We are anonymous, we are legion

Mobile India 2016

praskrishna — 2016-01-13T14:26:50Z

COMSNETS in association with Department of Electronics and Information Technology, Digital India, et.al. organized the event in Bangalore from January 5 to 9, 2016. Sunil Abraham participated as a speaker in Session 4: Law, regulation and policy of App Economy.

Mobile India 2016 is one of the first premier events and will be the curtain raiser for the App Economy revolution in the country. It is associated with The Eighth International Conference on COMmunication Systems NETworkS (COMSNETS), the world's premier international conference on networking and communications technology innovation.

Theme: App Economy: Interplay between Telcos and OTTs

The App Economy in India has been jumpstarted by the new age start-ups, commonly referred to as “Over The Top (OTT)” players. Compass (2015) upgraded Bengaluru from #19 to #15 in its Global Start-up Ecosystem Ranking, much to the delight of all of us. The app economy and the traditional economy are overlapping to a greater extent. Apps are being integrated into many traditional activities ranging from grocery shopping to calling a cab, a trend that is rapidly spilling revenue from almost every industry in the higher revenue traditional economy into the app economy. It is expected that the spill-overs are greater in emerging countries such as India where there are substantial inefficiencies in the traditional industries. This has also caught the attention of funding agencies. While more than $4 billion was invested in start-ups in India in 2014, the meter is up to $1.5 billion in Q1 of 2015, indicative of the promise of this sector of the economy.

Simultaneously, the telecom, mobile and Internet infrastructure backbone that is required for the app economy is also gearing up. Nationwide 3G mobile service is available and year 2016 is expected to be the “Year of 4G mobile”. Mobile broadband subscriber base is touching 100 Million and continues to grow at a quarterly growth rate of more than 15%.

Hence the interplay between telcos and OTTs are very important to bolster the app economy. Meanwhile, the “Net Neutrality” debate is also peaking with the world watching our policy steps on this issue closely.

Mobile India 2016 will explore opportunities and challenges of the App Economy and the interplay between Telcos and OTTs in four sessions with all stakeholders in the ecosystem. For more info, click here.

For more details visit https://cis-india.org/internet-governance/news/mobile-india-2016

Mobile education comes to villages

praskrishna — 2011-05-30T05:49:27Z

PEOPLE living in remote villages, trekking many miles to schools and colleges before dropping out, can now look forward to a tech option — mobile education. Education over mobile phones is vital in India, where the literacy rate according to 2011 census is 74.04 per cent, observers note. This article by Shayan Ghosh was published in Mail Today on May 27, 2011.

India has 791 million mobile subscribers according to regulatory body TRAI with a significant share in villages. That is the target group several start- ups and educational institutions are looking at.

Indira Gandhi National Open University ( IGNOU) based in New Delhi, is taking a lead in the matter. “ The technology is pretty new in India and we are planning to implement things like SMS alerts to students and coursespecific databases,” K. R. Srivathsan, pro vice- chancellor, IGNOU, said.

"It will definitely change the scenario of education in rural India," noted Srivathsan.

"All possible components required in a learning cycle including auditory, visual, reading, writing, collaboration, interaction, recording and computing," Amit Zaveri, CEO, EnableM, a company that delivers education through mobile devices, said.

"In rural areas the challenges for delivery of learning content & services are many including physical distances ( to institutes etc.), lack of teachers, no or limited access to standardised & branded content, time & cost constraints, limited capability for peer assessments, lack of skills development facilities for employability," Zaveri added.

Mig33, a Singapore- based mobile social network is hopeful that the mobile revolution could actually mean impart education to all.

"Mobile phones have moved from being phone devices to communication devices. With the advent of 3G, this is going to become bigger and better.

Also tablets are expected to play very effective role in this," Mohit Gundecha, India operations head, Mig33, said.

"With 3G the video clips can help educate, smart apps can help people learn, good sms apps can engage audiences about education concepts. We already see a host of companies coming in to take care of the hardware aspects and digital content to match the need," Gundecha explained.

According to Vikram Nagaich, director and founder, InnovateEdu, on one side, with mobile phones the content the reach of the content could be very wide. However, the efficacy would have to be delivered through extremely innovative and sophisticated content.

"Mobiles can penetrate better as they have things in favour like better battery life and people do not need any training to operate it. This gives it an upper hand over computers," Sunil Abraham, ED, Center for Internet and Society, said.

The Tech Option

Education over mobile phones is vital in India, where the literacy rate according to the 2011 census is 74.04 per cent, observers note.

With a significant share in villages, this is the target group several start- ups and educational institutions are looking at Indira Gandhi National Open University ( IGNOU) based in New Delhi, is taking a lead in the matter.

In rural areas, challenges regarding delivery of learning content & services are many and include physical distances, lack of teachers, limited access to standardised content.

Mobile phones have moved from being phone devices to communication devices. With 3G, this is going to become better.

Read the original story here

For more details visit https://cis-india.org/news/mobile-education-villages

Mobile Broadband: Leveraging for Business Transformation

praskrishna — 2013-01-15T08:40:21Z

Mobile India 2013 is being held at the Chancery Pavillion, Bangalore on 9 January 2013. Sunil Abraham is speaking at this event.

Mobile India 2013 is the one of the first premier conferences and will be the curtain raiser for Mobile Broadband revolution in the country. It is associated with The Fifth International Conference on COMmunication Systems NETworkS (COMSNETS), the world’s premier international conference on networking and communications technology innovation.

Keynote Speeches

Keynote - 1: Prof. Bhaskar Ramamurthi , Director, IIT Madras will deliver the joint keynote speech for COMSNETS 2013 and Mobile India 2013.
Keynote - 2 : Sanjay Nayak , Chief Executive Officer & Managing Director, Tejas Networks. Tejas Networks.

Mobile India 2013 will try to unravel the mysteries in the following sessions.

Session 1: Enterprises on the move

"For a preview, read http://yourstory.in/2012/12/enterprises-on-the-move/ "

Enterprises are exploring ways to leverage the power of smart devices, the cloud, and broadband to be agile, flexible, and productive. The IT managers in organizations are challenged to support variety of devices (viz. BYOD) within the organization, at the same time providing the required organizational security and performance support to the employees. This session will deliberate on the challenges and opportunities of today's networked world for enterprises on the move.

Panelists: Ashvin Vellody , Director - Management Consulting, KPMG India; Dr. K.K. Ramakrishnan , Distinguished Member of the Technical Staff, AT&T Labs Research, USA; Puneet Gupta , AVP and Head of Mobility Research, Infosys SET Labs; Sai Pratyush, Head-Enterprise Products, Tata Teleservices; E. Manikandan , Head-Channels and Alliances, Ramco Systems; Umesh Sachdev , Co-founder and CEO, Uniphore ; Yathish, L, N. , CTO, Huawei Technologies

Moderator: Swami Krishnan , VP and Head-Marketing, Sasken Communication Technologies

Session 2: Massively Open Online Education

"For a preview, read http://yourstory.in/2012/12/massively-open-online-education/ ".

Online and Internet based education has permeated in to schools and colleges today. Massively Open On-line Course (MOOC) initiatives such as National Programme on Technology Enhanced Learning (NPTEL) in India and those by leading institutions such as MIT and Stanford in the US are democratizing education and making it available globally over the Internet. In India, the Government has been an early adopter and both academia and industry have begun taking this initiative further. However, limited access to wired broadband and computers have restricted reach for providing online education. Can the ubiquitous mobile solve this problem?
In this session, experts will deliberate in detail on the opportunities and challenges in providing education through mobile networks and wireless devices. Are these scalable and monetizable? What are the implications for traditional educational methodologies? What are the transformations this will bring to the publishing industry?

Panelists: Dr. Gautam Shroff , VP and Chief Scientist, TCS; Srikanth B. Iyer , COO, Pearson Education Services; Rohit Kumar , MD, Elsevier India; Sunil Abraham, Executive Director, Centre for Internet and Civil Society; Arun Prabhudesai , CTO, myopencourses.com

Moderator: Prof. D. Manjunath , Professor, IIT Bombay

Session 3: Innovation Workshop

In the concluding session of the day, a workshop on mobile innovations will be conducted wherein several start-up firms will show case their unique innovations in the mobile space and share their experiences on ideation, fund mobilization, monetization models, and scale-up for sustainability.

Panelists: MintM ( Sachin Garg , Founder); Robots Alive ( Abheek Bose , Founder); Twaang
( Vishnu Raned , Founder); JanaCare , ( Sidhant Jena , Co-founder), AstralPad (Rahul Singh)
Moderator: Madanmohan Rao , Director-Research, Yourstory.in

Event Chairs

Dr. V. Sridhar (sridhar.varadharajan@sasken.com), Sasken Communication Technologies, India
S.R. Raja (rajaraghavan.setlur@sasken.com)

Register here for Mobile India 2013

For more details visit https://cis-india.org/news/mobile-india-2013

MLATs and the proposed Amendments to the US Electronic Communications Privacy Act

Vipul Kharbanda and Elonnai Hickok — 2016-12-28T01:09:34Z

In continuance of our blog post on mutual legal assistance treaties (MLATs), we examine a new approach to international bilateral cooperation being suggested in the United States, by creating a mechanism for certain foreign governments to directly approach the data controllers.

Published under Creative Commons License CC BY-SA. Anyone can distribute, remix, tweak, and build upon this document, even for commercial purposes, as long as they credit the creator of this document and license their new creations under the terms identical to the license governing this document.

In the previous article on MLATs we discussed, in some detail, what MLATs are and why they are needed. One area which was briefly focused upon in that article was the limitations and criticisms of the MLAT mechanism, of which one of the main criticisms being the problems caused due to different legal standards in various jurisdictions as well as the time taken to process a request for information sent from one country to another. Talking specifically about the United States, where most internet companies are headquartered and hold large amounts of data, it typically takes months to process requests under MLATs and foreign governments often struggle to comprehend and comply with the legal standards in the United States for obtaining data for use in their investigations.[1] The requirement that a foreign government should take permission from, and comply with the requirements of a foreign government simply because the data needed happens to be controlled by a service provider based in a foreign country strikes many foreign law enforcement officials as damaging to security and law enforcement efforts, especially when they are requesting data pertaining to a crime between two of their own citizens that primarily took place on their soil.[2]

These inefficiencies of the MLAT process lead to further problems of foreign governments attempting to apply their search and surveillance laws in an extraterritorial manner for example in 2014 the UK passed the Data Retention and Investigatory Powers Act, 2014 with gives the government the power to directly access data from foreign service providers if sought for specific purposes and the request is approved by the Secretary of State or other specified executive branch official.[3] Another response that may occur is if, frustrated by such inefficiencies of the existing systems, courts in foreign states start assuming extra territorial jurisdiction, as happened when a District Court in Vishakhapatnam restrained Google from complying with a subpoena issued by the Superior Court of California, ordering Google to share the password of the Gmail account belonging to an Indian citizen residing in Vishakhapatnam.[4]

Solution proposed in the United States

In order to overcome these inefficiencies, at least in the American context, the Department of Justice has proposed a legislation which seeks to make the process of foreign governments getting information from US based entities more streamlined by amending the provisions of the Electronic Communications Privacy Act (ECPA) of the United States (the “Amendment”). These amendments have been proposed primarily for the US and UK to effectuate a proposed bilateral agreement whereby the UK government will be able to approach US companies directly with requests for information without going through the MLAT process or getting an order from a US court.

The Amendment seeks to ensure that requests from foreign governments for information from US entities get answered in a smooth manner by including those requests in the process for seeking information under the ECPA itself. This move would no doubt, make it easier for foreign governments to access data in the US, but such a move can be criticized on the ground that it would then allow all states, irrespective of their legal standards of privacy, etc. to get access to such information. This problem has been overcome in the amendment by adding a new section to Title 18 which would allow the Attorney General, with the concurrence of the Secretary of State to certify to the Congress that the legal standards in the contracting state which is being given access to the mechanism under the ECPA satisfies certain requirements specified in the chapter (and discussed below). Only after such a certification has been received by the Congress, a contracting state would be able to receive the benefits sought to be granted under the Amendment.

It is important to note that the US administration is looking to use the US-UK Agreement as a standard to be followed for similar potential agreements with a number of other countries wherein the agencies in those countries could request information from US based entities through court orders through a properly specified legal framework. Though to our knowledge India has not been formally approached by the US government to enter into such an agreement, it is important to ask the question viz. if approached:

Does India's present legal system meet the standards laid down in the amendment to the ECPA?
And if they do, should India also seek to enter into such an Agreement with the United States?
And if India does, what could be the implications for citizens and for countries in a similar position as India?

We hope to be able to answer the above three questions, or at least throw some light on them, in the conclusion of this paper by relying upon the discussions contained herein.

Criticisms of the Amendment

While such a mechanism may be very effective in addressing the needs of security agencies in investigation and prevention of criminal activities, one cannot accept such an overarching change in cross border enforcement without analyzing the consequences that such a proposal will have on the right to privacy. Some of these consequences have been highlighted by experts responding to the amendment:

Lack of Judicial Authorisation: The Amendment requires that the foreign governments have a process whereby a person could seek post-disclosure review by an independent entity instead of a warrant by a court.[5] Although a court order is not the norm for interception even in Indian law, however under American law such protection is given to data held by American companies even though the data may belong to Indian citizens and this protection will no longer be available if the Amendment is passed.

Vague Standard for requests: Under the domestic law of any state there is usually a large amount of jurisprudence regarding when search orders can be issued, such as the “probable cause” standard that is followed in the United States or similar standards that may be followed in other jurisdictions. This ensures that even when the wording of the law is not precise, which it cannot be for such a subjective issue, there is still some amount of clarity around when and under what circumstances such warrants may be issued. In contrast, the Amendment requires that the orders be based on “requirements for a reasonable justification based on articulable and credible facts, particularity, legality, and severity regarding the conduct under investigation.” Although the language here may seem reasonable but in the absence of any jurisprudence backing it, it becomes very vague and susceptible to misuse. Disclosure without a Warrant: Under the current MLAT process as followed in the United States, a judge in the U.S. must issue a warrant based on probable cause in order for a U.S. company to turn over content to a foreign government. This requirement protects individuals abroad by requiring their governments to meet certain standards when seeking information held by U.S. companies. The Amendment seeks to remove this essential safeguard for a judicial warrant. The Amendment does not require requests from foreign governments to be based on a prior judicial authorization, since a large number of countries (including India) do not always require judicial orders for such orders.[6]

Allows Real Time Surveillance by Foreign Governments: American privacy rights activists have raised the concern that the Amendment would allow foreign governments to conduct ongoing surveillance by asking American companies to turn over data in real time. The requirements that the foreign governments would have to fulfill to execute such an order are less stringent than those which have to be fulfilled by the American security agencies if they want to indulge in similar activities. When the U.S. government wants to conduct real-time surveillance, it must comply with the Wiretap Act, which imposes heightened privacy protections.[7] The court orders for this purpose also require minimization of irrelevant information, are strictly time-limited, only available for certain serious crimes, etc.[8] In Indian law any such request, apart from being time limited and being available only for certain specified purposes, also has to satisfy that interception is the only reasonable option to acquire such information.

Process to determine which countries can make demands is not credible: Under the Amendment, the Attorney General and the Secretary of State, would decide whether the laws and practices of the foreign government adequately meet the standards set forth in the legislation for entering into a bilateral agreement. Their decisions would not be liable to be reviewed by a court or in any administrative procedure. They could make their determinations based on information which is not available to the public and the criteria for making the decision are vague and flexible. Further these criteria have been described as “factors” and not “requirements”[9] so that even if some of them are not satisfied, the certification process can still be completed.

Companies do not have the resources to determine if a request complies with the terms of the agreement: The Amendment does not provide any oversight to ensure that technology companies are only turning over information permitted in a specific bilateral agreement. For example, a bilateral agreement may permit disclosure of information only in response to orders that do not discriminate on the basis of religion, however, it may not be possible for the companies receiving the request to determine whether a particular request complies with that condition or not. The Amendment does not require that individual companies put in place requisite processes to weed out requests that may be non compliant with the provisions of the agreement; nor are there periodic audits to ensure that companies are properly responding to foreign government information requests.[10]

Non compliance with Human Rights Standards: Under international human rights law, governments are allowed to conduct surveillance only based on individualized and sufficient suspicion; authorized by an independent and impartial decision-maker; necessary and proportionate to achieve a legitimate aim, including by being the least intrusive means possible.[11] However the mechanism proposed by the Amendment falls woefully short of these standards.[12]

One must not lose sight of the fact that most of the criticisms of the proposal that have been discussed above have been made in the context of, and based on the standards of privacy protection that are available to American citizens. If we look at it from an Indian perspective most of those protections are not available to Indian citizens in any case since independent judicial oversight is not a sine qua non for access to information by the security agencies in India. Although the Amendment leaves open the question of how a request would be made by the foreign government to the individual Agreements, it may be safe to assume that were India to enter into such an Agreement with the United States, it would require the orders for access to comply with the standards laid down under Indian law before the relevant authorities send the request to the US based data controllers. At the least, this would ensure that the rights of Indian citizens currently guaranteed under Indian law, howsoever flawed they might be, would in all likelihood be safeguarded as per Indian law.

Certification from the Attorney General to the US Congress

In the above background if India were to enter into the agreement with the U.S Government apart from actually negotiating and signing that Agreement, the Indian government will also have to ensure (if the Amendment is passed) that the Attorney General of the United States, with the concurrence of the Secretary of State gives a certificate to the Congress that Indian law satisfies the requirements set forth in the proposed section XXXX of Title 18.

It must be kept in mind that if the negotiations between India and the United States in this regard reach such a mature stage that the certification from the Attorney General is required, then that would mean that there is enough political will on both sides to ensure that such an arrangement actually comes to fruition. In this context it would not be unfair to assume that the Attorney General may have a slight bias towards opining that Indian laws do conform to the requirements of the Amendment, as the Attorney General would want to support the decision taken by the administration, and our analysis shall have a similar bias in order to be more contextual.

The certification would, inter alia, contain the determination of the Attorney General:

That the domestic law of India affords robust substantive and procedural protections for privacy and civil liberties in light of the data collection and activities of the Indian government that will be subject to the agreement.It should be noted that the Amendment specifies various factors that should be taken into account to reach such a determination, which include whether the Indian government:

(i) has adequate substantive and procedural laws on cybercrime and electronic evidence, as demonstrated through accession to the Budapest Convention on Cybercrime, or through domestic laws that are consistent with definitions and the requirements set forth in Chapters I and II of that Convention; Although India is not a signatory to the Budapest Convention the Information Technology Act, 2000 (which is the main legislation dealing with cybercrime) has penal provisions which have borrowed heavily from the provisions of the Budapest Convention.

demonstrates respect for the rule of law and principles of nondiscrimination;

The provisions of Article 14 as well as Article 21 of the Constitution of India demonstrates that the legal regime in India is committed to the rule of law and principles of non discrimination.

adheres to applicable international human rights obligations and commitments or demonstrates respect for international universal human rights (including but not limited to protection from arbitrary and unlawful interference with privacy; fair trial rights; freedoms of expression, association and peaceful assembly; prohibitions on arbitrary arrest and detention; and prohibitions against torture and cruel, inhuman, or degrading treatment or punishment);

India is a signatory to a number of international human rights conventions and treaties, it has acceded to the International Covenant on Civil and Political Rights (ICCPR), 1966, International Covenant on Economic, Social and Cultural Rights (ICESCR), 1966, ratified the International Convention on the Elimination of All Forms of Racial Discrimination (ICERD), 1965, with certain reservations, signed the Convention on the Elimination of All Forms of Discrimination against Women (CEDAW), 1979 with certain reservations, Convention on the Rights of the Child (CRC), 1989 and signed the Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment (CAT), 1984. Further the right to life guaranteed under Article 21 of the Constitution takes within its fold a number of human rights such as the right to privacy. Freedom of expression, right to fair trial, freedom of assembly, right against arbitrary arrest and detention are all fundamental rights guaranteed under the Constitution of India.

has clear legal mandates and procedures governing those entities of the foreign government that are authorized to seek data under the executive agreement, including procedures through which those authorities collect, retain, use, and share data, and effective of oversight of these activities;

India has a number of legislations which govern the interception and request for information such as the Information Technology Act, 2000, the Indian Telegraph Act, 1885, Code of Criminal Procedure, 1973, etc. which put in place mechanisms governing the authorities and entities which can ask for information.

has sufficient mechanisms to provide accountability and appropriate transparency regarding the government’s collection and use of electronic data; and

The Right to Information Act, 2005 provides the citizens the right to access any public document unless access to the same is prohibited due to the specific exemptions provided in the Act. It may be noted here that the provisions of the Right to Information Act are often frustrated by the bureaucracy by using exceptions such as “national security”, but for the purposes of this write up we are already assuming a bias towards fulfillment of these factors/conditions and therefore as long as there is even some evidence of compliance, the conditions will be considered as fulfilled by the Attorney General for the purposes of his certificate.

demonstrates a commitment to promote and protect the global free flow of information and the open, distributed, and interconnected nature of the Internet.

The Telecom Regulatory Authority of India, which regulates telecom services in India has also issued the Prohibition of Discriminatory Tariffs for Data Services Regulations, 2016 which prohibits service providers from charging discriminatory tariffs for data services on the basis of content.

Other than Indian law, the certificate from the Attorney General will also have to certify certain issues which would have to be addressed in the bilateral agreement itself, viz.:

That the Indian government has adopted appropriate procedures to minimize the acquisition, retention, and dissemination of information concerning United States persons subject to the agreement.
That the agreement requires the following with respect to orders subject to the agreement:

(i) The Indian government may not intentionally target a United States person or a person located in the United States, and must adopt targeting procedures designed to meet this requirement;

(ii) The Indian government may not target a non–United States person located outside the United States if the purpose is to obtain information concerning a United States person or a person located in the United States;

(iii) The Indian government may not issue an order at the request of or to obtain information to provide to the United States government or a third-party government, nor shall the Indian government be required to share any information produced with the United States government or a third-party government;

(iv) Orders issued by the Indian government must be for the purpose of obtaining information relating to the prevention, detection, investigation, or prosecution of serious crime, including terrorism;

(v) Orders issued by the Indian government must identify a specific person, account, address, or personal device, or any other specific identifier as the object of the Order;

(vi) Orders issued by the Indian government must be in compliance with the domestic laws of India, and any obligation for a provider of an electronic communications service or a remote computing service to produce data shall derive solely from Indian law;

(vii) Orders issued by the Indian government must be based on requirements for a reasonable justification based on articulable and credible facts, particularity, legality, and severity regarding the conduct under investigation;

(viii) Orders issued by the Indian government must be subject to review or oversight by a court, judge, magistrate, or other independent authority;

(ix) Orders issued by the Indian government for the interception of wire or electronic communications, and any extensions thereof, must be for a fixed, limited duration; interception may last no longer than is reasonably necessary to accomplish the approved purposes of the order; and orders may only be issued where that same information could not reasonably be obtained by another less intrusive method;

(x) Orders issued by the Indian government may not be used to infringe freedom of speech;

(xi) The Indian government must promptly review all material collected pursuant to the agreement and store any unreviewed communications on a secure system accessible only to those trained in applicable procedures;

(xii) The Indian government must segregate, seal, or delete, and not disseminate material found not to be information that is, or is necessary to understand or assess the importance of information that is, relevant to the prevention, detection, investigation, or prosecution of serious crime, including terrorism, or necessary to protect against a threat of death or seriously bodily harm to any person;

(xiii) The Indian government may not disseminate the content of a communication of a U.S. person to U.S. authorities unless the communication (a) may be disseminated pursuant to Section 4(a)(3)(xii) and (b) relates to significant harm, or the threat thereof, to the United States or U.S. persons, including but not limited to crimes involving national security such as terrorism, significant violent crime, child exploitation, transnational organized crime, or significant financial fraud;

(xiv) The Indian government must afford reciprocal rights of data access to the United States government;

(xv) The Indian government must agree to periodic review of its compliance with the terms of the agreement by the United States government; and

(xvi) The United States government must reserve the right to render the agreement inapplicable as to any order for which it concludes the agreement may not properly be invoked.

Conclusion

It is clear from the discussion above that the proposed Amendment is a controversial piece of legislation which will affect the way law enforcement is carried out in the internet. While there is no doubt that proposing an alternate mechanism to the existing inefficient MLAT structure is definitely the need of the hour, whether the mechanism proposed in the proposed Amendment, with all the negative implications on privacy, is the right way forward is far from certain.

As for the three questions that we had sought out to answer in the beginning of this paper, we would not like to say that Indian law definitely conforms to all the requirements listed in the Amendments, but it can safely be said that it appears that if the governments of India and the United States so wish, it would not be difficult for the Attorney General of the United States to be able to give a certification to the Congress as required in the proposed Amendment.

The other two questions as to whether India should try to opt for such an arrangement if given a chance and what would be the consequence for its people are somewhat related, in the sense that it is only by examining the consequences on its citizens that we will arrive at an answer as to whether India should opt for such an arrangement or not. The level of protections offered to Indian citizens under India law in terms of protection of their private data from government surveillance is lower than that which is offered to American citizens under American law. The growing influence of the internet is changing the citizen-state dynamic giving rise to increasing incidents where the government has to approach private actors for permission in order to carry out their governmental functions of providing security. This is because more and more private data of individual citizens is being uploaded on to the internet and controlled by private actors such as telecom companies, social media sites, etc. and the governments have to approach these private actors in case they want access to this information. The fact that the government has to approach private actors to get access to data gives private citizens some leverage to ask for better privacy protections in the context of state surveillance.

Although this proposed Amendment may not affect the local surveillance laws in India, however it would definitely have an effect on the way that citizens’ data is protected and accessed by the government.

[1] Explanation by the Assistant Attorney General attached to the proposed Amendment.

[2] https://www.justsecurity.org/24145/u-s-u-k-data-sharing-treaty/

[3] https://www.justsecurity.org/24145/u-s-u-k-data-sharing-treaty/

[4] http://spicyip.com/2012/04/clash-of-courts-indian-district-court.html

[5] https://www.justsecurity.org/32529/foreign-governments-tech-companies-data-response-jennifer-daskal-andrew-woods/

[6] https://www.aclu.org/letter/aclu-amnesty-international-usa-and-hrw-letter-opposing-doj-proposal-cross-border-data-sharing

[7] https://www.aclu.org/letter/aclu-amnesty-international-usa-and-hrw-letter-opposing-doj-proposal-cross-border-data-sharing

[8] https://www.justsecurity.org/32529/foreign-governments-tech-companies-data-response-jennifer-daskal-andrew-woods/

[9] https://www.justsecurity.org/32529/foreign-governments-tech-companies-data-response-jennifer-daskal-andrew-woods/

[10] https://www.aclu.org/letter/aclu-amnesty-international-usa-and-hrw-letter-opposing-doj-proposal-cross-border-data-sharing

[11] International Covenant on Civil and Political Rights, art. 17, Dec. 19, 1966, U.N.T.S 999, cf. https://www.aclu.org/letter/aclu-amnesty-international-usa-and-hrw-letter-opposing-doj-proposal-cross-border-data-sharing

[12] https://www.aclu.org/letter/aclu-amnesty-international-usa-and-hrw-letter-opposing-doj-proposal-cross-border-data-sharing

For more details visit https://cis-india.org/internet-governance/blog/mlats-and-the-proposed-amendments-to-the-us-electronic-communications-privacy-act

Mixed signals? Supreme Court notices to states on Facebook arrests

praskrishna — 2013-08-28T08:42:56Z

In wake of the recent arrests of UP-based scholar Kanwal Bharti and Andhra-based PUCL activist Jaya Vindhyala over their Facebook posts, NDTV aired a discussion on the grey areas of the IT Act. Pranesh Prakash, Shreya Singhal and Faizal Farooqui

The video was published by NDTV on August 16, 2013. Pranesh Prakash is quoted.

The NDTV anchor asked Pranesh that this notice — the indicator coming from the government is that nobody seems to really know what section 66A is all about...and at the end of the day we are going to make a case by case decision.

Pranesh said that:

"This not just about 66A. This is actually about rule of law. We see that the arrest of Kanwal Bharti is actually a legal arrest. It goes against a judgment of the Allahabad High Court saying that routine arrests shouldn't be made in cases where the imprisonment term is less than 7 years. He actually hasn't been charged under 66A, he was charged under the IPC. It is not just about Internet censorship. It also very much about the rule of law and that completely breaking down in India and ... people's persectives and government's perspectives many times are withering away when it comes offensive content or what they deem offensive or communal content being posted online...and if something like what Kanwal Bharti posted is actually deemed to be illegal under those provisions then lots of statements that the Prime Minister of India has said should also be deemed to be equally illegal."

Watch the full video below:

For more details visit https://cis-india.org/news/ndtv-the-social-network-mixed-signals-supreme-court-notices-to-states-on-facebook-arrests

Ministry of Health's public consultation on National Digital Health Blueprint: Legal issues around telemedicine, consent, and 'egosystems' in healthcare Trisha Jalan

Trisha Jalan — 2019-08-09T14:05:14Z

“The patient should be centric to every intervention,” declared Preeti Sudan, special secretary at the Ministry of Health, at the ministry’s public consultation on the National Digital Health Blueprint 2019, held at the Constitution Club of India in New Delhi on August 6.

The article by Trisha Jalan was published by Medianama on August 8, 2019. Aayush Rathi was quoted.

The venue was packed with representatives from the government, major hospitals chains, health start-ups, associations, and civil society organisations. The blueprint — which is an evolved document of the National Health Stack 2018 (NHS) — was put in the public domain on July 15, and comments were closed on August 4. After holding consultation on the NHS, the ministry formed a committee under the chairmanship of former UIDAI head and former MeitY secretary J. Satyanarayana to create an implementation document for the NHS.

Health is a complex and interwoven subject, and deals with people’s lives, said Sudan. “The patient should be centric to every intervention,” she said. Clearly stated during the discussion was that private sector participation is important and necessary. Sudan opened the consultation by mentioning that the ministry is in the process of forming the e-pharmacy rules, “we’ve had extensive consultations on it”:

“There are issues which require assistance from all of you. We don’t have e-prescriptions on a large scale, you can’t expect government to lead e-prescriptions, we have hospitals all the country. So what can industry do, to make this application cheap and user-friendly, and have it across the system so epharmacy actually becomes possible. E-precriptions have been the norm wherever e-pharmacies have been successful.”

J. Satyanarayana, chairman of the committee (also a former UIDAI chair), wasn’t present at the consultation. Here’s a list of representatives from the government present at the consultation, some of whom were also members of the committee:

Preeti Sudan, Secretary, Ministry of Health
Sanjeeva Kumar, Special Secretary, Ministry of Health
Lav Agrawal, Joint Secretary, Ministry of Health
Gaur Sunder, Centre for Development of Advanced Computing, Pune
Sunil Kumar, National e-Governance Division
J Rama Krishna Rao, CEO, National Institute for Smart Governance
Pallab Saha, chief architect, The Open Group

(A non-exhaustive list of stakeholders present at the consultation is available at the end of the article.)

Electronic Health Records (EHR)

Non-financial incentives for adoption of EHR: “What are the incentives that could really make for early adoption for various players? There are many different approaches that it can happen to incentivize each and every player, for example, maybe let’s build a national license for actionable guidelines, define it, and set standards for that, like the government has done for SNOMED CT,” Krish Dutta from Relx Group said.

“US has shown us that throwing money at the problem doesn’t solve it,” Dutta said. “It’s the the largest investment healthcare, but there are still problems.”
One small step [we could do] would be how do you get doctors or hospitals to adopt EHR — for example, [requiring that] a copy or electronic subset of the EHR should be immediately recorded, and payments and reimbursements are made on the basis of this. “Maybe that’s can be the only document that you send to the insurer,” Dutta said.

Patient agency in ensuring EHR: Talking about his experience of working in hospitals in the US, Dr Surajit Nandy, CEO of Raxa Health, asked “What power will the citizens have to ensure that their data is pushed to the NHS? When the citizen accesses a health service, they don’t have the power to ensure that their health records are digitised and centralised, he said.

“Having practiced in the US, we often had many problems getting the data from other medical institutes — even with interoperability and other laws on the books — and this had catastrophic consequences. At Massachusetts General, we had to ensure that your data was pushed to the digital records within 24 hours of seeing the patient.” — Dr Surajit Nandy

Data privacy: legal issues, absence of Data Protection Law, and use of Aadhaar

Multiple stakeholders raised the point that Personal Data Protection Bill is still in the works, and that the blueprint, in the current form, is designed amidst the absence of a law dealing with data protection and citizen privacy.

According to Dr Vivek Gupta of AIIMS, the data privacy law is a (or should be a) mandatory prerequisite before this regulation comes into place.
According to another doctor, who has been at AIIMS and also been an IAS officer, if DISHA and/or PDP Bill don’t come into effect, then the patient won’t be established as the owner of the data, this is especially important given that legal issues have not been integrated into the NDHB document.

“We need to think through the question of data ownership, and what implications it has for things already in the NDHB, but may not be viable, said Ayush Rathi from Centre for Internet & Society. “One of the things is the de-identification of anonymised data, the PDP bill (in its current form, already criminalizes this without the consent of the data fiduciary.”

Talking about consent, he said, the NDHB does a lot in terms of seeking consent, “but a crucial component of consent is already the ease with which it can be withdrawn. It’s unclear how deletion or right to be forgotten can be included in the NDHB, a critical principle of how the PDP Bill was built. And this can deal with not just how your entire health record can be deleted, but also how specific parts of it can be deleted.” He said there has a very “solid legal assessment of the NDHB”, with what the PDP will prospectively look at.

The use of Aadhaar

The NDHB document suggests the use of Aadhaar as a possible Personal Health Identifier, since it “assures uniqueness of identity” and provides an online mechanism for authentication. Although the document defers the final decision and says that Ministry of Health may decide this in consultation of MeitY and UIDAI (FYI, the committee which drafted this blueprint was chaired a former chairman of the UIDAI), it will be no surprise if Aadhaar is indeed a preferred PHI, given its mission creep.

The only stakeholder to raise issues around Aadhaar was Aditi Chaturvedi from Software Freedom Law Centre (SFLC). “The ministry should provide clarity on the use of Aadhaar, the system links very sensitive personal data with public and private, while the Act permits the use of Aadhaar only in some ccases, we aren’t able to understand where the line will stop,” she said.

Data collection and gathering, and data disclosure

Dr Vivek Gupta from AIIMS said that there needs to be clarity on whether data is going to be collected at both IPD and OPD. 5 out of the 8 mandatory data elements in Table 3.3 (see below) of the document deal with clinical data to be collected at the time of doc-patient interaction. “There are very broad terms and encompasses the entire encounter — history, observations, complaints etc. In a high load set-up such as AIIMS, where the average interaction time is very less, how does this [kind of] data gathering work out?” “Again, data is collected also for design purposes and not just for clinical purposes. Is all this data or only a part of it also supposed to flow into a central repository, only a part of it?”

Aditi Chaturvedi from SFLC, said the its concerning that we don’t know the amount of patient data that will be disclosed to private players in the system, such as insurers, pharmacies, and hospitals, among others.

Use of telemedicine and lack of legal framework around it

Telemedicine is one of the answers to the skewed doctor-patient ratio, and two areas of telemedicine need a little more stress in the document, according to Dr Karanvir Singh, Chief Medical Information Officer at Apollo Hospitals. One is the business model, a large number of organisations which started telemedicine projects have gone down because their business model doesn’t address their local concerns.

“They’re treating or giving consultation to patients in different parts of India, but the income — it does come down to income — is actually not coming to them. Because if a patient comes in via telemedicine, the consult is supposed to be free.” — Dr Karanvir Singh

Legal framework and issues surrounding telemedicine

Dr. Singh flagged another issue — the legality of telemedicine consults, whether it is telemedicine or via WhatsApp. “Karnataka has made it illegal,” he said, “so it’s an area that needs to be addressed.” Preeti Sudan, Union Health Secretary, agreed that there are ethical issues surrounding telemedicine.

She explained that the ministry had asked if the Medical Council of India (MCI) could act on it. The body, however, has been dissolved with the passage of the National Medical Commission Bill, 2019 (which has been passed in both houses of Parliament). For context, once the NMC Bill becomes an Act, it will replace the MCI as the regulatory body for medical colleges and institutions in the country.
“We need actually need some kind of policy document or legal framework as to the extent of telemedicine we can do,” said Sudan.

Sudan also pointed out that there isn’t yet a data privacy law in India, the Srikrishna Report is under consideration, and “we are eagerly awaiting it”. Elaborating on the government’s work in telemedicine, she said the ministry is forming an e-learning network in medical colleges. Teleradiology works very well in government, because because you will have that X-ray know in front of you and the doctor [can consult].

“Then there are legal issues around teleconsultation. Is there a country with a legal framework for telemedicine?” — Preeti Sudan

Colonel (Retd) Dr Ashvini Goel, vice-president of the Telemedicine Society of India, pointed out that Texas had passed its own Telemedicine Act. The society had presented a white paper on a proposed Tele-health Act to the NITI Aayog, but hasn’t heard anything on it, he said.

Tele-monitoring as a form of tele-health

Although questions were being raised about the legal issues surrounding telemedicine, Dr. Monica Thomas, a neurologist at Holy Family Hospital, pointed out that a variation of tele-health is tele-mentoring, which the hospital has been doing through extension of community health care outcomes started by Indian origin hematologist Dr Sanjeev Arora.

Tele-mentoring, she explained, takes away the risks of advising the patient directly, since “you are advising the community physician who takes care of the patient. And I would suggest that that should be multiplied much more.”
Sudan once again pointed out that tele-mentoring has indeed worked, and the government is using Dr Arora’s platform on a large scale. “The question raised that if we’re going for tele-medicine, the legal liabilities need to be defined. Only Texas has a law now.”

“We are using this echo platform of Sanjeev Arora on a very large scale now. And you’re right, this tele mentoring has worked. And we do use this platform. And it’s a good thing. But you know, I understand that and it’s being used in US also.We are extending it to our TV also now. We have a Digital Academy for Mental Health in NIMHANS. The question raised that if we’re going for telemedicine, the legal liabilities need to be defined. Only Texas has a law now.” — Preeti Sudan

‘Patient consent is paramount’, illiterate patients, and consent frameworks

The document says that data will not be available to any care provider without explicit consent of the patient, Dr Karanvir Singh from Apollo Hospitals reminded everyone. But, he said, “we have a large number of illiterate patients, patients can be unconscious, or can be children.”

There are two solutions for this:
1. All data becomes available to the current care provider, as long as it is not explicitly marked as confidential by the patient. This is the less preferable option.
2. Break the ceiling, break the glass: So a patient is brought in unconscious, there should be a mechanism defined by which the doctors in the casualty or emergency can access the data even if it’s not explicit consent by the patient.

“The issues of consent is paramount,” said Anuvinda Varkey from Christian Coalition for Health. “We should have some kind of communication measures to the public about what consent means. And in case the patient has no identifier like Aadhaar, it should be mandatory to give them care.”

EHR standards need more clarity

Aditi Chaturvedi from SFLC said that the document provides MeitY’s electronic consent framework guidelines, and the EHR standards in another section. “Although the [EHR] standards are backed by law, they’re not very clear, they lack of lot of comprehensive consent requirements present under the MeitY’s consent framwork.”

“It’ll good to learn from the data breaches happening despite there being HIPAA in the US. It’s interesting to note how the US is highlighted difficulty patients have in accessing data.” — Aditi Chaturvedi

Consent from illiterate patients, doctors wary of technologies

An audience member, who identified himself as Raghuram from the life sciences and healthcare practices at NASSCOM, said that there’s need for clarity on [obtaining] consent from illiterate citizens.

Speaking about standards, he queried if India can make an ICD-10 similar to the SNOMED standards, for which India already has a license. The standards can be adopted and the government can release it to all the techology houses, he suggested. “Or maybe India is a large enough country to have its own standards,” he said.
He also said that many of the doctors they [NASSCOM] spoke to were wary of using digital technologies for diagnostics, and so there should be some representation on the legal aspects of using digital technologies.

“The document talks about creating various registries and directories, but do we know the digital landscape of our country?” asked Antony Vipin Das, an eye surgeon at LV Prasad Eye Institute, which has been working with Microsoft India on a AI model for diagnostics. “While we’re listing registries, we need to understand where we stand at the govt and private sector,” he said. Sundar agreed that states are at various levels of development in health.

Standardisation and interoperability

“The decision support system should not be in silos, but should be interoperable.” according to Dr Prashant Mathur, director of ICMR’s National Centre for Disease Informatics and Research (NCRID) in Bangalore, which also runs the National Cancer Registry programme. “There’s a little ambiguity between repositories and registries. In the cancer registry, besides collecting incidence and trend data, we also study patterns of disease and survival studies for cancer, we have been publishing data for in breast, oral, cervical cancer.” This, he says, needs repeated contacts, information, and follow-up treatment, “does the document have clarity on whether all these events should be taken in longitudinally?” he asked.

Ministry of Health representatives also emphasisized on the need and benefits of interoperability. In cool sarkaari parlance, they said, currently the health sector has ‘egosystems‘ and not ‘ecosystems’, meaning all existing systems are siloed and don’t speak with one another, and that it’s important to do that. Stakeholders present in the meeting said. “There are already existing systems and programmes in place, so how do we knit the entire system together?” asked Sudan.

Other issues raised around standards and interoperability:

Ayush Rathi, from Centre for Internet and Society, said that the terms ‘open standards’ and ‘interoperability’ are being used as synonyms. “Open standards may be instituted but they may not be interoperable themselves.” he said.
Abhijeet, sale enablement leader at Philips, said interoperability is a low-hanging fruit, and the benefits can be seen easily and instantly. He also said the action plan is “quite” aggresive, and more specifities and details need to made visible.
Sudeep Dey, Associate VP for IT operations for India for Fortis Healthcare, said data retention has been a challenge. “We have e-precription shops coming up as mom-and-pop stores. A lot of data is getting generated, we need some kind of standards, so everyone can access the system. Fortis gets 20 requests everyday that we have a new e-prescription solution.”

Private sector setting standards?

“One of the major roles of the government will be setting standards,” said Krish Dutta of Relx Group. “Private sector can come up with solutions, but they will not be able to agree on it, because we will all have different opinions. But standard setting is very important, and should be a goal in all domains of digital health.”

Dealing with EHR standards in primary hospitals:

Talking about EHR standards in primary care hospitals, Dr Rajesh Kumar, a dean at PGI-MER, Chandigarh, said most standards like SNOMED are for tertiary care hospitals, but there are many primary care hospitals, which don’t need many elaborate standards. “So can the government some open standards for primary care centres and hospitals, which is not very demanding on softwares.”

“Secondly, we have lot of silos, can we begin within the Health Ministry where APIs can be shared to make existing softwares interoperable. Once this platform starts working, there will be great need for storage space. Our data centre is totally full, we’re looking forward to if the government can bring in guidilines for data storage?” — Dr Rajesh Kumar

To the above query, Preeti Sudan said the guidelines are available, and cloud storage can be bought on GeM platform.

We should draw inspiration from UPI, ecocystem should be ‘rich’, with private and public players:Reliance Jio

Also present in the consultation was a representative from Reliance Jio, Ganesh Kathirasen, VP for digital healthcare. He said the NDHB should be a “rich ecosystem” with both private and public players. The talk of federated architecture shouln’t be limited to just the states, but should include any provider of healthcare data and system in the country.

“People can largely be put in two buckets, providers like hospitals and clinics or consumers who are patients. Both stakeholders should be able to choose any application to enter the system, as long as the software or app adheres to certian minimum regulations by the ministry.”
He said “we can all draw inspiration from UPI, and how its been implemented”. It created a level playing field and its important to mirror something similar in the digital health domain, he said.

Issues surrounding Outcome measures in blueprint

Talking about the outcomes measures defined in the document, Dr Karanvir Singh of Apollo Hospitals, said the outcome measures aren’t clearly defined – and they will be ultimately used to make KPIs. He suggested that the outcome measures be laid out at three levels — ecosystem level, platform, and another level that we didn’t catch.

“For instance, on the ecosystem level, one KPI could the percentage of patients who have managed have a longitudinal record pulled in from various places. Another could be the percentage of doctors who are able to access this longitudinal record. The current KPIs aren’t covering all the three areas, which we can ensure by breaking them up.” — Dr Karanvir Singh

He laid out another two outcomes measures, which according to him, are flawed. “Firstly, that the test is not to be repeated,” referring to the requirement that a patient should be tested “ONCE ONLY”. “But clinically, there are many reasons for repeating a test. So rather than saying once only, which is in caps in the document, it should be to minimize duplications.”

Another outcome measure is that the patient should be treated only at one at one point of care. Based on the capacity and capability of hospitals, patients do get referred from one place to the other. If these are the KPIs, we’re going to get wrong values that the system has failed when it actually hasn’t failed.

Artificial intelligence is brought up

There wasn’t much representation or discussion around artificial intelligence in healthcare. P. Anandan, from Wadhwani Institute for AI, said AI can augment human capacity. AI, data science, and data analytics are all relevant, “however there is some myth and mystery surrounding this technology. Its important to have clarifications around how AI can help, how it should be implemented, and the regulatory aspects around AI, such that privacy and quality of care is assured.” Raghuram from NASSCOM also said AI is also “taking shape in a big way across the continent, and we should have some policies around use of AI in the digital health.”

AYUSH Ministry says it should be involved

A representative from the Ministry of AYUSH, who identified herself as Leena Chattrey, said AYUSH should be part of this document, in a sense wherein “AYUSH can use the data of UID or something similar, and share our data through common APIs. We also want the names of applications or portals developed by AYUSH to be in the document. We want complete or partial integration with building blocks, complete integration can be in patient care and other common interest areas, and partial integration can be done in AYUSH-specific activities.”

COAI marks its attendance, and other comments

Rajan Mathews, Director-General of telecom lobby COAI (Cellular Operators Association of India), expressed concern over the “minimal role operators are asked to play in this,” “you have MeitY, but not DoT”.

We have all these uncovered villages, we know about scope and scale, and even Aadhaar. Aadhaar did not become successful until you involved the operators. So their should be greater inclusion.

Mathews also recommended that there should be an international focus, particularly considering BPO businesses. “Having our requirements that comply with the EU requirements of data privacy and data control, and the American requirements on medical records and documentation, we should have that international focus in terms of the standards of the integration, because otherwise our BPO services will become subject of risk.”

Rahul Pandey from World Bank said that although he’s aware that health is a state subject, and the centre cannot dictate policies, “Many of the state government trying to innovate and thinking of various tools and processes in IT; there could be some kind of guidance to the states to make sure that there is some alignment with the centre.”

Participants in the consultation

Startups: Raxa Health, Relx Group, Wadhwani Institute for AI, mFine
Hospitals: Fortis Healthcare, Apollo Hospitals, AIIMS, PGIMER Chandigarh,
Associations in health: Telemedicine Society of India,
Other associations: NASSCOM, COAI (Cellular Operators Association of India)
Civil society: Centre for Internet & Society, SFLC (Software Freedom Law Centre)
Doctors and medical professions from: Holy Family Hospital, LV Prasad Eyecare Institute
MNCs: Philips, Johnson & Johnson
Others: Ministry of AYUSH, World Bank, ICMR (Indian Council of Medical Research), Access Health

For more details visit https://cis-india.org/internet-governance/news/medianama-trisha-jalan-august-8-2019-ministry-of-health-public-consultation-on-national-digital-health-blueprint

Mining the Web Collective

sharath — 2013-01-06T23:48:20Z

In March 2012, Dr Bruno Latour and his team from the Sciences Po Media Lab organized a workshop that assembled a selected group of researchers from India to explore methods of Controversy Mapping. It was hosted by Dr J. Srinivasan, Director of the Divecha Centre for Climate Change at the Indian Institute of Science, Bangalore, India.

While the context of this workshop focussed on deciphering and mapping opinions related to academic controversies surrounding climate change, the very same techniques of deploying digital tools to crawl through associated content on the websphere, maybe used to map any other controversy that has been actively influencing public and political opinion.

As one of the participants in the workshop, in an attempt to make my interpretation as accessible as possible to a wider inter-disciplinary audience, below is my own assimilation and extrapolation of the musings and discussions that entailed. Further I have drawn out limitations and future directions towards more viable paradigms that augment the mapping and democratization of public opinion.

The session drew an outset around how new digital tools could aid researchers by enabling them to quickly see an individual entity’s data as well as it’s associated aggregates, and register all of this within a single view in real-time. Contrasting the traditional methods of data collection through individual surveys, new digital methods can almost instantaneously bridge the gap between the individual and the collective and help us answer the question that Latour poses in his most recent paper that revisits social theory around the Tardean concept of reciprocally connected ‘monads’ -- ''.... is there an alternative to the common sense version that distinguishes atoms, interactions and wholes as successive sequences (whatever the order and the timing)? An alternative that should not oblige the inquirer to change gears from the micro to the macro levels ..... but remains fully continuous ...'' [Latour et al , 2012].

Encompassing the Collective

The geometric basis of the universe as expressed by Edgar Allan Poe, asserts that the ‘universe.. is a sphere of which the centre is everywhere and circumference nowhere’ (Eureka, p 20) This is essentially a post-Euclidean conception of space, in line with the view of early 20th century physicist Alexander Friedmann who posits that the ‘universe is not finite in space, but neither does space have any boundary’ and so the centre of the universe is relative to every single atom — hence every single observer.

In many ways, the process of data collection and visualization that was carried out at the workshop tried at best to mimic this geometric basis of space. By starting with a single entity (say, mammals) the empiricist begins with nothing more than a named 'label'. One then extends the specification of this entity, by populating a list with an increasing number of elements. This process of 'learning' about an entity is essentially an infinite process, as many abstract associations maybe permitted to enter the list. However, the observer stops this iterative process at a point when he feels that he has enough knowledge to describe the entity within the (seemingly finite) 'scope' of study. What we then have is a highly individualized point of view with respect to one entity that has a view of all it's associated attributes.

It is worth noting here that the attributes themselves can be looked at as individualized entities, and vice versa, from their own view point, depending on the way in which one navigates, thereby making the map invertible. For instance while 'egg-laying' maybe one of the attributes of a 'mammal', if we navigated to define 'egg-laying' to be our starting entity, it's view point can contain attributes like 'mammals' and 'birds'. This process is entirely different from the bottom up approach of constructing a general view by combining individual counterparts. In fact, there is no one general view here, as the picture is an exploded graph emanating from a single entity's view point, each to it's own 'umwelt'.[Kaveli et al, 2010].

(Re)formation of Opinion

The formation of a fundamental percept in the human brain, for instance, during the cognitive activity of reading a text, is in itself a bottom-up serial process where individual words progressively make up semantic associations to form a meaningful structure (just as this sentence), along with contextual association with previously acquired knowledge. This capacity limit for information processing [Rene and Ivanoff, 2005] which is a prerequisite for our highly focussed mechanism of attention is the reason why we cannot capture the entire star map within a single glance at the night sky.

Somewhere down this iterative line of observing an entity, and not having access to all of its attributes in entirety, leads to over-specification and an entanglement with isolated systems, thereby falling into a local maxima as opposed to a global solution. This is the basis of opinion formation and by envisaging it as a 'closed' object it is transformed into a percept, open to interpretation and often conflicting with another, thereby resulting in a controversy.

One of the objectives of the controversy mapping workshop was to transform the 'immutable' percept surrounding a controversy into a visual map that all at once registers weblinked attributes surrounding it, to give us a possibly emergent and unbiased picture.

The Method to the Madness

The process of framing of a ‘controversial topic’ and the collation of massive data and links on the internet that surround the topic could indeed be a cumbersome task. An informed approach is thus required in order to achieve a meaningful result.

Firstly, one needs to consider reliable sources and means of knowledge production that provide enough fuel to kindle the analysis of the controversy. One needs to move on from casual matters of opinion or statements (such as “the cumulative effects of CFC result in ozone layer depletion”) to identifying a hypothesis or theory that is being actively contested by academicians and experts through research and publication. This serves to outline an important preliminary sketch of the controversy that exists within the community.

Secondly, it is essential to remember that specialized researchers do not exist in self-centered isolation but often operate in tandem with multiple stakeholders, investors, donors, sponsors and a diverse audience that they cater to through articles, books, research projects and published journals. For instance, several theorists who are into the business of developing a so-called ‘language of critique’ often ensure through working group meetings that a selected group of researchers are on the ‘same page’ while using common words to canvass a spearhead towards prospective calls from popular journals. At other times, one may perceive a very direct link between mainstream press and cutting-edge research. This group comprising allies and endorsers are an important constituent of the mapping process as they provide key points of entry into the controversy.

Further, as more and more data relating to a controversy is accrued, one must decipher not only how the position of the controversy is being dynamically shaped over time along with its stakeholders but also be able to extrapolate how and why its current position of uncertainty might evolve. This would involve identifying potential points of contention that could respark a debate over an issue that has reached near closure.

Mapping the Controversy around ‘Anthropocene’

The topic chosen by my group (which consisted of scholars Neesha Dutt, Muthatha Ramanathan and Prasanna Kolte) was ‘Anthropocene’, a geo-chronological term that was informally introduced by a Nobel laureate in the field of atmospheric chemistry, Paul Crutzen, at a dinner party. ‘Anthropocene’ apparently marks the post industrial period as a time window that represents the impact that human activities have had on earth’s ecological systems, thereby affecting climate change. The widespread acceptance and popularity of the the word has even seen a move to officially recognize ‘Anthropocene’ as geological unit of time, complemented by a number of dubious research projects that assume the ‘anthropocenic’ view of climate change. The tools used were Navicrawler to populate a massive list of webpages that featured the keyword and other landing websites that each of the webpages point to. The context of the websites based on their content were labelled manually and no native text parsing and analysis was used. An interconnected visual graph structure was then obtained using Gephi, a software that uses Force Layout -2 , a graph layout algorithm for network visualization. [M. Bastian et al, 2009].

Future Directions

Including a layer of geographical representation to the formation and spread of an opinion is a key direction towards which opinion mining and controversy mapping is headed. A limiting factor while crawling articles over the web using currently available digital tools is the inaccurate representation of geographical source. An article posted in a popular science blog in India, may actually have its server hosted in California and this fact may often be abstracted to our crawler.

Furthermore, apart from the geographical source of a web article, an interesting direction would be to employ geo-located public opinion interfaces to collect a sample set of public opinion related to an issue, across diverse geographical locations in realtime. This would serve as valuable layer to overlay onto the controversy web map.

Another constraint of the digital methods referred to here within, is the medium specific approach that does not look beyond the sample space of the internet. Listening to and analyzing internet social media dynamics and combing large data sets to churn out a report is not much of a challenge. Cross media influences in public and political opinion have become increasingly clear with television broadcasts and newspaper reports directly contributing to discussions that happen on internet forums and websites. Take for instance Blue Fin Labs that started off within the Cognitive Machines group of MIT Media Lab. Initially known as the Human Speechome project which used deep machine learning algorithms to map out relationships between spoken word and context, Blue Fin Labs now applies the same technique to map internet comments and posts to corresponding audio-visual stimuli in television broadcasts that caused those comments to be made on the web.

Video

Data visualization of connecting the social graph to the TV content graph

References

Cappi, Alberto (1994). "Edgar Allan Poe's Physical Cosmology". The Quarterly Journal of the Royal Astronomical Society 35: 177–192
Castells, M. (2000). Materials for an exploratory theory of the network society. British Journal of Sociology Vol. No. 51 Issue No. 1 (January/March 2000).
Edgar Allen Poe (1848) ‘Eureka : A Prose Poem'.
Kull, Kaveli 2010. Umwelt. In: Cobley, Paul (ed.), The Routledge Companion to Semiotics. London: Routledge, 348–349.
Latour, B. et al 2012 “The Whole is Always Smaller Than It’s Parts A Digital Test of Gabriel Tarde’s Monads” British Journal of Sociology (forthcoming)http://www.bruno-latour.fr/sites/default/files/123-WHOLE-PART-FINAL.pdf
M. Bastian, S. Heymann, and M. Jacomy, “Gephi: an open source software for exploring and manipulating networks,” in International AAAI Conference on Weblogs and Social Media. Association for the Advancement of Artificial Intelligence, 2009.
M. E. J. Newman, “Analysis of weighted networks,” 2004, arxiv:cond-mat/0407503.
Reynolds, C. W. (1987) Flocks, Herds, and Schools: A Distributed Behavioral Model, in Computer Graphics, 21(4) (SIGGRAPH '87 Conference Proceedings) pp. 25-34.
Rene Marois and Jason Ivanoff, Capacity limits of information processing in the brain, TRENDS in Cognitive Sciences Vol.9 No.6 June 2005
T. M. J. Fruchterman and E. M. Reingold, “Graph drawing by force-directed placement,” Softw: Pract. Exper., vol. 21 no. 11, pp. 1129–1164, Nov. 1991.

For more details visit https://cis-india.org/internet-governance/blog/mining-the-web-collective

Minimising Legal Risks of Online Intermediaries while Protecting User Rights

praskrishna — 2014-07-29T07:50:51Z

The Centre for Internet and Society (CIS) in partnership with Software Freedom Law Centre (SFLC.in) is organizing a workshop during the APrIGF event to be held at Crown Plaza, Greater Noida on August 5, 2014, 3.30 p.m. to 5.00 p.m. Jyoti Panday will be a panelist.

Thematic Area of Interest

Internet business in the Asia Pacific region

Consumer protection for users of global Internet services

Internet for socio-economic development

Specific Issues of Discussions & Description

Internet usage in the Asia Pacific region has been growing at a phenomenal rate and online service providers have benefited enormously from this growth. However, the region poses challenges for online service providers in terms of legal risks involved with respect to user generated content. Across the world from Europe to the US, it has been an accepted policy that service providers on the Internet cannot be held liable for user-generated content and this principle has found place in legislations enacted in this field in most countries. However, the Asian region has often seen blocking of services and websites due to user-generated content that is deemed to be illegal. There needs to be a debate on safe harbour provisions for intermediaries and the take-down provisions in legislations to ensure that the right to freedom of expression of citizens are protected while maintaining an environment that permits innovation in this space.

The workshop will also consider the different classes of intermediaries, how they differ functionally and if their differing roles should bear an impact on their responsibility with regards to protection of rights of users. Traditional models of consumer protection are based on distinguishing the roles and responsibilities of suppliers, facilitators and consumers. While developing consumer protection models for online intermediary platforms, their evolving roles and responsibilities as a supplier and a facilitator need to be considered. Intermediary platforms have also created and highlighted new consumer relations and issues that call for robust and fluid reddressal mechanisms.

The need to reflect on reddressal mechanisms for consumer issues pertaining to online intermediaries is also necessary, given the economic implications associated with intermediary liability. Failure to protect intermediaries stems innovation and restricts growth of start-ups and small to medium enterprises in the digital economy and has negative financial implications. Moreover, intermediaries are crucial in connecting developing countries to global markets and a failure to protect them, creates a barrier to information exchange and capacity building.

The panel will discuss the following issues:

Take-down procedures and Put-back provisions used in various countries in the region
Safe-harbour provisions for intermediaries
Need for classification of Intermediaries for the purpose of a take-down regime and user rights
Rights of users of services provided by online intermediaries
Recommendations for a balanced intermediary liability regime

Expected Format and Confirmed Panel Members

The workshop will be a ninety minute panel divided in two sessions of forty five minutes each. The proposed panel includes:

Mishi Choudhary (Moderator) SFLC.IN Civil Society India
Mishi Choudhary is the founding director of SFLC India. She started working with SFLC in New York following the completion of her fellowship during which she earned her LLM from Columbia Law School and was a Stone Scholar. In addition to her LLM, she has an LLB and a bachelors degree in political science from the University of Delhi, India.

Jyoti Panday, Center for Internet and Society, Civil Society, India
Jyoti Panday is Programme Officer at the Centre for Internet and Society working on Internet governance and on issues related to the role and responsibility of intermediaries in protecting user rights and freedom of expression. She has experience in strategy, campaign management and research on issues and processes related to the development agenda, sustainability and democracy. She has completed her MSc in Public Policy from Queen Mary, University of London.

Shahzad Ahmed, Bytes for All Pakistan, Civil Society, Pakistan
Shahzad Ahmad is the Country Coordinator of Bytes for All, Pakistan and founder of the Digital Rights Institute (DRI). He is currently working on issues of ICT policy advocacy, internet rights and freedom of expression. He is a development communications expert and is at the forefront of the Internet Rights movement in Pakistan.

Mr. Ahmad is a Diplo Fellow, Executive Board Member of the Association for Progressive Communications, Advisory Board Member of .PK ccTLD and a member of the International Advisory Board of Privacy International, UK. He regularly contributes to various publications and research studies on ICTs for development, freedom of expression and gender related issues. Widely travelled, he regularly participates in various forums at local, regional and global level. Mr. Ahmad maintains a strong engagement with broader civil society networks and strongly believes in participation and openness.

Professor KS Park, Korea University Law School Professor
One of the founders of Open Net Korea, Professor Park has written and is active in internet, free speech, privacy, defamation, copyright, international business contracting, etc. He has given expert testimonies in high-profile free speech cases including the /Minerva /case, the internet real name verification case, the military’s subversive book blacklisting case, the newspaper consumers’ boycott case, and the Park Jung-Geun Retweet case. As a result, the “false news” crime and the internet real name verification laws were struck down as unconstitutional, Park Jung-Geun and Minerva acquitted, the soldiers challenging book blacklisting reinstated, the newspaper boycotters acquitted partially as to the “secondary boycotting” charge (2010-2013).

Since 2006, he serves as the Executive Director of the PSPD Law Center, a non-profit entity that has organized several impact litigations in the areas of free speech, privacy, and copyright. There, the Law Center won the world’s first damage lawsuit against a copyright holder for “bad faith” takedown (2009) and the first damage lawsuit against a portal for warrantless disclosure of the user identity data to the police (2012).

Arvind Gupta, National Head-Information and Technology, Government/ BJP Political party, India
National Head, BJP Information Technology Cell

Faisal Farooqui, CEO, MouthShut.com, Private Sector, India
Faisal Farooqui is a highly recognized entrepreneur who is among the trailblazers of his generation. Faisal has founded and managed two successful Internet and technology companies -MouthShut.com, India's largest consumer review and social media portal and Zarca Interactive, a Virginia based enterprise survey and feedback company.

Ramanjit Singh Chima, Google, Private Sector, India
Raman Jit Singh Chima serves as Policy Counsel and Government Affairs Manager for Google, based in New Delhi. He currently helps lead Google'spublic policy and government affairs work in India. He is a graduate of the Bachelors in Arts and Law (Honours) programme of the National Law School of India University, Bangalore. While at the National Law School, he was Chief Editor of the Indian Journal of Law and Technology. He has studied Internet regulation as an independent research fellow with the Sarai programme of the Centre for the Study of Developing Societies and contributed to Freedom House's 2009 Freedom on the Internet report.

Apar Gupta, Legal, India
Apar Gupta is a practicing lawyer in Delhi working as a Partner at the law firm of Advani & Co. His practice areas include, commercial litigation and arbitration with a focus on technology and media. Apar as a retained counsel, represents an internet industry organisation in government affairs, including consultations on draft laws and policies which effect the sector. These issues include legal risks of intermediaries, media freedom and consumer rights. He has completed his masters in law from Columbia Law School, New York and has written columns for the Business Standard, Indian Express and the Pioneer on legal issues. Apar also is a visiting faculty at National Law University, Delhi.

Full Name, Affiliation and Contact Details of the Workshop Organizer

The workshop will be jointly organised by SFLC.IN and the Centre for Internet & Society, India. The details of the contact person for the workshop is given below:

Name: Ms. Mishi Choudhary, Executive Director, SFLC.IN I
E: mishi@softwarefreedom.org
Jyoti Panday—Centre for Internet & Society, India
E: jyoti@cis-india.org

For more details visit https://cis-india.org/internet-governance/events/minimising-legal-risks-of-online-intermediaries-while-protecting-user-rights

Minds that (should) matter

praskrishna — 2015-02-26T16:34:25Z

Thinkers who best explain a rapidly-changing India to the world (and the world to India).

The article by Raju Narisetti was published in Forbes India magazine on January 2, 2015.

Sunil Abraham
Executive director of The Centre for Internet and Society. Has deep insights into India’s rapidly growing digital culture as well as the threats to it from misguided government regulation.

Shuddhabrata Sengupta
Runs Raqs Media Collective and is a founder of the Sarai Collective which does the rare examination of the interplay of urban India/technology/culture.

Anusha Rizvi
The former journalist who directed Peepli Live is now a filmmaker. Peepli was the first ever Indian film to be screened at Sundance. Her response to broadcast media and society issues always make you think.

Mohandas Pai
Ex-Infosys and now with the Manipal Group, he is active in public policy and corporate governance issues, and is not afraid to speak his mind. He was behind the Bangalore Political Action Committee—first-of-its-kind in India—and is also an activist shareholder who has minority shareholders’ interests in mind.

Ramesh Ramanathan
Ex-Citibanker, who heads Janalakshmi, a micro/alternative finance organisation, that has attracted Wall Street money. Offers honest and workable solutions through Janagraha, a hybrid public-private partnership initiative.

Satish Acharya
A brilliant cartoonist from Mangalore. A small-town guy whose views on Indian politics and Indian sport are spot on as he traverses the fine line of cartoons in India: Not too cerebral, but never clichéd and banal either.

Chhavi Rajawat
A young MBA who chose to go back to her ancestral village, Soda in Rajasthan, to help bring management skills to grassroots governance. Won elections to be its sarpanch. A high-profile doer, she will be worth listening to about hands-on governance.

Payal Chawla
While her past claim to fame is taking on Coca-Cola over workplace harassment, as a lawyer and founder of her own law firm, Juscontractus, this University of Chicago alumni would be a good way to track India’s troubled legal system.

Pushkar
A professor of Humanities and Social Sciences at BITS Pilani’s Goa Campus, he is particularly good on a major challenge for India: Reforming its education system.

Karuna Nundy
A Supreme Court lawyer involved in major commercial and human rights litigation and legal policy, she has contributed in a major way on gender justice in India, recently helping with the new anti-rape laws.

Binalakshmi Nepram
She fights racism against people from the North East and says it like it needs to be said in a country with deep geographical and regional prejudices.

Ireena Vittal
This former McKinsey consultant has a lot of good things to say about smart cities.

Economic and Political Weekly
Ignore its left-leaning interpretations and conclusions. Focus on its outstanding data.

GVL Narasimha Rao
GVL knows his psephology like few others do. His current turn as a spokesman for the BJP yields unrelenting evidence that is often hard to refute. And he takes sides when taking sides can be personally risky.

For more details visit https://cis-india.org/internet-governance/news/forbes-india-january-2-2015-raju-narisetti-

Mind of the millennium teen

praskrishna — 2012-09-22T08:34:08Z

Say mom, did you have electricity when you were growing up?" Twelve-year-old Aditya throws a casual query at his 38-year-old mother during a power cut.

This article by Atul Sethi was published in the Times of India on September 16, 2012. Nishant Shah is quoted.

Even before the bemused mother can revert, the backup inverter springs into action and her son is once again immersed in his online game, competing against friends in multiple locations, most of whom perhaps have no idea how growing up in the 1900s — a different century for them — was like. These kids — a generation born in 2000 — would, by next year, be the millennium's first teens. Their arrival in the world roughly coincided with the dawn of the information age — the internet implosion, google search, mobile phones, glitzy malls — stuff that was not available even to their immediate predecessors growing up barely a decade before in the late 1990s.

It's a generation, then, that has seen a completely different picture of the world which has accordingly shaped its world view. That it's a smarter generation is largely due to its fascination — some would even say obsession — with technology. Arsh Srivastava, a 12-year-old student of Class VII at Chandigarh's St John's High School, says he was fascinated by mobile phones ever since he was a baby. He now uses a Samsung Galaxy S smartphone and aspires for a S3. Not surprising then, that social scientists term it a generation of 'digital natives' , who take to technology like fish to water. "You can't blame them," says Shiv Visvanathan, professor at the Jindal School of Government & Public Policy. "This is a generation that has trained in a new kind of literacy, which involves technology extensively. For them, information and technology are commodities. They'd die of boredom if deprived of either commodity."

The solution to boredom, in the tween manual, is the golden 'F' word. Facebook is the alternate world which every kid below 13 aspires to reach. What makes it cooler is that it's officially off-limits to them. But it's a restriction that's easily bypassed. Anmol, a 11-year-old from Kolkata, says most of his friends are there. Those who are not, are told off: 'Go gal'. That's 'Go, get a life dude' in tweenspeak. Once inside the inner circle, there is a sense of achievement, but only till the next new technological marvel catches their attention.

This extreme restlessness is the hallmark of a generation that has to keep pace with fast-changing technology which, many say, is leaving them with seriously low attention-spans — a problem that their teachers often have to contend with. "For teachers, the challenge is engaging them through lessons and activities that develop reflection, patience and sensitivity which can balance their moods and behaviour," says Ameeta Mulla Wattal, principal of Springdale's School at Pusa Road in Delhi.

In terms of awareness, though, again facilitated by technology, this is a generation that is aggressively aware. Sexologist Prakash Kothari says that the internet — which most kids start using by the time they are 6 or 7 — has ensured that they are sexually knowledgeable much earlier. "I have had instances of parents bringing boys as young as 8 or 9, who have started masturbating after they learnt about it from the net," he says.

Because it's a generation that's maverick in its choices, and often damning in its quick judgments on brands, marketers catering to this segment can't take them for granted. Smita Jatia of Mc Donald's , a brand that many tweens have grown up on, says it's important to keep their behaviour and dynamic wants and desires in mind. "We have to constantly innovate and elevate their 'I'm lovin it' experience through menu options which can keep them happy."

Impatient and restless may be the words that older generations may use to describe the millennium's first teens, but there's no denying that they symbolize the way society, and indeed, life has changed around the world. "We live in accelerated times," says Nishant Shah of the Bangalore-based Centre for Internet & Society. "The breathlessness of our times is evident in everything — from the kind of movies we make to the ways in which our news and information travel. At the end of the day, our younger generations are also products of our times."

For more details visit https://cis-india.org/news/www-times-of-india-sept-16-2012-atul-sethi-mind-of-the-millennium-teen

Millions of kids in India access the Net on their parents’ devices, says study

Varun Aggarwal — 2019-09-28T10:01:04Z

Experts raise concern over exposing kids to predators, phishing and bullying.

The article by Varun Aggarwal published in Hindu Businessline quotes Sunil Abraham.

Youtube’s recent fine of $170 million in the US for illegally collecting personal information of children without parental consent should ring alarm bells back in India. Similar violations may be going unnoticed here as millions of kids use Internet on their parents’ devices.

A new study conducted by the Internet and Mobile Association of India (IAMAI) states 66 million Internet users in the country are in the age bracket of 5 to 11 years and they are viewing it on the devices of family members.

In today's age when adults are finding it hard to understand the extent of physical, mental, financial risk they are exposing themselves to, kids need special treatment as they are more vulnerable and not capable of making decisions for themselves.

This could be exposing young children to predators, bullying, phishing, or even malware attacks, experts feel.

“India does not have clear laws equivalent to COPPA (Children's Online Privacy Protection Act) but adhoc executive rulings, court cases and discussions. We don't have formal ways of ensuring responsible behaviour,” said Mishi Choudhary, technology lawyer and online civil liberties activist.

Social networks Tiktok was recently pulled up by the Indian government for allowing ‘inappropriate content’ being available on the platform. A BusinessLine investigation later revealed that Tiktok was not alone. Many other social media platforms had similar, if not more inappropriate, content easily accessible without any restrictions or age verification.

Moreover, no serious efforts have been taken by either the government or the social media platforms to ensure that kids are not exposed to ‘inappropriate content’ or if they are collecting any private information about the kids.

“Several apps have children-directed content, targeted ads are regularly served on these platforms to kids younger than 13 years of age. There needs to be clear requirement for verifiable parental consent before collecting personal information and clear information about parental control,” Choudhary said.

Parents and kids are equally required to be reminded that online actions have consequences.

“Internet today is a dangerous place for children. Parents should ensure that all access is supervised till the child in well into their teens and demonstrate safe practices online,” said Sunil Abraham, Executive Director at the Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/news/hindu-business-line-varun-aggarwal-september-27-2019-millions-of-kids-in-india-access-the-net-on-their-parents-devices-says-study

Millions of Indians Slam Facebook's ‘Free Basics’ App

subha — 2015-12-30T14:37:09Z

It has been less than two months since the nationwide launch of the Free Basics app in India. The smart phone application (formerly known as Internet.org) offers free access to Facebook, Facebook-owned products like WhatsApp, and a select suite of other websites for users who do not pay for mobile data plans.

This was published in Global Voices on December 29, 2015.

But the app has already been suspended, at least temporarily, as the Telecommunications Regulatory Authority considers new rules governing network neutrality. Depending on how they're written, the rules could render Free Basics a violation of the policy.

Free Basics, which has been deployed in 30 developing countries across the globe, gives users free access to websites that meet Facebook's technical standards for the application. The application does not give users access to the Internet at large. For open Internet advocates, this undercuts consumer choice and violates the principle of network neutrality, under which Internet providers are to treat all Internet traffic equally. Net neutrality allows users equal access to any website they want to visit, and gives website operators equal opportunities to attract visitors.

Facebook has responded to the pending regulation with an aggressive ad campaign both online and off. Over the last week, Facebook users across India (and some in the US) upon logging into the site have been greeted with notifications urging them to take action. The Free Basics page on Facebook now leads to a pleading form that asks users to contact the Telecom Regulatory Authority of India (TRAI) and voice their support for making Free Basics available in India. The company has also purchased a smattering of billboard advertisements across the country and taken out numerous two-page ads in leading national newspapers, as seen above.

The Indian Internet bites back

Indian netizens and activists have spoken out against the company's actions en masse, protesting heavily on social media, blogs and newspapers.

The grassroots open Internet group, SavetheInternet.in, that has been advocating for net neutrality in India throughout 2015, has launched an email campaign asking users to send letters to TRAI explaining how Free Basics violates net neutrality principles and propagates an inaccurate picture of the Internet for new users by placing it inside the confines of Facebook's application.

Multiple stand-up comedy groups have created videos explaining the regulatory debate and supporting net neutrality, which have gone viral:

Above, the third in a series of videos created by All India Bakchod, in partnership with SavetheInternet.in. Below, a video by East India Comedy.

The issue has also been hotly debated on Twitter, with technology and law experts leading the way.

Internet policy expert and lead staff member of the Center for Internet and Society in Bengaluru Pranesh Prakash tweeted:

New Delhi-based technology lawyer Mishi Choudhary, who leads the legal team at the Software Freedom Law Center, tweeted:

The Free Software Movement of India, a non-profit promoting use of free software and its philosophy in India via their local chapters, also has taken the campaign to the streets where the volunteers raised public awareness about Free Basic's adverse side.

Apart from local experts and activists, companies like Reddit, Truecaller and Indian e-commerce platform Paytm have publicly shared their opposition to Facebook's actions.

Facebook targets open Web activists

Facebook is paying close attention to civil society opposition to its activities in India. Across the globe, the company's Free Basics page now opens to a plea for users to contact TRAI, and includes a statement that directly targets open Internet advocates, suggesting that their motives are somehow driven by financial incentives:

…Free Basics is in danger in India. A small, vocal group of critics are lobbying to have Free Basics banned on the basis of net neutrality. Instead of giving people access to some basic internet services for free, they demand that people pay equally to access all internet services – even if that means 1 billion people can't afford to access any services.

SavetheInternet.in explicitly states in their About page that they are entirely volunteer-run and have no affiliation with any political party in India or elsewhere.

Users also have tweeted screenshots alleging that Facebook is restricting access for individuals sending messages opposing Free Basics. This has not been confirmed, but the tweets have only further stoked public frustration with the company.

Zuckerberg vs. SavetheInternet

On December 28, Facebook CEO Mark Zuckerberg penned a piece in the Times of India arguing that Free Basics will help “achieve digital equality for India,” and claiming that the initiative “isn’t about Facebook’s commercial interests.” India represents the world's largest market of Internet users after the US and China, where Facebook remains blocked.

In response, Nikhil Pawa, founder of online portal MediaNama and a volunteer with Savetheinternet.in, authored a critical opinion piece in the same newspaper:

[…] Why hasn’t Facebook chosen the options that do not violate Net Neutrality? For example, in India, Aircel has begun providing full internet access for free at 64 kbps download speed for the first three months….In Bangladesh, Grameenphone users get free data in exchange for watching an advertisement. In Africa, Orange users get 500 MB of free access on buying a $37 handset…

[…]

Facebook is being disingenuous — as disingenuous as the company’s promotional programmes for Free Basics to its Indian users — when it says that Free Basics is in conformity with Net Neutrality.

Pawa also quoted Naveen Patnaik, Chief Minister of Indian state of Odisha, who wrote to TRAI supporting net neutrality. “If you dictate what the poor should get, you take away their right to choose what they think is best for them,” he wrote.

“If you dictate what the poor should get, you take away their right to choose what they think is best for them.”

Writing for Quartz, technology critic Alice Truong expressed similar sentiment: “Zuckerberg almost portrays net neutrality as a first-world problem that doesn’t apply to India because having some service is better than no service.”

For Mahesh Murthy, an Indian venture capitalist and self-described net neutrality activist, it all comes down to revenue. On the Wire, Murthy offered untempered criticism of Facebook and Zuckerberg's efforts to appease the country's leaders:

[..] Unlike Facebook, who tried to silently slime this thing through last year when it was called Internet.org, and then are spending about Rs. 100 crores on ads – a third of its India revenue? – to try and con us Indians this year again. This is after we’d worked hard to ban these kind of products, technically called “zero rating apps” last year.[..] This Facebook ad [spread] doesn’t include the full-on Mark Zuckerberg love event put up for our Prime Minister when he visited the US, aimed again at greasing the way for this Free Basics thing through our government.

For more details visit https://cis-india.org/telecom/blog/millions-of-indians-slam-facebooks-2018free-basics2019-app

Millions of Indians move from cash to digital payments. But some ask whether it’s safe

praskrishna — 2017-01-16T02:52:33Z

Minutes after Indian Prime Minister Narendra Modi began an ambitious new mobile-phone-payment application in December, several clones of the app popped up at Android smartphone stores.

The article by Rama Lakshmi was published by Washington Post on 14 January 2017, Sunil Abraham was quoted. Annie Gowen contributed to this report.

In the first few days, users were flooded with spam requests for money.

The Bhim app sponsored by the government was rushed out after Modi’s abrupt withdrawal of large currency bills two months ago. More than 10 million people downloaded it in just 10 days, but in a country where awareness and regulation of privacy, data protection and digital security are low, the number of cyberattacks is rising.

“We are rushing toward launching and using these plethora of financial tech apps without the exhaustive security testing and education that is needed,” said Sunil Abraham, executive director of the Center for Internet and Society. “We are operating in a bit of a regulatory vacuum.”

Modi’s ambitious move to swap old bills for new was intended to fight the hoarding of illicit cash reserves. But it was derailed by shoddy implementation, left citizens in Asia’s third-largest economy without cash for weeks, slowed manufacturing and sent workers home, and is now likely to significantly affect the country’s economic growth this year, economists say. It was acutely painful for a country where 80 percent of transactions were conducted with cash.

Modi quickly responded by turning the adversity into a call for Indians to kick their overwhelming dependence on cash and opt for digital payments overnight. The Bhim app is just one of many available. But in this leap, experts say, security concerns are being overlooked.

The new payment apps and e-wallet companies are governed by India’s outdated information technology law of 2008 and central bank guidelines.

“India urgently needs a new digital payment law that regulates all these mobile payment apps that have sprung up overnight,” said Pavan Duggal, a cyber-law expert. “We are right now in a completely uncharted and unsupervised territory legally. The norms for wallet companies are undefined. If I lose my money due to a fraud, I can go round and round in circles with no remedy.”

The central bank recently issued guidelines asking payment banks to carry out security audits, but Duggal said “there is no penalty or punishment for noncompliance.”

The problem is compounded by the fact that education about security risks online is abysmally sparse, especially in India’s small towns and villages. Indians are complacent about cyber risks in their online behavior, according to the Norton Cyber Security Insights Report. India does not have a privacy law.

India reported more than 39,000 incidents of cyberattacks in the first nine months of 2016, according to the government, including phishing, scanning and probing, website intrusions, defacements, virus and malicious code, and denial-of-service attacks.

“The Pentagon got hacked, right? You haven’t closed down the Pentagon as yet,” said Piyush Goyal, a minister. “These things will happen, and we have to be one step ahead of the hackers and the so-called security breaches and continuously improving and improvising as they do in America or other developed economies.”

In October, top banks had to fix the security codes of about 3.2 million debit cards in one of the biggest data breaches in India. Some users complained that their cards had been used in China.

Last month, hackers attacked Twitter and email accounts of prominent politicians and journalists and defaced the website of the National Security Guard, an elite commando force.

“The focus of global hackers has shifted to India. The cyber risk is a direct fallout of the growth in the number of digital users,” said Saket Modi, the chief executive of Lucideus Tech, the firm that conducted the security audit of the government’s Bhim app.

Since the cash crunch began, the largest private e-wallet company, Paytm, has experienced a 400 percent jump in new downloads.

But only 342 million people access the Internet on their mobile phones. The government has introduced dial-in service for those who have basic cellphones to make digital payments.

The government is airing radio jingles telling citizens not to share their personal identification numbers and has a toll-free helpline to teach people how to make online payments.

“Officials understand how security worries can be a big dampener in their campaign to get people to go digital,” said Vinayak Godse, senior director at the Data Security Council of India, an industry body that advises the government.

But in a trade-off between convenience and security, the central bank recently waived the mandatory two-factor authentication for transactions less than $30 online.

Some cybersecurity experts say that Indians are not ready for this step.

The police recently arrested a gang in the eastern state of Jharkhand; operators were calling people posing as bank executives and tricking them into sharing their card details. They used the cards to do online shopping and transferred money into their e-wallet accounts.

“People are gullible and can be threatened or lured to part with their bank details easily. We need as many safeguards as we can have,” said Surendra Kumar, a senior police officer in New Delhi who busted the gang.

But the biggest problem people face is that police in one state get very little cooperation from those in another state in digital-crime complaints, said Rakshit Tandon, a cybersecurity expert who trains police, military members and school students.

“Only in big-ticket frauds will police departments from different states coordinate their investigations,” Tandon said. “If a person loses a relatively smaller amount digitally, the case won’t go far. Even though that amount may mean a lot in that person’s life.”

For more details visit https://cis-india.org/internet-governance/news/washington-post-january-14-2017-rama-lakshmi-millions-of-indians-move-from-cash-to-digital-payments

Microsoft says WannaCry ransomware must be a wake-up call for governments

praskrishna — 2017-06-07T00:55:40Z

Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0. It has, however, retweeted a blog post by Brad Smith, president and chief legal officer at Microsoft, who directs much of the blame toward the USA government, arguing that it should have alerted the $524 billion tech titan about the problem.

The article was published in Journaldu Maghreb on May 20, 2017

"This is an emerging pattern in 2017", he continued. "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world", wrote Smith in a blog post on Sunday. Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

"An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen", Mr Smith wrote. Brad Smith, Microsoft's top lawyer, criticized US intelligence agencies for "stockpiling" software code that can be used by hackers. In February, Smith first called for the creation of what he has dubbed a Geneva Convention for cyberspace, which would outlaw nation-state cyberattacks on critical infrastructure and tech companies.

Cyber-security firm HumanFirewall said that on account of high use of pirated Windows operating system in India, it was more susceptible to the attack. Microsoft has connected previous exploits of its products released by the mysterious Shadow Brokers group to tools which were stolen from NSA cyber warfare operations. "All our systems are updated as required". This sophisticated, self-propagating malware was created to spread to all other computers on the same network after infecting one machine.

Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise. When 22 year olds are the heroes of the anti-cyber attack fight, rather than the agencies tasked to defend countries against these types of threats, it is perhaps time to question what these organisations have been doing all this time? NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer. That dump included a vulnerability codenamed EternalBlue, which preys on a flaw in Microsoft Word to transmit malicious software from one Windows Computer to another. Usually used by cyber criminals, ransomware is a popular means of making illicit money from victims who have to pay the criminals in order to have their data decrypted.

Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since. It was a stress-filled weekend for many IT workers this past weekend as the WannaCry ransomware attack spread, crippling Windows systems worldwide.

Security firm BinaryEdge, which specializes in internet-wide scans, has detected more than 1 million Windows systems that have the SMB service exposed to the internet. "Otherwise they're literally fighting the problems of the present with tools from the past", he said. However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised. This allowed users of the older systems to secure their computers without requiring an upgrade to the latest operating software.

For more details visit https://cis-india.org/internet-governance/news/journaldu-maghreb-may-20-2017-microsoft-says-wannacry-ransomware-must-be-a-wake-up-call

Microsoft releases its first report on data requests by law enforcement agencies around the world

maria — 2013-07-12T12:19:31Z

In this post, the Centre for Internet and Society presents Microsoft´s report on law enforcement requests, with a focus on data requested by Indian law enforcement agencies.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Last week, Microsoft released its first report with data on the number of requests received from law enforcement agencies around the world relating to Microsoft online and cloud services. Microsoft´s newly released 2012 Law Enforcement Requests Report depicts the company's willingness to join the ranks of Google, Twitter and other Web businesses that publish transparency reports.

As of 30 June 2012, 137 million Indians are regular Internet users, many of which use Microsoft services including Skype, Hotmail, Outlook.com, SkyDrive and Xbox Live. Yet, until recently, it was unclear whether Indian law enforcement agencies were requesting data from our Skype calls, emails and other Microsoft services. Thus, Microsoft's release of a report on law enforcement requests is a decisive step in improving transparency in regards to how many requests for data are made by law enforcement agencies and how many requests are granted by companies. Brad Smith, an executive vice president and Microsoft´s general counsel, wrote in his blog post:

“As we continue to move forward, Microsoft is committed to respecting human rights, free expression and individual privacy.”

Microsoft 2012 Law Enforcement Requests

Democratic countries requested the most data during 2012, according to Microsoft´s report. The law enforcement agencies in the United States, the United Kingdom, Germany, France and Turkey accounted for 69 percent of the 70, 665 requests Microsoft (excluding Skype) received last year. Although India did not join the rank of the countries which made the fewest requests from Microsoft, it did not join the top-five league which accounted for the most requests, despite the country having one of the world´s highest number of Internet users.

Out of the 70,665 requests to Microsoft by law enforcement agencies around the world, only about 0.6 percent of the requests were made by Indian law enforcement agencies. These 418 requests specified 594 accounts and users, which is significantly low in comparison to the top-five and other countries, such as Taiwan, Spain, Mexico, Italy, Brazil and Australia. Indian law enforcement requests accounted for about 0.5 percent of the total 122, 015 accounts and user data that was requested by law enforcement agencies around the world.

Content data is defined by Microsoft as what customers create, communicate and store on or through their services, such as words in an e-mail or photographs and documents stored on SkyDrive or other cloud offerings. Non-content data, on the other hand, refers to basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration. According to Microsoft´s 2012 report, the company did not disclose any content data to Indian law enforcement agencies. In fact, only 2.2 percent of requests from law enforcement agencies around the world resulted in the disclosure of content data, 99 percent of which were in response to warrants from courts in the United States. Microsoft may have not disclosed any of our content data, but 370 requests from Indian law enforcement agencies resulted in the disclosure of our non-content data. In other words, 88.5 percent of the requests by India resulted in the disclosure of e-mail addresses, IP addresses, names, locations and other subscriber information.

Out of the 418 requests made to Microsoft by Indian law enforcement agencies, only 4 were rejected (1 percent) and no data was found for 44 requests (10.5 percent). In total, Microsoft rejected the disclosure of 1.2 percent of the requests made by law enforcement agencies around the world, while data was not found for 16.8 percent of the international requests. Thus, the outcome of the data shows that the majority of the requests by Indian law enforcement agencies resulted in the disclosure of non-content data, while very few requests were rejected by Microsoft (excluding Skype). The following table summarizes the requests by Indian law enforcement agencies and their outcome:

Total number of requests	418 (0.6%)
Accounts/Users specified in requests	594 (0.5%)
Disclosure of content	0 (0%)
Disclosure of non-content data	370 (88.5%)
No data found	44 (10.5%)
Requests rejected	4 (1%)

Skype 2012 Law Enforcement Requests

Microsoft acquired Skype towards the end of 2011 and the integration of the two companies advanced considerably over the course of 2012. According to the Microsoft 2012 report, Indian law enforcement agencies made 53 requests for Skype user data and 101 requests for specified accounts on Skype. In other words, out of the total 4,715 requests for Skype user data by law enforcement agencies around the world, the requests by Indian law enforcement accounted for about 0.1 percent. 15,409 international requests were made for specified accounts on Skype, but Indian law enforcement requests only accounted for about 0.6 percent of those.

The report appears to be extremely reassuring, as it states that Skype did not disclose any content data to any law enforcement agencies around the world. That essentially means that, according to the report, that all the content we created and communicated through Skype during 2012 was kept private from law enforcement. Although Microsoft claims to not have disclosed any of our content data, it did disclose non-content data, such as SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number. However, Microsoft did not report how many requests the company received for non-content data, nor how much data was disclosed and to which countries.

Microsoft reported that data was not found for 47 of India´s law enforcement requests, which represents 88.6 percent of the requests. In total, Microsoft reported that data was not found for about half the requests made by law enforcement agencies on an international level. Out of the 53 requests, Microsoft provided guidance to Indian law enforcement agencies for 10 requests. In particular, such guidance was provided either in response to a rejected request or general questions about the process for obtaining Skype user data. Yet, the amount of rejected requests for Skype user data was not included in the report and the guidance provided remains vague. The following table summarizes the requests by Indian law enforcement agencies for Skype user data and their outcome:

Total of requests	53 (0.1%)
Accounts/identifiers specified in requests	101 (0.6%)
Requests resulting in disclosure of content	0 (0%)
No data found	47 (88.6%)
Provided guidance to law enforcement	10 (18.8%)

The Centre for Internet and Society (CIS) supports the publication of Microsoft´s 2012 Law Enforcement Requests Report and encourages Microsoft (including Skype) to continue releasing such reports which can provide an insight on how much user data is being shared with law enforcement agencies around the world. In order to ensure that such reports adequately provide transparency, they should be broadened in the future to include more data, such as the amount of non-content data requests disclosed by Skype, the type of guidance provided to law enforcement agencies and the amount of requests rejected by Skype. Nonetheless, this report is a decisive first step in increasing transparency and further, more detailed reports are strongly encouraged.

For more details visit https://cis-india.org/internet-governance/blog/microsoft-releases-first-report-on-data-requests-by-law-enforcement-agencies