We are anonymous, we are legion

Ministry of Health's public consultation on National Digital Health Blueprint: Legal issues around telemedicine, consent, and 'egosystems' in healthcare Trisha Jalan

Trisha Jalan — 2019-08-09T14:05:14Z

“The patient should be centric to every intervention,” declared Preeti Sudan, special secretary at the Ministry of Health, at the ministry’s public consultation on the National Digital Health Blueprint 2019, held at the Constitution Club of India in New Delhi on August 6.

The article by Trisha Jalan was published by Medianama on August 8, 2019. Aayush Rathi was quoted.

The venue was packed with representatives from the government, major hospitals chains, health start-ups, associations, and civil society organisations. The blueprint — which is an evolved document of the National Health Stack 2018 (NHS) — was put in the public domain on July 15, and comments were closed on August 4. After holding consultation on the NHS, the ministry formed a committee under the chairmanship of former UIDAI head and former MeitY secretary J. Satyanarayana to create an implementation document for the NHS.

Health is a complex and interwoven subject, and deals with people’s lives, said Sudan. “The patient should be centric to every intervention,” she said. Clearly stated during the discussion was that private sector participation is important and necessary. Sudan opened the consultation by mentioning that the ministry is in the process of forming the e-pharmacy rules, “we’ve had extensive consultations on it”:

“There are issues which require assistance from all of you. We don’t have e-prescriptions on a large scale, you can’t expect government to lead e-prescriptions, we have hospitals all the country. So what can industry do, to make this application cheap and user-friendly, and have it across the system so epharmacy actually becomes possible. E-precriptions have been the norm wherever e-pharmacies have been successful.”

J. Satyanarayana, chairman of the committee (also a former UIDAI chair), wasn’t present at the consultation. Here’s a list of representatives from the government present at the consultation, some of whom were also members of the committee:

Preeti Sudan, Secretary, Ministry of Health
Sanjeeva Kumar, Special Secretary, Ministry of Health
Lav Agrawal, Joint Secretary, Ministry of Health
Gaur Sunder, Centre for Development of Advanced Computing, Pune
Sunil Kumar, National e-Governance Division
J Rama Krishna Rao, CEO, National Institute for Smart Governance
Pallab Saha, chief architect, The Open Group

(A non-exhaustive list of stakeholders present at the consultation is available at the end of the article.)

Electronic Health Records (EHR)

Non-financial incentives for adoption of EHR: “What are the incentives that could really make for early adoption for various players? There are many different approaches that it can happen to incentivize each and every player, for example, maybe let’s build a national license for actionable guidelines, define it, and set standards for that, like the government has done for SNOMED CT,” Krish Dutta from Relx Group said.

“US has shown us that throwing money at the problem doesn’t solve it,” Dutta said. “It’s the the largest investment healthcare, but there are still problems.”
One small step [we could do] would be how do you get doctors or hospitals to adopt EHR — for example, [requiring that] a copy or electronic subset of the EHR should be immediately recorded, and payments and reimbursements are made on the basis of this. “Maybe that’s can be the only document that you send to the insurer,” Dutta said.

Patient agency in ensuring EHR: Talking about his experience of working in hospitals in the US, Dr Surajit Nandy, CEO of Raxa Health, asked “What power will the citizens have to ensure that their data is pushed to the NHS? When the citizen accesses a health service, they don’t have the power to ensure that their health records are digitised and centralised, he said.

“Having practiced in the US, we often had many problems getting the data from other medical institutes — even with interoperability and other laws on the books — and this had catastrophic consequences. At Massachusetts General, we had to ensure that your data was pushed to the digital records within 24 hours of seeing the patient.” — Dr Surajit Nandy

Data privacy: legal issues, absence of Data Protection Law, and use of Aadhaar

Multiple stakeholders raised the point that Personal Data Protection Bill is still in the works, and that the blueprint, in the current form, is designed amidst the absence of a law dealing with data protection and citizen privacy.

According to Dr Vivek Gupta of AIIMS, the data privacy law is a (or should be a) mandatory prerequisite before this regulation comes into place.
According to another doctor, who has been at AIIMS and also been an IAS officer, if DISHA and/or PDP Bill don’t come into effect, then the patient won’t be established as the owner of the data, this is especially important given that legal issues have not been integrated into the NDHB document.

“We need to think through the question of data ownership, and what implications it has for things already in the NDHB, but may not be viable, said Ayush Rathi from Centre for Internet & Society. “One of the things is the de-identification of anonymised data, the PDP bill (in its current form, already criminalizes this without the consent of the data fiduciary.”

Talking about consent, he said, the NDHB does a lot in terms of seeking consent, “but a crucial component of consent is already the ease with which it can be withdrawn. It’s unclear how deletion or right to be forgotten can be included in the NDHB, a critical principle of how the PDP Bill was built. And this can deal with not just how your entire health record can be deleted, but also how specific parts of it can be deleted.” He said there has a very “solid legal assessment of the NDHB”, with what the PDP will prospectively look at.

The use of Aadhaar

The NDHB document suggests the use of Aadhaar as a possible Personal Health Identifier, since it “assures uniqueness of identity” and provides an online mechanism for authentication. Although the document defers the final decision and says that Ministry of Health may decide this in consultation of MeitY and UIDAI (FYI, the committee which drafted this blueprint was chaired a former chairman of the UIDAI), it will be no surprise if Aadhaar is indeed a preferred PHI, given its mission creep.

The only stakeholder to raise issues around Aadhaar was Aditi Chaturvedi from Software Freedom Law Centre (SFLC). “The ministry should provide clarity on the use of Aadhaar, the system links very sensitive personal data with public and private, while the Act permits the use of Aadhaar only in some ccases, we aren’t able to understand where the line will stop,” she said.

Data collection and gathering, and data disclosure

Dr Vivek Gupta from AIIMS said that there needs to be clarity on whether data is going to be collected at both IPD and OPD. 5 out of the 8 mandatory data elements in Table 3.3 (see below) of the document deal with clinical data to be collected at the time of doc-patient interaction. “There are very broad terms and encompasses the entire encounter — history, observations, complaints etc. In a high load set-up such as AIIMS, where the average interaction time is very less, how does this [kind of] data gathering work out?” “Again, data is collected also for design purposes and not just for clinical purposes. Is all this data or only a part of it also supposed to flow into a central repository, only a part of it?”

Aditi Chaturvedi from SFLC, said the its concerning that we don’t know the amount of patient data that will be disclosed to private players in the system, such as insurers, pharmacies, and hospitals, among others.

Use of telemedicine and lack of legal framework around it

Telemedicine is one of the answers to the skewed doctor-patient ratio, and two areas of telemedicine need a little more stress in the document, according to Dr Karanvir Singh, Chief Medical Information Officer at Apollo Hospitals. One is the business model, a large number of organisations which started telemedicine projects have gone down because their business model doesn’t address their local concerns.

“They’re treating or giving consultation to patients in different parts of India, but the income — it does come down to income — is actually not coming to them. Because if a patient comes in via telemedicine, the consult is supposed to be free.” — Dr Karanvir Singh

Legal framework and issues surrounding telemedicine

Dr. Singh flagged another issue — the legality of telemedicine consults, whether it is telemedicine or via WhatsApp. “Karnataka has made it illegal,” he said, “so it’s an area that needs to be addressed.” Preeti Sudan, Union Health Secretary, agreed that there are ethical issues surrounding telemedicine.

She explained that the ministry had asked if the Medical Council of India (MCI) could act on it. The body, however, has been dissolved with the passage of the National Medical Commission Bill, 2019 (which has been passed in both houses of Parliament). For context, once the NMC Bill becomes an Act, it will replace the MCI as the regulatory body for medical colleges and institutions in the country.
“We need actually need some kind of policy document or legal framework as to the extent of telemedicine we can do,” said Sudan.

Sudan also pointed out that there isn’t yet a data privacy law in India, the Srikrishna Report is under consideration, and “we are eagerly awaiting it”. Elaborating on the government’s work in telemedicine, she said the ministry is forming an e-learning network in medical colleges. Teleradiology works very well in government, because because you will have that X-ray know in front of you and the doctor [can consult].

“Then there are legal issues around teleconsultation. Is there a country with a legal framework for telemedicine?” — Preeti Sudan

Colonel (Retd) Dr Ashvini Goel, vice-president of the Telemedicine Society of India, pointed out that Texas had passed its own Telemedicine Act. The society had presented a white paper on a proposed Tele-health Act to the NITI Aayog, but hasn’t heard anything on it, he said.

Tele-monitoring as a form of tele-health

Although questions were being raised about the legal issues surrounding telemedicine, Dr. Monica Thomas, a neurologist at Holy Family Hospital, pointed out that a variation of tele-health is tele-mentoring, which the hospital has been doing through extension of community health care outcomes started by Indian origin hematologist Dr Sanjeev Arora.

Tele-mentoring, she explained, takes away the risks of advising the patient directly, since “you are advising the community physician who takes care of the patient. And I would suggest that that should be multiplied much more.”
Sudan once again pointed out that tele-mentoring has indeed worked, and the government is using Dr Arora’s platform on a large scale. “The question raised that if we’re going for tele-medicine, the legal liabilities need to be defined. Only Texas has a law now.”

“We are using this echo platform of Sanjeev Arora on a very large scale now. And you’re right, this tele mentoring has worked. And we do use this platform. And it’s a good thing. But you know, I understand that and it’s being used in US also.We are extending it to our TV also now. We have a Digital Academy for Mental Health in NIMHANS. The question raised that if we’re going for telemedicine, the legal liabilities need to be defined. Only Texas has a law now.” — Preeti Sudan

‘Patient consent is paramount’, illiterate patients, and consent frameworks

The document says that data will not be available to any care provider without explicit consent of the patient, Dr Karanvir Singh from Apollo Hospitals reminded everyone. But, he said, “we have a large number of illiterate patients, patients can be unconscious, or can be children.”

There are two solutions for this:
1. All data becomes available to the current care provider, as long as it is not explicitly marked as confidential by the patient. This is the less preferable option.
2. Break the ceiling, break the glass: So a patient is brought in unconscious, there should be a mechanism defined by which the doctors in the casualty or emergency can access the data even if it’s not explicit consent by the patient.

“The issues of consent is paramount,” said Anuvinda Varkey from Christian Coalition for Health. “We should have some kind of communication measures to the public about what consent means. And in case the patient has no identifier like Aadhaar, it should be mandatory to give them care.”

EHR standards need more clarity

Aditi Chaturvedi from SFLC said that the document provides MeitY’s electronic consent framework guidelines, and the EHR standards in another section. “Although the [EHR] standards are backed by law, they’re not very clear, they lack of lot of comprehensive consent requirements present under the MeitY’s consent framwork.”

“It’ll good to learn from the data breaches happening despite there being HIPAA in the US. It’s interesting to note how the US is highlighted difficulty patients have in accessing data.” — Aditi Chaturvedi

Consent from illiterate patients, doctors wary of technologies

An audience member, who identified himself as Raghuram from the life sciences and healthcare practices at NASSCOM, said that there’s need for clarity on [obtaining] consent from illiterate citizens.

Speaking about standards, he queried if India can make an ICD-10 similar to the SNOMED standards, for which India already has a license. The standards can be adopted and the government can release it to all the techology houses, he suggested. “Or maybe India is a large enough country to have its own standards,” he said.
He also said that many of the doctors they [NASSCOM] spoke to were wary of using digital technologies for diagnostics, and so there should be some representation on the legal aspects of using digital technologies.

“The document talks about creating various registries and directories, but do we know the digital landscape of our country?” asked Antony Vipin Das, an eye surgeon at LV Prasad Eye Institute, which has been working with Microsoft India on a AI model for diagnostics. “While we’re listing registries, we need to understand where we stand at the govt and private sector,” he said. Sundar agreed that states are at various levels of development in health.

Standardisation and interoperability

“The decision support system should not be in silos, but should be interoperable.” according to Dr Prashant Mathur, director of ICMR’s National Centre for Disease Informatics and Research (NCRID) in Bangalore, which also runs the National Cancer Registry programme. “There’s a little ambiguity between repositories and registries. In the cancer registry, besides collecting incidence and trend data, we also study patterns of disease and survival studies for cancer, we have been publishing data for in breast, oral, cervical cancer.” This, he says, needs repeated contacts, information, and follow-up treatment, “does the document have clarity on whether all these events should be taken in longitudinally?” he asked.

Ministry of Health representatives also emphasisized on the need and benefits of interoperability. In cool sarkaari parlance, they said, currently the health sector has ‘egosystems‘ and not ‘ecosystems’, meaning all existing systems are siloed and don’t speak with one another, and that it’s important to do that. Stakeholders present in the meeting said. “There are already existing systems and programmes in place, so how do we knit the entire system together?” asked Sudan.

Other issues raised around standards and interoperability:

Ayush Rathi, from Centre for Internet and Society, said that the terms ‘open standards’ and ‘interoperability’ are being used as synonyms. “Open standards may be instituted but they may not be interoperable themselves.” he said.
Abhijeet, sale enablement leader at Philips, said interoperability is a low-hanging fruit, and the benefits can be seen easily and instantly. He also said the action plan is “quite” aggresive, and more specifities and details need to made visible.
Sudeep Dey, Associate VP for IT operations for India for Fortis Healthcare, said data retention has been a challenge. “We have e-precription shops coming up as mom-and-pop stores. A lot of data is getting generated, we need some kind of standards, so everyone can access the system. Fortis gets 20 requests everyday that we have a new e-prescription solution.”

Private sector setting standards?

“One of the major roles of the government will be setting standards,” said Krish Dutta of Relx Group. “Private sector can come up with solutions, but they will not be able to agree on it, because we will all have different opinions. But standard setting is very important, and should be a goal in all domains of digital health.”

Dealing with EHR standards in primary hospitals:

Talking about EHR standards in primary care hospitals, Dr Rajesh Kumar, a dean at PGI-MER, Chandigarh, said most standards like SNOMED are for tertiary care hospitals, but there are many primary care hospitals, which don’t need many elaborate standards. “So can the government some open standards for primary care centres and hospitals, which is not very demanding on softwares.”

“Secondly, we have lot of silos, can we begin within the Health Ministry where APIs can be shared to make existing softwares interoperable. Once this platform starts working, there will be great need for storage space. Our data centre is totally full, we’re looking forward to if the government can bring in guidilines for data storage?” — Dr Rajesh Kumar

To the above query, Preeti Sudan said the guidelines are available, and cloud storage can be bought on GeM platform.

We should draw inspiration from UPI, ecocystem should be ‘rich’, with private and public players:Reliance Jio

Also present in the consultation was a representative from Reliance Jio, Ganesh Kathirasen, VP for digital healthcare. He said the NDHB should be a “rich ecosystem” with both private and public players. The talk of federated architecture shouln’t be limited to just the states, but should include any provider of healthcare data and system in the country.

“People can largely be put in two buckets, providers like hospitals and clinics or consumers who are patients. Both stakeholders should be able to choose any application to enter the system, as long as the software or app adheres to certian minimum regulations by the ministry.”
He said “we can all draw inspiration from UPI, and how its been implemented”. It created a level playing field and its important to mirror something similar in the digital health domain, he said.

Issues surrounding Outcome measures in blueprint

Talking about the outcomes measures defined in the document, Dr Karanvir Singh of Apollo Hospitals, said the outcome measures aren’t clearly defined – and they will be ultimately used to make KPIs. He suggested that the outcome measures be laid out at three levels — ecosystem level, platform, and another level that we didn’t catch.

“For instance, on the ecosystem level, one KPI could the percentage of patients who have managed have a longitudinal record pulled in from various places. Another could be the percentage of doctors who are able to access this longitudinal record. The current KPIs aren’t covering all the three areas, which we can ensure by breaking them up.” — Dr Karanvir Singh

He laid out another two outcomes measures, which according to him, are flawed. “Firstly, that the test is not to be repeated,” referring to the requirement that a patient should be tested “ONCE ONLY”. “But clinically, there are many reasons for repeating a test. So rather than saying once only, which is in caps in the document, it should be to minimize duplications.”

Another outcome measure is that the patient should be treated only at one at one point of care. Based on the capacity and capability of hospitals, patients do get referred from one place to the other. If these are the KPIs, we’re going to get wrong values that the system has failed when it actually hasn’t failed.

Artificial intelligence is brought up

There wasn’t much representation or discussion around artificial intelligence in healthcare. P. Anandan, from Wadhwani Institute for AI, said AI can augment human capacity. AI, data science, and data analytics are all relevant, “however there is some myth and mystery surrounding this technology. Its important to have clarifications around how AI can help, how it should be implemented, and the regulatory aspects around AI, such that privacy and quality of care is assured.” Raghuram from NASSCOM also said AI is also “taking shape in a big way across the continent, and we should have some policies around use of AI in the digital health.”

AYUSH Ministry says it should be involved

A representative from the Ministry of AYUSH, who identified herself as Leena Chattrey, said AYUSH should be part of this document, in a sense wherein “AYUSH can use the data of UID or something similar, and share our data through common APIs. We also want the names of applications or portals developed by AYUSH to be in the document. We want complete or partial integration with building blocks, complete integration can be in patient care and other common interest areas, and partial integration can be done in AYUSH-specific activities.”

COAI marks its attendance, and other comments

Rajan Mathews, Director-General of telecom lobby COAI (Cellular Operators Association of India), expressed concern over the “minimal role operators are asked to play in this,” “you have MeitY, but not DoT”.

We have all these uncovered villages, we know about scope and scale, and even Aadhaar. Aadhaar did not become successful until you involved the operators. So their should be greater inclusion.

Mathews also recommended that there should be an international focus, particularly considering BPO businesses. “Having our requirements that comply with the EU requirements of data privacy and data control, and the American requirements on medical records and documentation, we should have that international focus in terms of the standards of the integration, because otherwise our BPO services will become subject of risk.”

Rahul Pandey from World Bank said that although he’s aware that health is a state subject, and the centre cannot dictate policies, “Many of the state government trying to innovate and thinking of various tools and processes in IT; there could be some kind of guidance to the states to make sure that there is some alignment with the centre.”

Participants in the consultation

Startups: Raxa Health, Relx Group, Wadhwani Institute for AI, mFine
Hospitals: Fortis Healthcare, Apollo Hospitals, AIIMS, PGIMER Chandigarh,
Associations in health: Telemedicine Society of India,
Other associations: NASSCOM, COAI (Cellular Operators Association of India)
Civil society: Centre for Internet & Society, SFLC (Software Freedom Law Centre)
Doctors and medical professions from: Holy Family Hospital, LV Prasad Eyecare Institute
MNCs: Philips, Johnson & Johnson
Others: Ministry of AYUSH, World Bank, ICMR (Indian Council of Medical Research), Access Health

For more details visit https://cis-india.org/internet-governance/news/medianama-trisha-jalan-august-8-2019-ministry-of-health-public-consultation-on-national-digital-health-blueprint

Mining the Web Collective

sharath — 2013-01-06T23:48:20Z

In March 2012, Dr Bruno Latour and his team from the Sciences Po Media Lab organized a workshop that assembled a selected group of researchers from India to explore methods of Controversy Mapping. It was hosted by Dr J. Srinivasan, Director of the Divecha Centre for Climate Change at the Indian Institute of Science, Bangalore, India.

While the context of this workshop focussed on deciphering and mapping opinions related to academic controversies surrounding climate change, the very same techniques of deploying digital tools to crawl through associated content on the websphere, maybe used to map any other controversy that has been actively influencing public and political opinion.

As one of the participants in the workshop, in an attempt to make my interpretation as accessible as possible to a wider inter-disciplinary audience, below is my own assimilation and extrapolation of the musings and discussions that entailed. Further I have drawn out limitations and future directions towards more viable paradigms that augment the mapping and democratization of public opinion.

The session drew an outset around how new digital tools could aid researchers by enabling them to quickly see an individual entity’s data as well as it’s associated aggregates, and register all of this within a single view in real-time. Contrasting the traditional methods of data collection through individual surveys, new digital methods can almost instantaneously bridge the gap between the individual and the collective and help us answer the question that Latour poses in his most recent paper that revisits social theory around the Tardean concept of reciprocally connected ‘monads’ -- ''.... is there an alternative to the common sense version that distinguishes atoms, interactions and wholes as successive sequences (whatever the order and the timing)? An alternative that should not oblige the inquirer to change gears from the micro to the macro levels ..... but remains fully continuous ...'' [Latour et al , 2012].

Encompassing the Collective

The geometric basis of the universe as expressed by Edgar Allan Poe, asserts that the ‘universe.. is a sphere of which the centre is everywhere and circumference nowhere’ (Eureka, p 20) This is essentially a post-Euclidean conception of space, in line with the view of early 20th century physicist Alexander Friedmann who posits that the ‘universe is not finite in space, but neither does space have any boundary’ and so the centre of the universe is relative to every single atom — hence every single observer.

In many ways, the process of data collection and visualization that was carried out at the workshop tried at best to mimic this geometric basis of space. By starting with a single entity (say, mammals) the empiricist begins with nothing more than a named 'label'. One then extends the specification of this entity, by populating a list with an increasing number of elements. This process of 'learning' about an entity is essentially an infinite process, as many abstract associations maybe permitted to enter the list. However, the observer stops this iterative process at a point when he feels that he has enough knowledge to describe the entity within the (seemingly finite) 'scope' of study. What we then have is a highly individualized point of view with respect to one entity that has a view of all it's associated attributes.

It is worth noting here that the attributes themselves can be looked at as individualized entities, and vice versa, from their own view point, depending on the way in which one navigates, thereby making the map invertible. For instance while 'egg-laying' maybe one of the attributes of a 'mammal', if we navigated to define 'egg-laying' to be our starting entity, it's view point can contain attributes like 'mammals' and 'birds'. This process is entirely different from the bottom up approach of constructing a general view by combining individual counterparts. In fact, there is no one general view here, as the picture is an exploded graph emanating from a single entity's view point, each to it's own 'umwelt'.[Kaveli et al, 2010].

(Re)formation of Opinion

The formation of a fundamental percept in the human brain, for instance, during the cognitive activity of reading a text, is in itself a bottom-up serial process where individual words progressively make up semantic associations to form a meaningful structure (just as this sentence), along with contextual association with previously acquired knowledge. This capacity limit for information processing [Rene and Ivanoff, 2005] which is a prerequisite for our highly focussed mechanism of attention is the reason why we cannot capture the entire star map within a single glance at the night sky.

Somewhere down this iterative line of observing an entity, and not having access to all of its attributes in entirety, leads to over-specification and an entanglement with isolated systems, thereby falling into a local maxima as opposed to a global solution. This is the basis of opinion formation and by envisaging it as a 'closed' object it is transformed into a percept, open to interpretation and often conflicting with another, thereby resulting in a controversy.

One of the objectives of the controversy mapping workshop was to transform the 'immutable' percept surrounding a controversy into a visual map that all at once registers weblinked attributes surrounding it, to give us a possibly emergent and unbiased picture.

The Method to the Madness

The process of framing of a ‘controversial topic’ and the collation of massive data and links on the internet that surround the topic could indeed be a cumbersome task. An informed approach is thus required in order to achieve a meaningful result.

Firstly, one needs to consider reliable sources and means of knowledge production that provide enough fuel to kindle the analysis of the controversy. One needs to move on from casual matters of opinion or statements (such as “the cumulative effects of CFC result in ozone layer depletion”) to identifying a hypothesis or theory that is being actively contested by academicians and experts through research and publication. This serves to outline an important preliminary sketch of the controversy that exists within the community.

Secondly, it is essential to remember that specialized researchers do not exist in self-centered isolation but often operate in tandem with multiple stakeholders, investors, donors, sponsors and a diverse audience that they cater to through articles, books, research projects and published journals. For instance, several theorists who are into the business of developing a so-called ‘language of critique’ often ensure through working group meetings that a selected group of researchers are on the ‘same page’ while using common words to canvass a spearhead towards prospective calls from popular journals. At other times, one may perceive a very direct link between mainstream press and cutting-edge research. This group comprising allies and endorsers are an important constituent of the mapping process as they provide key points of entry into the controversy.

Further, as more and more data relating to a controversy is accrued, one must decipher not only how the position of the controversy is being dynamically shaped over time along with its stakeholders but also be able to extrapolate how and why its current position of uncertainty might evolve. This would involve identifying potential points of contention that could respark a debate over an issue that has reached near closure.

Mapping the Controversy around ‘Anthropocene’

The topic chosen by my group (which consisted of scholars Neesha Dutt, Muthatha Ramanathan and Prasanna Kolte) was ‘Anthropocene’, a geo-chronological term that was informally introduced by a Nobel laureate in the field of atmospheric chemistry, Paul Crutzen, at a dinner party. ‘Anthropocene’ apparently marks the post industrial period as a time window that represents the impact that human activities have had on earth’s ecological systems, thereby affecting climate change. The widespread acceptance and popularity of the the word has even seen a move to officially recognize ‘Anthropocene’ as geological unit of time, complemented by a number of dubious research projects that assume the ‘anthropocenic’ view of climate change. The tools used were Navicrawler to populate a massive list of webpages that featured the keyword and other landing websites that each of the webpages point to. The context of the websites based on their content were labelled manually and no native text parsing and analysis was used. An interconnected visual graph structure was then obtained using Gephi, a software that uses Force Layout -2 , a graph layout algorithm for network visualization. [M. Bastian et al, 2009].

Future Directions

Including a layer of geographical representation to the formation and spread of an opinion is a key direction towards which opinion mining and controversy mapping is headed. A limiting factor while crawling articles over the web using currently available digital tools is the inaccurate representation of geographical source. An article posted in a popular science blog in India, may actually have its server hosted in California and this fact may often be abstracted to our crawler.

Furthermore, apart from the geographical source of a web article, an interesting direction would be to employ geo-located public opinion interfaces to collect a sample set of public opinion related to an issue, across diverse geographical locations in realtime. This would serve as valuable layer to overlay onto the controversy web map.

Another constraint of the digital methods referred to here within, is the medium specific approach that does not look beyond the sample space of the internet. Listening to and analyzing internet social media dynamics and combing large data sets to churn out a report is not much of a challenge. Cross media influences in public and political opinion have become increasingly clear with television broadcasts and newspaper reports directly contributing to discussions that happen on internet forums and websites. Take for instance Blue Fin Labs that started off within the Cognitive Machines group of MIT Media Lab. Initially known as the Human Speechome project which used deep machine learning algorithms to map out relationships between spoken word and context, Blue Fin Labs now applies the same technique to map internet comments and posts to corresponding audio-visual stimuli in television broadcasts that caused those comments to be made on the web.

Video

Data visualization of connecting the social graph to the TV content graph

References

Cappi, Alberto (1994). "Edgar Allan Poe's Physical Cosmology". The Quarterly Journal of the Royal Astronomical Society 35: 177–192
Castells, M. (2000). Materials for an exploratory theory of the network society. British Journal of Sociology Vol. No. 51 Issue No. 1 (January/March 2000).
Edgar Allen Poe (1848) ‘Eureka : A Prose Poem'.
Kull, Kaveli 2010. Umwelt. In: Cobley, Paul (ed.), The Routledge Companion to Semiotics. London: Routledge, 348–349.
Latour, B. et al 2012 “The Whole is Always Smaller Than It’s Parts A Digital Test of Gabriel Tarde’s Monads” British Journal of Sociology (forthcoming)http://www.bruno-latour.fr/sites/default/files/123-WHOLE-PART-FINAL.pdf
M. Bastian, S. Heymann, and M. Jacomy, “Gephi: an open source software for exploring and manipulating networks,” in International AAAI Conference on Weblogs and Social Media. Association for the Advancement of Artificial Intelligence, 2009.
M. E. J. Newman, “Analysis of weighted networks,” 2004, arxiv:cond-mat/0407503.
Reynolds, C. W. (1987) Flocks, Herds, and Schools: A Distributed Behavioral Model, in Computer Graphics, 21(4) (SIGGRAPH '87 Conference Proceedings) pp. 25-34.
Rene Marois and Jason Ivanoff, Capacity limits of information processing in the brain, TRENDS in Cognitive Sciences Vol.9 No.6 June 2005
T. M. J. Fruchterman and E. M. Reingold, “Graph drawing by force-directed placement,” Softw: Pract. Exper., vol. 21 no. 11, pp. 1129–1164, Nov. 1991.

For more details visit https://cis-india.org/internet-governance/blog/mining-the-web-collective

Minimising Legal Risks of Online Intermediaries while Protecting User Rights

praskrishna — 2014-07-29T07:50:51Z

The Centre for Internet and Society (CIS) in partnership with Software Freedom Law Centre (SFLC.in) is organizing a workshop during the APrIGF event to be held at Crown Plaza, Greater Noida on August 5, 2014, 3.30 p.m. to 5.00 p.m. Jyoti Panday will be a panelist.

Thematic Area of Interest

Internet business in the Asia Pacific region

Consumer protection for users of global Internet services

Internet for socio-economic development

Specific Issues of Discussions & Description

Internet usage in the Asia Pacific region has been growing at a phenomenal rate and online service providers have benefited enormously from this growth. However, the region poses challenges for online service providers in terms of legal risks involved with respect to user generated content. Across the world from Europe to the US, it has been an accepted policy that service providers on the Internet cannot be held liable for user-generated content and this principle has found place in legislations enacted in this field in most countries. However, the Asian region has often seen blocking of services and websites due to user-generated content that is deemed to be illegal. There needs to be a debate on safe harbour provisions for intermediaries and the take-down provisions in legislations to ensure that the right to freedom of expression of citizens are protected while maintaining an environment that permits innovation in this space.

The workshop will also consider the different classes of intermediaries, how they differ functionally and if their differing roles should bear an impact on their responsibility with regards to protection of rights of users. Traditional models of consumer protection are based on distinguishing the roles and responsibilities of suppliers, facilitators and consumers. While developing consumer protection models for online intermediary platforms, their evolving roles and responsibilities as a supplier and a facilitator need to be considered. Intermediary platforms have also created and highlighted new consumer relations and issues that call for robust and fluid reddressal mechanisms.

The need to reflect on reddressal mechanisms for consumer issues pertaining to online intermediaries is also necessary, given the economic implications associated with intermediary liability. Failure to protect intermediaries stems innovation and restricts growth of start-ups and small to medium enterprises in the digital economy and has negative financial implications. Moreover, intermediaries are crucial in connecting developing countries to global markets and a failure to protect them, creates a barrier to information exchange and capacity building.

The panel will discuss the following issues:

Take-down procedures and Put-back provisions used in various countries in the region
Safe-harbour provisions for intermediaries
Need for classification of Intermediaries for the purpose of a take-down regime and user rights
Rights of users of services provided by online intermediaries
Recommendations for a balanced intermediary liability regime

Expected Format and Confirmed Panel Members

The workshop will be a ninety minute panel divided in two sessions of forty five minutes each. The proposed panel includes:

Mishi Choudhary (Moderator) SFLC.IN Civil Society India
Mishi Choudhary is the founding director of SFLC India. She started working with SFLC in New York following the completion of her fellowship during which she earned her LLM from Columbia Law School and was a Stone Scholar. In addition to her LLM, she has an LLB and a bachelors degree in political science from the University of Delhi, India.

Jyoti Panday, Center for Internet and Society, Civil Society, India
Jyoti Panday is Programme Officer at the Centre for Internet and Society working on Internet governance and on issues related to the role and responsibility of intermediaries in protecting user rights and freedom of expression. She has experience in strategy, campaign management and research on issues and processes related to the development agenda, sustainability and democracy. She has completed her MSc in Public Policy from Queen Mary, University of London.

Shahzad Ahmed, Bytes for All Pakistan, Civil Society, Pakistan
Shahzad Ahmad is the Country Coordinator of Bytes for All, Pakistan and founder of the Digital Rights Institute (DRI). He is currently working on issues of ICT policy advocacy, internet rights and freedom of expression. He is a development communications expert and is at the forefront of the Internet Rights movement in Pakistan.

Mr. Ahmad is a Diplo Fellow, Executive Board Member of the Association for Progressive Communications, Advisory Board Member of .PK ccTLD and a member of the International Advisory Board of Privacy International, UK. He regularly contributes to various publications and research studies on ICTs for development, freedom of expression and gender related issues. Widely travelled, he regularly participates in various forums at local, regional and global level. Mr. Ahmad maintains a strong engagement with broader civil society networks and strongly believes in participation and openness.

Professor KS Park, Korea University Law School Professor
One of the founders of Open Net Korea, Professor Park has written and is active in internet, free speech, privacy, defamation, copyright, international business contracting, etc. He has given expert testimonies in high-profile free speech cases including the /Minerva /case, the internet real name verification case, the military’s subversive book blacklisting case, the newspaper consumers’ boycott case, and the Park Jung-Geun Retweet case. As a result, the “false news” crime and the internet real name verification laws were struck down as unconstitutional, Park Jung-Geun and Minerva acquitted, the soldiers challenging book blacklisting reinstated, the newspaper boycotters acquitted partially as to the “secondary boycotting” charge (2010-2013).

Since 2006, he serves as the Executive Director of the PSPD Law Center, a non-profit entity that has organized several impact litigations in the areas of free speech, privacy, and copyright. There, the Law Center won the world’s first damage lawsuit against a copyright holder for “bad faith” takedown (2009) and the first damage lawsuit against a portal for warrantless disclosure of the user identity data to the police (2012).

Arvind Gupta, National Head-Information and Technology, Government/ BJP Political party, India
National Head, BJP Information Technology Cell

Faisal Farooqui, CEO, MouthShut.com, Private Sector, India
Faisal Farooqui is a highly recognized entrepreneur who is among the trailblazers of his generation. Faisal has founded and managed two successful Internet and technology companies -MouthShut.com, India's largest consumer review and social media portal and Zarca Interactive, a Virginia based enterprise survey and feedback company.

Ramanjit Singh Chima, Google, Private Sector, India
Raman Jit Singh Chima serves as Policy Counsel and Government Affairs Manager for Google, based in New Delhi. He currently helps lead Google'spublic policy and government affairs work in India. He is a graduate of the Bachelors in Arts and Law (Honours) programme of the National Law School of India University, Bangalore. While at the National Law School, he was Chief Editor of the Indian Journal of Law and Technology. He has studied Internet regulation as an independent research fellow with the Sarai programme of the Centre for the Study of Developing Societies and contributed to Freedom House's 2009 Freedom on the Internet report.

Apar Gupta, Legal, India
Apar Gupta is a practicing lawyer in Delhi working as a Partner at the law firm of Advani & Co. His practice areas include, commercial litigation and arbitration with a focus on technology and media. Apar as a retained counsel, represents an internet industry organisation in government affairs, including consultations on draft laws and policies which effect the sector. These issues include legal risks of intermediaries, media freedom and consumer rights. He has completed his masters in law from Columbia Law School, New York and has written columns for the Business Standard, Indian Express and the Pioneer on legal issues. Apar also is a visiting faculty at National Law University, Delhi.

Full Name, Affiliation and Contact Details of the Workshop Organizer

The workshop will be jointly organised by SFLC.IN and the Centre for Internet & Society, India. The details of the contact person for the workshop is given below:

Name: Ms. Mishi Choudhary, Executive Director, SFLC.IN I
E: mishi@softwarefreedom.org
Jyoti Panday—Centre for Internet & Society, India
E: jyoti@cis-india.org

For more details visit https://cis-india.org/internet-governance/events/minimising-legal-risks-of-online-intermediaries-while-protecting-user-rights

Minds that (should) matter

praskrishna — 2015-02-26T16:34:25Z

Thinkers who best explain a rapidly-changing India to the world (and the world to India).

The article by Raju Narisetti was published in Forbes India magazine on January 2, 2015.

Sunil Abraham
Executive director of The Centre for Internet and Society. Has deep insights into India’s rapidly growing digital culture as well as the threats to it from misguided government regulation.

Shuddhabrata Sengupta
Runs Raqs Media Collective and is a founder of the Sarai Collective which does the rare examination of the interplay of urban India/technology/culture.

Anusha Rizvi
The former journalist who directed Peepli Live is now a filmmaker. Peepli was the first ever Indian film to be screened at Sundance. Her response to broadcast media and society issues always make you think.

Mohandas Pai
Ex-Infosys and now with the Manipal Group, he is active in public policy and corporate governance issues, and is not afraid to speak his mind. He was behind the Bangalore Political Action Committee—first-of-its-kind in India—and is also an activist shareholder who has minority shareholders’ interests in mind.

Ramesh Ramanathan
Ex-Citibanker, who heads Janalakshmi, a micro/alternative finance organisation, that has attracted Wall Street money. Offers honest and workable solutions through Janagraha, a hybrid public-private partnership initiative.

Satish Acharya
A brilliant cartoonist from Mangalore. A small-town guy whose views on Indian politics and Indian sport are spot on as he traverses the fine line of cartoons in India: Not too cerebral, but never clichéd and banal either.

Chhavi Rajawat
A young MBA who chose to go back to her ancestral village, Soda in Rajasthan, to help bring management skills to grassroots governance. Won elections to be its sarpanch. A high-profile doer, she will be worth listening to about hands-on governance.

Payal Chawla
While her past claim to fame is taking on Coca-Cola over workplace harassment, as a lawyer and founder of her own law firm, Juscontractus, this University of Chicago alumni would be a good way to track India’s troubled legal system.

Pushkar
A professor of Humanities and Social Sciences at BITS Pilani’s Goa Campus, he is particularly good on a major challenge for India: Reforming its education system.

Karuna Nundy
A Supreme Court lawyer involved in major commercial and human rights litigation and legal policy, she has contributed in a major way on gender justice in India, recently helping with the new anti-rape laws.

Binalakshmi Nepram
She fights racism against people from the North East and says it like it needs to be said in a country with deep geographical and regional prejudices.

Ireena Vittal
This former McKinsey consultant has a lot of good things to say about smart cities.

Economic and Political Weekly
Ignore its left-leaning interpretations and conclusions. Focus on its outstanding data.

GVL Narasimha Rao
GVL knows his psephology like few others do. His current turn as a spokesman for the BJP yields unrelenting evidence that is often hard to refute. And he takes sides when taking sides can be personally risky.

For more details visit https://cis-india.org/internet-governance/news/forbes-india-january-2-2015-raju-narisetti-

Mind of the millennium teen

praskrishna — 2012-09-22T08:34:08Z

Say mom, did you have electricity when you were growing up?" Twelve-year-old Aditya throws a casual query at his 38-year-old mother during a power cut.

This article by Atul Sethi was published in the Times of India on September 16, 2012. Nishant Shah is quoted.

Even before the bemused mother can revert, the backup inverter springs into action and her son is once again immersed in his online game, competing against friends in multiple locations, most of whom perhaps have no idea how growing up in the 1900s — a different century for them — was like. These kids — a generation born in 2000 — would, by next year, be the millennium's first teens. Their arrival in the world roughly coincided with the dawn of the information age — the internet implosion, google search, mobile phones, glitzy malls — stuff that was not available even to their immediate predecessors growing up barely a decade before in the late 1990s.

It's a generation, then, that has seen a completely different picture of the world which has accordingly shaped its world view. That it's a smarter generation is largely due to its fascination — some would even say obsession — with technology. Arsh Srivastava, a 12-year-old student of Class VII at Chandigarh's St John's High School, says he was fascinated by mobile phones ever since he was a baby. He now uses a Samsung Galaxy S smartphone and aspires for a S3. Not surprising then, that social scientists term it a generation of 'digital natives' , who take to technology like fish to water. "You can't blame them," says Shiv Visvanathan, professor at the Jindal School of Government & Public Policy. "This is a generation that has trained in a new kind of literacy, which involves technology extensively. For them, information and technology are commodities. They'd die of boredom if deprived of either commodity."

The solution to boredom, in the tween manual, is the golden 'F' word. Facebook is the alternate world which every kid below 13 aspires to reach. What makes it cooler is that it's officially off-limits to them. But it's a restriction that's easily bypassed. Anmol, a 11-year-old from Kolkata, says most of his friends are there. Those who are not, are told off: 'Go gal'. That's 'Go, get a life dude' in tweenspeak. Once inside the inner circle, there is a sense of achievement, but only till the next new technological marvel catches their attention.

This extreme restlessness is the hallmark of a generation that has to keep pace with fast-changing technology which, many say, is leaving them with seriously low attention-spans — a problem that their teachers often have to contend with. "For teachers, the challenge is engaging them through lessons and activities that develop reflection, patience and sensitivity which can balance their moods and behaviour," says Ameeta Mulla Wattal, principal of Springdale's School at Pusa Road in Delhi.

In terms of awareness, though, again facilitated by technology, this is a generation that is aggressively aware. Sexologist Prakash Kothari says that the internet — which most kids start using by the time they are 6 or 7 — has ensured that they are sexually knowledgeable much earlier. "I have had instances of parents bringing boys as young as 8 or 9, who have started masturbating after they learnt about it from the net," he says.

Because it's a generation that's maverick in its choices, and often damning in its quick judgments on brands, marketers catering to this segment can't take them for granted. Smita Jatia of Mc Donald's , a brand that many tweens have grown up on, says it's important to keep their behaviour and dynamic wants and desires in mind. "We have to constantly innovate and elevate their 'I'm lovin it' experience through menu options which can keep them happy."

Impatient and restless may be the words that older generations may use to describe the millennium's first teens, but there's no denying that they symbolize the way society, and indeed, life has changed around the world. "We live in accelerated times," says Nishant Shah of the Bangalore-based Centre for Internet & Society. "The breathlessness of our times is evident in everything — from the kind of movies we make to the ways in which our news and information travel. At the end of the day, our younger generations are also products of our times."

For more details visit https://cis-india.org/news/www-times-of-india-sept-16-2012-atul-sethi-mind-of-the-millennium-teen

Millions of kids in India access the Net on their parents’ devices, says study

Varun Aggarwal — 2019-09-28T10:01:04Z

Experts raise concern over exposing kids to predators, phishing and bullying.

The article by Varun Aggarwal published in Hindu Businessline quotes Sunil Abraham.

Youtube’s recent fine of $170 million in the US for illegally collecting personal information of children without parental consent should ring alarm bells back in India. Similar violations may be going unnoticed here as millions of kids use Internet on their parents’ devices.

A new study conducted by the Internet and Mobile Association of India (IAMAI) states 66 million Internet users in the country are in the age bracket of 5 to 11 years and they are viewing it on the devices of family members.

In today's age when adults are finding it hard to understand the extent of physical, mental, financial risk they are exposing themselves to, kids need special treatment as they are more vulnerable and not capable of making decisions for themselves.

This could be exposing young children to predators, bullying, phishing, or even malware attacks, experts feel.

“India does not have clear laws equivalent to COPPA (Children's Online Privacy Protection Act) but adhoc executive rulings, court cases and discussions. We don't have formal ways of ensuring responsible behaviour,” said Mishi Choudhary, technology lawyer and online civil liberties activist.

Social networks Tiktok was recently pulled up by the Indian government for allowing ‘inappropriate content’ being available on the platform. A BusinessLine investigation later revealed that Tiktok was not alone. Many other social media platforms had similar, if not more inappropriate, content easily accessible without any restrictions or age verification.

Moreover, no serious efforts have been taken by either the government or the social media platforms to ensure that kids are not exposed to ‘inappropriate content’ or if they are collecting any private information about the kids.

“Several apps have children-directed content, targeted ads are regularly served on these platforms to kids younger than 13 years of age. There needs to be clear requirement for verifiable parental consent before collecting personal information and clear information about parental control,” Choudhary said.

Parents and kids are equally required to be reminded that online actions have consequences.

“Internet today is a dangerous place for children. Parents should ensure that all access is supervised till the child in well into their teens and demonstrate safe practices online,” said Sunil Abraham, Executive Director at the Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/news/hindu-business-line-varun-aggarwal-september-27-2019-millions-of-kids-in-india-access-the-net-on-their-parents-devices-says-study

Millions of Indians Slam Facebook's ‘Free Basics’ App

subha — 2015-12-30T14:37:09Z

It has been less than two months since the nationwide launch of the Free Basics app in India. The smart phone application (formerly known as Internet.org) offers free access to Facebook, Facebook-owned products like WhatsApp, and a select suite of other websites for users who do not pay for mobile data plans.

This was published in Global Voices on December 29, 2015.

But the app has already been suspended, at least temporarily, as the Telecommunications Regulatory Authority considers new rules governing network neutrality. Depending on how they're written, the rules could render Free Basics a violation of the policy.

Free Basics, which has been deployed in 30 developing countries across the globe, gives users free access to websites that meet Facebook's technical standards for the application. The application does not give users access to the Internet at large. For open Internet advocates, this undercuts consumer choice and violates the principle of network neutrality, under which Internet providers are to treat all Internet traffic equally. Net neutrality allows users equal access to any website they want to visit, and gives website operators equal opportunities to attract visitors.

Facebook has responded to the pending regulation with an aggressive ad campaign both online and off. Over the last week, Facebook users across India (and some in the US) upon logging into the site have been greeted with notifications urging them to take action. The Free Basics page on Facebook now leads to a pleading form that asks users to contact the Telecom Regulatory Authority of India (TRAI) and voice their support for making Free Basics available in India. The company has also purchased a smattering of billboard advertisements across the country and taken out numerous two-page ads in leading national newspapers, as seen above.

The Indian Internet bites back

Indian netizens and activists have spoken out against the company's actions en masse, protesting heavily on social media, blogs and newspapers.

The grassroots open Internet group, SavetheInternet.in, that has been advocating for net neutrality in India throughout 2015, has launched an email campaign asking users to send letters to TRAI explaining how Free Basics violates net neutrality principles and propagates an inaccurate picture of the Internet for new users by placing it inside the confines of Facebook's application.

Multiple stand-up comedy groups have created videos explaining the regulatory debate and supporting net neutrality, which have gone viral:

Above, the third in a series of videos created by All India Bakchod, in partnership with SavetheInternet.in. Below, a video by East India Comedy.

The issue has also been hotly debated on Twitter, with technology and law experts leading the way.

Internet policy expert and lead staff member of the Center for Internet and Society in Bengaluru Pranesh Prakash tweeted:

New Delhi-based technology lawyer Mishi Choudhary, who leads the legal team at the Software Freedom Law Center, tweeted:

The Free Software Movement of India, a non-profit promoting use of free software and its philosophy in India via their local chapters, also has taken the campaign to the streets where the volunteers raised public awareness about Free Basic's adverse side.

Apart from local experts and activists, companies like Reddit, Truecaller and Indian e-commerce platform Paytm have publicly shared their opposition to Facebook's actions.

Facebook targets open Web activists

Facebook is paying close attention to civil society opposition to its activities in India. Across the globe, the company's Free Basics page now opens to a plea for users to contact TRAI, and includes a statement that directly targets open Internet advocates, suggesting that their motives are somehow driven by financial incentives:

…Free Basics is in danger in India. A small, vocal group of critics are lobbying to have Free Basics banned on the basis of net neutrality. Instead of giving people access to some basic internet services for free, they demand that people pay equally to access all internet services – even if that means 1 billion people can't afford to access any services.

SavetheInternet.in explicitly states in their About page that they are entirely volunteer-run and have no affiliation with any political party in India or elsewhere.

Users also have tweeted screenshots alleging that Facebook is restricting access for individuals sending messages opposing Free Basics. This has not been confirmed, but the tweets have only further stoked public frustration with the company.

Zuckerberg vs. SavetheInternet

On December 28, Facebook CEO Mark Zuckerberg penned a piece in the Times of India arguing that Free Basics will help “achieve digital equality for India,” and claiming that the initiative “isn’t about Facebook’s commercial interests.” India represents the world's largest market of Internet users after the US and China, where Facebook remains blocked.

In response, Nikhil Pawa, founder of online portal MediaNama and a volunteer with Savetheinternet.in, authored a critical opinion piece in the same newspaper:

[…] Why hasn’t Facebook chosen the options that do not violate Net Neutrality? For example, in India, Aircel has begun providing full internet access for free at 64 kbps download speed for the first three months….In Bangladesh, Grameenphone users get free data in exchange for watching an advertisement. In Africa, Orange users get 500 MB of free access on buying a $37 handset…

[…]

Facebook is being disingenuous — as disingenuous as the company’s promotional programmes for Free Basics to its Indian users — when it says that Free Basics is in conformity with Net Neutrality.

Pawa also quoted Naveen Patnaik, Chief Minister of Indian state of Odisha, who wrote to TRAI supporting net neutrality. “If you dictate what the poor should get, you take away their right to choose what they think is best for them,” he wrote.

“If you dictate what the poor should get, you take away their right to choose what they think is best for them.”

Writing for Quartz, technology critic Alice Truong expressed similar sentiment: “Zuckerberg almost portrays net neutrality as a first-world problem that doesn’t apply to India because having some service is better than no service.”

For Mahesh Murthy, an Indian venture capitalist and self-described net neutrality activist, it all comes down to revenue. On the Wire, Murthy offered untempered criticism of Facebook and Zuckerberg's efforts to appease the country's leaders:

[..] Unlike Facebook, who tried to silently slime this thing through last year when it was called Internet.org, and then are spending about Rs. 100 crores on ads – a third of its India revenue? – to try and con us Indians this year again. This is after we’d worked hard to ban these kind of products, technically called “zero rating apps” last year.[..] This Facebook ad [spread] doesn’t include the full-on Mark Zuckerberg love event put up for our Prime Minister when he visited the US, aimed again at greasing the way for this Free Basics thing through our government.

For more details visit https://cis-india.org/telecom/blog/millions-of-indians-slam-facebooks-2018free-basics2019-app

Millions of Indians move from cash to digital payments. But some ask whether it’s safe

praskrishna — 2017-01-16T02:52:33Z

Minutes after Indian Prime Minister Narendra Modi began an ambitious new mobile-phone-payment application in December, several clones of the app popped up at Android smartphone stores.

The article by Rama Lakshmi was published by Washington Post on 14 January 2017, Sunil Abraham was quoted. Annie Gowen contributed to this report.

In the first few days, users were flooded with spam requests for money.

The Bhim app sponsored by the government was rushed out after Modi’s abrupt withdrawal of large currency bills two months ago. More than 10 million people downloaded it in just 10 days, but in a country where awareness and regulation of privacy, data protection and digital security are low, the number of cyberattacks is rising.

“We are rushing toward launching and using these plethora of financial tech apps without the exhaustive security testing and education that is needed,” said Sunil Abraham, executive director of the Center for Internet and Society. “We are operating in a bit of a regulatory vacuum.”

Modi’s ambitious move to swap old bills for new was intended to fight the hoarding of illicit cash reserves. But it was derailed by shoddy implementation, left citizens in Asia’s third-largest economy without cash for weeks, slowed manufacturing and sent workers home, and is now likely to significantly affect the country’s economic growth this year, economists say. It was acutely painful for a country where 80 percent of transactions were conducted with cash.

Modi quickly responded by turning the adversity into a call for Indians to kick their overwhelming dependence on cash and opt for digital payments overnight. The Bhim app is just one of many available. But in this leap, experts say, security concerns are being overlooked.

The new payment apps and e-wallet companies are governed by India’s outdated information technology law of 2008 and central bank guidelines.

“India urgently needs a new digital payment law that regulates all these mobile payment apps that have sprung up overnight,” said Pavan Duggal, a cyber-law expert. “We are right now in a completely uncharted and unsupervised territory legally. The norms for wallet companies are undefined. If I lose my money due to a fraud, I can go round and round in circles with no remedy.”

The central bank recently issued guidelines asking payment banks to carry out security audits, but Duggal said “there is no penalty or punishment for noncompliance.”

The problem is compounded by the fact that education about security risks online is abysmally sparse, especially in India’s small towns and villages. Indians are complacent about cyber risks in their online behavior, according to the Norton Cyber Security Insights Report. India does not have a privacy law.

India reported more than 39,000 incidents of cyberattacks in the first nine months of 2016, according to the government, including phishing, scanning and probing, website intrusions, defacements, virus and malicious code, and denial-of-service attacks.

“The Pentagon got hacked, right? You haven’t closed down the Pentagon as yet,” said Piyush Goyal, a minister. “These things will happen, and we have to be one step ahead of the hackers and the so-called security breaches and continuously improving and improvising as they do in America or other developed economies.”

In October, top banks had to fix the security codes of about 3.2 million debit cards in one of the biggest data breaches in India. Some users complained that their cards had been used in China.

Last month, hackers attacked Twitter and email accounts of prominent politicians and journalists and defaced the website of the National Security Guard, an elite commando force.

“The focus of global hackers has shifted to India. The cyber risk is a direct fallout of the growth in the number of digital users,” said Saket Modi, the chief executive of Lucideus Tech, the firm that conducted the security audit of the government’s Bhim app.

Since the cash crunch began, the largest private e-wallet company, Paytm, has experienced a 400 percent jump in new downloads.

But only 342 million people access the Internet on their mobile phones. The government has introduced dial-in service for those who have basic cellphones to make digital payments.

The government is airing radio jingles telling citizens not to share their personal identification numbers and has a toll-free helpline to teach people how to make online payments.

“Officials understand how security worries can be a big dampener in their campaign to get people to go digital,” said Vinayak Godse, senior director at the Data Security Council of India, an industry body that advises the government.

But in a trade-off between convenience and security, the central bank recently waived the mandatory two-factor authentication for transactions less than $30 online.

Some cybersecurity experts say that Indians are not ready for this step.

The police recently arrested a gang in the eastern state of Jharkhand; operators were calling people posing as bank executives and tricking them into sharing their card details. They used the cards to do online shopping and transferred money into their e-wallet accounts.

“People are gullible and can be threatened or lured to part with their bank details easily. We need as many safeguards as we can have,” said Surendra Kumar, a senior police officer in New Delhi who busted the gang.

But the biggest problem people face is that police in one state get very little cooperation from those in another state in digital-crime complaints, said Rakshit Tandon, a cybersecurity expert who trains police, military members and school students.

“Only in big-ticket frauds will police departments from different states coordinate their investigations,” Tandon said. “If a person loses a relatively smaller amount digitally, the case won’t go far. Even though that amount may mean a lot in that person’s life.”

For more details visit https://cis-india.org/internet-governance/news/washington-post-january-14-2017-rama-lakshmi-millions-of-indians-move-from-cash-to-digital-payments

Microsoft says WannaCry ransomware must be a wake-up call for governments

praskrishna — 2017-06-07T00:55:40Z

Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0. It has, however, retweeted a blog post by Brad Smith, president and chief legal officer at Microsoft, who directs much of the blame toward the USA government, arguing that it should have alerted the $524 billion tech titan about the problem.

The article was published in Journaldu Maghreb on May 20, 2017

"This is an emerging pattern in 2017", he continued. "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world", wrote Smith in a blog post on Sunday. Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

"An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen", Mr Smith wrote. Brad Smith, Microsoft's top lawyer, criticized US intelligence agencies for "stockpiling" software code that can be used by hackers. In February, Smith first called for the creation of what he has dubbed a Geneva Convention for cyberspace, which would outlaw nation-state cyberattacks on critical infrastructure and tech companies.

Cyber-security firm HumanFirewall said that on account of high use of pirated Windows operating system in India, it was more susceptible to the attack. Microsoft has connected previous exploits of its products released by the mysterious Shadow Brokers group to tools which were stolen from NSA cyber warfare operations. "All our systems are updated as required". This sophisticated, self-propagating malware was created to spread to all other computers on the same network after infecting one machine.

Estimates by law enforcement agency Europol estimated yesterday that more than 200,000 computers in 150 countries were infected, but with the worm continuing to spread to vulnerable Windows machines, that number will surely rise. When 22 year olds are the heroes of the anti-cyber attack fight, rather than the agencies tasked to defend countries against these types of threats, it is perhaps time to question what these organisations have been doing all this time? NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer. That dump included a vulnerability codenamed EternalBlue, which preys on a flaw in Microsoft Word to transmit malicious software from one Windows Computer to another. Usually used by cyber criminals, ransomware is a popular means of making illicit money from victims who have to pay the criminals in order to have their data decrypted.

Today is likely to be painful for many organizations all over the world that took the weekend off and are returning to the work-week to find hundreds or thousands of computers on their networks encrypted by WannaCry ransomware, which surfaced Friday and has been propagating ever since. It was a stress-filled weekend for many IT workers this past weekend as the WannaCry ransomware attack spread, crippling Windows systems worldwide.

Security firm BinaryEdge, which specializes in internet-wide scans, has detected more than 1 million Windows systems that have the SMB service exposed to the internet. "Otherwise they're literally fighting the problems of the present with tools from the past", he said. However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised. This allowed users of the older systems to secure their computers without requiring an upgrade to the latest operating software.

For more details visit https://cis-india.org/internet-governance/news/journaldu-maghreb-may-20-2017-microsoft-says-wannacry-ransomware-must-be-a-wake-up-call

Microsoft releases its first report on data requests by law enforcement agencies around the world

maria — 2013-07-12T12:19:31Z

In this post, the Centre for Internet and Society presents Microsoft´s report on law enforcement requests, with a focus on data requested by Indian law enforcement agencies.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Last week, Microsoft released its first report with data on the number of requests received from law enforcement agencies around the world relating to Microsoft online and cloud services. Microsoft´s newly released 2012 Law Enforcement Requests Report depicts the company's willingness to join the ranks of Google, Twitter and other Web businesses that publish transparency reports.

As of 30 June 2012, 137 million Indians are regular Internet users, many of which use Microsoft services including Skype, Hotmail, Outlook.com, SkyDrive and Xbox Live. Yet, until recently, it was unclear whether Indian law enforcement agencies were requesting data from our Skype calls, emails and other Microsoft services. Thus, Microsoft's release of a report on law enforcement requests is a decisive step in improving transparency in regards to how many requests for data are made by law enforcement agencies and how many requests are granted by companies. Brad Smith, an executive vice president and Microsoft´s general counsel, wrote in his blog post:

“As we continue to move forward, Microsoft is committed to respecting human rights, free expression and individual privacy.”

Microsoft 2012 Law Enforcement Requests

Democratic countries requested the most data during 2012, according to Microsoft´s report. The law enforcement agencies in the United States, the United Kingdom, Germany, France and Turkey accounted for 69 percent of the 70, 665 requests Microsoft (excluding Skype) received last year. Although India did not join the rank of the countries which made the fewest requests from Microsoft, it did not join the top-five league which accounted for the most requests, despite the country having one of the world´s highest number of Internet users.

Out of the 70,665 requests to Microsoft by law enforcement agencies around the world, only about 0.6 percent of the requests were made by Indian law enforcement agencies. These 418 requests specified 594 accounts and users, which is significantly low in comparison to the top-five and other countries, such as Taiwan, Spain, Mexico, Italy, Brazil and Australia. Indian law enforcement requests accounted for about 0.5 percent of the total 122, 015 accounts and user data that was requested by law enforcement agencies around the world.

Content data is defined by Microsoft as what customers create, communicate and store on or through their services, such as words in an e-mail or photographs and documents stored on SkyDrive or other cloud offerings. Non-content data, on the other hand, refers to basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration. According to Microsoft´s 2012 report, the company did not disclose any content data to Indian law enforcement agencies. In fact, only 2.2 percent of requests from law enforcement agencies around the world resulted in the disclosure of content data, 99 percent of which were in response to warrants from courts in the United States. Microsoft may have not disclosed any of our content data, but 370 requests from Indian law enforcement agencies resulted in the disclosure of our non-content data. In other words, 88.5 percent of the requests by India resulted in the disclosure of e-mail addresses, IP addresses, names, locations and other subscriber information.

Out of the 418 requests made to Microsoft by Indian law enforcement agencies, only 4 were rejected (1 percent) and no data was found for 44 requests (10.5 percent). In total, Microsoft rejected the disclosure of 1.2 percent of the requests made by law enforcement agencies around the world, while data was not found for 16.8 percent of the international requests. Thus, the outcome of the data shows that the majority of the requests by Indian law enforcement agencies resulted in the disclosure of non-content data, while very few requests were rejected by Microsoft (excluding Skype). The following table summarizes the requests by Indian law enforcement agencies and their outcome:

Total number of requests	418 (0.6%)
Accounts/Users specified in requests	594 (0.5%)
Disclosure of content	0 (0%)
Disclosure of non-content data	370 (88.5%)
No data found	44 (10.5%)
Requests rejected	4 (1%)

Skype 2012 Law Enforcement Requests

Microsoft acquired Skype towards the end of 2011 and the integration of the two companies advanced considerably over the course of 2012. According to the Microsoft 2012 report, Indian law enforcement agencies made 53 requests for Skype user data and 101 requests for specified accounts on Skype. In other words, out of the total 4,715 requests for Skype user data by law enforcement agencies around the world, the requests by Indian law enforcement accounted for about 0.1 percent. 15,409 international requests were made for specified accounts on Skype, but Indian law enforcement requests only accounted for about 0.6 percent of those.

The report appears to be extremely reassuring, as it states that Skype did not disclose any content data to any law enforcement agencies around the world. That essentially means that, according to the report, that all the content we created and communicated through Skype during 2012 was kept private from law enforcement. Although Microsoft claims to not have disclosed any of our content data, it did disclose non-content data, such as SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number. However, Microsoft did not report how many requests the company received for non-content data, nor how much data was disclosed and to which countries.

Microsoft reported that data was not found for 47 of India´s law enforcement requests, which represents 88.6 percent of the requests. In total, Microsoft reported that data was not found for about half the requests made by law enforcement agencies on an international level. Out of the 53 requests, Microsoft provided guidance to Indian law enforcement agencies for 10 requests. In particular, such guidance was provided either in response to a rejected request or general questions about the process for obtaining Skype user data. Yet, the amount of rejected requests for Skype user data was not included in the report and the guidance provided remains vague. The following table summarizes the requests by Indian law enforcement agencies for Skype user data and their outcome:

Total of requests	53 (0.1%)
Accounts/identifiers specified in requests	101 (0.6%)
Requests resulting in disclosure of content	0 (0%)
No data found	47 (88.6%)
Provided guidance to law enforcement	10 (18.8%)

The Centre for Internet and Society (CIS) supports the publication of Microsoft´s 2012 Law Enforcement Requests Report and encourages Microsoft (including Skype) to continue releasing such reports which can provide an insight on how much user data is being shared with law enforcement agencies around the world. In order to ensure that such reports adequately provide transparency, they should be broadened in the future to include more data, such as the amount of non-content data requests disclosed by Skype, the type of guidance provided to law enforcement agencies and the amount of requests rejected by Skype. Nonetheless, this report is a decisive first step in increasing transparency and further, more detailed reports are strongly encouraged.

For more details visit https://cis-india.org/internet-governance/blog/microsoft-releases-first-report-on-data-requests-by-law-enforcement-agencies

MHRD IPR Chair Series: Information Received from Delhi University

nehaa — 2016-05-15T12:18:40Z

This post provides a factual description about the operation of Ministry of Human Resource Development IPR Chair’s Intellectual Property Education, Research and Public Outreach (IPERPO) scheme in Delhi University.

The author has analysed all the data received through which, the author seeks to trace the presence of unjustified underutilisation of funds by the aforementioned university as provided by the MHRD during the period of 2013-2014. To collect the information for the given study, an RTI application was filed to Delhi University on 09/02/2015 by the Centre for Internet and Society. The reply to RTI application was received on 25/02/2015.

These are the documents received by CIS from Delhi University:

For the response to the RTI application click here

Hereinafter, in order to receive any information about Delhi School of Economics, Delhi University’s RTI reply, kindly refer to the above mentioned links. Following are the queries mentioned in the RTI application along with their replies.

Reports on the implementation of the IPERPO scheme of the Ministry of Human Resource Development and the implementation of the MHRD IPR Chair funded under the scheme at the Delhi School of Economics.
Reply: The University submitted that there are no reports on the implementation of the IPERPO scheme or the MHRD IPR Chair funded under the same. Additionally, the implementation of the scheme commended at Delhi University w.e.f 20th Feb., 2014. Dr. Rekha Chaturvedi joined as the IPR Chair (Technical) on the same date.
Documents on the release of grants to the MHRD IPR Chairs under the IPERPO scheme at the Delhi University, Delhi School of Economics for the year 2013-14.
Reply: The University submitted that there has been no release of grants by the Human Resource and Development Ministry under the IPERPO Scheme.
Documents relating to receipts of utilization certificates and audited expenditure statements and matters related to all financial sanctions with regard to funds granted to the MHRD IPR Chair established under the IPERPO Scheme for the year 2013-14 at the Delhi University, Delhi School of Economics.
Reply: The University replied that as there has been no release of grants under the IPERPO scheme, the question of utilization certificates and audited expenditure or any other matter related to financial sanctions with regard to the funds does not arise.
Documents regarding all matters related to finance and budget related to the MHRD IPR Chair under the IPERPO scheme 2013-14 established at Delhi University, Delhi School of Economics.
Reply: The University did not submit any documents in this regard and asserted that the information sought is not specific.

Comparative Analysis between University Response and the guidelines of MHRD Scheme Document
The Scheme Document of MHRD (http://copyright.gov.in/Documents/scheme.pdf) is a comprehensive document which consists of guidelines regarding Intellectual Property Education, Research and Public Outreach. It talks about a list of objectives, purposes, conditions and eligibility criteria for a University to ensure in order to implement IPERPO in a truest sense. This document provides the procedural as well as qualifying conditions for an Institute to ensure or fulfil before applying for the MHRD grant. Some of these conditions include maintenance of utilization certificates, audit reports, expenditure statements and event information which would be open to access on demand by MDHR or Comptroller and Auditor General of India.

A. Objectives
The University has not provided any documents detailing any activities undertaken to further the objectives of the IPERPO scheme.

B. Eligibility
Delhi School of Economics, Delhi University is recognized by the University Grants Commission. Therefore, it fulfils the eligibility criteria mentioned in the scheme document.

Financial Analysis

The University has not provided any documents on this subject.

For more details visit https://cis-india.org/a2k/blogs/mhrd-ipr-chair-series-information-received-from-delhi-university

MHA snoop order & bid to amend IT rules: China-like clampdown or tracking unlawful content?

Admin — 2018-12-30T10:08:31Z

An MHA order last week authorised 10 government agencies to scan data on computers. This was followed by the Modi government’s proposal to amend the Information Technology rules for social media platforms like WhatsApp, Facebook and Twitter to “proactively identify, remove or disable access to unlawful information or content” in order to curb fake news online.

The article by Fatima Khan was published in the Print on December 28, 2018. Amber Sinha was quoted.

No concrete steps taken by either NDA or UPA to enact laws for surveillance reform

The MHA order which gives 10 government agencies the power to intercept, monitor and decrypt ‘any information’ generated, transmitted, received, or stored in any computer, reaffirms the sorry state of communication surveillance law in India. This is reflected in the lack of judicial review, minimal legislative oversight and no regard for the principles of necessity, proportionality, user notification and transparency.

Despite detailed recommendations by the Committee of Experts led by Justice AP Shah back in 2013, there have been no concrete steps taken by either the current NDA government or the previous UPA government to enact laws for surveillance reform. The draft bill by the committee led by Justice Srikrishna does refer to the principles of necessity and proportionality, but stops short of recommending an overhaul of the surveillance regime. This notification is but merely the logical next step in the existing framework for communications surveillance.

On the other hand, the draft amendments to the IT Act regulations seek to address the problem of ‘unlawful content’ and seem to stem largely from concerns about the use of platforms like Facebook and WhatsApp to spread disinformation and impact electoral processes in India. To that extent, these steps are misguided and betray a failure to engage with the actual problem. Already, the powers of content moderation exercised by online platforms suffer from problems of transparency and accountability. The draft regulations will only serve to compound this problem while unreasonably expecting the platforms to exercise powers which should require judicial determination.

For more details visit https://cis-india.org/internet-governance/news/the-print-december-28-2018-mha-snoop-order-bid-to-amend-it-rules-china-like-clampdown-or-tracking-unlawful-content

Metrolife: Brutality porn has sadly many takers in India

Admin — 2018-04-19T13:15:57Z

The name of the eight-year old Kathua rape victim is trending not just on social media but also on a porn site.

On Monday it had topped the list of the most-searched names on a porn site, triggering surprise and outrage. An official at the Centre for Internet & Society, Bengaluru attributes the curiosity to a "depraved, messed-up" mind.

Swaraj Barooah, senior programme manager at the centre, says, "It takes numbers to make something trend online." He attributes the unhealthy curiosity in rape footage to a lack of proper sex education in schools.

Violent acts are ingrained in the power politics and hierarchy of our society, he observes.

"There are two categories that are searched online...revenge and brutality porn. While revenge porn is usually uploaded by couples who break up, brutality porn is done without recognising the humanity of the person involved," Barooah says.

Psychiatrists think people who search for rape videos have a "sick and deviant mind".

The article by Nina C. George was published in Deccan Herald on April 18, 2018.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-nina-c-george-april-17-2018-sad-truth-brutality-porn-has-many-takers-in-india

Messaging apps find another foe in India’s market regulator

praskrishna — 2013-06-05T10:46:32Z

Paranoid governments and mobile operators aren’t the only one that dislike messaging apps. Regulatory bodies aren’t crazy about them either. The Securities and Exchange Board of India (SEBI) is worried that attempts to pass on confidential information or manipulate markets are originating from within services like WhatsApp and Blackberry Messenger.

This blog post was published in Quartz on May 8, 2013. Elonnai Hickok is quoted.

The regulator already analyzes data from trades for irregularities through its “integrated market surveillance system”. That gives it an idea of what stocks are being manipulated. Now it wants to expand its horizons. The Press Trust of India reports that SEBI has looked into tracking Twitter and Facebook and is grappling with messaging apps—though as yet it has no systems in place for doing either, according to Elonnai Hickok of the Center for Internet Studies in Bangalore. A SEBI spokesperson could not be reached for comment.

Even if SEBI did start following you on Twitter, it cannot snoop on your WhatsApp messages. That sort of power is the preserve of intelligence and police authorities. And there is good reason for SEBI’s restricted powers. Keeping the markets clean may be an honorable pursuit, but the regulator hasn’t always used honorable means.

India’s finance minister last year said that SEBI would be allowed to request call records, which are the data kept by operators about who called whom, for how long and from where. Such information can help investigators discover sources of leaked information. It can also be used to figure out whether traders are trying to influence other investigators. But a freedom-of-information request recently revealed that SEBI had been requesting—and receiving—such data from carriers at least since 2009, well before it was supposedly allowed to do so.

For more details visit https://cis-india.org/news/quartz-may-8-2013-leo-mirani-messaging-apps-find-another-foe-in-indias-market-regulator

Meeting on Proactive Disclosure and Personal Data (Delhi, May 13, 5:30 pm)

sumandro — 2017-05-13T04:32:41Z

CIS is organising an informal discussion on topics related to proactive disclosure and personal data thrown up by the recently published report by Amber Sinha and Srinivas Kodali titled "Information Security Practices of Aadhaar (or lack thereof)". Please join us at 5:30 pm today, May 13, at the CIS office.

Read the report: PDF

Location

For more details visit https://cis-india.org/internet-governance/events/meeting-on-proactive-disclosure-and-personal-data-delhi-may-13