We are anonymous, we are legion

The New Aadhaar Bill in Plain English

Amber Sinha, Vanya Rakesh and Vipul Kharbanda — 2016-03-11T04:41:38Z

We have put together a plain English version of the The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016

Chapter I. PRELIMINARY

Section 1

This Act is called Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
It will be applicable in whole of India (except the state of Jammu and Kashmir).
It will become applicable on a date to be notified by the Central Government.

Section 2

“Aadhaar number” is the identification number issued to an individual under the Act;
“Aadhaar number holder” is the person who has been given an Aadhaar number;
“authentication” is the process of verifying the Aadhaar number, demographic information and biometric information of any person by the Central Identities Data Repository (CIDR);
“authentication record” is the record of the authentication which will contain the identity of the requesting entity and the response of the CIDR;
“Authority” or “UIDAI” refers to the Unique Identification Authority of India established under this Act;
“benefit” means any relief or payment which may be notified by the Central Government;
“biometric information” means photograph, fingerprint, Iris scan, or any other biological attributes specified by regulations;
“Central Identities Data Repository” or “CIDR” means a centralised database containing all Aadhaar numbers, demographic information and biometric information and other related information;
“Chairperson” means the Chairperson of the UIDAI;
“core biometric information” means fingerprint, Iris scan, or any biological attributes specified by regulations;
“demographic information” includes information relating to the name, date of birth, address and other relevant information as specified by regulations. This information will not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history;
“enrolling agency” means an agency appointed by the UIDAI or a Registrar for collecting demographic and biometric information of individuals for issuing Aadhaar numbers;
“enrolment” means the process of collecting demographic and biometric information from individuals for the purpose of issuing Aadhaar numbers;
“identity information” in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information;
“Member” includes the Chairperson and Member of the Authority appointed under section 12;
“notification” means a notification published in the Official Gazette and the expression “notified” with its cognate meanings and grammatical variations will be construed accordingly;
“prescribed” means prescribed by rules made by the Central Government under this Act;
“records of entitlement” means the records of benefits, subsidies or services provided to any individual under any government programme;
“Registrar” means any person authorized by the UIDAI to enroll individuals under the Act;
“regulations” means the regulations made by the UIDAI under this Act;
“requesting entity” means an agency that submits the Aadhaar number and other information of an individual to the CIDR for authentication;
“resident” means a person who has resided in India for atleast 182 days in the last twelve months before the date of application for enrolment;
“service” means any facility or assistance provided by the Central Government in any form;
“subsidy” means any form of aid, support, grant, etc. in cash or kind as notified by the Central Government.

Chapter II. ENROLMENT

Section 3

Every resident is entitled to get an Aadhaar number.
At the time of enrollment, the enrolling agency will inform the individual of the following details—

how their information will be used;
what type of entities the information will be shared with; and
that they have a right to see their information and also tell them how they can see their information.

After collecting and verifying the information given by the individuals, the UIDAI will issue an Aadhaar number to each individual.

Section 4

Once an Aadhaar number has been issued to a person, it will not be re-assigned to any other person.
An Aadhaar number will be a random number and will not contain any attributes or identity of the Aadhaar number holder.
if adopted by a service provider, an Aadhaar number may be accepted as proof of identity of the person.

Section 5

The UIDAI will take special measures to issue Aadhaar number to women, children, senior citizens, persons with disability, unskilled and unorganised workers, nomadic tribes or to such other persons who do not have any permanent residence and similar categories of individuals.

Section 6

The UIDAI may require Aadhaar number holders to update their Aadhaar information, so that it remains accurate.

Chapter III. AUTHENTICATION

Section 7

As a condition for receiving subsidy for which the expenditure is incurred from the Consolidated Fund of India, the Government may require that a person should be authenticated or give proof of the Aadhaar number to establish his/her identity. In the case a person does not have an Aadhaar number, he/she should make an application for enrolment. If an Aadhaar number is not assigned, the person will be offered viable and alternate means of identification for receiving the subsidy, benefit or service.

Section 8

The UIDAI will authenticate the Aadhaar information of people as per the conditions prescribed by the government and may also charge a fees for doing so.
Any requesting entity will— (a) take consent from the individual before collecting his/her Adhaar information; (b) use the information only for authentication with the CIDR;
The entity requesting authentication will also inform the individual of the following— (a) what type of information will be shared for authentication; (b) what will the information be used for; and (c) whether there is any alternative to submitting the Aadhaar information to the requesting entity.
The UIDAI will respond to the authentication request with yes, no, or other appropriate response and share identity information about the Aadhaar number holder but not share any biometric information.

Section 9

The Aadhaar number or its authentication will not be a proof of citizenship or domicile.

Section 10

The UIDAI may engage any number of entities to establish and maintain the CIDR and to perform any other functions specified by the regulations.

Chapter IV. UNIQUE IDENTIFICATION AUTHORITY OF INDIA

Section 11

The UIDAI will be established by the Central Government to be responsible for the processes of enrolment and authentication of Aadhaar numbers.
The UIDAI will be a body corporate with the power to buy and sell property, to enter into contracts and to sue or be sued.
The head office of the UIDAI will be in New Delhi.
The UIDAI may establish its offices at other places in India.

Section 12

The UIDAI will have a Chairperson, two part-time Members and a chief executive officer, who to be appointed by the Central Government.

Section 13

The Chairperson and Members will be competent people with at least 10 years experience and knowledge in technology, governance, law, development, economics, finance, management, public affairs or administration.

Section 14

The Chairperson and the Members will be appointed for 3 years and can be re-appointed after their term. But no Member or Chairperson will be more than 65 years of age.
The Chairperson and Members will take an oath of office and of secrecy.
The Chairperson or Member may— (a) resign from office, by giving an advance written notice of at least 30 days; or (b) be removed from his office because she/he gets disqualified on any of the grounds mentioned in section 15.
The salaries and allowances of the Members and Chairperson will be prescribed under the government.

Section 15

The Central Government may remove a Chairperson or Member, who—
(a) has gone bankrupt;
(b) is physically or mentally unable to do his/her job;
(c) has been convicted of an offence involving moral turpitude;
(d) has a financial conflict of interest in performing his/her functions; or
(e) has abused his/her position so that the government needs to remove him/her in public interest.
The Chairperson or a Member will be given a chance to present his/her side of the story before being removed, unless he/she is being removed on the grounds of bankruptcy or criminal conviction.

Section 16

An Ex-Chairperson or Ex-Member will have to take the approval of the Central Government,—

to accept any job in any entity (other than a government organization) which was associated with any work done for the UIDAI while that person was a Chairperson or Member, for a period of three years after ceasing to hold office;
to act or advise any entity on any particular transaction for which that person had provided advice to the UIDAI while he/she was the Chairperson or a Member;
to give advice to any person using information which was obtained as the Chairperson or a Member which is not available to the public in general; or
to accept any offer of employment or appointment as a director of any company with which he/she had direct and significant official dealings during his/her term of office, for a period of three years.

Section 17

The Chairperson will preside over the meetings of the UIDAI and have the powers and perform the functions of the UIDAI.

Section 18

The chief executive officer (CEO) of the UIDAI will not be below the rank of Additional Secretary to the Government of India.
The chief executive officer will be responsible for— (a) the day-to-day administration of the UIDAI; (b) implementing the programmes and decisions of the UIDAI; (c) making proposals for the UIDAI; (d) preparation of the accounts and budget of the UIDAI; and (e) performing any other functions prescribed in the regulations.
The CEO will annually submit the following things to the UIDAI for its approval — (a) a general report covering all the activities of the Authority in the previous year; (b) programmes of work; (c) the annual accounts for the previous year; and (d) the budget for the coming year.
The CEO will have administrative control over the officers and other employees of the Authority.

Section 19

The time and place of the meetings of the UIDAI and the rules and procedures of those meetings will be prescribed by regulations.
The meetings will be presided by the Chairperson, and if they are absent, then the senior most Member of the UIDAI.
All decisions at the meetings of the UIDAI will be taken by a majority vote. In case of a tie, the person presiding the meeting will have the casting vote.
All decisions of the UIDAI will be signed by the Chairperson or any other Member or the Member-Secretary authorised by the UIDAI in this behalf.
If any Member, who is a director of a company and because of this has any financial interest in matters coming up for consideration at a meeting, that member should disclose the financial interest and not take any further part in the discussions and decision on that matter.

Section 20

No actions or proceeding of the UIDAI will become invalid merely because of—

any vacancy in, or any defect in the constitution of, the UIDAI;
any defect in the appointment of a person as Chairperson or Member of the Authority; or
any irregularity in the procedure of the Authority not affecting the merits of the case.

Section 21

The UIDAI, with the approval of the Government, can decide on the number and types of officers and employees that it would require.
The salaries and allowances of the employees, officer and chief executive officer will be prescribed under the government.

Section 22.

Once the UIDAI is establishment—

all the assets and liabilities of the existing Unique Identification Authority of India, established by the Government of India through notification dated the 28th January, 2009, will stand transferred to the new UIDAI.
all data and information collected during enrolment, all details of authentication performed, by the existing Unique Identification Authority of India will be deemed to have been done by the UIDAI. All debts, liabilities incurred and all contracts entered into by the Unique Identification Authority of India will be deemed to have been entered into by the UIDAI;
all money due to the existing Unique Identification Authority of India will be deemed to be due to the UIDAI; and
all suits and other legal proceedings instituted by or against such Unique Identification Authority of India may be continued by or against the UIDAI.

Section 23

The UIDAI will develop the policy, procedure and systems for issuing Aadhaar numbers to individuals and perform their authentication. The powers and functions of the UIDAI include—

specifying the demographic information and biometric information required for enrolment and the processes for collection and verification of that information;
collecting demographic information and biometric information from people seeking Aadhaar numbers;
appointing of one or more entities to operate the CIDR;
generating and assigning Aadhaar numbers to individuals;
performing authentication of Aadhaar numbers;
maintaining and updating the information of individuals in the CIDR;
omitting and deactivating an Aadhaar number;
specifying the manner of use of Aadhaar numbers for the purposes of providing or availing of various subsidies and other purposes for which Aadhaar numbers may be used;
specifying the terms and conditions for appointment of Registrars, enrolling agencies and service providers and revocation of their appointments;
establishing, operating and maintaining of the CIDR;
sharing the information of Aadhaar number holders;
calling for information and records, conducting inspections, inquiries and audit of the operations of the CIDR, Registrars, enrolling agencies and other agencies appointed under this Act;
specifying processes relating to data management, security protocols and other technology safeguards under this Act;
specifying the conditions/procedures for issuance of new Aadhaar number to existing Aadhaar number holder;
levying and collecting the fees or authorising the Registrars, enrolling agencies or other service providers to collect fees for the services provided by them under this Act;
appointing committees necessary to assist the Authority in discharge of its functions;
promoting research and development for advancement in biometrics and related areas;
making and specifying policies and practices for Registrars, enrolling agencies and other service providers;
setting up facilitation centres and grievance redressal mechanisms;
other powers and functions as prescribed.

The Authority may,— (a) enter into agreements with various state governments and Union Territories for collecting, storing, securing or processing of information or delivery of Aadhaar numbers to individuals or performing authentication; (b) appoint Registrars, engage and authorize agencies to collect, store, secure, process information or do authentication or perform other functions under this Act. The Authority may engage consultants, advisors and other persons required for efficient discharge of its functions.

Chapter V. GRANTS, ACCOUNTS AND AUDIT AND ANNUAL REPORT

Section 24

The Central Government may grant money to the UIDAI as it may decide, upon due appropriation by Parliament.

Section 25

Fees/revenue collected by the UIDAI will be credited to the Consolidated Fund of India

Section 26

The UIDAI will prepare an annual statement of accounts in the format prescribed by Central Government
The Comptroller and Auditor-General will audit the account of the UIDAI annually at intervals decided by him, at the UIDAI’s expense.
The Comptroller and Auditor-General or his appointees will have the same powers of audit they usually have to audit Government accounts.
The UIDAI will forward the statement of accounts certified by the Comptroller and Auditor-General and the audit report, to the Central Government who will lay it before both houses of Parliament.

Section 27

The UIDAI will provide returns, statements and particulars as sought, to the Central Government, as and when required.
The UIDAI will prepare an annual report containing the description of work for previous years, annual accounts of previous year, and the programmes of work for coming year.
The copy of the annual report will be laid before both houses of Parliament by the Central Government.

Chapter VI. PROTECTION OF INFORMATION

Section 28

The UIDAI will ensure the security and confidentiality of identity information and authentication records.
The UIDAI will take measures to ensure that all information with the UIDAI, including CIDR records is secured and protected against access, use or disclosure and against destruction, loss or damage.
The UIDAI will adopt and implement appropriate technical and organisational security measures, and ensure the same are imposed through agreements/arrangements with its agents, consultants, advisors or other persons.
Unless otherwise provided, the UIDAI or its agents will not reveal any information in the CIDR to anyone.
An Aadhaar number holders may request UIDAI to provide access his information (excluding the core biometric information) as per the regulations specified.

Section 29

The core biometric information collected will not be a) shared with anyone for any reason, and b) used for any purpose other generation of Aadhaar numbers and authentication.
Identity information, other than core biometric information, may be shared only as per this Act and regulations specified under it.
Identity information available with a requesting entity will not be used for any purpose other than what is specified to the individual, nor will it be shared further without the individual’s consent.
Aadhaar numbers or core biometric information will not be made public except as specified by regulations.

Section 30

All biometric information collected and stored in electronic form will be deemed to be “electronic record” and “sensitive personal data or information” under Information Technology Act, 2000 and its provisions and rules will apply to it in addition to this Act.

Section 31

If the demographic or biometric information about any Aadhaar number holder changes, is lost or is found to be incorrect, they may request the UIDAI to make changes to their record in the CIDR, as necessary.
The identity information in the CIDR will not be altered, except as provided in this Act.

Section 32

The UIDAI will maintain the authentication records in the manner and for as long as specified by regulations.
Every Aadhaar number holder may obtain his authentication record as specified by regulations.
The UIDAI will not collect, keep or maintain any information about the purpose of authentication.

Section 33

The UIDAI may reveal identity information, authentication records or any information in the CIDR following a court order by a District Judge or higher. Any such order may only be made after UIDAI is allowed to appear in a hearing.
The confidentiality provisions in Sections 28 and 29 will not apply with respect to disclosure made in the interest of national security following directions by a Joint Secretary to the Government of India, or an officer of a higher rank, authorised for this purpose.
An Oversight Committee comprising Cabinet Secretary, and Secretaries of two departments — Department of Legal Affairs and DeitY— will review every direction under 33 B above.
Any directions under 33 B above are valid for 3 months, after which they may be extended following a review by the Oversight Committee.

Chapter VII. OFFENCES AND PENALTIES

Section 34

Impersonating or attempting to impersonate another person by providing false demographic or biometric information will punishable by imprisonment of up to three years, and/or fine of up to ten thousand rupees.

Section 35

Changing or attempting to change any demographic or biometric information of an Aadhaar number holder by impersonating another person (or attempting to do so), with the intent of i) causing harm or mischief to an Aadhaar number holder, or ii) appropriating the identity of an Aadhaar number holder, is punishable with imprisonment up to three years and fine up to ten thousand rupees.

Section 36

Collection of identity information by one not authorised by this Act, by way of pretending otherwise, is punishable with imprisonment up to three years or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

Section 37

Intentional disclosure or dissemination of identity information, to any person not authorised under this Act, or in violation of any agreement entered into under this Act, will be punishable with imprisonment up to three years or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

Section 38

The following intentional acts, when not authorised by the UIDAI, will be punishable with imprisonment up to three years and a fine not less than ten lakh rupees:

accessing or securing access to the CIDR;
downloading, copying or extracting any data from the CIDR;
introducing or causing any virus or other contaminant into the CIDR;
damaging or causing damage to the data in the CIDR;
disrupting or causing disruption to access to CIDR;
causing denial of access to an authorised to the CIDR;
revealing information in breach of (D) in Section 28, or Section 29;
destruction, deletion or alteration of any files in the CIDR;
stealing, destruction, concealment or alteration of any source code used by the UIDAI.

Section 39

Tampering of data in the CIDR or removable storage medium, with the intention to modify or discover information relating to Aadhaar number holder will be punishable with imprisonment up to three years and a fine up to ten thousand rupees.

Section 40

Use of identity information in violation of Section 8 (3) by a requesting entity will be punishable with imprisonment up to three years and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

Section 41

Violation of Section 8 (3) or Section 3 (2) by a requesting entity or enrolling agency will be punishable with imprisonment up to one year and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

Section 42

Any offence against this Act or regulations made under it, for which no specific penalty is provided, will be punishable with be punishable with imprisonment up to one year and/or a fine up to twenty five thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company).

Section 43

In case of an offence under Act committed by a Company, all person in charge of and responsible for the conduct of the company will also be held to be guilty and liable for punishment unless they can prove lack of knowledge of the offense or that they had exercised all due diligence to prevent it.
In case an offence is committed by a Company with the consent, connivance or neglect of a director, manager, secretary or other officer of a company, they will also be held guilty of the offence.

Section 44

This Act will also apply to offences committed outside of India by any person, irrespective of their nationality, if the offence involves any data in the CIDR.

Section 45

Offences under this Act will not be investigated by police officers below the rank of Inspector of Police.

Section 46

Penalties imposed under this Act will not prevent imposition of any other penalties or punishment under any other law in force.

Section 47

Courts will take cognizance of offences under this Act only upon complaint being made by the UIDAI or any officer authorised by it.
No court inferior to that of a Chief Metropolitan Magistrate or a Chief Judicial Magistrate will try any offence under this Act.

Chapter VIII. MISCELLANEOUS

Section 48

Central Government has the power to supersede the UIDAI, through a notification, not for longer than six months, in the following circumstances: i) In case of circumstances beyond the control of the UIDAI, ii) The UIDAI has defaulted in complying with directions of the Central Government, affecting financial position of the UIDAI, iii) Public emergency
Upon publication of notification, Chairperson and Members of the UIDAI must vacate the office
Powers, functions and duties will be performed by person(s) authorised by the President.
Properties controlled and owned by UIDAI will vest in the Central Government.
Central Government will reconstitute the UIDAI upon expiration of supersession, with fresh appointment of Chairperson and Members.

Section 49

Chairperson, members, employees etc. are deemed to be public servants within the meaning of section 21 of the Indian Penal Code.

Section 50

Central Government has the power to issue directions to the UIDAI on questions of policy (to be decided by the Government), except technical and administrative matters and the UIDAI will be bound by it.
The UIDAI will be given an opportunity to express views before direction is given.

Section 51

The UIDAI may delegate its powers and functions to a Member or officer of the UIDAI.

Section 52

No suit, prosecution or other legal proceedings will lie against the Central Government, UIDAI, Chairperson, any Member, officer, or other employees of the UIDAI for an act done in good faith.

Section 53

The Central Government has the power to makes Rules for matters prescribed under this provision.

Section 54

UIDAI has the power to make regulations for matters prescribed under this provision.

Section 55

Rules and regulations under this Act will be laid before each House of Parliament for a total period of thirty days, both Houses must agree in making modification, and then the Rules will come into effect.

Section 56

Provisions of this Act are in addition to, and not in derogation of any other law currently in effect.

Section 57

This Act will not prevent use of Aadhaar number for other purposes under law by the State or other bodies.

Section 58

The Central Government may pass an order to remove a difficulty in giving effect to the provisions of this Act, not beyond three years from the commencement of this Act.

Section 59

Action take by Central Government under the Resolution of the Government of India for setting up the UIDAI or by the Department of Electronics and Information Technology under the notification including the UIDAI under the Ministry of Communications and Information Technology will be deemed to have been validly done or taken.

STATEMENT OF OBJECTS AND REASONS

Correct identification of targeted beneficiaries for delivery of subsidies, services, frants, benefits, etc has become a challenge for the Government
This has proved to be a major hindrance for successful implementation of these programmes.
In the absence of a credible system to authenticate identity of beneficiaries, it is difficult to ensure that the subsidies, benefits and services reach to intended beneficiaries.
The UIDAI was established to lay down policies and implement the Unique Identification Scheme of the Government, by which residents of India were to be provided unique identity number.
Upon successful authentication, this number would serve as proof of identity for identification of beneficiaries for transfer of benefits, subsidies, services and other purposes.
With increased use of the Aadhaar number, steps to ensure security of such information need to be taken and offences pertaining to certain unlawful actions, created.
It has been felt that the processes of enrolment, authentication, security, confidentiality and use of Aadhaar related information must be made statutory.
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 seeks to provide for issuance of Aadhaar numbers to individuals on providing his demographic and biometric information to the UIDAI, requiring Aadhaar numbers for identifying an individual for delivery of benefits, subsidies, and services, authentication of the Aadhaar number, establishment of the UIDAI, maintenance and updating the information of individuals in the CIDR, state measures pertaining to security, privacy and confidentiality of information in possession or control of the UIDAI including information stored in the Central Identities Data Repository and identify offences and penalties for contravention of relevant statutory provisions.

For more details visit https://cis-india.org/internet-governance/blog/the-new-aadhaar-bill-in-plain-english

GNI-Industry Dialogue Learning Session: Human Rights Impact Assessments and Due Diligence in the ICT sector

elonnai — 2016-04-06T15:42:41Z

Elonnai Hickok attended the meeting organized by Global Network Initiative on March 11, 2016 in Washington D.C.

The GNI welcomed its new observers from the Telecommunications Industry Dialogue by holding a learning session in conjunction with the GNI Board Meeting on March 10. This learning session aimed to increase understanding between the GNI and the ID by examining some of the common challenges that face ICT companies in the area of human rights due diligence and highlighting good practices. A second objective was to help the GNI develop a learning program and materials that will be useful for its members and draw on their expertise. Finally, this learning session informed the review of the GNI Implementation Guidelines that will take place during 2016.

The session took place according to the Chatham House Rule. Each short presentation was followed by a space for questions and answers.

Human Rights Impact Assessments in the ICT sector – Michael Samway
The Human Rights Due Diligence Process at Nokia – Laura Okkonen
Yahoo’s approach to Human Rights Impact Assessments– Nicole Karlebach and Katie Shay
Orange’s challenges and approach to doing business in Africa – Yves Nissim
Microsoft’s human rights impacts and the warrant case – Steve Crown and Bernard Shen
TeliaSonera’s approach to withdrawing from Eurasia – Patrik Hiselius
Considerations for company due diligence on the ground – Kathleen Reen and Babette Ngene, Internews

For discussion:

What are some of the common challenges facing current GNI member companies and ID member companies?
What do we consider to be good practices that are applicable to all?
What lessons can be applied to the review of the GNI Implementation Guidelines that will take place during 2016?

For more details visit https://cis-india.org/internet-governance/news/gni-industry-dialogue-learning-session-human-rights-impact-assessments-and-due-diligence-in-the-ict-sector

Are we Losing the Right to Privacy and Freedom of Speech on Indian Internet?

Amber Sinha — 2016-03-16T14:44:19Z

The article was published in DNA on March 10, 2016.

Last month, it was reported that National Security Council Secretariat (NSCS) had proposed the setting up of a National Media Analytics Centre (NMAC). This centre’s mandate would be to monitor blogs, media channels, news outlets and social media platforms. Sources were quoted as stating that the centre would rely upon a tracking software built by Ponnurangam Kumaraguru, an Assistant Professor at the Indraprastha Institute of Information Technology in Delhi. The NMAC seems to mirror other similar efforts in countries such as US, Canada, Australia and UK, to monitor online content for the reasons as varied as prevention of terrorist activities, disaster relief and criminal investigation.

The NSCS, the parent body that this centre will fall under, is a part of the National Security Council, India’s highest agency looking to integrate policy-making and intelligence analysis, and advising the Prime Minister’s Office on strategic issues as well as domestic and international threats. The NSCS represents the Joint Intelligence Committee and its duties include the assessment of intelligence from the Intelligence Bureau, Research and Analysis Wing (R&AW) and Directorates of Military, Air and Naval Intelligence, and the coordination of the functioning of intelligence agencies.

From limited reports available, it appears that the tracking software used by NMAC will generate tags to classify post and comments on social media into negative, positive and neutral categories, paying special attention to “belligerent” comments. The reports say that the software will also try to determine if the comments are factually correct or not. The idea of a government agency systematically tracking social media, blogs and news outlets and categorising content as desirable and undesirable is bound to create a chilling effect on free speech online. The most disturbing part of the report suggested that the past pattern of writers’ posts would be analysed to see how often her posts fell under the negative category, and whether she was attempting to create trouble or disturbance, and appropriate feedback would be sent to security agencies based on it. Viewed alongside the recent events where actors critical of the government and holding divergent views have expressed concerns about attempts to suppress dissenting opinions, this initiative sounds even more dangerous, putting at risk individuals categorised as “negative” or “belligerent”, for exercising their constitutionally protected right to free speech.

Getty Images

It has been argued that the Internet is a public space, and should be treated as subject to monitoring by the government as any other space. Further, this kind of analysis does not concern itself with private communication between two or more parties but only with publicly available information. Why must we raise eyebrows if the government is accessing and analysing it for the purposes of legitimate state interests? There are two problems with this argument. First, any surveillance of communication must always be limited in scope, specific to individuals, necessary and proportionate, and subject to oversight. There are no laws passed by the Parliament in India which allow for mass surveillance measures. Such activities are being conducted through bodies like NSC which came into existence through an Executive Order and have no clear oversight mechanisms built into its functioning. A quick look at the history of intelligence and surveillance agencies in India will show that none of them have been created through a legislation. A host of surveillance agencies have come up in the last few years including the Central Monitoring System, which was set up to monitor telecommunications, and the absence of legislative pedigree translates into lack of appropriate controls and safeguards, and zero public accountability.

The second and the larger issue is that the scale and level of granularity of personal information available now is unprecedented. Earlier, our communications with friends and acquaintances, our movements, our association, political or otherwise, were not observable in the manner it is today. It would be remiss to underestimate the importance of personal information merely because it exists in the public domain. The ability to act without being subject to monitoring and surveillance is key to the right to free speech and expression. While we accept the importance of free speech and the value of an open internet and newer technologies to enable it, we do not give sufficient importance to how these technologies are affecting the right to privacy.

Getty Images

In the last few years, the social media scene in India has been characterised by extreme polemic with epithets such as ‘bhakt’, ‘sanghi’, ‘sickular’ and ‘presstitutes’ thrown around liberally, turning political discussions into a mess of ugliness. It remains to be seen whether the NMAC intends to deal with the professional trolls who rely on a barrage of abuse to disrupt public conversations online. However, the appropriate response would not be greater surveillance, let alone a body like NMAC, with a sweeping mandate and little accountability.

Link to the original here.

For more details visit https://cis-india.org/internet-governance/blog/dna-amber-sinha-march-10-2016-are-we-losing-right-to-privacy-and-freedom-of-speech-on-indian-internet

Aadhaar Bill fails to incorporate suggestions by the Standing Committee

amber — 2016-03-10T15:58:57Z

In 2011, a standing committee report led by Yashwant Sinha had been scathing in its indictments of the Aadhaar BIll introduced by the UPA government. Five years later, the NDA government has introduced a new bill which is a rehash of the same. I look at the concerns raised by the committee report, none of which have been addressed by the new bill.

The article was published by The Wire on March 10, 2016

In December, 2010, the UPA Government introduced the National Identification Authority of India Bill, 2010 in the Parliament. It was subsequently referred to a Standing Committee on Finance by the Speaker of Lok Sabha under Rule 331E of the the Rules of Procedure and Conduct of Business in Lok Sabha. This Committee, headed by BJP leader Yashwant Sinha took evidence from the Minister of Planning and the UIDAI from the government, as well as seeking the view of parties such as the National Human Rights Commission, Indian Banks Association and researchers like Dr Reetika Khera and Dr. Usha Ramanathan. In 2011, having heard from various parties and considering the concerns and apprehensions about the UID scheme, the Committee deemed the bill unacceptable and suggested a re-consideration of the the UID scheme as well as the draft legislation.

The Aadhaar programme has so far been implemented under the Unique Identification Authority of India, a Central Government agency created through an executive order. This programme has been shrouded in controversy over issues of privacy and security resulting in a Public Interest Litigation filed by Judge Puttaswamy in the Supreme Court. While the BJP had criticised the project as well as the draft legislation when it was in opposition, once it came to power and particularly, after it launched various welfare schemes like Digital India and Jan Dhan Yojna, it decided to continue with it and use Aadhaar as the identification technology for these projects. In the last year, there have been orders passed by the Supreme Court which prohibited making Aadhaar mandatory for availing services. One of the questions that the government has had to answer both inside and outside the court on the UID project is the lack of a legislative mandate for a project of this size. About five years later, the new BJP led government has come back with a rehash of the same old draft, and no comments made by the standing committee have been taken into account.

The Standing Committee on the old bill had taken great exception to the continued collection of data and issuance of Aadhaar numbers, while the Bill was pending in the Parliament. The report said that the implementation of the provisions of the Bill and continuing to incur expenditure from the exchequer was a circumvention of the prerogative powers of the Parliament. However, the project has continued without abeyance since its inception in 2009. I am listing below some of the issues that the Committee identified with the UID project and draft legislation, none of which have been addressed in current Bill.

One of the primary arguments made by proponents of Aadhaar has been that it would be useful in providing services to marginalized sections of the society who currently do not have identification cards and consequently, are not able to receive state sponsored services, benefits and subsidies. The report points that the project would not be able to achieve this as no statistical data on the marginalized sections of the society are being used to by UIDAI to provide coverage to them. The introducer systems which was supposed to provide Aadhaar numbers to those without any form of identification, has been used to enroll only 0.03% of the total number of people registered. Further, the Biometrics Standards Committee of UIDAI has itself acknowledged the issues caused due to a high number of manual laborers in India which would lead to sub-optimal fingerprint scans. A report by 4G Identity Solutions estimates that while in any population, approximately 5% of the people have unreadable fingerprints, in India it could lead to a failure to enroll up to 15% of the population. In this manner, the project could actually end up excluding more people.

The Report also pointed to a lack of cost-benefit analysis done before going ahead with scheme of this scale. It makes a reference to the report by the London School of Economics on the UK Identity Project which was shelved due to a) huge costs involved in the project, b) the complexity of the exercise and unavailability of reliable, safe and tested technology, c) risks to security and safety of registrants, d) security measures at a scale that will result in substantially higher implementation and operational costs and e) extreme dangers to rights of registrants and public interest. The Committee Report insisted that such global experiences remained relevant to the UID project and need to be considered. However, the new Bill has not been drafted with a view to address any of these issues.

The Committee comes down heavily on the irregularities in data collection by the UIDAI. They raise doubts about the ability of the Registrars to effectively verify the registrants and a lack of any security audit mechanisms that could identify issues in enrollment. Pointing to the news reports about irregularities in the process being followed by the Registrars appointed by the UIDAI, the Committee deems the MoUs signed between the UIDAI and the Registrars as toothless. The involvement of private parties has been under question already with many questions being raised over the lack of appropriate safeguards in the contracts with the private contractors.

Perhaps the most significant observation of the Committee was that any scheme that facilitates creation of such a massive database of personal information of the people of the country and its linkage with other databases should be preceded by a comprehensive data protection law. By stating this, the Committee has acknowledged that in the absence of a privacy law which governs the collection, use and storage of the personal data, the UID project will lead to abuse, surveillance and profiling of individuals. It makes a reference to the Privacy Bill which is still at only the draft stage. The current data protection framework in the Section 43A rules under the Information Technology Act, 2000 are woefully inadequate and far too limited in their scope. While there are some protection built into Chapter VI of the new bill, these are nowhere as comprehensive as the ones articulated in the Privacy Bill. Additionally, these protections are subject to broad exceptions which could significantly dilute their impact.

For more details visit https://cis-india.org/internet-governance/blog/aadhaar-bill-fails-to-incorporate-suggestions-by-the-standing-committee

A comparison of the 2016 Aadhaar Bill, and the 2010 NIDAI Bill

Vanya Rakesh — 2016-03-09T04:08:01Z

This blog post does a clause-by-clause comparison of the provisions of National Identification Authority of India Bill, 2010 and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016

Title

2010 Bill: The Bill was titled as the National Identification Authority of India Bill, 2010.

2016 Bill : The Bill has been titled as the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

Purpose/Object Clause

2010 Bill: The purpose of Bill was stated to provide for the establishment of the National Identification Authority of India to issue identification numbers to residents of India as well as certain other classes of individuals , to facilitate access to benefits and services, to which they are entitled.

2016 Bill : The purpose of this Bill has been stated to ensure targeted delivery of subsidies, benefits and services to residents of India in an efficient and transparent manner by assigning unique identity numbers to such individuals.

Definitions

2010 Bill: “Authentication” was defined as the process in which the Aadhaar number, along with other attributes (including biometrics) are submitted to the Central Identities Data Repository for verification, done on the basis of information, data or documents available with the Repository.
2016 Bill : “Authentication” has been defined as the process by which the Aadhaar number, along with demographic or biometric information of an individual is submitted to the Central Identities Data Repository for the purpose of verification, done on the basis of the correctness of (or lack of) information available with it.

2010 Bill: “Authentication Record” was not defined in the previous Bill.
2016 Bill : “Authentication Record” has been defined under clause 2(d) as the record of the time of authentication, the identity of the entity requesting such record and the response provided by the Authority for this purpose.

2010 Bill: “Authority” was defined under clause 2(d) as National Identification Authority of India established under provisions of the Bill.

2016 Bill :“Authority” has been defined under clause 2(e) as Unique Identification Authority of India established under provisions of the Bill.

2010 Bill: “Benefit” was not defined in the previous Bill.
2016 Bill : “Benefit” has been defined under clause 2(f) as any advantage, gift, reward, relief, or payment (either in cash or kind), or such other benefits, which is provided to an

individual/ a group of individuals as notified by the Central Government.

2010 Bill: “Biometric Information” was defined under clause 2(e) as a set of biological attributes of an individual as may be specified by regulations.
2016 Bill : “Biometric Information” has been defined under clause 2(g) as biological attributes of an individual like photograph, fingerprint, Iris scan, or other such biological

attributes as may be specified by regulations.

2010 Bill: “Core Biometric Information” was not defined in the previous Bill.
2016 Bill : “Core Biometric Information” has been defined under clause 2(j) as biological attribute of an individual like fingerprint, Iris scan, or such other biological attribute as

may be specified by regulations.

2010 Bill: “Demographic Information” was defined under clause 2(h) as information specified in the regulations for the purpose of issuing an Aadhaar number, like information relating to the name, age, gender and address of an individual (other than race, religion, caste, tribe, ethnicity, language, income or health), and such other information.
2016 Bill : “Demographic Information” has been defined under clause 2(k) as information of an individual as may be specified by regulations for the purpose of issuing an Aadhaar number like information relating to the name, date of birth, address and other relevant information, excluding race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history of an individual.

2010 Bill: “Enrolling Agency” was defined under clause 2(i) as an agency appointed by the Authority or the Registrars for collecting information under the Act.
2016 Bill : “Enrolling Agency” has been defined under clause 2(l) as an agency appointed by the Authority or a Registrar for collecting demographic and biometric information of individuals under this Act.

2010 Bill: “Member” was defined under clause 2(l) to include the Chairperson and a part-time Member of the Authority appointed under the provisions of the Bill.
2016 Bill : “Member” has been defined under clause 2(o) to include the Chairperson and Member of the Authority appointed under the provisions of the Bill.

2010 Bill: “Records of Entitlement” was not defined under the previous Bill.
2016 Bill : “Records of Entitlement” has been defined under clause 2(r) as the records of benefits, subsidies or services provided to, or availed by, any individual under any programme.

2010 Bill: “Requesting Entity” was not defined under the previous Bill.
2016 Bill : “Requesting Entity” has been defined under clause 2(u) as an agency or person that submits information of an individual comprising of the Aadhaar number and

demographic or biometric information to the Central Identities Data Repository for the purpose of authentication.

2010 Bill: “Resident” was defined under clause 2(q) as an individual usually residing in a village, rural area, town, ward, demarcated area (demarcated by the Registrar General of Citizen Registration) within a ward in a town or urban area in India.
2016 Bill : “Resident” has been defined under clause 2(v) as an individual who has resided in India for a period or periods amounting in all to one hundred and eighty-two days or more in the twelve months immediately preceding the date of application for enrolment.

2010 Bill: “Review Committee” was defined under clause 2(r) as the Identification Review Committee constituted under the provisions of the Bill.
2016 Bill : “Review Committee” has not been defined under the Bill.

2010 Bill: “Service” was not defined in the previous Bill.
2016 Bill : “Service” has been defined under clause 2 (w) as any provision, facility, utility or any other assistance provided in any form to an individual or a group of individuals as may be notified by the Central Government.

2010 Bill: “Subsidy” was not defined in the previous Bill.
2016 Bill : “Subsidy” has been defined under clause 2(x) as any form of aid, support, grant, subvention, or appropriation (either in cash or kind), as may be notified by the Central Government, given to an individual or a group of individuals.

Enrolment

Aadhaar Numbers

2016 Bill : Under clause 3(2) of the Bill, it is stated that at the time of enrolment, The enrolling agency shall inform the individual undergoing enrolment the following details:

(a) the manner in which the information so collected shall be used,

(b) the nature of recipients with whom the information is intended to be shared during authentication,and

(c) the existence of a right to access information, the procedure for making such requests for access, and details of the person/department in-charge to whom such requests can be

made.

Properties of Aadhaar Number

2010 Bill : Clause 4 (3) stated that subject to authentication, the Aadhaar number shall be accepted as a proof of identity of the Aadhaar number holder.

2016 Bill : Clause 4 (3) states that subject to authentication, the Aadhaar number (either in physical or electronic form) shall be accepted as a proof of identity of the Aadhaar

number holder.

The Explanation under this clause states that for the purpose of this provision, “electronic form” shall have the same meaning as assigned to it in section 2 (1) (r) of the Information Technology Act, 2000.

Authentication

Proof of Aadhaar number necessary for receipt of certain subsidies, benefits and services, etc.

2016 Bill : Under clause 7 of the Bill it is provided that for the purpose of establishing an individual's identity as a condition to receipt a a subsidy, benefit or service. the Central or State Government (as the case may be), require that such individual undergo authentication, or furnish proof of possession of Aadhaar number. In case the Aadhaar number has not been assigned to an individual, such individual must make an application for enrolment.

The Proviso states that the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service, in an Aadhaar number is not assigned to an individual.

Authentication of Aadhaar number

2010 Bill: Clause 5 of the Bill stated that authentication of the Aadhaar number shall be performed by the Authority, in relation to the holders’ biometric and demographic information, subject to such conditions and on payment of the prescribed fees. Also, it was provided that the Authority shall respond to an authentication query with a positive, negative or other appropriate response (excluding any demographic and biometric information).

2016 Bill : The Bill states that authentication of the Aadhaar number shall be performed by the Authority, in relation to the holders’ biometric and demographic information, subject to such conditions and on payment of the prescribed fees.

Clause 8 (2) provides that unless otherwise provided in the Act, the requesting entity shall—

For the purpose of authentication, obtain the consent of an individual before collecting his identity information, and
ensure that the identity information of an individual is only used for submission to the Central Identities Data Repository for authentication.

Clause 8 (3) provides that the following details shall be informed by the requesting entity to the individual submitting his identity information for the purpose of authentication:

a. the nature of information that may be shared upon authentication;

b. the uses to which the information received during authentication may be put by the requesting entity; and

c. alternatives to submission of identity information to the requesting entity.

Clause 8(4) states that the Authority shall respond to an authentication query with a positive, negative or other appropriate response (excluding any core biometric information).

Prohibition on requiring certain information.

2010 Bill: Clause 9 of the Bill prohibited the Authority to make an individual give information pertaining to his race, religion, caste, tribe, ethnicity, language, income or health.

2016 Bill : This provision has been removed from the 2016 Bill.

Unique Identification Authority Of India

Establishment of Authority

2010 Bill: Clause 11(1) of the Bill stated that the Central Government shall establish an Authority called as the National Identification Authority of India, to exercise the powers conferred on it and to perform the functions assigned to it under this Act. Also, clause 11(3) provided that the head office of the Authority shall be in the National Capital Region, referred to in section 2(f) of the National Capital Region Planning Board Act, 1985.

2016 Bill : Clause 11(1) of the Bill states that the Central Government shall establish an Authority called as the Unique Identification Authority of India, responsible for the processes of enrolment, authentication and perform such other functions assigned to it under this Act. Also, clause 11(3) provides that the head office of the Authority shall be in New Delhi.

Composition of Authority

2010 Bill: Clause 12 provided that the Authority shall consist of a Chairperson and two part-time Members, to be appointed by the Central Government.

2016 Bill : Clause 12 of the Bill provides that the Authority shall consist of a Chairperson (appointed on part-time or full- time basis) , two part-time Members, and the chief executive officer (who shall be Member-Secretary of the Authority), to be appointed by the Central Government.

Qualifications for appointment of Chairperson and Members of Authority

2010 Bill: Clause 13 provided that the Chairperson and Members of the Authority shall be persons of ability, integrity and outstanding calibre having experience and knowledge in the matters relating to technology, governance, law, development, economics, finance, management, public affairs or administration.

2016 Bill : Clause 13 provides that the Chairperson and Members of the Authority shall be persons of ability and integrity having experience and knowledge of at least ten years in matters relating to technology, governance, law, development, economics, finance, management, public affairs or administration.

Term of office and other conditions of service of Chairperson.

2010 Bill: Proviso to Clause 14 (1) stated that the Chairperson of the Unique Identification Authority of India, who would have been appointed before the commencement of this Act by notification A-43011/02/2009-Admn.I (Vol.II) dated the 2nd July, 2009, shall continue as a Chairperson of the Authority for the term for which he had been appointed. Clause 14(4) prohibited the Chairperson from holding any other office during the period of holding his office in the Authority. Proviso to clause 14 (5) stated the salary, allowances and the other terms and conditions of service of the Chairperson shall not be varied to his disadvantage after his appointment.

2016 Bill : These provisions have not been included in the Bill.

Removal of Chairperson and Members

2010 Bill: Clause 15 (2) stated that unless a reasonable opportunity of being heard has been duly provided, the Chairperson or a Member shall not be removed under clauses (d) or (e) of sub-section (1).

2016 Bill : Clause 15 (2) stated that unless a reasonable opportunity of being heard has been duly provided, the Chairperson or a Member shall not be removed under clauses (b), (d) or (e) of sub-section (1).

Restrictions on Chairperson or Members on employment after cessation of office

2010 Bill: Clause 16 (a) provided that the Chairperson or a member, who ceases to hold office, shall not accept any employment in, or connected with the management or administration of, any person which has been associated with any work under the Act, for a period of three years from the date on which they cease to hold office, without previous approval of the Central Government.

The proviso to this clause stated that this provision shall not apply to any employment under the Central Government, State Government, local authority, any statutory authority or any corporation established by or under any Central, State or provincial Act or a Government Company, as defined in section 617 of the Companies Act, 195.

2016 Bill: Clause 16 (a) provides that the Chairperson or a member, who ceases to hold office, shall not accept any employment in, or connected with the management of any organisation, company or any other entity which has been associated with any work done or contracted out by the Authority (whether directly or indirectly), during his tenure as Chairperson or Member, as the case may be, for a period of three years from the date on which he ceases to hold office, without previous approval of the Central Government.

Functions of Chairperson

2010 Bill: Clause 17 of the Bill provided that the Chairperson shall have powers of general superintendence, direction in the conduct of the affairs of the Authority, preside over the meetings of the Authority, and exercise and discharge such other powers and functions of the Authority as prescribed, without prejudice to any of the provisions of the Act.

2016 Bill : Clause 17 of the Bill states that the Chairperson shall preside over the meetings of the Authority, and exercise and discharge such other powers and functions of the Authority as prescribed, without prejudice to any of the provisions of the Act.

Chief Executive Officer

2010 Bill: Clause 20 (1) of the Bill stated that a chief executive officer, not below the rank of the Additional Secretary to the Government of India, who shall be the Member-Secretary of the Authority,shall be appointed by the Central Government.

2016 Bill : Clause 18 (1) stated that a chief executive officer, not below the rank of the Additional Secretary to the Government of India, shall be appointed by the Central Government. In the list of its responsibilities, clause 18 (2) (e) additionally provides for performing such other functions, or exercising such other powers, as may be specified by regulations.

Meetings

2010 Bill: Clause 18 (4) provided that all decisions of the Authority shall be authenticated by the signature of the Chairperson or any other Member who is authorised by the Authority for this purpose.

2016 Bill : Clause 19 (4) provided that all decisions of the Authority shall be signed by the Chairperson, any other Member or the Member-Secretary authorised by the Authority.

Vacancies, etc., not to invalidate proceedings of Authority

2010 Bill: Clause 19 (b) of the Bill stated that No act or proceeding of the Authority shall be invalid merely by reason of any defect in the appointment of a person as a Member of the Authority

2016 Bill : Clause 20 (b) of the Bill stated that No act or proceeding of the Authority shall be invalid merely by reason of any defect in the appointment of a person as Chairperson or Member of the Authority

Powers and functions of Authority

Clause 23 (2) (k)

2010 Bill: Clause 23 (2) (k) provided that the powers and functions of the Authority may include sharing the information of Aadhaar number holders, with their written consent, with such agencies engaged in delivery of public benefits and public services as the Authority may by order direct, in a manner as specified by regulations.

2016 Bill : Clause 23 (2) (k) provides that the powers and functions of the Authority may include sharing the information of Aadhaar number holders, subject to the provisions of this Act.

Clause 23 (2) (r)

2010 Bill : Clause 23 (2) (r) stated that the powers and functions of the Authority may include specifying, by regulation, the policies and practices for Registrars, enrolling agencies and other service providers.

2016 Bill : Clause 23 (2) (r) states that the powers and functions of the Authority may include evolving of, and specifying, by regulation, the policies and practices for Registrars, enrolling agencies and other service providers.

Grants, Accounts and Audit and Annual Report

2010 Bill: Clause 25 provided that the fees or revenue collected by the Authority shall be credited to the Consolidated Fund of India and the entire amount so credited be transferred to the Authority.

2016 Bill : Clause 25 states that the fees or revenue collected by the Authority shall be credited to the Consolidated Fund of India.

Identity Review Committee

2010 Bill: Clause 28 of the Bill provided for establishment of the Identity Review Committee, consisting of three members (including the chairperson) who are persons of eminence, ability, integrity and having knowledge and experience in the fields of technology, law, administration and governance, social service, journalism, management or social sciences. Clause 29 of the Bill enlisted several functions to be undertaken by the Review Committee so constituted.

2016 Bill: These provisions have been removed from the Bill.

Protection of Information

Security and confidentiality of information

2010 Bill: Clause 30 (2) of the Bill stated that the Authority shall take measures (including security safeguards) to ensure security and protection of information in possession/control of the Authority (including information stored in the Central Identities Data Repository), against any loss, unauthorised access, use or unauthorised disclosure of the same.

2016 Bill : Clause 28 (3) states that the Authority shall take measures to ensure security and protection of information in possession/control of the Authority (including information stored in the Central Identities Data Repository), against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.

A new provision-clause 28(4)- states that the Authority shall undertake the following additional measures for protection of information:

(a) adopt and implement appropriate technical and organisational security measures,

(b) ensure that the agencies, consultants, advisors or other persons appointed or engaged for performing any function of the Authority under this Act, have in place appropriate technical and organisational security measures for the information, and

(c) ensure that the agreements or arrangements entered into with such agencies, consultants, advisors or other persons, impose obligations equivalent to those imposed on the Authority under this Act, and require such agencies, consultants, advisors and other persons to act only on instructions from the Authority.

Restriction on sharing information

2010 Bill: The Bill did not provide for restrictions on sharing of information.

2016 Bill: This new provision under Clause 29 states that no core biometric information, collected or created under this Act, shall be—

(a) shared with anyone for any reason whatsoever; or

(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

Also, the identity information, other than core biometric information, collected or created

under this Act may be shared only in accordance with the provisions of this Act as specified under Regulations.

Clause 29 (3) prohibits usage of identity information available with a requesting entity for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication, or disclosed further, except with the prior consent of the individual to whom such information relates.

Clause 29 (4) prohibits publication, displaying or publicly posting of the Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder, except for the purposes as may prescribed in Law.

Biometric information deemed to be sensitive personal information.

2010 Bill: The Bill did not contain provisions stating that the biometric information shall be deemed to be sensitive personal information for the purpose of this Act.

2016 Bill: Clause 30 states that the biometric information collected and stored in electronic form shall be deemed to be “electronic record” and “sensitive personal data or information”, and the provisions contained in the Information Technology Act, 2000 and the rules made thereunder shall apply to such information,to the extent not in derogation of the provisions of this Act.

The Explanation defines

(a) “electronic form” - as defined under section 2 (1) (r) of the Information Technology Act, 2000,

(b) “electronic record” as defined under section 2 (1) (t) of the Information Technology Act, 2000

(c)“sensitive personal data or information” - as defined under clause (iii) of the

Explanation to section 43A of the Information Technology Act, 2000.

Security and confidentiality of information

A new provision-clause 28(4)- states that the Authority shall undertake the following additional measures for protection of information:

(a) adopt and implement appropriate technical and organisational security measures,

Alteration of demographic information or biometric information.

2016 Bill : Clause 31 (4) prohibits alteration of identity information in the Central Identities Data Repository, except in the manner provided in this Act or regulations made thereof.

Access to own information and records of requests for authentication.

2016 Bill : Clause 32 (3) provides that the Authority shall not collect, keep or maintain any information about the purpose of authentication, either by itself or through any entity under its control.

Disclosure of information in certain cases

2010 Bill: The provision creates an exception under Clause 33 for the purposes of disclosure of information in certain cases like disclosure (including identity information or details of authentication) made pursuant to an order of a competent court; or disclosure (including identity information) made in the interests of national security in pursuance of directions issued by an officer(s) not below the rank of Joint Secretary or equivalent in the Central Government specifically authorised in this behalf by an order of the Central Government.

2016 Bill : The provision creates an exception under Clause 33 for the purposes of disclosure of information in certain cases like disclosure (including identity information or details of authentication) made pursuant to an order not inferior to that of a District Judge (provided that the court order shall be made only after giving an opportunity of hearing to the Authority); or disclosure (including identity information or authentication records) made in the interests of national security in pursuance of directions issued by an officer not below the rank of Joint Secretary to the Government of India, authorised in this behalf by an order of the Central Government.

The proviso to Clause 33 (2) states that every direction so issued shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect.

The second proviso states that any such direction so issued shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.

Offences and Penalties

Penalty for impersonation at time of enrolment.

2010 Bill: The penalty for impersonation was prescribed under Clause 34 as imprisonment for a term which may extend to three years and fine which may extend to ten thousand rupees.

2016 Bill : The penalty for impersonation was prescribed under Clause 34 as imprisonment for a term which may extend to three years, or with fine which may extend to ten thousand rupees, or both.

Penalty for unauthorised access to the Central Identities Data Repository

2010 Bill: Clause 38 (g) stated that any person not authorised by the Authority, provides any assistance to any person to do any of the acts mentioned under sub-clauses (a)-(f) shall be punishable. If anyone, who is not authorised by the Authority, performs any activity as listed under (a)-(i), shall be punishable with imprisonment for a term which may extend to three years and shall be liable to a fine which shall not be less than one crore rupees.

2016 Bill : Clause 38 (g) stated that any person not authorised by the Authority, reveals any information in contravention of sub-section section 28 (5), or shares, uses or displays information in contravention of section 29 or assists any person in any of the acts mentioned under sub-clauses (a)-(f) shall be punishable. If anyone, who is not authorised by the Authority, performs any activity as listed under (a)-(i), shall be punishable with imprisonment for a term which may extend to three years and shall be liable to a fine which shall not be less than ten lakh rupees. Additionally, the Explanation states that the expression “computer source code” shall have the meaning assigned to it in the Explanation to section 65 of the Information Technology Act, 2000.

Penalty for unauthorised use by requesting entity and noncompliance with intimation requirements

2010 Bill: Clause 40 of the Bill prescribed penalty for manipulating biometric information and stated that a person who gives/attempts to give any biometric information which does not pertain to him for the purpose of getting an Aadhaar number, authentication or updating his information, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to ten thousand rupees or with both.

2016 Bill: Clause 40 prescribes penalty for a person, being a requesting entity, uses the identity information of an individual in contravention of clause 8(3) , to be punishable with imprisonment which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both. Clause 41 of the Bill states that Whoever, being an enrolling agency or a requesting entity, fails to comply with the requirements of clause 3(2)-list of details to be informed to the individual undergoing enrolment, and clause 8(3)-informing individual undergoing enrolment details for the purpose of authentication, shall be punishable with imprisonment which may extend to one year, or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.

General Penalty

2010 Bill: For an offence committed under the Act or rules made thereunder, for which no specific penalty was provided, the penalty was prescribed as imprisonment for a term which may extend to three years, or fine as prescribed.

2016 Bill : For an offence committed under the Act or rules made thereunder, for which no specific penalty was provided, the penalty was prescribed as imprisonment for a term which may extend to one year, or fine as prescribed.

Miscellaneous

Power of Central Government to supersede Authority.

2010 Bill: Clause 47(1)(c) stated that if at any time the Central Government is of the opinion that such circumstances exist which render it necessary in the public interest to supersede the Authority, may do so in the manner prescribed under this provision.

2016 Bill : Clause 48(1)(c) states that if at any time the Central Government is of the opinion that a public emergency exists, then the Central Government may supersede the Authority, in the manner prescribed under this provision.

Power to remove difficulties.

2010 Bill: The proviso to Clause 56(1) stated that an no order by Central Government, which may appear necessary to remove a difficulty in giving effect to the provisions of this Act, shall be made under this section after the expiry of two years from the commencement of this Act.

2016 Bill : The proviso to Clause 58(1) stated that an no order by Central Government, which may appear necessary to remove a difficulty in giving effect to the provisions of this Act, shall be made under this section after the expiry of three years from the commencement of this Act.

Savings

2010 Bill: Clause 57 provided that any action taken by the Central Government under the Resolution of the Government of India, Planning Commission bearing notification number A-43011/02/ 2009-Admin.I, dated the 28th January, 2009, shall be deemed to have been done or taken under the corresponding provisions of this Act.

2016 Bill : Clause 59 states that any action take by Central Government under the Resolution of the Government of India, Planning Commission bearing notification number A-43011/02/2009-Admin. I, dated the 28th January, 2009, or by the Department of Electronics and Information Technology under the Cabinet Secretariat Notification bearing notification number S.O. 2492(E), dated the 12th September, 2015, as the case may be, shall be deemed to have been validly done or taken under this Act.

Statement of Objects and Reasons

2010 Bill: The Bill stated that the Central Government decided to issues unique identification numbers to all residents in India, which involves collection of demographic, as well as biometric information. The Unique Identification Authority of India was constituted as an executive body by the Government, vide its notification dated the 28th January, 2009. The Bill addressed and enlisted several issues with the issuance of unique identification numbers which should be addressed by law and attract penalties, such as security and confidentiality of information, imposition of obligation of disclosure of information so collected in certain cases, impersonation at the time of enrolment, unauthorised access to the Central Identities Data Repository, manipulation of biometric information, investigation of certain acts constituting offence, and unauthorised disclosure of the information collected for the purposes of issuance of the numbers. To make the said Authority a statutory one, the National Identification Authority of India Bill, 2010 was proposed to establish the National Identification Authority of India to issue identification numbers and authenticate the Aadhaar number to facilitate access to benefits and services to such individuals to which they are entitled and for matters connected therewith or incidental thereto.Apart from the above mentioned purposes, The National Identification Authority of India Bill, 2010 also seeks to provide for the Authority to exercise powers and discharge functions so prescribed , ensure that the Authority does not require any individual to give information pertaining to his race, religion, caste, tribe, ethnicity, language, income or health, may engage entities to establish and maintain the Central Identities Data Repository and to perform any other functions as may be specified by regulations, constitute the Identity Review Committee and take measures to ensure that the information in the possession or control of the Authority is secured and protected against any loss, unauthorised access or use or unauthorised disclosure thereof.

2016 Bill: The Bill states that correct identification of targeted beneficiaries for delivery of subsidies, services, frants, benefits, etc has become a challenge for the Government and has proved to be a major hindrance for successful implementation of these programmes. In the absence of a credible system to authenticate identity of beneficiaries, it is difficult to ensure that the subsidies, benefits and services reach to intended beneficiaries. The Unique Identification Authority of India was established by a resolution of the Government of India, Planning Commission vide notification number A-43011/02/ 2009-Admin.I, dated the 28th January, 2009, to lay down policies and implement the Unique Identification Scheme of the Government, by which residents of India were to be provided unique identity number. Upon successful authentication, this number would serve as proof of identity for identification of beneficiaries for transfer of benefits, subsidies, services and other purposes. With increased use of the Aadhaar number, steps to ensure security of such information need to be taken and offences pertaining to certain unlawful actions, created. It has been felt that the processes of enrolment, authentication, security, confidentiality and use of Aadhaar related information must be made statutory. For this purpose, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 seeks to provide for issuance of Aadhaar numbers to individuals on providing his demographic and biometric information to the Unique Identification Authority of India, requiring Aadhaar numbers for identifying an individual for delivery of benefits, subsidies, and services, authentication of the Aadhaar number, establishment of the Unique Identification Authority of India, maintenance and updating the information of individuals in the Central Identities Data Repository, state measures pertaining to security, privacy and confidentiality of information in possession or control of the Authority including information stored in the Central Identities Data Repository and identify offences and penalties for contravention of relevant statutory provisions.

For more details visit https://cis-india.org/internet-governance/blog/a-comparison-of-the-2016-aadhaar-bill-and-the-2010-nidai-bill

Aadhaar: Still Too Many Problems

pranesh — 2016-04-06T15:31:32Z

While one wishes to welcome govt’s attempt to bring Aadhaar within a legislative framework, the fact is there are too many problems that still remain unaddressed for one to be optimistic.

The article was published by Livemint on March 7, 2016.

The Aadhaar Bill has been introduced as a money bill, even though it doesn’t qualify as such under Article 110 of the Constitution. If the Speaker agrees to this, it will render the Rajya Sabha toothless in this matter, and will weaken our democracy. The government should reintroduce it as an ordinary legislative bill, which is what it is.

While the government has in the past argued before the Supreme Court that Aadhaar is voluntary, Section 7 of the bill allows the government to mandate an Aadhaar number (or application for an Aadhaar number) as a prerequisite for obtaining some subsidies, benefits, services, etc. This undermines its arguments before the Supreme Court, which led the court to pass orders holding that Aadhaar should not be made mandatory. This move to make it mandatory will now need the government to argue that rather than contravene the apex court order, it has instead removed the rationale for it.

Interestingly, the Bharatiya Janata Party (BJP)-led National Democratic Alliance (NDA) government seems to have done a U-turn on the issue of the unique identification number not being proof of citizenship or domicile. The previous Congress-led United Progressive Alliance (UPA) government never meant the Aadhaar number to be proof of citizenship or domicile. This was attacked by the Yashwant Sinha-chaired standing committee on finance, which feared that illegal immigrants would get Aadhaar numbers. Now, the BJP and the NDA seem to be in agreement with the original UPA vision of Aadhaar.

Importantly, there is very strong language when it comes to the issue of privacy and confidentiality of the information that is held by the Unique Identification Authority of India (UIDAI). Section 29 (1), for instance, says that no biometric information will be shared for any reason whatsoever, or used for any purpose other than Aadhaar number generation and authentication. However, that provision is undermined wholly by Section 33, which says that “in the interest of national security”, the biometric info may be accessed if authorized by a joint secretary. This will only fan the fears of those who have argued that the real rationale for Aadhaar was not, in fact, delivery of services, but to create a national database of biometric data available to government snoops.

Also Read

Pros and cons of Aadhaar bill

Further, there are no remedies available for governmental abuse of this provision.

Lastly, in terms of privacy, the concern of those people who have been opposing Aadhaar is not just that the biometric and other identity information may be leaked to private parties, but also that having a unique Aadhaar number helps private parties to combine and use other databases that are linked with Aadhaar numbers in a manner that is not within the subject’s control. This is not at all addressed in this bill, and we need a robust data protection law in order to do that.

There are some other crucial details that the law doesn’t address: Is user consent, to be taken by third parties that use the UID database for authentication, needed for each instance of authentication, or would a general consent hold forever? How can consent be revoked?

There were many other objections that were raised against the Aadhaar scheme that have not been addressed by the government. For instance, in a recent article in the Economic and Political Weekly, Hans Varghese Mathews points out that going by the test data UIDAI made available in 2012, for a population of 1.3 billion people, the incidence of false positives—the probability of the identities of two people matching—is 1/112.

This is far too high a ratio to be acceptable.

Actual data from the field in Andhra Pradesh—of people who were unable to claim rations under the public distribution system (PDS)—paints a worse picture. A survey commissioned by the Andhra Pradesh government said 48% of respondents pointed to Aadhaar-related failures as the cause of their inability to claim rations.

So, even if the Aadhaar numbers were no longer issued to Lord Hanuman (Rajasthan), to dogs (e.g., Tommy Singh, a mutt in Madhya Pradesh), and with photos of a tree (New Delhi), it might not prove to be usable in a country of India’s size, given the capabilities of the fingerprint machines. As my colleague Sunil Abraham notes, the law cannot fix technological flaws.

So, while one wishes one could welcome the government’s attempt to bring Aadhaar within a legislative framework, the fact is there are too many problems that still remain unaddressed for one to be optimistic.

Pranesh Prakash is policy director at the Centre for Internet and Society, a think tank.

For more details visit https://cis-india.org/internet-governance/blog/livemint-march-7-2016-pranesh-prakash-aadhaar-still-too-many-problems

Flaws in the UIDAI Process

hans — 2016-03-06T10:40:59Z

The accuracy of biometric identification depends on the chance of a false positive: the probability that the identifiers of two persons will match. Individuals whose identifiers match might be termed duplicands. When very many people are to be identified success can be measured by the (low) proportion of duplicands. The Government of India is engaged upon biometrically identifying the entire population of India. An experiment performed at an early stage of the programme has allowed us to estimate the chance of a false positive: and from that to estimate the proportion of duplicands. For the current population of 1.2 billion the expected proportion of duplicands is 1/121, a ratio which is far too high.

The article was published in Economic & Political Weekly, Journal » Vol. 51, Issue No. 9, 27 Feb, 2016.

A legal challenge is being mounted in the Supreme Court, currently, to the programme of biometric identification that the Unique Identification Authority of India (UIDAI) is engaged upon: an identification preliminary and a requisite to providing citizens with “Aadhaar numbers” that can serve them as “unique identiﬁers” in their transactions with the state. What follows will recount an assessment of their chances of success. We shall be using data that was available to the UIDAI and shall employ only elementary ways of calculation. It should be recorded immediately that an earlier technical paper by the author (Mathews 2013) has been of some use to the plaintiffs, and reference will be made to that in due course.

The Aadhaar numbers themselves may or may not derive, in some way, from the biometrics in question; the question is not material here. For our purposes a biometric is a numerical representation of some organic feature: like the iris or the retina, for instance, or the inside of a ﬁnger, or the hand taken whole even. We shall consider them in some more detail later. The UIDAI is using ﬁngerprints and iris images to generate a combination of biometrics for each individual. This paper bears on the accuracy of the composite biometric identiﬁer. How well those composites will distinguish between individuals can be assessed, actually, using the results of an experiment conducted by the UIDAI itself in the very early stages of its operation; and our contention is that, from those results themselves, the UIDAI should have been able to estimate how many individuals would have their biometric identiﬁers matching those of some other person, under the best of circumstances even, when any good part of population has been identiﬁed.

Read the full article here.

The author thanks Nico Temme of the Centrum Wiskunde & Informatica in The Netherlands for the bounds he derived on the chance of a false positive. He is particularly grateful to the anonymous referee of this journal who, through two rounds of comment, has very much improved the presentation of the results. A technical supplement to this paper is placed on the EPW website along with this paper.

For more details visit https://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process

The Crypto Wars Are Global

praskrishna — 2016-04-01T16:06:30Z

The blog post by Joseph Cox was published by Motherboard on March 4, 2016

American politicians, media, and the public may be focused on the ongoing battle between Apple and the FBI over encryption in the iPhone, but the so-called Crypto Wars are far from just a national issue.

The proliferation of encryption—and law enforcement’s efforts to defeat it—is a wordwide phenomenon, and one that might have much more urgent consequences outside of Europe and the US.

On top of that, some governments’ reactions to the increased use of cryptography have been more kinetic and drastic.

This was starkly demonstrated with the arrest of a senior Facebook executive in Brazil on Tuesday, seemingly carried out because WhatsApp was unable to fulfill a court order to intercept messages on the service. That case was likely an exceptional one, but it was symptomatic of growing frustration amongst governments and law enforcement around the world.

Plenty of countries already seemingly target devices to circumvent encryption

So as foreign authorities clamp down on crypto in their own way, how will this affect users?

“Outside the US, the consequences for users, the risks, the threats that they face; the reasons they use crypto, are going to be much more pronounced,” Amie Stepanovich, US Policy Manager at Access Now, a digital rights group told Motherboard in a phone call.

For some users, Stepanovich said, “encryption really is a matter of life or death.” She pointed to LGBQT communities in the Middle East or North Africa, where their sexual preference might be illegal.

Various countries have taken wildly different approaches to tackling crypto. Late last year, the Kazakhstan government announced a plan to force all internet users to download a digital certificate that would allow the authorities to snoop on encrypted traffic. And in 2014, the Russian government called for researchers to find a way to crack the Tor anonymity network. Both of those plans have seemingly failed to materialise in any concrete results, but the intention was certainly there.

Others have looked at attacking devices of individuals, something that the FBI is also keen to develop.

“The future might be in the hacking of the device, hacking the end-point,” said Richard Tynan, a technologist at activist group Privacy International.

Indeed, plenty of countries already seemingly target devices to circumvent encryption. Italian surveillance company Hacking Team had at least 70 customers from all over the world, according to hacked internal documents.

The legislative approach has also been fairly popular. In December, China passed a law requiring technology firms to assist in the decryption of information.

This legal route parallels the current battle between Apple and the FBI, where the agency has asked the company to write code that would override the iPhone’s security features. Some feel that if the FBI is successfully in making the technology giant write malicious code, then a precedent will be set for other countries to follow.

“I think that if the US government is successful in ordering Apple to write code, we're going to see other countries also try to push Apple in the same direction,” Stepanovich said. (In its recent amicus brief in the Apple case, Intel wrote that if the FBI is successful in its demands, other countries, particularly those with less protective privacy laws, might see an invitation to require companies to undermine the security of their products.)

J. Carlos Lara, research and policy director from Derechos Digitales in Chile, said “There are many reasons to be following the debate, even if it does not appear to be directly about us, or about our country, because it might become one of the issues in our country at any point in the future.”

Carolina Botero, director of Fundación Karisma, a Colombian civil society organization, told Motherboard that she could imagine a situation similar there to that ongoing in the US if Apple does lose this fight.

“Colombia has a real need to fight against terrorists; there is a real national security issue here,” she said.

Others remained sceptical, saying that some countries may follow their own path, as they've already been doing.

“U.S. commentators greatly over-estimate the positive impact of U.S. self-imposed restrictions in national security matters on how foreign countries will act,” Pranesh Prakash, policy director at the Centre for Internet and Society in India, told Motherboard in an email.

Although it’s not a case strictly dealing with the same issues as Apple and the FBI, Prakash pointed to when the Indian government pressured BlackBerry to install a server in the country, so messages could be more easily intercepted.

“Though the U.S. government does not put restrictions on the encryption that may be deployed by telecom networks and ISPs, the Indian government does. And we aren't even talking about an 'authoritarian' government here, but the world's largest democracy,” he wrote.

The encryption debate is clearly not one limited to only the US, or even Europe. Rather, the spread of cryptography, and how governments respond to that, is likely an immediately more important issue elsewhere in the world.

“The global threat is much more serious,” than in the US, Stepanovich said.

For more details visit https://cis-india.org/internet-governance/news/motherboard-march-4-2016-joseph-cox-crypto-wars-are-global

Sean McDonald - Ebola: A Big Data Disaster

sumandro — 2016-04-21T09:57:26Z

We are proud to initiate the CIS Papers series with a fascinating exploration of humanitarian use of big data and its discontents by Sean McDonald, FrontlineSMS, in the context of utilisation of Call Detail Records for public health response during the Ebola crisis in Liberia. The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modeling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.

Read

Download the paper: PDF.

Preface

This study titled “Ebola: A Big Data Disaster” by Sean Martin McDonald, undertaken with support from the Open Society Foundation, Ford Foundation, and Media Democracy Fund, explores the use of Big Data in the form of Call Detail Record (CDR) data in humanitarian crisis.

It discusses the challenges of digital humanitarian coordination in health emergencies like the Ebola outbreak in West Africa, and the marked tension in the debate around experimentation with humanitarian technologies and the impact on privacy. McDonald’s research focuses on the two primary legal and human rights frameworks, privacy and property, to question the impact of unregulated use of CDR’s on human rights. It also highlights how the diffusion of data science to the realm of international development constitutes a genuine opportunity to bring powerful new tools to fight crisis and emergencies.

Analysing the risks of using CDRs to perform migration analysis and contact tracing without user consent, as well as the application of big data to disease surveillance is an important entry point into the debate around use of Big Data for development and humanitarian aid. The paper also raises crucial questions of legal significance about the access to information, the limitation of data sharing, and the concept of proportionality in privacy invasion in the public good. These issues hold great relevance in today's time where big data and its emerging role for development, involving its actual and potential uses as well as harms is under consideration across the world.

The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modelling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.

This study offers an important perspective for us at the Centre for Internet and Society, and our works on Privacy, Big Data, and Big Data for Development, and very productively articulates the risks of adopting solutions to issues important for development without taking into consideration legal implications and the larger impact on human rights. We look forward to continue to critically engage with issues raised by Big Data in the context of human rights and sustainable development, and bring together diverse perspectives on these issues.

- Elonnai Hickok, Policy Director, the Centre for Internet and Society

CIS Papers

The CIS Papers series publishes open access monographs and discussion pieces that critically contribute to the debates on digital technologies and society. It includes publication of new findings and observations, of work-in-progress, and of critical review of existing materials. These may be authored by researchers at or affiliated to CIS, by external researchers and practitioners, or by a group of discussants. CIS offers editorial support to the selected monographs and discussion pieces. The views expressed, however, are of the authors' alone.

For more details visit https://cis-india.org/papers/ebola-a-big-data-disaster

India's ‘Facebook ruling’ is another nail in the coffin of the MNO model

praskrishna — 2016-02-28T03:44:34Z

Ability to access 'net from mobe no longer considered a miracle.

The article was published in the Register on February 15, 2016. Pranesh Prakash gave inputs.

Nobody could accuse India’s telecoms regulator, TRAI, of being in the operators’ pockets. This month it has, once again, set eye-watering reserve prices for the upcoming 700 MHz spectrum auction (see separate item), and now it has taken one of the toughest stances in the world on net neutrality, in effect banning zero rated or discounted content deals like Reliance Communications’ Facebook Basics, or Bharti Airtel’s Zero.

In a ruling last Monday, TRAI said telecoms providers are banned from offering discriminatory tariffs for data services based on content, and from entering deals to subsidize access to certain websites. They have six months to wind down any existing arrangements which contravene the new rules. Its stance is even stricter than in other countries with strong pro-neutrality laws, such as Brazil and The Netherlands.

“This is the most extensive and stringent regulation on differential pricing anywhere in the world,” Pranesh Prakash, policy director at the Centre for Internet and Society, said. “Those who suggested regulation in place of complete ban have clearly lost.”

Such decisions, combined with high spectrum costs, will quickly make the traditional cellular business model unworkable in India, and the more that happens, the more wireless internet innovation will switch to open networks running on Wi-Fi and unlicensed spectrum. R.S. Sharma, chairman of TRAI, was careful to tell reporters that the zero rating ruling would not affect any plans to offer free Wi-Fi services, like those planned by Google in a venture with Indian Railways.

A disaster for MNOs, not Facebook

Facebook pronounced itself “disappointed” at TRAI’s ruling, having lobbied aggressively for a more flexible approach since RCOM was forced to suspend the Basics offering in December while the consultation process took place. But while the ruling bars the Basics offering – which provided free, low speed access, on RCOM’s network, to a selection of websites, curated by Facebook – it does not stop the social media giant pursuing other initiatives within its internet.org umbrella. These include projects to extend access using its own networks, powered by drones and unlicensed spectrum, to the unserved of India and other emerging economies.

So while the TRAI decision may be a setback for Facebook, it is not the body blow that it represents for the MNOs with their huge debt loads and infrastructure costs, and low ARPUs. Facebook, with 130m users in India, has a comparable reach to the Indian MNOs (only three, Bharti Airtel, Vodafone and Idea, have more subscribers than Facebook has users), and is better skilled at monetizing those consumers.

The challenge for companies like Facebook is that strict neutrality rules reduce their ability to harness others’ networks in order to reach out to new users. There are about 240m people in India who are online, but don’t use Facebook, and about 800m who are not connected, so the growth potential is far larger than in the other 37 countries where Basics is offered, such as Kenya or Zambia (Facebook is blocked in China). Using RCOM’s network and marketing activities was a far cheaper way to reach some of those people than launching drones, but Facebook has other options too, including its existing efforts to make its services more usable on very basic handsets and connections; the ability to leverage the WhatsApp brand; and partnerships with Wi-Fi providers.

The drones may have less immediate results than Basics, but they are a high profile example of an ongoing shift towards open networks, which has been going on for years, driven more by Wi-Fi proliferation than neutrality laws. The latter will be an accelerant, however.

All internet will be free, not zero rated

Currently, zero rating is an increasingly popular tactic to lure users with an apparently cheap deal and then, hopefully, see them upgrade to richer data plans, or spend money on m-commerce and premium content, in future. Zero rating involves allowing users access to selected websites and services without it affecting their data caps or allowances.

The US regulator has so far tolerated the practice, but the debate is raging, there and elsewhere, over whether it infringes neutrality laws, by offering different pricing for different internet services. If other authorities take the stance adopted by TRAI in India, operators will have to find new ways to attract customers and differentiate themselves.

Increasingly, access to a truly open internet will be the baseline, and priced extremely low. That low pricing will be made commercially viable by rising use of Wi-Fi to reduce cost of data delivery, whether for MNOs, wireline providers or web players like Google and Facebook, which are moving into access provision. Providers, whether traditional or new, will have to stop regarding access to the internet as a premium service or a privilege – it will be more akin to connecting someone to the electricity grid, just the base enabler of the real revenue model.

Just as it’s only when users plug something into that grid that they start to pay fees, so the operators will charge for higher value offerings which ride on top of the internet – premium content, enterprise services, cloud storage, freemium applications and so on.

The mobile operators have not embraced these ideas willingly. For years, the ability to access the internet from a mobile device was regarded as a value-add, almost a miracle. Now that the wireless network is often the primary access method, they need to change their ideas and be more like the smarter cablecos – which have tacked internet access onto a model driven by paid-for content and services – or the web giants, which have worked out ways to monetize ‘free’ access, from advertising to big data.

This, of course, is one of the goals of internet.org and Google’s similar initiatives involving drones, white space spectrum and satellites. The more users are able to access the internet, preferably for free, and the more they see Google or Facebook as their primary conduits to the web, the more data these companies have to feed into their deep learning platforms, their context aware services and their advertising and big data engines.

So while critics of TRAI said the zero rating decision was a setback to the goal of getting internet access into the hands of the huge underserved population of India, that population is too large and potentially rich for Facebook and its rivals to give up at the first hurdle.

Facebook CEO Mark Zuckerberg wrote in a blog post: "While we're disappointed with today's decision, I want to personally communicate that we are committed to keep working to break down barriers to connectivity in India and around the world. Internet.org has many initiatives, and we will keep working until everyone has access to the internet."

For more details visit https://cis-india.org/telecom/news/the-register-february-15-2016-india-facebook-ruling-is-another-nail-in-coffin-of-mno-model

Violence call key to 'sedition'

praskrishna — 2016-02-28T03:06:47Z

Words, whether spoken or shouted, that question or even malign the government cannot be labelled as sedition, unless they specifically incite violence, lawyers and human rights experts familiar with fundamental rights and sedition laws have said.

The article was published in the Telegraph on February 18, 2016

The experts say courts hearing allegations of sedition would be expected to analyse the context and intent to determine whether actions claimed by the prosecution as sedition fit its definition under the Indian Penal Code#(IPC) and various Supreme Court rulings.

Under Section 124A of the IPC, "whoever by words.... or by signs or visible representation or otherwise brings or attempts to bring into hatred, contempt or excites or attempts to excite disaffection towards the government established by law in India" may be punished. The section defines disaffection as "disloyalty and all feelings of enmity", but clarifies that comments that express even strong disapproval of government actions through lawful means without exciting or attempting to excite hatred, contempt, or disaffection are not an offence.

"It is not the actions alone that count, they have to be seen along with the mental ingredients behind those actions - it is the motive that determines the character of the actions," N.R. Madhava Menon, honorary professor at Bangalore's National Law School, told The Telegraph.

"The court would be expected to examine the facts and the evidence presented," he said. "It would ask questions such as, is there evidence for a conspiracy, who was behind the actions, was it an organised event, was it intended to subvert a legally established government?"

Experts say Supreme Court rulings over the decades have narrowed the scope of the sedition law. In a 1995 judgment, the court held that casual raising of slogans by individuals cannot be held as exciting or attempting to excite hatred or disaffection towards the government.

The court has ruled that only speeches intended to create disorder or disturbance or call for resorting to violence could be punishable under the section, said Ravi Nair, executive director of the South Asia Human Rights Documentation Centre, New Delhi.

In a 1962 judgment, the Supreme Court had limited the scope of Section 124A to incitement to violence or fostering public disorder, Gautam Bhatia, a Delhi-based lawyer and author of Offend, Shock, or Disturb, a book on free speech under the Indian Constitution has pointed out.

In a report for the non-government Centre for Internet and Society, Bhatia said other Supreme Court rulings had clarified#that that there needed to be a "direct and imminent degree of proximity" between the speech and expression and the breach of public order, and that the relation between the two should be like a "spark in a powder keg".

"Something the court has clearly rejected is the argument that it is permissible to criminalise speech and expression simply because its content might lower the authority of the government in the eyes of the public which, in turn, could foster a disrespect for law and the state, and lead to breaches of public order," Bhatia wrote.Human rights analysts point out historical episodes in other countries where citizens have expressed intense opposition to government actions, without having charges of sedition filed against them.

"The protests in the US against the Vietnam War during the late 1960s and protests in the UK against the Falkland War in 1982 or more recently British involvement in the Gulf war are examples," Nair said. "Supreme Court rulings in India have narrowed the scope of the section on sedition to cover only actions that actually call for violence."

Nair said sedition should be seen as an anachronism in any mature democracy. India's sedition law was written during British rule, but the UK abolished its own sedition and seditious libel law in 2009.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-february-18-2016-violence-call-key-to-sedition

Why the Internet is Making India Furious

praskrishna — 2016-02-28T03:01:59Z

The Centre for Internet and Society (CIS) in Bangalore is a kind of hacker club for wonks and lawyers obsessed with issues of digital rights and global development. Not exactly the mainstream kids’ lunch table. But the Center was brought into sudden relief this week, thanks to … Mark Zuckerberg.

Read Sanjena Sathian's blog post published by Ozy on February 19, 2016

In a splashy bit of news, India’s telecom authority rejected a program called Free Basics, which the Facebook team had been promoting as a way to get free Internet to the masses. (Here on the subcontinent, more than 300 million people use the Internet — but that’s only about a quarter of the population.) The idea: Facebook would allow free access to a handful of websites (the “basics”) to everyone; users would pay for further content. The objections: On the dramatic end came comparisons to colonialism; on the wonkier, objections based on the principles of net neutrality, or the idea that all Internet content should be treated the same. The threat the critics saw in Free Basics was that of the Web as a two-lane highway — the free stuff for the poor folks, and the good stuff for those who can afford it.

Mumbai-based Sanjena Sathian spoke to CIS cofounder and policy director Pranesh Prakash about the changing landscape of web rights that led up to the news.

OZY:

Tell us what you’re thinking in the wake of India’s decision.

Pranesh Prakash:

The order seemed to fix the issue with a sledgehammer rather than a scalpel. It over-regulates and bans things that are beneficial along with that that aren’t. They should have aimed for discriminatory pricing, but they’ve instead eliminated all differential pricing, even when it’s not discriminatory.

What should come next, in my opinion — it is imperative to ensure that governmental resources are used to provide free access to the Internet. If you’ve taken away something that could have helped and said no, no, no, it’s not good for you, then you are under an obligation to provide a replacement.

OZY:

How do you think the larger political conversations going on in India right now seep into the debates about digital rights?

PP:

Many people think the largest divider is between those who are from a developing country or a developed country. I think the larger divide is between those who are politically skeptical of states — more libertarian — versus those who are more trusting of states and see states as having a role to play in Internet governance. How you think the poor in India should get Internet — should that be provided by government or by market mechanisms — well, your political philosophies will play a role. In India, one tends to find fewer free-market fundamentalists than one would meet in, say, San Francisco.

OZY:

I think, increasingly, post-Snowden in particular, people think of digital rights as human rights. Where do you see things going wrong on a rights front here in India?

PP:

Oh, wow … so many ways. In India we have a situation where, right now, more than 3,000 websites were blocked by the government, but no one knows what these sites are. No one knows whether they were blocked through mechanisms that ensure accountability. There is no transparency around any of these. And this is just the visible tip of the iceberg. And how do I know this? I sent a right-to-information request to the government and they gave me this answer. But beyond this, they put in place a few years ago a law which allows for websites and any kind of web content to be censored by anyone. And all they have to do is send a request to any “intermediary,” which could be anything from your ISP to your web host to your DNS provider.

OZY:

Wait, so what does that mean? I get annoyed at a site — where do I go to lodge my complaint?

PP:

All these websites are required by the law to appoint a particular person as a “grievance redressal officer.”

OZY:

What a title!

PP:

Yes … and there are more than 40 grounds for grievances that have been listed in the law, including things such as “causing harm to minors” and certain speech being “disparaging.” Now, I engage in disparaging speech at least 12 times a day. And that’s perfectly legal under Indian law!

OZY:

Eep. Any good news, though?

PP:

A case went all the way up to the Supreme Court, [involving a young woman named] Shreya Singhal. There was a section 66A, quite an odious provision, that allowed for any kind of “offensive” or “annoying” speech to cause that person to be put in prison for up to three years.

Two teenage girls in Maharashtra, upon the death of a politician, put out a comment on social media. The death had caused a bandh, a curfew of sorts in Mumbai, and done not officially by the government but by political party workers. One girl said on Facebook, sure, go ahead, respect this politician, but why inconvenience so many citizens? Her friend liked this. And a case was launched against them. Similarly, some cartoons by an anticorruption activist were challenged and he was imprisoned briefly and released on bail.

OZY:

It’s always the cartoonists.…

PP:

Yes, and one professor in Calcutta — for forwarding a cartoon, he was placed under this law too. Many cases of perfectly fine political speech were made illegal thanks to this law. Eventually, though, in a landmark decision, the Supreme Court struck down this law, and this is the first time in almost three decades that the Supreme Court has struck off an entire law for being unconstitutional.

But, yes. Mostly? It’s not been pretty.

For more details visit https://cis-india.org/internet-governance/news/ozy-february-19-2016-sanjena-sathian-why-internet-is-making-india-furious

Comments by the Centre for Internet and Society on the Report of the Committee on Medium Term Path on Financial Inclusion

vipul — 2016-03-01T13:53:38Z

Apart from item-specific suggestions, CIS would like to make one broad comment with regard to the suggestions dealing with linking of Aadhaar numbers with bank accounts. Aadhaar is increasingly being used by the government in various departments as a means to prevent fraud, however there is a serious dearth of evidence to suggest that Aadhaar linkage actually prevents leakages in government schemes. The same argument would be applicable when Aadhaar numbers are sought to be utilized to prevent leakages in the banking sector.

The Centre for Internet and Society (CIS) is a non-governmental organization which undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives.

In the course of its work CIS has also extensively researched and witten about the Aadhaar Scheme of the Government of India, specially from a privacy and technical point of view. CIS was part of the Group of Experts on Privacy constituted by the Planning Commission under the chairmanship of Justice AP Shah Committee and was instrumental in drafting a major part of the report of the Group. In this background CIS would like to mention that it is neither an expert on banking policy in general nor wishes to comment upon the purely banking related recommendations of the Committee. We would like to limit our recommendations to the areas in which we have some expertise and would therefore be commenting only on certain Recommendations of the Committee.

Before giving our individual comments on the relevant recommendations, CIS would like to make one broad comment with regard to the suggestions dealing with linking of Aadhaar numbers with bank accounts. Aadhaar is increasingly being used by the government in various departments as a means to prevent fraud, however there is a serious dearth of evidence to suggest that Aadhaar linkage actually prevents leakages in government schemes. The same argument would be applicable when Aadhaar numbers are sought to be utilized to prevent leakages in the banking sector.

Another problem with linking bank accounts with Aadhaar numbers, even if it is not mandatory, is that when the RBI issues an advisory to (optionally) link Aadhaar numbers with bank accounts, a number of banks may implement the advisory too strictly and refuse service to customers (especially marginal customers) whose bank accounts are not linked to their Aadhaar numbers, perhaps due to technical problems in the registration procedure, thereby denying those individuals access to the banking sector, which is contrary to the aims and objectives of the Committee and the stated policy of the RBI to improve access to banking.

Individual Comments

Recommendation 1.4 - Given the predominance of individual account holdings, the Committee recommends that a unique biometric identifier such as Aadhaar should be linked to each individual credit account and the information shared with credit information companies. This will not only be useful in identifying multiple accounts, but will also help in mitigating the overall indebtedness of individuals who are often lured into multiple borrowings without being aware of its consequences.

CIS Comment: The discussion of the committee before making this recommendation revolves around the total incidence of indebtedness in rural areas and their Debt-to-Asset ratio representing payment capacity. However, the committee has not discussed any evidence which indicates that borrowing from multiple banks leads to greater indebtedness for individual account holders in the rural sector. Without identifying the problem through evidence the Committee has suggested linking bank accounts with Aadhaar numbers as a solution.

Recommendation 2.2 - On the basis of cross-country evidence and our own experience, the Committee is of the view that to translate financial access into enhanced convenience and usage, there is a need for better utilization of the mobile banking facility and the maximum possible G2P payments, which would necessitate greater engagement by the government in the financial inclusion drive.

CIS Comment: The drafting of the recommendation suggests that RBI is batting for the DBT rather than the subsidy model. However an examination of the discussion in the report suggests that all that the Committee has not discussed or examined the subsidy model vis-à-vis the direct benefit transfer (DBT) model here (though it does recommend DBT in the chapter on G-2-P payments), but only is trying to say is that where government to people money transfer has to take place, it should take place using mobile banking, payment wallets or other such technologies, which have been known to be successful in various countries across the world.

Recommendation 3.1 - The Committee recommends that in order to increase formal credit supply to all agrarian segments, the digitization of land records should be taken up by the states on a priority basis.

Recommendation 3.2 - In order to ensure actual credit supply to the agricultural sector, the Committee recommends the introduction of Aadhaar-linked mechanism for Credit Eligibility Certificates. For example, in Andhra Pradesh, the revenue authorities issue Credit Eligibility Certificates to Tenant Farmers (under ‘Andhra Pradesh Land Licensed Cultivators Act No 18 of 2011'). Such tenancy /lease certificates, while protecting the owner’s rights, would enable landless cultivators to obtain loans. The Reserve Bank may accordingly modify its regulatory guidelines to banks to directly lend to tenants / lessees against such credit eligibility certificates.

CIS Comment: The Committee in its discussion before the recommendation 3.2 has discussed the problems faced by landless farmers, however there is no discussion or evidence which suggests that an Aadhaar linked Credit Eligibility Certificate is the best solution, or even a solution to the problem. The concern being expressed here is not with the system of a Credit Eligibility Certificate, but with the insistence on linking it to an Aadhaar number, and whether the system can be put in place without linking the same to an Aadhaar number.

Recommendation 6.11 - Keeping in view the indebtedness and rising delinquency, the Committee is of the view that the credit history of all SHG members would need to be created, linking it to individual Aadhaar numbers. This will ensure credit discipline and will also provide comfort to banks.

CIS Comment: There is no discussion in the Report on the reasons for increase in indebtedness of SHGs. While the recommendation of creating credit histories for SHGs is laudable and very welcome, however there is no logical reason that has been brought out in the Report as to why the same needs to be linked to individual Aadhaar numbers and how such linkage will solve any problems.

Recommendation 6.13 - The Committee recommends that bank credit to MFIs should be encouraged. The MFIs must provide credit information on their borrowers to credit bureaus through Aadhaar-linked unique identification of individual borrowers.

CIS Comment: Since the discussion before this recommendation clearly indicates multiple lending practices as one of the problems in the Microfinance sector and also suggests better credit information of borrowers as a possible solution, therefore this recommendation per se, seems sound. However, we would still like to point out that the RBI may think of alternative means to get borrower credit history rather than relying upon just the Aadhaar numbers.

Recommendation 7.3 - Considering the widespread availability of mobile phones across the country, the Committee recommends the use of application-based mobiles as PoS for creating necessary infrastructure to support the large number of new accounts and cards issued under the PMJDY. Initially, the FIF can be used to subsidize the associated costs. This will also help to address the issue of low availability of PoS compared to the number of merchant outlets in the country. Banks should encourage merchants across geographies to adopt such applicationbased mobile as a PoS through some focused education and PoS deployment drives.

Recommendation 7.5 - The Committee recommends that the National Payments Corporation of India (NPCI) should ensure faster development of a multi-lingual mobile application for customers who use non-smart phones, especially for users of NUUP; this will address the issue of linguistic diversity and thereby promote its popularization and quick adoption.

Recommendation 7.8 - The Committee recommends that pre-paid payment instrument (PPI) interoperability may be allowed for non-banks to facilitate ease of access to customers and promote wider spread of PPIs across the country. It should however require non-bank PPI operators to enhance their customer grievance redressal mechanism to deal with any issues thereof.

Recommendation 7.9 - The Committee is of the view that for non-bank PPIs, a small-value cashout may be permitted to incentivize usage with the necessary safeguards including adequate KYC and velocity checks.

CIS Comments: While CIS supports the effort to use technology and mobile phones to increase banking penetration and improve access to the formal financial sector for rural and semi-rural areas, sufficient security mechanisms should be put in place while rolling out these services keeping in mind the low levels of education and technical sophistication that are prevalent in rural and semi-rural areas.

Recommendation 8.1 - The Committee recommends that the deposit accounts of beneficiaries of government social payments, preferably all deposits accounts across banks, including the ‘inprinciple’ licensed payments banks and small finance banks, be seeded with Aadhaar in a timebound manner so as to create the necessary eco-system for cash transfer. This could be complemented with the necessary changes in the business correspondent (BC) system (see Chapter 6 for details) and increased adoption of mobile wallets to bridge the ‘last mile’ of service delivery in a cost-efficient manner at the convenience of the common person. This would also result in significant cost reductions for the government besides promoting financial inclusion.

CIS Comment: While the report of the Committee has already given several examples of how cash transfer directly into the bank accounts (rather than requiring the beneficiaries to be at a particular place at a particular time) could be more efficient as well as economical, the Committee is making the same point again here under the chapter that deals specifically with government to person payments. However even before this recommendation, there has been no discussion as to the need for linking or “seeding” the deposit accounts of the beneficiaries with Aadhaar numbers, let alone a discussion of how it would solve any problems.

Recommendation 10.6 - Given the focus on technology and the increasing number of customer complaints relating to debit/credit cards, the National Payments Corporation of India (NPCI) may be invited to SLBC meetings. They may particularly take up issues of Aadhaar-linkage in bank and payment accounts.

CIS Comment: There is no discussion on why this recommendation has been made, more particularly; there is no discussion at all on why issues of Aadhaar linkage in bank and payment accounts need to be taken up at all.

For more details visit https://cis-india.org/internet-governance/blog/comments-by-the-centre-for-internet-and-society-on-the-report-of-the-committee-on-medium-term-path-on-financial-inclusion

Why India snubbed Facebook's free Internet offer

praskrishna — 2016-02-27T07:49:08Z

The social media giant wanted to give the people of India free access to a chunk of the Internet, but the people weren't interested.

The blog post by Daniel Van Boom was published by Cnet on February 26, 2016. Sunil Abraham was quoted.

Mark Zuckerberg's ambitious mission to provide free Internet access to rural India was rejected by the people it was intended to help long before the country's regulators banned it earlier this month.

Around the country, farmers, labourers and office workers scorned Facebook's offer. Called Free Basics, it provided only limited access to the Internet through a suite of websites and services that, unsurprisingly, included Facebook. They felt the limited service didn't follow the open nature of the Internet, where all sites and online destinations should be equally accessible, so they organized real-world protests and an online Save The Internet campaign, with the message that Zuckerberg's efforts weren't welcome.

You might think people would jump at the opportunity to access Facebook for free, especially since more than a billion people use the social network every day. But it's that hitch -- that they can't access everything else -- which is precisely the problem, said Sunil Abraham, the executive director of the Centre for Internet and Society India. "Even if somebody spends 90 percent of their time on Facebook, that 10 percent is equally as important."

Indian regulators sided with popular opinion and cut off Free Basics in the world's second-most populous country on February 8. The ruling by the Telecom Regulatory Authority of India (TRAI) forbids all zero-rating plans, meaning anyone offering customers free access to only a limited set of services of sites are banned. It was championed as a victory for Net neutrality, the principle that everyone should have equal access to all content on the Internet.

The decision was undoubtedly a blow for Facebook, which says it wants to connect the billions of have-nots around the world to the Internet through the program. While more than half the world's online population uses Facebook each month, the company's efforts to connect with the developing world -- with Free Basics also being available in over 30 other countries, such as Kenya and Iraq -- could be a boon for business.

"[The Internet] must remain neutral for everyone, individuals and businesses alike. Everyone must have equal access to it," said Rajesh Sawhney, a Mumbai-based tech entrepreneur, in support of TRAI's decision to reject Free Basics. He believes the zero-rating scheme can be misused by telcos and other companies to create divisive ecosystems, where certain brands or companies are included and others aren't.

The package wasn't without its supporters though, with some being disappointed with the government's intervention in the marketplace.

"It is generally assumed that there is something sinister behind violations of Net neutrality...but that is not always true," says software engineer Shashank Mehra. "ISPs trying to match consumer demand isn't something sinister, it is a market process."

The social media giant further defends itself by pointing out that Free Basics is open to any and all developers, including competitors Twitter and Google, as long as they meet the program's technical standards. This evidently wasn't enough to convince much of India.

The problem persists

Facebook disputes claims that its interest in India is commercial, saying its efforts are humanitarian. In speeches over the past few months, Zuckerberg has painted Internet access as a tool for global good. "The research has shown on this that for every 10 people who get access to the internet, about one person gets a new job, and about one person gets lifted out of poverty," he said at a Townhall Q&A in Delhi last October. "Connecting things in India is one of the most important things we can do in the world."

Zuckerberg appears to have taken the loss in stride. During a keynote address at the Mobile World Conference in Barcelona earlier this week, he admitted to being disappointed by the ruling, but added, "We are going to focus on different programs [in India]...we want to work with all the operators there." A Facebook spokesperson said the company "will continue our efforts to eliminate barriers and give the unconnected an easier path to the Internet and the opportunity it brings."

Those ideals could certainly help in India, where around 68 percent of its population -- about 880 million people -- live in rural conditions or poverty. The promise of free access to health, education, local and national news through an Internet connection could potentially improve quality of live. So what's the problem?

The service providers would also be granting free Facebook.

Peggy Wolff, a volunteer coordinator at education NGO Isha Vidhya, says Facebook is just the latest in a long line of international companies hoping to crack rural India, where the bulk of the country's poor live.

While admitting that low cost or free Internet is imperative in rural areas, that "smart villages" are needed to help ease the human burden on India's increasingly overcrowded cities, she says, "Free basics is just a bit suspicious to most people. There's just too much vested interest."

"The big question." Sawhney says, "is how do we give fast and free Internet to a large section of society in India?"

There are alternatives. United States-based Jana, for instance, developed an Android app called mCent that allows its growing userbase of 30 million to earn data by downloading and using certain apps or watching advertisements from sponsors. Unlike Free Basics, that data can be expended on any online destination.

Jana's CEO Nathan Eagle, like Zuckerberg, says his mission is to bring Internet connectivity to the next billion people. "Today, Internet connectivity in emerging markets is much more an issue of affordability, rather than access," he explains. "1.3 billion people in emerging markets now have Android phones...it's the cost of data that is prohibitive."

For more details visit https://cis-india.org/internet-governance/news/why-india-snubbed-facebooks-free-internet-offer

Netizen Report: The EU Wrestles With Facebook Over Privacy

praskrishna — 2016-02-27T07:39:01Z

Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world.

The blog post published in Global Voices on February 11, 2016 quotes Pranesh Prakash and Subhashish Panigrahi.

In the latest development in the negotiations between the United States and European Union over data transfer rules, Reuters reports France’s data protection authority gave Facebook three months to stop tracking non-users’ Web activity without their consent, and ordered Facebook to cease some transfers of personal data to the United States or face fines. In response, Facebook asserted it does not use the now-defunct Safe Harbor agreement to move data to the United States and instead has set up alternative legal structures to keep its data transfers in line with EU law. Despite this, Facebook was forced last year to stop tracking Belgian non-users after it was taken to court by the Belgian regulator. Last week, the United States and European Union agreed upon a new legal framework to replace Safe Harbor, but as it is not yet operational, several European data protection authorities are still deciding whether data transfers should be restricted.

Big Blow for Facebook’s Free Basics

Indian regulators officially banned “differential pricing”or discriminatory tariffs placed on data services depending on their content. This means that Internet users in India are guaranteed equal access to any website they want, regardless of how they connect to the Internet, ays Global Voices’ Subhashish Panigrahi. The decision is a particular blow to Facebook’s Free Basics application, which uses differential pricing mechanisms to make accessing Facebook, WhatsApp and a limited number of other websites free to users who do not pay for mobile data plans. Though Facebook promotes the program as a means to increasing digital access, it has come under backlash in India and a number of other countries. Internet policy expert Pranesh Prakash emphasizedthat though the ruling is a win for open access in India, these efforts must continue until India is truly and equally connected.

Google’s new scheme to combat online extremism

In an effort to combat groups like ISIS that recruit online, Google has launched apilot schemeto point users who search for extremist terms toward anti-radicalization links. It announced the new effort on February 2 at a meeting with the U.K. Home Affairs Select Committee on Countering Extremism. Representatives of Twitter and Facebook were also challenged by members of Parliament on their role in combatting the spread of terrorist material. Twitter announcedthat it had suspended 125,000 accounts associated with extremism since mid-2015 in response to pressure from the US government. However, as the New York Times’ Mike Isaac notes, “these companies must walk a fine line between bearing responsibility for their platforms and avoiding becoming the arbiter of what constitutes free speech.”

What’s going to happen to Ukraine’s database of ‘explicit content’?

The Ukrainian censorship body, National Expert Commission for Protection of Public Morality, dissolved last year, but its legacy lives on as a database of “explicit content” that no one in the government seems to know what to do with. The database includes a sizeable amount of content “containing elements of sexual nature and erotica,” but the commission was also well known for its attempt to ban Spongebob Squarepants, Shrek, and Teletubbies. Users have suggested the team responsible for dissolving the commission make the content more widely available, so they can see where taxpayers’ money went.

How to protect yourself from government hacking

Hacking human rights workers, journalists, and NGOs has become common practice for governments around the world, according to Amnesty International’s Morgan Marquis-Boire and Electronic Frontier Foundation’s Eva Galperin. In a post for Amnesty International, the two provide a brief history of government hacking and give suggestions for NGOs and human rights organizations to protect themselves.

Taking on Russia’s invasive surveillance

Two Russian Internet service providers are taking the Federal Security Service to court to challenge the surveillance system employed by Russian federal police to spy on Internet use. ISPs play a critical role in making surveillance possible, by installing expensive equipment that provides police access—making this case a significant affront to Russia’s invasive surveillance apparatus.

Telegram in Iran

Messaging app Telegram’s growing influence is being characterized as a major factor in the dissemination and spread of information leading up to Iran’s Feb. 26 parliamentary elections, but the platform’s susceptibility to state manipulation is also becoming more apparent. After the arrest of former BBC journalist Bahman Doroshafaei, the government took over his Telegram account and started to message his contacts. Some believe this was an effort to extract sensitive information or to distribute spyware. Fatemeh Shams, a friend of Doroshafaei, posted the following warning to her Facebook account:

Someone has been talking to me for two hours from Bahman's hacked Telegram account and now is chatting with my friends with my account..If anyone messaged you on Telegram [from my account] please ignore it. I've lost access to my account.

Mahsa Alimardani, Ellery Roberts Biddle, Hae-in Lim and Sarah Myers West contributed to this report.

For more details visit https://cis-india.org/internet-governance/news/global-voices-february-11-2016-netizen-report

We are anonymous, we are legion

The New Aadhaar Bill in Plain English

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016

Chapter II. ENROLMENT

Chapter III. AUTHENTICATION

Chapter IV. UNIQUE IDENTIFICATION AUTHORITY OF INDIA

Chapter V. GRANTS, ACCOUNTS AND AUDIT AND ANNUAL REPORT

Chapter VI. PROTECTION OF INFORMATION

Chapter VII. OFFENCES AND PENALTIES

Chapter VIII. MISCELLANEOUS

STATEMENT OF OBJECTS AND REASONS

GNI-Industry Dialogue Learning Session: Human Rights Impact Assessments and Due Diligence in the ICT sector

Are we Losing the Right to Privacy and Freedom of Speech on Indian Internet?

Aadhaar Bill fails to incorporate suggestions by the Standing Committee

A comparison of the 2016 Aadhaar Bill, and the 2010 NIDAI Bill

Title

Purpose/Object Clause

Definitions

Enrolment

Authentication

Unique Identification Authority Of India

Grants, Accounts and Audit and Annual Report

Identity Review Committee

Protection of Information

Offences and Penalties

Miscellaneous

Statement of Objects and Reasons

Aadhaar: Still Too Many Problems

Also Read

Pros and cons of Aadhaar bill

Flaws in the UIDAI Process

The Crypto Wars Are Global

Plenty of countries already seemingly target devices to circumvent encryption

Sean McDonald - Ebola: A Big Data Disaster

Read

Download the paper: PDF.

Preface

CIS Papers

India's ‘Facebook ruling’ is another nail in the coffin of the MNO model

A disaster for MNOs, not Facebook

All internet will be free, not zero rated

Violence call key to 'sedition'

Why the Internet is Making India Furious

OZY:

Pranesh Prakash:

OZY:

PP:

OZY:

PP:

OZY:

PP:

OZY:

PP:

OZY:

PP:

OZY:

PP:

Comments by the Centre for Internet and Society on the Report of the Committee on Medium Term Path on Financial Inclusion

Individual Comments

Why India snubbed Facebook's free Internet offer

The problem persists

Netizen Report: The EU Wrestles With Facebook Over Privacy

Big Blow for Facebook’s Free Basics

Google’s new scheme to combat online extremism

What’s going to happen to Ukraine’s database of ‘explicit content’?

How to protect yourself from government hacking

Taking on Russia’s invasive surveillance

Telegram in Iran