 2016.

Originally published by The Wire on April 24, 2016.

Since its introduction as a money bill in the Lok Sabha in the first week of March [1], the Aadhaar (Targeted delivery of Financial and other subsidies, benefits and services) Bill, 2016 has been embroiled in controversy. The Lok Sabha rejected the five recommendations of the Rajya Sabha and adopted the bill on March 16 and only presidential assent was required for it become to become valid law. However, former Union Minister Jairam Ramesh filed a writ petition contesting the decision to treat the Aadhaar Bill as a money bill. The petition is due to be heard before the Supreme Court on April 25, and should the court decide to entertain the petition, it could have far-reaching implications for the Aadhaar project and the manner in which money bills are passed by the Parliament.

There are three broad categories of bills (all legislations or Acts are known as ‘bills’ till they are passed by the Parliament) that the Parliament can pass. The first kind, Constitution Amendment Bills, are those that seek to amend a provision in the Constitution of India. The second are financial bills which contain provisions on matters of taxation and expenditure. Money bills are a subset of the financial bills which contain provisions only related to taxation, financial obligations of the government, expenditure from or receipt to the Consolidated Fund of India and any matters incidental to the above. The third category is of ordinary bills which includes all other bills. The process for the enactment of all these bills is different. Money bills are peculiar in that they can only be introduced in the Lok Sabha where it can be passed by simple majority. Following this, it is transmitted to the Rajya Sabha. The Rajya Sabha’s powers are restricted to giving recommendations on the Bill and sending it back to the Lok Sabha, which the Lok Sabha is under no obligation to accept. The decision to introduce the Aadhaar Bill as a money bill has been widely seen as an attempt to circumvent the Rajya Sabha where the ruling party is in a minority.

Article 110 (1) of the Constitution defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to them. These are a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. Article 110 is modelled on Section 1(2) of the (UK) Parliament Act, 1911 which also defines the money bills as those only dealing with certain enumerated matters. The use of the word “only” was brought up by Ghanshyam Singh Gupta during the Constituent Assembly Debates. He pointed out that the use of the word “only” limits the scope of money bills to only those legislations which did not deal with other matters. His amendment to delete the word “only” was rejected clearly establishing the intent of the framers of the Constitution to keep the ambit of money bills extremely narrow.

While the Aadhaar Bill does make references to benefits, subsidies and services funded by the Consolidated Fund of India (CFI), even a cursory reading of the bill reveals its main objectives as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. The mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money bill. The bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May’s seminal textbook, ‘Parliamentary Practice” is instructive in this respect and makes it clear that a legislation which simply makes a charge on the Consolidated Fund does not becomes a money bill if otherwise its character is not that of one.

PDT Achary, former secretary general of the Lok Sabha, has expressed concern about the use of Money Bills as a means to circumvent the Rajya Sabha. He has written here [2] and here [3], on what constitutes a money bill and how the attempts to pass off financial bills like the Aadhaar Bill as money bills could erode the supervisory role Rajya Sabha is supposed to play. This is especially true in the case of a legislation like the Aadhaar Bill which has far reaching implications for individual privacy as it governs the identification system conceptualised to provide a unique and lifelong identity to residents of India dealing with both the analog and digital machinery of the state and by virtue of Section 57 of any private entities. Already over 1 billion people have been enrolled under this identification scheme, and the project has been a subject of much debate and a petition before the Supreme Court. The project has been portrayed as both the last hope for a welfare state and surveillance infrastructure. Regardless of which of the two ends of spectrum one leans towards, it is undeniable that the law governing the Aadhaar project deserved a proper debate in the Parliament. Even those who are strong proponents of the project must accept the decision to pass it off as a money bill undermines the importance of democratic processes and is a travesty on the Constitution and a blatant abrogation of the constitutional duties of the speaker.

The petition by Jairam Ramesh would hinge largely on the powers of the judiciary to question the decision of the Speaker of the Lok Sabha. Article 110 (3) is very clear in pronouncing the authority of the Speaker as final and binding. Additionally, Article 122 prohibits the courts from questioning the validity of any proceedings in Parliament on the ground of any alleged irregularity of procedure. The powers of privilege that Parliamentarians enjoy are integral to the principle of separation of powers. However, the courts may be able to make a fine distinction between inquiring into procedural irregularity which is prohibited by the Constitution; and questioning an incorrect application of substantive principles, which I would argue, is the case with the Speaker decision.

References

[1] See: http://thewire.in/2016/03/07/arun-jaitley-introduces-money-bill-on-aadhar-in-lok-sabha-24115/.

[2] See: http://indianexpress.com/article/opinion/columns/show-me-the-money-4/.

[3] See: http://www.thehindu.com/opinion/lead/circumventing-the-rajya-sabha/article7531467.ece.

For more details visit https://cis-india.org/internet-governance/blog/the-aadhaar-act-is-not-a-money-bill

Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?

Pooja Saxena — 2016-04-24T14:15:06Z

In this infographic, we highlight the matters dealt with in the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, and consider if these can be objects of a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Sumandro Chattapadhyay and Amber Sinha.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-matters-dealt-with-in-aadhaar-act-be-objects-of-money-bill

Can the Aadhaar Act 2016 be Classified as a Money Bill?

Pooja Saxena — 2016-04-25T13:48:41Z

In this infographic, we show if the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, can be classified as a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Amber Sinha and Sumandro Chattapadhyay.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-the-aadhaar-act-2016-be-classified-as-a-money-bill

Government keeps experts out of cyber security discussions

praskrishna — 2016-04-24T05:03:34Z

The article by Amrita Madhukalya was published in DNA on April 23, 2016. Pranesh Prakash was quoted.

During India's closed-door discussions on cyber security and Internet policies at the recently-concluded Russia-India-China (RIC) convention, Internet experts fear that the government may be trying to leave out discussions with social stakeholders like social activists, businessmen or the academia. It must be borne in mind that telecom minister Ravi Shankar Prasad in an ICAN meet last year stressed on the role of the government in cyber-security policy measures, despite the need to have an Internet largely unregulated by the government.

Anja Kovacs of the Internet Democracy project feels that India has given away too much, and that India's multi-stakeholder approach in the context of the role of the International Telecommunication Union (ITU) is not too clear. "Russia and China have traditionally, since the 90s, wanted a bigger role for the ITU, despite a pushback from the West. The ITU has had a positive role in the recent past. Yet, when they mention multilateralism, the scope for developing nations is not too wide. The US may have the scope to include several stakeholders from the business community, civil society and academia, but how much scope does a developing country have," says Anja, adding that the mention of internationalising, too, is problematic.

The grouping of the three countries could also be to signal an alliance to counter the US's efforts to ensure the exemption of the UK from the mutual legal assistance treaty (MLAT) system which is headquartered in the United States, says Chinmayi Arun, policy director at the Centre for Communication Governance at NLU Delhi. Under the MLAT process, any request about data that originates in case of a criminal breach from a country is usually routed via US's department of justice, which takes time while following due processes.

"The concerns expressed, understandably, on the growing concerns of cyber terrorism and the efforts to deal with it are needed, but there is no need to exclude other stakeholders in the process," said Chinmayi. "Russia and China have also been pushing for a growing role of the state in policing the government, and are keen to use the UN to facilitate that."

Nikhil Pahwa of Medianama, who steer-headed the net neutrality movement by engaging several stakeholders, says that the government's stance is unclear, as it speaks of both multilateralism and multiple stakeholders, as both are contradictory.

Pranesh Prakash of the Centre for Internet and Society says that he is sceptical of the sentiments expressed on internationalisation of internet governance.

"For instance, there's been a two-year process via which the US's oversight over ICANN and the IANA functions are nominally being removed. But Russia, India, and China have not really pushed for internationalisation, and ICANN and the Internet's root zone system is going to remain subject to US jurisdiction, including US sanctions. If the ministers truly meant what they say, they should intervene in that process and say that we need to internationalise ICANN in practice and spirit, not just in name," he said.

For more details visit https://cis-india.org/internet-governance/news/dna-amrita-madhukalya-april-23-2016-government-keeps-experts-out-of-cyber-security-discussions

CCTV plays Sherlock

praskrishna — 2016-04-24T04:51:04Z

Whether it's the Mercedes hit-and-run in Delhi or the antics of the chaddi baniyan gang in Mumbai, police are increasingly relying on CCTV footage to solve crimes. Sunday Times looks at how the small picture is getting bigger. .

The article by Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya was published by the Times of India on April 24, 2016. Pranesh Prakash was quoted.

In case after high-profile case, cameras have been the big stars of Delhi police investigations in recent months. After the Civil Lines hit-and-run case, where a 17-year-old driving a Mercedes was caught on camera speeding away from his victim, reliable witness to the crime came from a nearby CCTV. A few weeks ago, in the Vikaspuri lynching on Holi eve that threatened to take on communal colours, it was CCTV footage that clinched the case.

Across India, police officials reel off cases where CCTVs have made all the difference in identifying offenders and speeding up investigations. "Petty crimes like snatchings have been brought down by 50% in areas like Chandni Chowk since 2014," estimates Madhur Verma, DCP (north), Delhi Police. "Even if the face cannot be fully recognised, the timing shown on the CCTV grabs, and proof of the accused being present at the spot, can be useful corroborating evidence for the court," says DCP Dhananjay Kulkarni, explaining how CCTV helped nail the infamous "chaddi baniyan gang" in Borivli, Mumbai.

CCTV cameras have proliferated across our public spaces in the last few years, mutely observing our movements. It's not just the police; shops, companies and individuals install them too, and these come in handy for law enforcement. For instance, Delhi has about 1,79,000 CCTV cameras installed around the city, out of which 4,000 have been placed by the Delhi government, and the rest by private agencies who collaborate with the Delhi Police under its 'Eyes and Ears' scheme. "Cameras are a fact of life around the world, there's no going back for the police or for anyone else," says N Ramachandran, a former IPS officer, now president of the Indian Police Academy think-tank.

Whether London, Boston or Bengaluru, it is often a terrorist attack that shocks a city into ramping up its CCTV network. After the Church Street attacks, the police got cracking on surveillance, using crime-mapping techniques and shortlisting vantage points. While they currently use 300 cameras, the police believe the figure must be taken up to 2,500 to keep a better eye on the city.

But does CCTV control crime? To that question, there is only one unsatisfying answer — it depends. The debate is torn between those who see CCTVs as the embodiment of an eerie Orwellian warning, and those who believe that the more cameras there are, the less crime there will be. Studies, though, suggest that CCTV has specific and narrow uses.

Obviously, it helps catch people who have committed an offence, after the event. CCTV networks, though, have no noticeable impact on crime rates according to several reviews in the US and UK. The UK is the most monitored nation in the world, but as a Home Office study in 2005 concluded, there was no statistically significant reduction in crime, once other variables like seasonal and national trends, and other police initiatives, were factored in.

While CCTVs are not easy to isolate as a determining factor in crime control, they are demonstrably effective in some contexts. They can reduce some kinds of disorder and petty crime, particularly in car parks and public transit. Micro-level analyses of aspects like environmental features, camera line-of-sight, enforcement activity, and camera design suggest that the power to deter crime depends greatly on how the CCTV sites are chosen, and police operations designed.

The downsides are well known. The more mundane footage there is, the harder it is for police to sift through. There is often a displacement effect — the presence of a camera pushes the crime off-stage into other areas, or prompting criminals to change tactics in pursuit of the same ends (ie, rather than carry out a drug transaction on the street, arrange online and deliver). What's more, CCTVs can be gamed. In Mumbai, the police has found out that criminals apply toothpaste or flash a torchlight at the lens, or cover up with helmets and burqas, or even steal the digital video recorder in the CCTV. These cameras have to be constantly maintained. "Many believe that CCTV installation is a one-time investment, but it needs to be serviced to yield results," says S. David, who runs an electronics shop and sells CCTV cameras in Chennai's Ritchie Street.

If there is no overwhelming impact on crime prevention, why are India's security forces investing so heavily in CCTVs, and is it worth the inevitable tradeoff with privacy? More worryingly, it is doing so without any comprehensive regulation on their use.

Before this technology of databases and recording, "we seldom had situations where a police official or private detective was trailing you all day, recording your movements, which is more or less the situation with CCTVs now," says Pranesh Prakash of the Centre for Internet and Society. "Yes, you're in a public space, but that doesn't denude you of privacy".

But as Farhad Manjoo, a prominent tech blogger in the US, pointed out, the benefits outweigh our fears about privacy. "When you weigh cameras against other security measures, they emerge as the least costly and most effective choice. In the aftermath of 9/11, it's impossible for you to get into tall buildings, airports, many museums, concerts, and even public celebrations without being subjected to pat-downs and metal detectors. When combined with competent law enforcement, surveillance cameras are more effective, less intrusive, less psychologically draining, and much more pleasant than these alternatives," wrote Manjoo in Slate.

What we need is public oversight over the surveillance apparatus — in other words, we need to watch how they watch us. If there is clear respect for the principles of proportionality, accountability and transparency, "there need not be a conflict between ethical and effective use of these cameras," says Ramachandran.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-raj-shekhar-arun-dev-v-narayan-a-selvaraj-cctv-plays-sherlock

Will Facebook, Twitter relocate servers to India?

praskrishna — 2016-04-23T15:26:39Z

The debate to relocate offshore servers of internet and social media firms including Google, Facebook and Twitter has revived.

The article by Taru Bhatia was published in Governance Now on April 23, 2016. Pranesh Prakash gave inputs.

Home minister Rajnath Singh has requested the social media companies, located outside India, to maintain servers in the country, in order to expedite the process of getting information on accounts which spread mischievous messages posing a threat to law and order situation. The move has come in the backdrop of delayed or no response to the government’s requests to these companies, for extracting information of some of its users on security grounds.

In February, the minister claimed Jamaat-ud-Dawa chief Hafiz Saeed’s involvement in the anti-national slogans that were allegedly raised in the campus of Jawaharlal Nehru University (JNU). The claim was based on a tweet that appeared on a fake twitter account of Saeed (@HafeezSaeedJUD), which was later deactivated by Twitter. But the US-based social media company has still not replied to the Indian government as to who was running the account.

It is interesting to note here that India shares mutual legal assistance treaty with the US, wherein, the duo can share information for the purpose of criminal investigation, via judicial route. The process, however, is lengthy.

“Given the nature of the content, sometimes the government cannot afford to wait. The process of issuing direction to get information or blocking certain content from public view is lengthy. The Indian government under the IT law is empowered to ask these companies to maintain servers in India,” says senior advocate, supreme court, and cyber law expert, Pavan Duggal, terming it as a legitimate concern related to national security. As India is a big market for all these companies, it shouldn’t be a problem for them to have servers in India, he says.

“If the police or security agencies want information from these companies, it becomes tall orders since they are not operating from India. They step back and say they are not accountable,” says Virag Gupta, a senior supreme court lawyer, adding that ministries of telecom and finance must join the home ministry in its request and spearhead the matter.

Gupta has filed a petition in the Delhi high court asking such offshore companies to register themselves under the Indian law. On the other hand, Pranesh Prakash, policy director at center for internet and society (CIS), a non-government research organisation supported by Google, feels that instead of requesting these companies to maintain servers in India, it is best for the government to figure out ways to speed up judicial process of the treaty, when it comes to internet governance.

From July to December 2015, India issued 141 requests to Twitter to retrieve information of its users’ accounts for criminal investigation purpose, as per the company’s transparency report. But the compliance rate was only 42 percent, the report says.

While India seeks information on national security grounds, the law here does not clearly define national security, which is still vast and ambiguous.

“I do believe that there is a need for a much clear definition of national security. If the government really wants to have servers of these companies in India then appropriate guidelines must exist, so that companies should not be taken by surprise,” says Duggal.

Security concerns

Data localisation is witnessing a growing trend among many countries. Last year, Russia enforced law to mandate internet companies to store its citizens’ data within the country. The move is generally taken in fear of losing country’s data to hackers. It also means that it would be easier for the government to get information from these internet companies.

And so protecting data and privacy of individuals within the country is also a matter of concern. Not having a strong data privacy law in place could lead to violation of internet rights of citizens.

“Privacy is a legitimate concern but at the end of the day the government is well empowered in the interest of protecting cyber security under the IT Act. But it is necessary for the government to look at the issue from a holistic perspective. There is a need for balancing privacy and security of an individual on one hand and national security on the other hand,” adds Duggal.

For more details visit https://cis-india.org/internet-governance/news/governance-now-april-23-2016-taru-bhatia-will-facebook-twitter-relocate-servers-to-india

You will need a license to create a WhatsApp group in Kashmir

praskrishna — 2016-04-21T02:34:46Z

The internet rights activists have criticised the move stating it as unconstitutional.

The article was published by Governance Now on April 19, 2016. Pranesh Prakash tweeted on this.

Moving beyond internet ban, Kashmir’s Kupwara district issued a notice asking all admins of WhatsApp news groups to register their groups with the district authority within ten days.

With this move, the authorities are taking power in their hands to monitor WhatsApp news groups owned by private individuals. However, internet rights activists criticised it saying the move is unconstitutional as it breaches freedom of speech.

The circular is issued under the subject of ‘registering of WhatsApp news group and restrictions for spreading rumours thereof’. The district magistrate said that any spread of information by these WhatsApp news groups, “leading to untoward incidents will be dealt under the law”.

You may need a license in Kashmir to run a WhatsApp group

The valley witnessed five-day internet shutdown following the Handwara firing incident. Internet ban is a common phenomenon in Kashmir.

“For how long will the government decide whether we can communicate with each other or not? Actually, the authorities do not want us to spread the truth about the army’s atrocities far and wide,” said a resident of Handwara as quoted in Kashmir Reader.

Earlier, parts of Haryan and Gujarat also witnessed internet ban during Jat and Patidar agitation, respectively.

Blocking all internet access is clearly an unnecessary and disproportionate measure that cannot be countenanced as a ‘reasonable restriction’ on freedom of expression and the right to seek and receive information, which is an integral part of the freedom of expression,” said Pranesh Prakash.

For instance, he adds, a riot-affected woman seeking to find out the address of the nearest hospital cannot do so on her phone. “Instead of blocking access to the internet, the government should seek to quell rumours by using social networks to spread the truth, and by using social networks to warn potential rioters of the consequences,” he said.

Former Mumbai police commissioner Rakesh Maria used WhatsApp to counter rumours spread after circulation of a fake photo in January 2015.

“The way in which the ban is imposed is unreasonable. Problem is in the method that is being used in absence of guidelines, defining circumstances under which they can impose a restriction on internet sites,” says Arun Kumar, head of cyber initiatives at Observer Research Foundation (ORF).

If government formulates these rules or guidelines it will set a threshold for state or central authorities, which will define the urgency of imposing ban on internet services.

For more details visit https://cis-india.org/internet-governance/news/governance-now-april-19-2016-you-will-need-a-license-to-create-whatsapp-group-in-kashmir

RTI regarding Smart Cities Mission in India

Paul Thottan — 2016-04-21T02:25:28Z

Centre for Internet & Society (CIS) had filed an RTI on 3 February 2016 before the Ministry of Urban Development (MoUD) regarding the Smart Cities Mission in India. The RTI sought information regarding the role of various foreign governments, private industry, multilateral bodies that will provide technical and financial assistance for this project and information on Government agreements regarding PPP’s for financing the project.

A response to the RTI is here.

The various government, private industry and civil society actors involved in the Smart Cities Mission.
The various agreements the Government has undertaken through PPP’s for financing the mission.
Role of private companies in this project.
The process for selecting the cities for this mission and ministry responsible for this task.
The various international organisations, foreign governments and multilateral bodies that will provide technical and financial assistance for this project.

The MoUD sent its reply to the RTI application and the response is as follows:

With reference to the first query, the answer provided was that the mission statement and guidelines are available on the Missions website - smartcities.gov.in. This mission statement essentially envisages the role of citizens/citizen groups such as Resident Welfare Associations, Taxpayers Associations, Senior Citizens and Slum Dwellers Associations etc, apart from the government of India, States, Union Territories and Urban local bodies.
Regarding information about agreements for the purpose of financing the project, it has been provided in the response that the Ministry would facilitate the execution of MoU’s between Foreign Agencies and States/UT’s for assistance under this mission. The two agreements that have been executed include the MoU between the United States Trade and Development Agency (USTDA) and the French Agency for Development (AFD) for the States/UT’s of Andhra Pradesh, Uttar Pradesh, Rajasthan, Maharashtra, Chandigarh and Puducherry. They have also provided us with copies of the same and they have been summarised below. They also go on to state that various countries like Spain, Canada, Germany, China, Singapore, UK and South Korea have also shown interest in collaborating with the Ministry for the development of Smart Cities.
CIS sought the documents relating to role of private actors in this field. This information could not be provided by the Department since it was not available with them. Further, an application has been sent to the SC-III Division for providing the information directly to us.
As regards the fourth query, the information provided states that the role of the government, States/UT’s and Urban Local Bodies has been envisaged in para 13 of the Smart Cities Mission Statement - smartcities.gov.in
With respect to the query regarding the foreign actors involved, the information provided states that the documents relating to the involvement of the same are scattered in different files. Compilation of such information would divert the limited resources of the Public Authority disproportionately. Another application must be filed if any specific information is required.

Copies of several MoUs signed between Foreign Development Agencies and States (for the respective cities) that were shared with us are:

Memorandum of Understanding between the United States Trade and Development Agency(USTDA) and the Government of Andhra Pradesh of the Republic of India on Cooperation to support the development of Smart Cities in Andhra Pradesh-namely Visakhapatnam.
Memorandum of Understanding between the United States Trade and Development Agency (USTDA) and the Government of Rajasthan of the Republic of India on Cooperation to support the development of Smart Cities in Rajasthan- namely Ajmer.
Memorandum of Understanding between the United States Trade and Development Agency (USTDA) and the Government of Uttar Pradesh of the Republic of India on Cooperation to support the development of Smart Cities in Uttar Pradesh- namely Allahabad.
Memorandum of Understanding between the Agence Francaise De Developpement and the Government of the Union Territory of Chandigarh of the Republic of India on Technical Cooperation in the field of Sustainable Urban Development.
Memorandum of Understanding between the Agence Francaise De Developpement and the Government of Maharashtra on Technical Cooperation in the field of Sustainable Urban Development.
Memorandum of Understanding between the Agence Francaise De Developpement and the Government of the Union Territory of Puducherry of the Republic of India on Technical Cooperation in the field of Sustainable Urban Development.

Key clauses under the MoU between the United States Trade and Development Agency (USTDA) and the governments of Andhra Pradesh, Rajasthan and Uttar Pradesh are:

The MoU undertaken by the USTDA for the development of Visakhapatnam, Allahabad and Ajmer clearly establishes that the document only cements the intention of the body to assist in the development of these cities and funding must be addressed separately.
The USTDA intends to contribute specific funding for feasibility studies, study tours, workshops/training, and any other projects mutually determined, in furtherance of this interest. The USTDA will also fund advisory services for the same.
The USTDA will seek to bring in other US government agencies such as the Department of Commerce, the US Export Import Bank and other trade and economic agencies to encourage US-India infrastructure development cooperation and support the development of smart cities in Vishakhapatnam, Allahabad and Ajmer.
One of the key points the USTDA stresses on is the creation of a Smart Solutions for Smart Cities Reverse Trade Mission, where Indian delegates will get a chance to showcase their methodologies and inventions in the United States.
The MoU also talks about involving industry organisations in the development of Smart Cities, to address important aviation and energy related infrastructure connected to developing smart cities.
The respective State Governments of the cities will provide resources for the development of these smart cities, including technical information and data related to smart cities planning; staff, logistical and travel support, and state budgetary resources will be allocated accordingly.

Key clauses under the MoU between the Agency Francaise De Developpement (AFD) and the governments of Maharashtra, Chandigarh and Puducherry are:

The MoU with AFD is along the same lines but with more detail provided in the field of research in sustainable urban development. It comprises of four articles dealing with implementation, research, resource allocation and cooperation.
The AFD clearly states that it will adopt an active role in managing and implementing the project.
The AFD will equip the respective state governments with a technical cooperation programme which will include a pool of French experts from the public sector, complemented by experts from the private sector.
The MoU goes on to state the various vectors of sustainable urban development that will be the focal point of this project – urban transport, water and waste management, integrated development and urban planning, architecture and heritage, renewable energy, energy efficiency etc.
Apart from strategizing, the AFD looks to provide technical support as well. This technical expertise would be used to strengthen strategy and management of urban services in the city.
They would also play a key role in management through the creation of a Special Purpose Vehicle(SPV) to build strategic management (Human Resources, finance, potential market assessment) and capacity building for financial management.
As per Article II of the MoU, this support framework will be accompanied by annual reviews, a policy similar to the USTDA Smart Solutions for Smart Cities Reverse Mission with Indian and French counterparts, collaboration between academic and research institutions for the exchange of information, documentation and results of research in the field of smart cities (a key policy to establish firm research groundwork and increase cooperation and innovation), capacity building research and development.
Article III of the MoU deals with resource allocation wherein the respective State Governments will assist AFD by providing technical information and data related to smart cities planning, and also meet their logistical requirements.

For more details visit https://cis-india.org/internet-governance/blog/rti-on-smart-cities-mission-in-india

Aadhaar by Numbers

praskrishna — 2016-09-11T16:36:58Z

Sunil Abraham will be addressing a public seminar at an event organized by National Institute of Public Finance and Policy (NIPFP) in New Delhi on Friday, April 29, 2016.

This talk will reflect on several aspects of the Aadhaar project from a technical perspective. First, there will be a reflection on biometrics as a unique, identification and authentication technology. Second, there will be a critique of open washing by the UIDAI through their adoption of free software and open standards and finally there will be an analysis of alternative technical solutions and architecture which will allow India to harvest the benefits of identity management without the harms and risks of centralized biometrics.

Sunil Abraham

Sunil Abraham (an Ashoka Fellow) is the executive director of the Centre for Internet and Society (CIS), Bangalore/New Delhi. CIS is a 7 year old policy and academic research organisation that focuses on accessibility, access to knowledge, internet governance and telecommunications. He is also the founder and director of Mahiti, a 17 year old social enterprise that aims to reduce the cost and complexity of ICTs for the voluntary sector by using free software. Starting 2004, for 3 years, Sunil also managed the International Open Source Network, a project of UNDP's APDIP, serving 42 countries in the Asia-Pacific region. Sunil currently serves on the advisory boards of OSF – Information Programme, Mahiti and Samvada.

The talk reflected on several aspects of the Aadhaar project from a technical perspective. First, there is a reflection on biometrics as a unique, identification and authentication technology. Second, there is a critique of open washing by the UIDAI through their adoption of free software and open standards and finally there is an analysis of alternative technical solutions and architecture which will allow India to harvest the benefits of identity management without the harms and risks of centralized biometrics.

Video

For more details visit https://cis-india.org/internet-governance/news/aadhaar-by-numbers

2014 showed the power of Twitter, now every Indian politician wants a handle

praskrishna — 2016-04-20T02:33:00Z

Twitter is fast turning into an effective political tool. As political parties fight another round of electoral battles, a new survey on the 2014 general elections states that those who tweeted well, fared well.

The article by T.V. Jayan, Smitha Verma,Sonia Sarkar and V. Kumara Swamy quoted Sumandro Chattapadhyay. Click to read the original published by Telegraph on April 10.

Clean image? Tick. Right caste? Tick. Money to fund an election? Tick. Good rapport with the top brass? Tick. But no followers on Twitter or other social media sites? Sorry, then you are not going to get a ticket for the Uttar Pradesh Assembly polls next year, says Bharatiya Janata Party president Amit Shah.

There was a time when Twitter was what little old ladies – purportedly – did. Now it’s a veritable tool for politicians. As states go for Assembly elections this summer, politicians and their parties are tweeting like never before.

And perhaps rightly so, for a recently published study of the 2014 general elections indicates that the more you tweet, the brighter are your chances of winning. The BJP’s victory in 2014 – which came riding a social media wave – seems to have spurred other parties on.

Twitter, for those who came in late, is the micro-blogging social site that allows you to post, repost and comment on anything under the sun. These days, Twitter in India is abuzz with electoral comments and speculation.

Hashtags related to state elections have been dominating the site. The four major players in Bengal – the Trinamul Congress (TMC), the Communist Party of India (Marxist), the Congress and the BJP – have been giving updates about rallies, poll plans and issues. In Assam, the 81-year-old Congress chief minister, Tarun Gogoi, has started tweeting, too. His posts are mostly about his achievements and critical reviews of the BJP’s poll promises.

The CPI(M), which launched its Twitter handle only in February 2014, now has more than 20,000 followers, marginally more than the TMC’s approximately 19,500 followers. Party general secretary Sitaram Yechury is a relentless tweeter – posting comments on issues that range from fuel price hikes to drought and foreign policy. Other senior party leaders such as West Bengal state secretary Surya Kanta Mishra and Mohammad Salim in Bengal and Pinarayi Vijayan in Kerala have been giving regular updates of the party’s campaign on Twitter and Facebook.

“Twitter gives political organisations the ability to broadcast information on a worldwide stream (not just their subscribers), join any ongoing debates and discussions and have a two-way interaction with the public during political processes and campaigns,” notes the study – The 2014 Indian elections on Twitter: A comparison of campaign strategies of political parties. The study, conducted by researchers from the department of communications, University of California, Davis, and Nanyang Technological University, Singapore, was recently published online in the journal Telematics and Informatics.

India is the third largest user of Twitter in the world, with an estimated 23.2 million active users, up from 11.5 million in 2013. Market researcher group Emarketer estimates that Twitter will have around 40 million users in India by 2018.

That is a sizable number. No surprise then that political parties are reaching out to voters with the help of social media arms such as Twitter.

“Twitter is an important platform for the Congress to reach out to a certain section but the content has to be important,” agrees Congress leader Sachin Pilot, who joined Twitter in March 2014, but started tweeting actively four months ago. “We joined the medium late but we are using it positively and not to spread exaggerated promises or look at short-term gains,” he says.

Indeed, the Congress has been greatly outpaced by BJP in the race for tweets. According to the University of California study, the BJP posted 80,981 tweets during the 2014 elections, far ahead of any of the other political parties. The Aam Aadmi Party (AAP) came next with 7,980 tweets, followed by the TMC with 3,990 and the Congress with 2,890. The CPI(M) had 402 tweets.

“The 2014 general elections was the first time social media was being used for electoral campaigning in India and hence the disparity in usage between parties,” says Saifuddin Ahmed, the corresponding author of the study. “The next general elections would be a different game as most of the parties would be well-prepared going by the success of BJP’s 2014 social media campaign.”

The study found that the BJP’s Twitter feed dealt with campaign updates (28 per cent) and criticism of other political parties or moves (24 per cent). It also posted the second-highest in proportion and the highest in absolute numbers of self-promotion tweets (19 per cent as against AAP’s 35 per cent).

“We strongly believe that a message is effectively sent across when one has a credible message, a credible messenger and also a credible tool of communication. And Twitter is a credible tool,” asserts Dilip Pandey, AAP’s head of communications.

The study says the BJP often tweeted the words “thank you” while the Congress’s pet phrases included “Gandhi Gandhi” (in a single tweet). AAP used old emotional slogans such as ” Satyamev Jayate” and “Azaadi ladai”.

It concludes that the winning party’s electoral success [in 2014] is significantly associated with its use of Twitter for engaging voters.

“The BJP’s primary purpose was to use Twitter as a broadcasting medium, and they tweeted their party messages as shareable content, such as images, which users could share in their personal networks,” Ahmed points out.

Not surprisingly, others are embracing Twitter. In Maharashtra, the BJP state unit campaigned extensively on social media for Assembly elections – and ended up forming the government in the state.

“A tweet helps in changing mindset and perception. The urban population which never voted for BJP was targeted through Twitter to present the vision of our party,” says Jiten Gajaria, BJP social media head during Maharashtra elections.

Elsewhere, too, political leaders have been jumping on to the Twitter bandwagon. Nitish Kumar joined Twitter in May 2010, but remained almost inactive for most of his second term before springing back to life in 2015 before the elections. More than 95 per cent of his tweets were posted in the election year. There was even a question-answer-session with people on Twitter.

“Nitish ji in a way engaged with the media through his Twitter handle,” Janata Dal (United) spokesperson K.C. Tyagi says. “He would tweet something about the BJP or Modi and that became the talking point. The NDA was asked by the media to respond to the tweet.”

Modi joined Twitter in January 2009, and Kejriwal in 2011 before launching AAP. Among politicians, the two most active tweeters are Shashi Tharoor of the Congress and Derek O’Brien of the TMC. Rahul Gandhi’s first tweet was on May 7, 2015, about beginning a padayatra in Telangana’s Adilabad district.

Though a late entrant, the CPI(M), too, sees advantages of using the medium. “We don’t want to leave any stone unturned during the elections and being on Twitter is a part of the strategy,” says Rajya Sabha member Ritabrata Banerjee. “Although we don’t believe in hiring professionals, as the BJP does to prop itself up on Twitter, we believe people will follow us and listen to what we are saying.”

However, Sumandro Chattopadhyay, research director, Centre for Internet and Society, Bangalore, is sceptical about linking electoral victories to Twitter usage.

“There are many variables such as Internet penetration, media device availability and media exposure. Rich states always perform better in these parameters,” Chattopadhyay says.

Politicians also stress that Twitter is just one of the tools of a campaign. “The social media is one part of a 360-degree electoral strategy. Twitter probably is only 10 degrees of the overall electoral strategy,” O’Brien states.

And not all politicians look at Twitter as the virtual equivalent of traditional campaigns.

“What we see on Twitter is exaggerated hysteria,” says a BJP leader who is also active on Twitter. “Twitter is a double-edged sword. It is an effective tool for putting your message to an expanding and bigger audience. But at the same time, we don’t know if what we are being told is true because we cannot verify the source.”

A member of the CPI(M)’s communications team stresses that traditional modes of campaigning still outrank social media campaigns. “We believe that as far as our connection with the people is concerned, there is no alternative to the traditional way of reaching out to the masses,” he says. “Twitter can only publicise what we do on the ground.”

In the final analysis, does popularity on Twitter translate into votes? Shah seems to believe so – he is not giving away tickets to BJP members if they don’t have enough followers on Twitter or Facebook. But the Twitter-savvy BJP leader, who seeks anonymity, doesn’t agree.

“It could be one of the factors to influence voters. Maybe a fraction of voters form their opinion based on what they see on Twitter. But it is certainly not the most decisive factor,” he says.

Meanwhile, as politicians battle it out, Twitter is making the most of the poll fervour. The site has said it will launch an exclusive emoji for the Tamil Nadu Assembly elections, which will come up on counting day in May. Did we just hear Twitter crow?

– T.V. Jayan, Smitha Verma,Sonia Sarkar and V. Kumara Swamy report.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-april-10-2016-2014-showed-the-power-of-twitter