We are anonymous, we are legion

January 2012 Bulletin

praskrishna — 2012-07-09T09:36:46Z

Welcome to the Centre for Internet and Society newsletter! In this issue we bring you the updates of our research, events, media coverage and videos of events organized by us during the month of January 2012!

Digital Natives with a Cause?

Digital Natives with a Cause? is a knowledge programme initiated by CIS, India and Hivos, Netherlands. It is a research inquiry that seeks to look at the changing landscape of social change and political participation and the role that young people play through digital and internet technologies, in emerging information societies. The major outputs have been a four book collective asking questions about theory and practice around 'digital revolutions' in a post MENA (Middle East - North Africa) world, a position paper, a scouting study and three international workshops.

Events Organised

Digital AlterNatives Video Contest: The Everyday Digital Native — To Be, To Think, To Act, To Connect

Digital AlterNatives Tweet-a-Review

'Digital Natives with a Cause?' project invites readers to review essays from the 'Digital AlterNatives with a Cause', a four-book collective published by Centre for Internet & Society and Hivos.

Digital AlterNatives: Book Reviews

Alternative Approaches to Social Change

“Observations about intangible aspects of a movement will keep a research from clinging to activism with a capital A, and start seeing a gradation in the social movement practices. It is constructive and opens the door to analyses of multi-dimensional movements such as the Blank Noise initiative (India). Drawing on methods of identifying new developments to the field of social movement, Maesy examines some aspects of it: the issue, strategy, site of action, and internal mode of organization.”
Nuraini Juliastuti, Co-founder, KUNCI Cultural Studies Center

Accessibility

India has an estimated 70 million disabled persons who are unable to read printed materials due to some form of physical, sensory, cognitive or other disability. This includes persons with blindness, learning disabilities such as dyslexia, cerebral palsy and persons who do not have full control over their limbs. For these people, the material needs to be converted into alternate formats such as Braille, audio or video or electronic formats (text document, word document or PDF) which they can access using assistive technologies. Our key research has focused on a submission to amend the Indian Copyright to the HRD Ministry, publishing a policy handbook on e-accessibility, research on accessible mobile handsets in India and an analysis of the Working Draft of the Rights of Persons with Disabilities Act, 2010.

Journal Article

Technology for Accessibility in Higher Education, published in the Journal: Enabling Access for Persons with Disabilities to Higher Education and Workplace. Nirmita Narasimhan wrote an article.

Featured Research

Making Mobile Phones and Services Accessible. CIS researched, edited and published this report in partnership with G3ict and ITU. The report contains a foreword, eleven chapters, a bibliography and glossary with contributions from Deepti Bharthur, Nirmita Narasimhan and Axel Leblois.

Upcoming Event

ITU Tutorial on Audiovisual Media Accessibility, organized by the International Telecommunication Union, India International Centre, 14-15 March 2012. CIS is hosting the meeting. The Tutorial will be preceded by the fourth meeting of the Focus Group on Audio Visual Media Accessibility (FG AVA) on 13 March 2012. This meeting will take place at the same venue and will also be hosted by CIS, in cooperation with the ITU-APT Foundation of India.

Access to Knowledge

Access to Knowledge is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents and trademarks, which are an important part of the digital landscape. We prepared the India report for the Consumers International IP Watchlist, made submission to the HRD Ministry on WIPO Broadcast Treaty, questioned the demonization of pirates, and advocated against laws (such as PUPFIP Bill) that privatize public funded knowledge.

Event Organised

Gandhi, Freedom, and the Dilemmas of Copyright: To commemorate Mahatma Gandhi's death anniversary, CIS organised a public lecture. Prof. Shyamkrishna Balganesh of the University of Pennsylvania gave a lecture.

Openness

The advent of the Internet has radically defined what it means to be open and collaborative. Even the Internet is built upon open standards and free/libre/open source software. CIS has been committed and actively campaigned for promotion of open standards, open access and free/libre/open source software.

Workshop Reports

Summary of the Minutes of the Workshop on Biodiversity Informatics, organized by the Western Ghats Portal team to explore the contemporary state of biodiversity informatics at Ashoka Trust for Research in Ecology and Environment (ATREE), Bangalore on 25 November 2011.
Design!PubliC — Innovation and the Public Interest: On the 14th of October, 2011, the Center for Knowledge Societies organized the second edition of the Design Public Conclave, a conversation on how innovation can serve the Public Interest. The conclave was held at the National Gallery of Modern Art in Bangalore.
Report on the 'Open Access to Academic Knowledge' workshop: On Wednesday the 2nd of November, during Open Access Week, the Indian Institute of Science in conjunction with the Centre for Internet and Society held a workshop on Open Access at the National Centre for Science Information, in Bangalore. We recorded the meeting and published it online.

Event Organised

Geekup on Open Data in Bangalore: Hapee de Groot, Hivos, Netherlands gave a talk on Open Data and its use for citizen engagement.

Media Coverage

Wikipedia turns 11 today: The Bangalore event, open to all Wikipedia users, contributors and enthusiasts, is being held at the Centre for Internet and Society at Domlur.
The Hindu, 15 January 2012

Internet Governance

The Tunis Agenda of the second World Summit on the Information Society has defined internet governance as the development and application by governments, the private sector and civil society, in their respective roles of shared principles, norms, rules, decision-making procedures and programmes that shape the evolution and use of the internet. CIS partnered with Privacy International and Society in Action Group which has produced outputs in banking, telecommunications, consumer rights, etc., submitted open letters to Parliamentary Committee on UID, feedbacks on NIA Bill, and IT Rules.

Newspaper / Magazine Articles

Keeping it Private
As we disclose more information online, we must ask who might access it and why, writes Nishant Shah in the Indian Express, 15 January 2012.

Click to Change
From organising political protests and flash mobs to uploading their versions of Kolaveri Di, people brought about change with the help of the internet, Nishant Shah, Indian Express, 1 January 2012.

The Quixotic Fight to Clean up the Web
The ongoing attempt to pre-screen online content won’t change anything. It will only drive netizens into the arms of criminals, writes Sunil Abraham, Tehelka Magazine, Vol 9, Issue 04, 28 January 2012.

Sense and Censorship
The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) bills, at the US House of Representatives and Senate, respectively, appear to enforce property rights, but are, in fact, trade bills, Sunil Abraham in the Indian Express, 20 January 2012.

Interview

Our Internet and the Law
Nishant Shah was interviewed by the BBC Channel 5 (Radio) for its Outriders section. Jamillah Knowles reports this. Listen to the podcast online, BBC Radio, 24 January 2012.

Event Reports

Privacy Matters — Analyzing the Right to "Privacy Bill"
On January 21, 2012 a public conference “Privacy Matters” was held at the Indian Institute of Technology in Mumbai. It was the sixth conference organised in the series of regional consultations held as “Privacy Matters”. The present conference analyzed the Draft Privacy Bill and the participants discussed the challenges and concerns of privacy in India.

Future of Integrated Science Education in Higher Education in India
The Higher Education Innovation and Research Application (HEIRA) at the Centre for the Study of Culture and Society (CSCS) and the Centre for Contemporary Studies (CCS) at the Indian Institute of Sciences (IISc) hosted a two day workshop on 2 and 3 January 2012 on the Future of Integrated Science Education in Higher Education in India at the Centre for Contemporary Studies, IISc. Nishant Shah participated in the workshop.

Media Coverage

Twitter’s Censorship Move Aimed at Regaining China?
"The region-specific blocking was already being used on video hosting websites like YouTube and Hulu, where due to the wishes of copyright owners many videos are not available in India. Twitter is extending this technology to its tweets.”
Pranesh Prakash in International Business Times, 28 January 2012.

Google's privacy policy raises hackles (Times of India, January 26, 2012)
“Storing data makes it prone to misuse by authorities as well as corporations... I don't want my bakery shop owner to know what kind of medicines I buy from the nearby medical store.”
Sunil Abraham in the Times of India, 26 January 2012.

Google to change privacy policy to use personal info of users
“New changes are not good for a consumer's privacy.”
Sunil Abraham in Punjab Newsline, 27 January 2012.

Tangled Web
“We did a policy sting operation wherein we sent fraudulent notices to big web sites...in one case where we asked for the removal of three comments, they removed all 13. So there is already a private censorship underway.”
Sunil Abraham in the Week, 21 January 2012.

POV: Should user-generated content be monitored?
“We should not fool ourselves into thinking that private sector companies like Google will defend our fundamental rights. The next Parliament session is the last opportunity for parliamentarians to ask for the revocation of the rules for intermediaries, cyber-cafes and reasonable security practices.”
Sunil Abraham in afaqs, 19 January 2012.

Indian Internet Lawsuit Puts Spotlight on Freedom of Expression
“These rules have the potential to curtail debate and discussion on the net... They allow for all sorts of subjective tests by private parties and we predicted they would have a chilling effect on freedom of expression online.”
Sunil Abraham in the Voice of America, 19 January 2012.

India: obscene pics of gods require massive human censorship of Google, Facebook
“It’s difficult to establish exactly what is anti-religious: for example, the Hindu profession of belief in multiple gods is blasphemous to Muslims, Christians and Jews.”
Sunil Abraham in ars technica, 14 January 2012.
Is India Ignoring its own Internet Protections?
“The I.T. Act provides immunity to (Internet companies) and that should be the default starting position.”
Sunil Abraham in the Wall Street, 16 January 2012.

India internet: clean-up or censorship?
Sunil Abraham was quoted in Financial Time’s beyondbrics, 13 January 2012.

Twists and turns of the SOPA opera
“In terms of infrastructure, the U.S. controls critical web resources. Contrasting this to the Chinese firewall that blocks content for users within its jurisdiction, the U.S. decision to redirect a link can act as a ‘global block’.”
Sunil Abraham in the Hindu, 15 January 2012.

Activists cry foul against Aadhaar
Sunil Abraham participated in the meet on Aadhaar convened by the Indian Social Action Forum.
The Telegraph, 12 January 2012.

NGO questions people's privacy in UID scheme
“The UID project was allowed to march on without any protection being put in place.”
Sunil Abraham in the Times of India, 11 January 2012.

Revealed: Bangalore’s Basic Instincts
“If you look at the Google trend or any other website, Bangalore does not figure among the top 10 cities that surfs for porn. But that does not mean that Bangalore does not surf porn. It only means that we have a very sophisticated surfer with a very specific type. They don’t go through Google or other websites. They know how to go about it. But whether it affects their personal lives is lot more complicated.”
Sunil Abraham in the Bangalore Mirror, 8 January 2012.

Facebook, Google face censorship in India
“Traditional intellectual property rights holders like movie studios, music companies and software vendors are trying to protect their obsolete business models by pushing for the adoption of blanket surveillance and filtering technologies.”
Sunil Abraham in SmartPlanet, 5 January 2012.

Trail of the Trolls
“Trolling provokes a non-productive argument and as of now it is not considered a criminal offence anywhere in the world.”
The Telegraph, 4 January 2012.

Constitution of Group of Experts to Deliberate on Privacy Issues
It has been decided to constitute a Small Group of Experts under the Chairmanship of Justice A.P. Shah, Former Chief Justice, Delhi High Court, to identify the privacy issues and prepare a paper to facilitate authoring the Privacy Bill. Pranesh Prakash is one of the members.
Published by the Planning Commission, New Delhi.

2011: The year India began to harness social media
“We saw an increased sharing of digital content whether photos, videos, songs, news or blogs pointing to the Why This Kolaveri Di video, which went viral on YouTube with over 1.3 million views within a week of its release.”
Nishant Shah in the Sunday Guardian, 1 January 2012.

Blog Posts

Section 79 of the Information Technology Act by Pranesh Prakash
How India Makes E-books Easier to Ban than Books (And How We Can Change That) by Pranesh Prakash. This was reproduced in Medianama.

Upcoming Events

The High Level Privacy Conclave
Privacy India in partnership with the International Development Research Centre, Canada, Society in Action Group, Gurgaon and Privacy International, UK is organizing the High Level Privacy Conclave at the Paharpur Business Centre, Nehru Place Greens in New Delhi on Friday, 3 February 2012.

All India Privacy Symposium
Privacy India in partnership with the International Development Research Centre, Canada, and Society in Action Group, Gurgaon, Privacy International, UK and Commonwealth Human Rights Initiative is organizing the All India Privacy Symposium at the India International Centre, New Delhi on Saturday, 4 February 2012.

Events Organised

Workshop on the Standardization of Kannada Computing Terminology, 28-29 January 2012, Centre for Internet & Society, Bangalore.
The Curious Case of Whose Data is it Anyway? The second round of discussions of the Exposing Data Series was co-organized by Tactical Tech and CIS. Siddharth Hande and Hapee de Groot gave lectures.
"ಕನ್ನಡ ಮತ್ತು ತಂತ್ರಜ್ಞಾನದ ಜೊತೆ ಜೊತೆಗೆ..." organised in TERI, Bangalore, 22 January 2012.

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum. In this connection, Shyam Ponappa continues to write his monthly column for the Business Standard.

Article by Shyam Ponappa

Reversing India's Downward Trajectory
The country can regain growth momentum with rate cuts and telecom reforms, writes Shyam Ponappa in this column published in the Business Standard on 5 January 2012.

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook\
Visit us at www.cis-india.org

CIS is grateful to Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/january-2012-bulletin

January 2011 Bulletin

praskrishna — 2012-07-30T11:25:44Z

Greetings from the Centre for Internet and Society! It gives us immense pleasure to present regular updates on the progress of our research on the mainstream Internet media. In this issue of we bring our latest project updates, news and media coverage:

Researchers@Work

RAW is a multidisciplinary research initiative. CIS believes that in order to understand the contemporary concerns in the field of Internet and society, it is necessary to produce local and contextual accounts of the interaction between the Internet and socio-cultural and geo-political structures. To build original research knowledge base, the RAW programme has been collaborating with different organisations and individuals to focus on its three year thematic of Histories of the Internets in India. Monographs finalised from these projects have been published on the CIS website for public review:

Digital Natives

CIS has interest in developing Digital Identities as a core research area and looks at practices, policies and scholarships in the field to explore relationships between Internet, technology and identity.

Column on Digital Natives

A fortnightly column on ‘Digital Natives’ authored by Nishant Shah is featured in the Sunday Eye, the national edition of Indian Express, Delhi, from 19 September 2010 onwards. The following article was published in the Indian Express recently:

Is That a Friend on Your Wall? [published in the Indian Express on 9 January 2010]

Workshop

The third and final workshop in the Digital Natives with a Cause? research project will take place in Santiago, Chile, from the 8 to 10 February. Open Call and FAQs for the workshop are online:

Blog Entry by Maesey Angelina

Maesy Angelina is a MA candidate on International Development, specializing in Children and Youth Studies at the International Institute of Social Studies, Erasmus University of Rotterdam. She is working on her research on the activism of digital natives under the Hivos-CIS Digital Natives Knowledge Programme. She spent a month at CIS, working on her dissertation, exploring the Blank Noise Project under the Digital Natives with a Cause framework. She writes a series of blog entries. The latest is:

The Digital Tipping Point

Announcement

Rising Voices Seeks Micro-Grant Proposals for Citizen Media Outreach

Accessibility

Estimates of the percentage of the world's population that is disabled vary considerably. But what is certain is that if we count functional disability, then a large proportion of the world's population is disabled in one way or another. At CIS we work to ensure that the digital technologies, which empower disabled people and provide them with independence, are allowed to do so in practice and by the law. To this end, we support web accessibility guidelines, and change in copyright laws that currently disempower the persons with disabilities.

New Blog Entry

Accessibility in Telecommunications

Intellectual Property

Copyright, patents and trademarks are the most important components on the Internet. CIS believes that access to knowledge and culture is essential as it promotes creativity and innovation and bridges the gaps between the developed and developing world positively. Hence, the campaigns for an international treaty on copyright exceptions for print-impaired, advocating against PUPFIP Bill, calls for the WIPO Broadcast Treaty to be restricted to broadcast, questioning the demonization of 'pirates', and supporting endeavours that explore and question the current copyright regime. Our latest endeavour has resulted into these:

New Blog Entry

New Release of IPR Chapter of India-EU Free Trade Agreement

Internet Governance

Although there may not be one centralised authority that rules the Internet, the Internet does not just run by its own volition: for it to operate in a stable and reliable manner, there needs to be in place infrastructure, a functional domain name system, ways to curtail cybercrime across borders, etc. The Tunis Agenda of the second World Summit on the Information Society (WSIS), paragraph 34 defined Internet governance as “the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” Within the larger field of Internet governance, the Internet Governance Forum (IGF), a multi-stakeholder policy dialogue forum that was instituted by the WSIS processes and that is their only formal outcome, has fast emerged as one of the key institutions. As the definition quoted above indicates, a unique feature of the field of Internet governance is that, unlike many other governance spheres, it does not only involve governments. Historically, not only governments but also the technical community and private players have played a crucial role in the development of the Internet. In the context of the IGF, that role is not only explicitly acknowledged but also institutionalised as the IGF formally brings together governments, private players and civil society actors from all areas of and organisations involved in Internet governance. Moreover, now that the open and egalitarian potential of the Internet is increasingly under attack, this unique nature of the IGF, in addition to its WSIS roots, has made it a prime venue to remind stakeholders in all areas of Internet governance of the commitment they have made earlier to building a “people-centred, inclusive and development-oriented Information Society” (WSIS Geneva Principles, Para 1). CIS involvement in the field of Internet governance has the following shape:

New Blog Entry

Jurisdictional Issues in Cyberspace

Privacy

CIS has undertaken many new and exciting projects. One of these, "Privacy in Asia", is funded by Privacy International (PI), UK and is being completed in collaboration with Society and Action Group. "Privacy in Asia" is a two-year project that commenced on 24 March 2010 and will complete within two years from the commencement date, unless otherwise agreed to by the parties. The project was set up with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. In furtherance of these goals it aims to draft and promote an over-arching privacy legislation in India by drawing upon legal and academic resources and consultations with the public.

Apart from "Privacy in Asia" CIS is also participating in the " Privacy and Identity" project, which is funded by the Ford Foundation and managed by the Centre for Study of Culture and Society. The project is a research inquiry into the history of Privacy in India and how it shapes the contemporary debates around technology mediated identity projects like Aadhaar. The "Privacy and Identity" project started in August 2010.

New Blog Entries

Staff Update

Prashant Iyengar is a lawyer and legal scholar who has worked extensively on intellectual property issues particularly focusing on copyright reform and open access. He is a past recipient of an Open Society Institute fellowship for research into Open Information Policy, and has been affiliated with the Alternative Law Forum – a collective of lawyers in Bangalore engaged in human rights practice.

Prashant joined the Centre for Internet and Society as a lead researcher in the Privacy India project recently.

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum. It is imperative to resolve these issues in the common interest of users and service providers. CIS campaigns to facilitate this.

Column

Shyam Ponappa is a Distinguished Fellow at CIS. He writes regularly on Telecom issues in the Business Standard and these articles are mirrored on the CIS website as well.

The policy langurs [published on 6 January 2011]

News & Media Coverage

Civic hackers seek to find their feet in India (Livemint, 24 January 2011) and (IndiaInfoline, January 2011)
A Tweet and a poke from the CEO (Livemint, 24 January 2011)
Clicktivism & a brave new world order (Mail Today, 2 January 2011)
Would it be a unique identity crisis? (Bangalore Mirror, 2 January 2011)
Nel suk dei nativi digitali. Perché gli studenti 2.0 hanno bisogno di una bussola per orientarsi (Il Sore24 ORE, 2 January 2011)
A Refreshing Start! (Verveonline, Volume 19, Issue 1, January, 2011)
Getting Connected (Livemint, January 2011)
Knowledge Warriors (Il Sore24 ORE, January 2011)
Nishant Shah Quoted in Livemint 2011 Tweet-out (Livemint, January 2011)
Digital Natives with a Cause? - Workshop in Chile seeks participants (Bahama islands info, 30 December 2010)
Mothers discuss kids, music, fashions, on Net (The Hindu, 26 December 2010)

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook
Visit us at www.cis-india.org

Looking forward to hearing from you. Please feel free to write to us for any queries or details required. If you do not wish to receive these emails, please do write to us and we will unsubscribe your mail ID from the mailing list.

For more details visit https://cis-india.org/about/newsletters/january-2011-bulletin

Janhit Manch & Ors. v. The Union of India

praskrishna — 2012-01-18T11:57:04Z

The petition sought a blanket ban on pornographic websites. The NGO had argued that websites displaying sexually explicit content had an adverse influence, leading youth on a delinquent path.

IN THE HIGH COURT OF JUDICATURE AT MUMBAI

CIVIL APPELLATE SIDE

PIL NO. 155 OF 2009

Janhit Manch and Ors. ... Petitioners
Versus
The Union of India ... Respondents
Mr. Sandeep Jalan for Petitioner in person.
Mr. A.M. Sethna for R. No. 1.

CORAM : F.I. REBELLO &
J.H. BHATIA, JJ.
DATED : MARCH 03, 2010

P.C.

Petitioner by the present petition has approached this court, seeking relief to direct the respondents to make coordinated and sustained efforts, to have a blanket ban on websites which according to Petitioners are displaying material pertaining to sex and which in their opinion is harmful to the youth of this country in their formative years.

Mr. Jalan, Petitioner No. 2 appearing in person draws our attention to amongst others to Section 67 and 67A of the Information & Technology Act, 2000. Under Section 67 if any person publishes or transmits or causes to be published or transmitted in the electronic form any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regarding to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and fine which may extend to five lakh rupees. Section 67A pertains to publishing or transmitting or causing to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct can be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees.

The Act therefore, makes provision for punishment of a person against whom a complaint is filed, if such person commits the offence which falls within the purview of section 67 or 67A as the case may be. Such person can be tried and convicted. For that prosecution will have to establish that an offence has been committed.

By the present petition what the petitioner seeks is that this court which is a protector of free speech to the citizens of this country, should interfere and direct the respondents to make a coordinated and sustained efforts to close down the websites as aforestated. Once Parliament in its wisdom has enacted a law and has provided for the punishment for breach of that law any citizen of this country including the Petitioner who is aggrieved against any action on the part of any other person which may amount to an offence has a right to approach the appropriate forum and lodge a complaint upon which the action can be taken if an offence is disclosed. Courts in such matters, the guardian of the freedom of free speech, and more so a constitutional court should not embark on an exercise to direct State Authorities to monitor websites. If such an exercise is done, then a party aggrieved depending on the sensibilities of persons whose views may differ on what is morally degrading or prurient will be sitting in judgment, even before the aggrieved person can lead his evidence and a competent court decides the issue. The Legislature having enacted the law a person aggrieved may file a complaint.

In the light of that we are not inclined to interfere in the exercise of our extra ordinary jurisdiction. If the petitioner comes across any website/s which according to him publishes or transmits any act which amounts to offence under section 67 or 67A of the Information & Technology Act, 2000, it is upto him to file a a complaint.

With the above observations, Petition disposed of.

(J.H. BHATIA,J.) (F.I. REBELLO,J.)

For more details visit https://cis-india.org/internet-governance/resources/janhit-manch-ors.-v-union-of-india

J&K social media ban: Use of 132-year-old Act can’t stand judicial scrutiny, say experts

praskrishna — 2017-05-04T02:12:23Z

Jammu and Kashmir's social media ban: Legal experts are not convinced this is a viable order

The article by Shruti Dhapola was published in the Indian Express on April 28, 2017. Pranesh Prakash was quoted.

For residents of Jammu and Kashmir, there’s a blanket ban on social media for the next one month. This means no access to Facebook, WhatsApp, Twitter, Snapchat, Skype WeChat, YouTube, Telegram and other social networks.

As The Indian Express reported, this ‘social media ban’ was ordered by the state government after Chief Minister Mehbooba Mufti chaired a meeting of the Unified Command Headquarters in Srinagar. The total list includes 22 social media websites, and the order, a copy of which is available with The Indian Express, says this is being done “in the interest of maintenance of public order.”

The order to block the sites was issued by RK Goyal, Principal Secretary in the Home department, and cites Section 5 of Indian Telegraph Act, which “confers powers upon the Central government or the state government to take possession of license telegraphs and order stoppage of transmission or interception or detention of messages”.

The order reasons that social media sites are “being used by anti-national and anti-social elements by transmitting inflammatory messages in various forms”. It directs all ISPs to block these websites in the state of Jammu and Kashmir.

But questions are already being raised over its legality.

“This is an illegal order because the Telegraph Act and Rules, which the order cites, doesn’t give the government the power to block websites. The Telegraph Act is a colonial-era legislation first passed in 1885 in the aftermath of the Mutiny, making telegraphs a monopoly of the colonial British government, and restricting Indians’ access to communications technologies. In 1996, in the PUCL case, the Supreme Court laid down that powers to intercept or block transmission of messages cannot be exercised without procedural safeguards in place. In 2007, procedural safeguards were made for interception, but not for blocking of telegraphic communications,” points out Pranesh Prakash, Policy Director at Centre for Internet and Society.

Pavan Duggal, senior lawyer specialising in cyberlaw, concurs. “Legally, the order is not viable. This is because the IT Act applies for blocking, under Section 69 (A). Also Section 81 of the IT Act also make it clear that this is a special law, which will prevail over any other older law. The IT ACT deals with everything related to the internet.”

The IT ACT notes in Section 1, that “It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention there under committed outside India by any person.”

But even blocking under the IT Act isn’t something that can be ordered over night, and the powers for this rest with the central government.

“There’s a provision (69A) in the Information Technology Act which provides for blocking of specific web pages for national security reasons, but only by the Central government. The J&K government, thus can only request the Central government to block. The central government has in the past denied requests by state governments as they were unlawful requests,” Prakash said.

However, blocking of URLs or in fact complete internet shutdowns is not new in India. “This is an example of Internet manipulation by the governments world over. The first casualty of any disturbance is now the Internet and the government, even the democratic ones living under rule of law have decided that is a-okay to prevent people from communicating in the name of law and order,” said Mishi Choudhary, President and Legal Director at SFLC.in

SFLC.in has also been keeping a track of internet shutdowns in India. It has a dedicated website Internetshutdowns.in which crowd-sources information on these bans, and India has already seen seven shut internet shutdowns in first three months of 2017. For instance, in the state of Nagaland internet and mobile services were down for nearly a month from January 30 to February 20.

The issue of url blocking and internet shutdowns inevitably gets linked to one of freedom of speech. While reasonable restrictions can be imposed under Article 19 (2) of the Constitution, experts are not convinced the current order makes enough of a case to justify such a blanket ban.

“The citizens of J&K are Indian citizens and can challenge the order as violative of Article 19 (1) (a) of the Constitution, violative of right to free speech and expression,” says Choudhary.

“Any kind of blocking must conform to the Constitutional guarantees of freedom of expression, and any blocking must be legally “reasonable” for it to be acceptable as a legitimate restriction under Art.19(2). This blanket ban of 22 arbitrarily chosen service — why block QQ or WeChat, but not LinkedIn — and that too for a month, cannot be called reasonable under any circumstances,” argues Prakash.

Prakash adds that the order also raises other international concerns for India. “It also violates India’s international legal obligations under the International Covenant on Civil and Political Rights (ICCPR), whose Article 19 protects the freedom of thought, opinion and expression. Only those restrictions that are provided by law, have a legitimate aim, are necessary with less restrictive option being available, and are proportionate to the harm being address are allowed. For instance, targeting of hate speech that is calling for genocide is reasonable. But such blanket bans of communications platforms are not,” he argues.

So can the citizens challenge such an order, which puts a blanket ban on social networks? The answer is yes, as in this case this order “is legally untenable,” explains Duggal.

On the practice of blocking, he points that in today’s world it can only be seen an antiquated practice. “To give an analogy it is like fixing a leaking roof with a band-aid. It will only increase traffic to the blocked websites, and there are indirect ways to reach these sites via proxies and other tools as well,” he adds.

The orders can always be reviewed by the courts. “While the IT Act allows for blocking, it should be remembered the process is always open to judicial review. Courts have final authority, and they can examine whether the principles of law were applied when passing such a blocking order,” explains Duggal.

The affected social media websites or ISPs don’t yet have a response to this order. When we reached out, Facebook said it did not have an official comment on the ban. Mobile internet service providers Vodafone and Airtel also refused to comment.

For more details visit https://cis-india.org/internet-governance/news/indian-express-april-28-2017-shruti-dhapola-j-k-social-media-ban

IViR Summer Course on Privacy Law and Policy

Admin — 2017-08-23T02:00:50Z

attended the 2016 IViR Summer Course on International Privacy Law as a beneficiary of the OSF Civil Society Scholarship in Amsterdam from July 3 to 7, 2017.

The University of Amsterdam’s Institute for Information Law (IViR) announces the 6th IVIR Summer Course on Privacy Law and Policy. The course will focus on privacy law and policy related to the Internet, electronic communications and online and social media. It will explore the broader trends and recent developments in this rapidly changing field and explain how businesses, governments and other stakeholders can achieve their goals within it. The course will feature a distinguished faculty of European and US academics, regulators and practitioners who will investigate the EU and US legal frameworks and how they operate together. Participants will acquire the essential knowledge necessary to navigate privacy law and policy for online services that operate in the EU and the US. The seminar format promotes interaction among participants and faculty, and incorporates a range of practical exercises to apply the knowledge.

For more information see the website

For more details visit https://cis-india.org/internet-governance/news/ivir-summer-course-on-privacy-law-and-policy

It’s the technology, stupid

sunil — 2017-04-07T12:53:21Z

Eleven reasons why the Aadhaar is not just non-smart but also insecure.

The article was published in Hindu Businessline on March 31, 2017.

Aadhaar is insecure because it is based on biometrics. Biometrics is surveillance technology, a necessity for any State. However, surveillance is much like salt in cooking: essential in tiny quantities, but counterproductive even if slightly in excess. Biometrics should be used for targeted surveillance, but this technology should not be used in e-governance for the following reasons:

One, biometrics is becoming a remote technology. High-resolution cameras allow malicious actors to steal fingerprints and iris images from unsuspecting people. In a couple of years, governments will be able to identify citizens more accurately in a crowd with iris recognition than the current generation of facial recognition technology.

Two, biometrics is covert technology. Thanks to sophisticated remote sensors, biometrics can be harvested without the knowledge of the citizen. This increases effectiveness from a surveillance perspective, but diminishes it from an e-governance perspective.

Three, biometrics is non-consensual technology. There is a big difference between the State identifying citizens and citizens identifying themselves to the state. With biometrics, the State can identify citizens without seeking their consent. With a smart card, the citizen has to allow the State to identify them. Once you discard your smart card the State cannot easily identify you, but you cannot discard your biometrics.

Four, biometrics is very similar to symmetric cryptography. Modern cryptography is asymmetric. Where there is both a public and a private key, the user always has the private key, which is never in transit and, therefore, intermediaries cannot intercept it. Biometrics, on the other hand, needs to be secured during transit. The UIDAI’s (Unique Identification Authority of India overseeing the rollout of Aadhaar) current fix for its erroneous choice of technology is the use of “registered devices”; but, unfortunately, the encryption is only at the software layer and cannot prevent hardware interception.

Five, biometrics requires a centralised network; in contrast, cryptography for smart cards does not require a centralised store for all private keys. All centralised stores are honey pots — targeted by criminals, foreign States and terrorists.

Six, biometrics is irrevocable. Once compromised, it cannot be secured again. Smart cards are based on asymmetric cryptography, which even the UIDAI uses to secure its servers from attacks. If cryptography is good for the State, then surely it is good for the citizen too.

Seven, biometrics is based on probability. Cryptography in smart cards, on the other hand, allows for exact matching. Every biometric device comes with ratios for false positives and false negatives. These ratios are determined in near-perfect lab conditions. Going by press reports and even UIDAI’s claims, the field reality is unsurprisingly different from the lab. Imagine going to an ATM and not being sure if your debit card will match your bank’s records.

Eight, biometric technology is proprietary and opaque. You cannot independently audit the proprietary technology used by the UIDAI for effectiveness and security. On the other hand, open smart card standards like SCOSTA (Smart Card Operating System for Transport Applications) are based on globally accepted cryptographic standards and allow researchers, scientists and mathematicians to independently confirm the claims of the government.

Nine, biometrics is cheap and easy to defeat. Any Indian citizen, even children, can make gummy fingers at home using Fevicol and wax. You can buy fingerprint lifting kits from a toystore. To clone a smart card, on the other hand, you need a skimmer, a printer and knowledge of cryptography.

Ten, biometrics undermines human dignity. In many media photographs — even on the @UIDAI’s Twitter stream — you can see the biometric device operator pressing the applicant’s fingers, especially in the case of underprivileged citizens, against the reader. Imagine service providers — say, a shopkeeper or a restaurant waiter — having to touch you every time you want to pay. Smart cards offer a more dignified user experience.

Eleven, biometrics enables the shirking of responsibility, while cryptography requires a chain of trust.

Each legitimate transaction has repudiable signatures of all parties responsible. With biometrics, the buck will be passed to an inscrutable black box every time things go wrong. The citizens or courts will have nobody to hold to account.

The precursor to Aadhaar was called MNIC (Multipurpose National Identification Card). Initiated by the NDA government headed by Atal Bihari Vajpayee, it was based on the open SCOSTA standard. This was the correct technological choice.

Unfortunately, the promoters of Aadhaar chose biometrics in their belief that newer, costlier and complex technology is superior to an older, cheaper and simpler alternative.

This erroneous technological choice is not a glitch or teething problem that can be dealt with legislative fixes such as an improved Aadhaar Act or an omnibus Privacy Act. It can only be fixed by destroying the centralised biometric database, like the UK did, and shifting to smart cards.

In other words, you cannot fix using the law what you have broken using technology.

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-businessline-march-31-2017-sunil-abraham-its-the-technology-stupid

It’s mainstream vs social

praskrishna — 2012-04-30T04:23:27Z

Mainstream and social media share an increasingly uneasy relationship. Mahima Kaul, a Guest Columnist with the Sunday Guardian wrote this article. Sunil Abraham is quoted in this.

The Abhishek Manu Singhvi CD scandal brought into focus the increasingly confrontational relationship between social media and mainstream media. When a court order kept the mainstream from broadcasting the CD, social media took centrestage in spreading it online and keeping a buzz about the scandal for days. Many termed it as a "victory" for social media. Others slammed social media users as "eternal voyeurs" and wondered why they seemed to be above the court order. In return, blogs went as far as to title a post, "Why the Indian MSM (mainstream media) Wants Social Media Dead".

A quick recap: after the CD leak, Singhvi moved court to stop certain media organisations from telecasting it. The Delhi High Court gave an ex parte order that "the defendants (media house), their agents ... are restrained from publishing, broadcasting and disseminating or distributing in any form or any manner..." However, people caught hold of the video and kept linking it on Twitter, Facebook, YouTube etc. It went viral. Singhvi resigned from all political posts and settled the matter out of court. In his statement of resignation, Singhvi's bitterness at the role of social media was apparent: "in either event it raises no public interest issue... contumacious internet violation of a flagrant kind." I will save you a Google search: contumacious means to be wilfully disobedient to authority.

There are questions to be asked. Who was the 13 April court order aimed at? Is Singhvi's proposition that an internet violation took place true?

The order was explicitly binding on only specific organisations (Aaj Tak, India Today Group and Headlines Today). The rest of the mainstream media showed remarkable restraint. In the case of the video being linked on social media, it was users' prerogative, as they were not covered under that order even though Singhvi's statement suggests otherwise. However, there is another angle to consider. Social media users would have broken the law only if the video content itself was objectionable. "If the video is judged to be 'obscene', then under s.67 of the Information Technology Act, 'causing [obscenity] to be transmitted', is also a crime," says Sunil Abraham of the Center for Internet and Society. So, the question is, was this video obscene? While my journalistic integrity did not extend to watching the video, I've been told it has neither nudity nor explicit sexual activity, and cannot be considered obscene. Therefore, it appears that social media has functioned well within its rights.

What remains, then, is the view that social media "should" be restrained. How? A court order could stop users from linking the video online, but it would only be applicable in India. Also, there are already provisions in the IT Amendment Act 2008, which allows for "offensive" material to be removed by the intermediary, or site blockage by the government. Twitter has already announced national policies of censorship, although this incident would probably not qualify for such a drastic action. Sunil Abraham adds that the court could also give a "John Doe order" against prospective offenders that enables the IP owner to serve notice and take action at the same time against anyone who is found to be guilty. However, this step is to be taken with caution. In criticising the existing order on the Singhvi case, Arun Jaitley wrote in an editorial that "a pre-publication injunction (should) ... be exercised with great caution specially in a case of libel and slander," because in this case it was yet to be proven that the CD was indeed fabricated.

It seems there is offline outrage about online outrage. However, for mainstream media to call for restraint on social media based on their own actions seems to be hypocritical in this particular instance, because they did so only because of a court order. One need to look at stories ranging from the Mumbai attacks to the Arushi Talwar murder case to understand the invasive nature of mainstream media in India. What is more worrying is that the mainstream media is equating itself with social media in some ways, wondering why it needs to have editorial checks if citizens can gossip away on Twitter. In return, social media is counting its victories against the mainstream in a manner that suggests that the two consider each other competitors. Although most conversation on social media would not exist without mainstream news sources, ultimately their function in society is not the same. The media is considered the fourth pillar of democracy, while social media is considered an "unofficial" channel. If either is found indulging in illegal or harmful activities, they can and must be checked. But, in the end, it serves freedom of speech to keep the two functioning in context, not in confrontation.

Read the original published in the Sunday Guardian on April 30, 2012.

For more details visit https://cis-india.org/news/mainstream-vs-social

It's That Eavesdrop Endemic

praskrishna — 2016-07-30T15:45:31Z

Whatsapp Says It’s Snoop-Proof Now, But There’s Always A Way In

The article by Arindam Mukherjee was published in Outlook on July 25, 2016. Pranesh Prakash was quoted.

Lock and Key

WhatsApp says it has end-to-end encryption, so no one, not even WhatsApp, can snoop into calls.

Experts say any encryption can be broken by security agencies. Android phones can also get infected by malware.

For years, a Delhi power-broker used to call from nondescript landline numbers, changing them ever so often. Of late, he has started using WhatsApp calls for ‘sensitive’ conversations. He’s not alone. WhatsApp has revealed that over 100 million voice calls are being made on the social network every day. That’s over 1,100 calls a second! India is one of the biggest user bases of WhatsApp. And many Indian users are making the app their main engine for voice calls.

One reason for this shift is that WhatsApp calls are seen to be essentially free (though they indeed have data charges). But for a lot of people, the chief allure lies in the touted fact that WhatsApp calling is far more secure than mobile calling. In April, the app introduced end-to-end encryption for its messages and voice calls.

Consequent to this, Sudhir Yadav, a Gurgaon-based software engineer filed a PIL in the Supreme Court seeking a ban on WhatsApp on the grounds that its calls are so safe that it could be misused by ‘terrorists’. Last month, a court in Brazil issued orders to block WhatsApp for 72 hours after it failed to provide the authorities access to encrypted data.

Are WhatsApp calls really impenetrable? WhatsApp believes so and says that the encryption key is held by the two persons at the two ends of the message or call and no one, not even the company, can snoop in. “The calls are end-to-end encrypted so WhatsApp and third parties can’t listen to them,” a WhatsApp spokesperson told Outlook. This is precisely Yadav’s concern. “Because the encryption is end to end, the government can’t break it and WhatsApp cannot provide the decryption key,” he says.

However, experts do not buy this argument. They believe everything on the Internet is vulnerable. “Anything that uses a phone number is vulnerable,” says Kiran Jonnalagadda, founder of technology platform HasGeek. “Anyone can impersonate the phone number by getting a duplicate SIM and get access to a phone. There are also bugs in the system which security agencies use.”

WhatsApp uses a person’s phone number to open an account and authenticate a user. So, if the government or a security agency wants to get access to a WhatsApp call, it would be very easy. “Telecom companies cannot access these calls as they are encrypted before they reach the network. But the government can. It just has to replicate a SIM to access any number and its messages or voice calls,” says Aravind R.S., a volunteer for Save the Internet campaign and founder of community chat app Belong,

There are other modes of attack as well. It is a given that Android phones, which form the majority of mobile phones used in India today, are most vulnerable to malware attacks. So, even if the app itself is secure, the device is not and if the device is attacked, just about everything in it can be tapped into. For instance, there’s the ‘man in the middle’ mode of attack, where a third person gets into a call and mirrors the messages to both the sides and relays the messages or calls to a different server. There is also the SS7 signalling protocol that can help hackers get into networks and calls. These attacks can make even a WhatsApp encryption vulnerable.

Security agencies and hackers routinely implant viruses into the phones of people they are monitoring. Once a phone is “infected”, everything is accessible. And Android phones are extremely prone to attacks from malware. “It's not perfectly secure, especially if there is any virus in an Android phone, which is what security agencies work with. They have many more ways to get into a phone. There is no defence against that,” says Aravind,

Experts believe it is possible that US intelligence agencies like the FBI and the NSA may have access to or are capable of breaking into even the WhatsApp encryption. This is proven by the recent incident where the FBI, after being refused by Apple to open up an iPhone used by a terrorist, broke into the phone by itself.

“If you are on the NSA list, there is nothing you can do to protect yourself,” says Pranesh Prakash, policy director with the Centre for Internet and Society. “They will find a way to get into your phone. In WhatsApp, many things like photographs and videos are not encrypted; these can get access to a person’s account.”

In India, the debate on access to encrypted phones has been on since the government engaged with Blackberry a few years ago. “There is no law governing an Over The Top (OTT) service like WhatsApp. If the government orders decryption of a call and WhatsApp cannot comply, it will become illegal,” says cyber lawyer Asheeta Regidi. The government’s seeming comfort level with all this legal ambiguity is yet another indicator that all is not what is seems with WhatsApp. As for callers, they would do well to speak discreetly on any network.

For more details visit https://cis-india.org/internet-governance/news/outlook-july-25-2016-arindam-mukherjee-its-that-eavesdrop-endemic

It Took Just 355 Indians to Mine the Data of 5.6 Lakh Facebook Users. Here's How

Admin — 2018-04-07T15:33:46Z

Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration. Often, it is seen that those who open an account are not aware of the privacy concerns.

The blog post by Subhajit Sengupta was published in CNN-News 18 on April 7, 2018. Sunil Abraham was quoted.

Over 5.6 lakh Indian Facebook profiles have allegedly been compromised and their data leaked to the controversial data analytics firm Cambridge Analytica. As per the company, only 335 people in India installed the App yet they managed to penetrate over half a million profiles.

So, how does this work?

Once a user downloaded the quiz app called “thisisyourdigitallife”, Global Science Research Limited got access to the entire treasure trove of data. There are two mechanisms which are used for this.

First, the Application Program Interface (API) of Facebook called ‘Social Graph’ allows any app to harvest the entire contact list and everything else that could be seen on a users’ friend’s profile. This would take place even for private profiles, says Sunil Abraham, Executive Director of Bangalore based research organization ‘Centre for Internet and Society’.

The second way is when users have a public profile. The algorithm seeks out public profiles from the friend list and would go on multiplying from one public profile to another without any of the users even coming to know what is happening. This is like the ‘True Caller’ application, for it to get your number, you don’t need to download the software. If anyone has the app and your number, then it gets automatically logged there.

Facebook says "Cambridge Analytica’s acquisition of Facebook data through the app developed by Dr Aleksandr Kogan and his company Global Science Research Limited (GSR) happened without our authorisation and was an explicit violation of our Platform policies."

GSR continued to access this data from all the Facebook profiles throughout the entire lifespan of the app on the Facebook platform, which was roughly two years between 2013 and 2015. This means, even if a user is careful enough to not download the application but his/her profile’s privacy settings are weak, the algorithm would infiltrate the data bank.

Amit Dubey, a Cyber Security Expert goes into the details of what the app did, “The app called 'thisisyourdigitallife', which was created for research work by Aleksandr Kogan, was eventually used for psychometric profiling of users and then manipulating their political biases. The app was offered to users on the pretext to take a personality test and it agreed to have their data collected for academic use only. But the app has exploited a security vulnerability of Facebook application.”

Facebook “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it from being sold or used for advertising.

But this kind of data scrapping is not just limited to Cambridge Analytica. The Social Media Algorithm is often abused in the world of data scavenging and analytics. Even law enforcement agencies have often used similar means to locate possible miscreants.

According to Shesh Sarangdhar, Chief Executive Officer in Seclabs & Systems Pvt Ltd, similar data scrapping helped them unearth the terror module behind one of the attacks at an airbase last year. Shesh said that through Social Media Algorithm they would often narrow down on unknown terror modules. What his team did was to connect to the profile the whereabouts of multiple known nods converging. That is how the mastermind was located.

Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration.

Often, it is seen that those who open an account are not aware of the privacy concerns. But as Sunil Abraham puts it, Caveat emptor or ‘Let the Buyers Beware’ does not even apply here. It is not possible for anyone to go through the entire privacy policy.

“So it is not even right to ask if the consumer can protect his/her own interest. Thus, the state should proactively regulate the industry,” said Abraham.

Facebook has brought in a number of changes to its privacy settings. It now allows you to remove third-party apps in bulk. This welcome change has come after sustained pressure on the tech giant from users and a number of regulatory bodies across the world.

For more details visit https://cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk

IT Leaders, Lawyers Welcome SC Ruling on 66A of the IT Act

praskrishna — 2015-03-26T15:58:19Z

The Supreme Court of India has delivered a landmark judgment in scrapping section 66A of the Information Technology Act, which prescribed 'punishment for sending offensive messages through communication service, etc.' and had been branded as grossly 'unconstitutional' by various lawyers and legal advisors.

The blog past was published by Cio.in on March 25, 2015. Pranesh Prakash is quoted.

Here's what 66A of the IT (Amendment) Act, 2008 stated: Any person who sends, by means of a computer resource or a communication device,(a) any information that is grossly offensive or has menacing character;(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently by making use of such computer resource or a communication device, or (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.

As per the study conducted by the Centre for Internet and Society, Bangalore, intermediaries over-comply and tend to take down even legitimate information when they receive a takedown notice. There were also several arrests made as a result. The most recent among which was when a class XI student from Bareilly was arrested for sharing an “objectionable” post on Facebook against senior Samajwadi party leader and state Urban Development Minister, Azam Khan.

The ruling by the Supreme Court has not only been welcomed by Shreya Singhal, the young law student who was among the first to challenge it in the Supreme Court, but also lawyers, legal advisors as well as IT leaders.

Pranesh Prakash, a Policy Director with the Centre for Internet and Society, Bangalore, and a graduate of the National Law School tweeted: While the case is about 'Internet' censorship, the SC judgment is against ALL censorship. That's important. #66A

According to Pavan Duggal, advocate, Supreme Court of India, Section 66A symbolized the tyranny of ambiguous vague terms over the purity of legitimate free speech.

"It represented a tool for suppressing bonafide free speech, which was extensively misused. Sec 66A was a foe more than your friend. In scrapping Sec 66A, Supreme Court has done a great service to the cause of free speech of vibrant digital Indians. Digital free speech in India owes a great deal to the SC ruling," said Duggal.

Various Indian IT leaders also expressed their satisfaction towards the apex court's ruling, and called it a balanced judgment.

Anjani Kumar, CIO, Safexpress says, the ruling is by and large, a favorable one. “Previously, people who were writing against the establishment were being harassed. However, with this ruling, the apex court has protected the constitutional right of freedom of speech,” he said.

There will be freedom of speech and everyone will be able to express their views openly on social media platforms. It will help maintain an equilibrium over a period of time,” said T.G Dhandapani, group CIO, TVS Motors.

While the general sentiment was fairly positive. Manas Mati, executive director and technology head, Walt Disney said, “I think the Section should not have been scrapped. Every person needs to be responsible and accountable for what they post on social media.”

Accountable or not, the judgment clearly indicates that's there won't be any arrests on the subjective interpretation of vague expressions such as “grossly offensive” and “menacing character” etc. under section 66A of the Information Technology Act, 2000.

“However, the ruling is a very balanced one, with the court stating that the government has the right to remove objectionable content, but not arrest the person. The negative can be that some people go overboard on social media and they need to be checked," Kumar said.

For more details visit https://cis-india.org/internet-governance/news/cio-in-march-25-2015-it-leaders%2C-lawyers-welcome-sc-ruling-on-66a-of-the-it-act

It Hurts Them Too

Mir Farhat — 2017-12-19T15:12:31Z

Strap: Internet shutdown robs security forces' social media lifeline in J&K.

Srinagar, J&K: For Mahender*, a member of the Central Reserve Police Force (CRPF) posted in Srinagar for the last two years, the internet has been a way to feel virtually close to his children and wife in Bihar, nearly 1,900 kms away. After duty every day, he finds a quiet corner to start video-calling his wife. At the other end, she ensures their two children are beside her. “We discuss how our day went. Most of our conversations revolve around the kids, their schooling and food, and about my parents who live near our house,” says Mahender, who identified himself only with his first name.

However, Mahender and thousands of security personnel like him posted in the Kashmir Valley haven't found this easy connectivity always reliable, courtesy the government's frequent internet shutdowns, phone data connectivity cuts, and social media bans.

Jammu & Kashmir has faced 55 internet shutdowns between 2012 and 2017, as recorded by the Software Freedom Law Centre. The administration justifies this crackdown by citing "law-and-order situations" that occur during encounters of security forces with militants and, later, when protests and marches are carried out by civilians during militants' funerals.

Hizbul Mujahideen commander Burhan Wani was killed by security forces and police on 8 July 2016, triggering a six-month-long “uprising” among civilians in Kashmir. Immediately after the shootout, security agencies shut the internet down. With 55 internet shutdowns in 2017 itself, it is something of a standard practice in Kashmir today to block social media or internet in a district or entire Valley each time there is an encounter. It is also a recurring practice of precaution against protests on Independence and Republic Day every year.

Security forces and police are not untouched by these shutdowns though. There are 47 CRPF battalions posted in the Kashmir region. “Our jawans experience difficulties during internet bans as they are not able to communicate with their families and friends as frequently as they do when internet is working,” says Srinagar-based CRPF Public Relations Officer Rajesh Yadav.

The J&K police, who are at the forefront of quelling protests and maintaining law & order in the Valley with a strength of nearly 100,000, also suffer. There have been growing instances of clashes between the Kashmiri police and protesters who believe their home force is being brutal during crowd control. The policemen have had to hide or operate in plain clothes. A senior police officer in Srinagar, who does not want to be named, says, “Our families are worried about our well-being when we are dealing with frequent agitations. In such a situation, when there is a ban, we find it difficult to stay in touch with our families.”

More dangerously, internet bans also hit the official communication of cops in action. Their offices are equipped with BSNL landline connections, which are rarely shut down, and they usually communicate through wireless; but for mobile internet most of them depend on private internet service providers, owing to their better connectivity, as the rest of the state. A senior police officer who deals with counter-insurgency in Kashmir speaks of the impact of cutting off phone data connectivity. "We have our own WhatsApp groups for quick official communication. We use broadband in offices only and can’t take it to sites of counter-insurgency operations.”

Yadav of the CRPF says, “While we have several effective means of communication for official purposes, social media is one that has accentuated our communication network. During internet bans, our work is not entirely hampered, but there is a little bit of pinch, since that speed and ease of working is not there.” Nevertheless, he defends the ban, insisting that Facebook and WhatsApp are handy tools for people to "flare up" the situation and "mobilise youths" during protests. "So, it becomes a compulsion for the administration to impose the ban."

Counter-insurgency forces have in the last few years created social media monitoring and surveillance cells. They say it is to equally match the extremists, including those in Pakistan, who use social media services like Telegram, Facebook and WhatsApp now, instead of their phones which can be tapped. It is also to keep an eye on suspected rumour-mongers and propagandists. For instance, 22-year-old Burhan Wani had gained the attention of security forces precisely because of the way he used his huge following, amassed through Facebook posts and gun-toting pictures, to inspire young Kashmiris to militancy.

“There is always monitoring and surveillance. If militants are using it, then they are within the loop,” says Yadav.

There is widespread public outrage against the state government and agencies who impose frequent net bans in Kashmir, but the CRPF official says it hampers their attempts to build an image and do public relations in Kashmir too. “We promote and highlight programmes like Civic Action and Sadhbhavana online, and that's not possible when there's no social media.”

"The public's criticism of the ban is justified,” the counter-insurgency official says. But they are compelled to use it in situations like during the recent scare around braid chopping, which was caused due to “rumour-mongering by persons with vested interests”. Kashmiri civil society had suggested that the police keep the internet up to issue online clarifications trashing the rumours, but it was not to be.

"The internet has made it possible to identify culprits while sitting in an office. But we have to shut it down in case of communal tensions which have the tendency to engulf the whole state,” says the senior cop. “When we have no option left, we go back to traditional human intelligence.”

Name changed to protect identity.

Mir Farhat is a journalist from Jammu & Kashmir, with an experience of reporting politics, conflict, environment, development and governance issues. His primary interests lie in reporting environment and development. He is a member of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/it-hurts-them-too

It feeds on you!

Admin — 2018-04-10T16:16:24Z

A robust data protection law can prevent Facebook from manipulating users

The article by Anita Babu was published as a cover story in The Week on April 8, 2018. Pranesh Prakash was quoted.

Soon after the Facebook-Cambridge Analytica scandal broke, a meme featuring Donald Duck began circulating on social media. It showed the cartoon character waking up to the news of the data leak, and then going back to sleep realising that the data was as “worthless” as he was.

The meme struck a chord with the younger generation, which has learnt to laugh at its own triviality. But, what it misses is the fact that technology companies can profit from even the most insignificant set of personal data.

Facebook, as its users know, is a marketing behemoth in the guise of a social media platform. By using it, people willingly give away information about themselves—their identity, relationship status, places visited and people met, political views, and so on. Facebook collates all this information, which may seem insignificant to an individual user, and then converts it into multiple databases.

These databases are lucrative, as it helps Facebook target ads at specific individuals or groups. The company earned as much as $40 billion in revenues last year by harvesting ‘worthless’ data. “Data collection at such a granular level is the problem,” said Nikhil Pahwa, Delhi-based digital rights activist and cofounder of Internet Freedom Foundation. “Data once collected is going to get stolen, lost, compromised or sold. Also, the linking of multiple data sets should not be allowed, because, at the end of the day, it has the potential to undermine democracies.”

The Cambridge Analytica (CA) files have revealed the extent to which tech companies like Facebook and Google profile users. “The fact that micro-targeting of ads were done through Facebook was a known fact,” said Bedasree, copy editor at the education services firm Careers360. “What is dangerous is that data theft can create identical virtual identities, like bots, which is happening. Since everything is digitised we would not be able to differentiate the real from the fake. And, there would be no accountability, because you have given your data to almost everyone.”

Micro-targeted ads have exposed Facebook to allegations of discrimination. For instance, a lawsuit filed in the US last year said companies like Amazon and T-Mobile ran recruitment ads in Facebook, allowing only younger workers to see them. “There is a difference between influencing and manipulating people,” said Pranesh Prakash, policy director at the think tank Centre for Internet and Society. “While ‘influencing’ a person politically is something to be celebrated in a democracy, manipulating someone is dangerous…. The problem is not necessarily the content, but the way it is presented: whether it is done transparently and ethically.”

So, what does the CA scandal mean to users? “They must understand what they are trading for convenience,” said Mishi Choudhary, technology lawyer and legal director at Software Freedom Law Centre, New York. “The technology package, consisting of smartphones and social media companies, peddles a form of convenience that we are all buying into. This convenience ensures that a form of inhuman social control is established, not only in our buying habits, but in our democracy as well.”

Facebook’s algorithm to determine a user’s newsfeed—the list of updates that a user sees on her Facebook homepage—is a key tool in establishing this control. According to Facebook, the objective of the newsfeed is “to show you the stories that matter the most to you”. It means Facebook determines what a user should see or not see. Studies have shown that Facebook can tweak the algorithm in such a way that only certain types of stories appear in your newsfeed, thereby influencing your mood and behaviour. “The kind of powers that a company like Facebook has, is dangerous,” said Prakash. “Certainly, it is not just Facebook which is problematic in this regard, but all companies with similar business models.”

In 2016, India campaigned hard and upheld net neutrality in its attempt to stop Facebook's 'Free Basics', a coterie of free web services provided by the social media giant but with controls. Two years later, the data theft scandal, with Facebook at the heart of it, has put the spotlight on India's need for a robust data protection law.

Last year, the government had appointed a committee of experts under the chairmanship of Justice B.N. Srikrishna to look into the matter. The committee submitted a white paper early this year, which drew criticism from experts for its shortcomings.

Perhaps, the government should take cues from the current discourse on digital rights. The need of the hour, say experts, is a comprehensive, user-centric data protection law rooted in user consent. The government should hold companies liable for any failure in taking the consent of users and protecting their data.

The laws should focus on the business model of social media companies, which effectively sell people to advertisers. “The value in digital advertising lies in collecting information about peoples’ behaviour, on a scale previously unimagined in the history of humankind,” said Choudhary. “Gram for gram, the smartphone is the densest collection of sensors ever assembled. It’s a spy satellite in your pocket, aimed at you.”

Perhaps, the answer lies in building a technology ecosystem that encourages smaller players to take on giants like Facebook. A key to that would be implementing ‘interoperability’ between social networks. Said Hrishikesh Bhaskaran, member of Mozilla India’s Policy and Advocacy Task Force, which works to ensure privacy and data security: “This [interoperability] means that, just like one is able to send mails between Gmail and Yahoo platforms, a user should be able to interact between Facebook and Twitter. There is no technical reason why this cannot be allowed.”

For more details visit https://cis-india.org/internet-governance/news/the-week-anita-babu-april-8-2018-it-feeds-on-you

IT companies in Bengaluru on high alert over WannaCry ransomware

praskrishna — 2017-05-19T09:05:46Z

In the wake of the ransomware attack triggered by WannaCry virus, IT firms in Bengaluru are racing against time to updating their security systems. At some firms, employees have been asked to stay away from work for a few hours, while many other companies have declared holiday for a day or two for their employees.

The article by Kiran Parashar K M & Shruthi H M was published in the New Indian Express on May 17, 2017. Pranesh Prakash was quoted.

Sources said IT teams in many firms are working overtime to ensure such attacks do not harm their systems. Employees have been communicated to be aware of unsolicited emails and were asked to stay away from work at a few places where the security systems update was in progress.

A network engineer of a secondary source software firm, who provides security solutions, said, “We were asked to work on weekend and monitor the servers. The monitoring process is likely to continue. Some of the outsourcing companies have declared holiday as network engineers are flooded with work.”
“Recent developments have affected work at IT firms but there is no report of any company getting affected,” a techie said.

Wipro Ltd officials told Express: “Wipro has not seen any impact. However, we remain vigilant and have strengthened security controls at all layers to detect and mitigate any such threat.”

Companies providing financial technology are struggling to ensure that all ATMs are running on updated software. “We are in touch with the original equipment manufacturers for the patches that may be required to be rolled out on the ATMs running on Windows XP and Windows 7, to make them additionally secure,” said Radha Rama Dorai (Country Head - ATM & Allied Services), FIS, a financial technology provider.
“Fortunately ATMs in India have not been affected by WannaCry ransomware,” said Dorai.

Sudesh Shetty, Partner, Forensics, KPMG in India, said: “Banks need to apply the patch which Windows has released for outdated operating systems. Organisations need to make use of it.”

WannaCry under reported

The Indian Cyber Army sources said that there has been under reporting of such incidents as many individuals use pirated version of the Windows software. Also, people have no idea whom to report if they fall prey to WannaCry.

For more details visit https://cis-india.org/internet-governance/news/new-indian-express-kiran-parashar-km-and-shruthi-hm-it-companies-in-bengaluru-on-high-alert-over-wannacry-ransomware

IT (Amendment) Act, 2008, 69B Rules: Draft and Final Version Comparison

jdine — 2013-04-30T09:47:46Z

Jadine Lannon has performed a clause-by-clause comparison of the Draft 69B Rules and official 69B Rules under Section 69B in order to better understand how the two are similar and how they differ. Notes have been included on some changes we deemed to be important.

There has been a considerable amount of re-arrangement and re-structuring of the various clauses between the 69B Draft Rules and the official Rules, as can be seen in the comparison chart, but very little content has been changed. The majority of the changes made to the official Rules are changes in wording and language that serve to provide some much-needed clarification to the Draft Rules (see the differences between Clause (9) of the Draft Rules and sub-section (4) of Clause (3) of the official Rules as an example). Language redundancies, as well as full clauses (Clause [6] of the Draft Rules) have been thankfully removed in the official Rules.

Aside from the addition of four definitions, including a definition for a “security policy”, a phrase which appears in the Draft Rules without being defined, Clause (2) contains what is most likely one of the more noteable changes between the two definitions: under sub-section (g) in the 69 Rules, the words “or unauthorised use” have been added to the definition of “cyber security breaches”, which significantly increases the scope of what can be considered a cyber security breach under the Rules.

A significant change between the two sets of rules can be found in sub-section (2) of Clause (8) of the official rules, which states that, “save as otherwise required for the purpose of any ongoing investigation, criminal complaint or legal proceedings the intermediary or the person in-charge of computer resource shall destroy records pertaining to directions for monitoring or collection of information”. The section in italics has been added to the original Clause (22) of the Draft Rules, meaning that when the Rules were originally drawn up, no exceptions were to be made for the destructions of the records for the issuing of directions for monitoring and/or the collected information. They would simply have to be destroyed within six months of the discontinuance of the monitoring/collection.

One change that may or may not be significant is the replacement of the words “established violations” in the Draft Rules to simply “violation” in the official Rules in Clauses (19)/(6), which deal with the responsibility of the intermediary. This could be taken to mean that suspected and/or perceived violations may also be punishable under this clause, but this is a hard stance to argue. Most likely the adjustment was made when those superfluous and/or convoluted parts of the Draft rules were being removed.

For more details visit https://cis-india.org/internet-governance/blog/it-amendment-act-69-b-draft-and-final-version-comparison

IT (Amendment) Act, 2008, 69A Rules: Draft and Final Version Comparison

jdine — 2013-04-30T10:10:48Z

Jadine Lannon has performed a clause-by-clause comparison of the 69A draft rules and 69A rules for Section 69A of the IT Act in order to better understand how the two differ. While there has been reshuffling of the clauses in the official rules, the content itself has not changed significantly. Notes have been included on some changes we deemed to be important.

Below is a chart depicting the 69A Draft Rules and the 69A Rules:

There was a lot of structural change between the draft rules and the official rules—many of the draft clauses were shuffled around and combined—but not a lot of change in content. Many of the changes that appear in the official rules serve to clarify parts of the draft rules.

Three definitions were added under clause (2), two to clarify later references to a “designated officer” and a “nodal officer” and the third to indicate a form appended to the official Rules.

Clause (3) of the official rules then clarifies who shall be named the “designated officer”, which was not done in the draft rules as there was no inclusion of an official title of the officer who would have the responsibilities of the “designated officer”. Interestingly, clause (3) of the draft rules requires the Secretary of the Department of Information Technology, Ministry of Communications & Information Technology, Government of India to name an officer, whereas clause (3) of the official rules states that the “Central Government” shall designate an officer, a change in language that allows for much more flexibility on the government's part.

Clause (5) in the draft rules and clause (4) in the official rules deal with the designation of a Nodal Officer, but omitted in the official rules are responsibilities of the designated officer, which includes acting on the “direction of the indian competent court”. This responsibility does not appear in any part of the official rules. Further, clause (4) of the official rules requires the organizations implicated in the rules to publish the name of the Nodal Officer on their website; this is an addition to the draft rules, and a highly useful one at that. This is an important move towards some form of transparency in this contentious process.

Clause (5) of the official rules significantly clarifies clause (4) of the draft rules by stating that the designated officer may direct any Agency of the Government or intermediary to block access once a request from the Nodal Officer has been received.

Clause (7) of the official rules uses the word “information” instead of “computer resource”, which is used in the corresponding clause (12) in the draft rules, when referring to the offending object. This change in language significantly widens the scope of what can be considered offending under the rules.

The sub-sections (2), (3) and (4) of clause (9) of the official rules are additions to the draft rules. Sub-section (2) is a significant addition, as it deals with the ability of the Secretary of the Department of Information Technology's ability to block for public access any information or part thereof without granting a hearing to the entity in control of the offending information in a case of emergency nature. The request for blocking will then be brought before the committee of examination of request within 48 hours of the issue of direction, meaning that the offending information could be blocked for two days without giving notice to the owner/controller of the information of the reason for the blockage.

An important clarification has been included in clause (15) of the official rules, which differs from clause (23) of the draft rules through the inclusion of the following phrase: “The Designated Officer shall maintain complete record of the request received and action taken thereof [...] of the cases of blocking for public access”. This is a significant change from clause (23), which simply states that the “Designated Officer shall maintain complete record [...] of the cases of blocking”. This could be seen as an important step towards transparency and accountability in the 69B process of blocking information for public access if clause (16) of the official rules did not state that all requests and complaints received and all actions taken thereof must be kept confidential, so the maintenance of records mentioned in clause (15) of the official rules appears to be only for internal record-keeping. However, just the fact that this information is being recording is a significant change from the draft rules, and may, if the sub-rules relating to confidentiality were to be changed, be useful data for the public.

For more details visit https://cis-india.org/internet-governance/blog/it-amendment-act-69-a-rules-draft-and-final-version-comparison