We are anonymous, we are legion

Department of Labour Interaction Program: Online Business Platforms

Bharath Gururagavendran — 2019-10-29T06:05:56Z

The Department of Labour convened an interaction program of sorts at Vikas Soudha in Bangalore on 21st October, 2019 to hear the issues plaguing the emergent gig economy.

The blog post was edited by Ambika Tandon.

The meeting was called to hear and address the grievances of gig workers, (employed by online business platforms) in the presence of their employers. The meeting was presided by the esteemed Labour Minister, Shri. Suresh Kumar, and the Secretary to the Labour Department, Shri Manivannan. The Minister began by disclosing that union members and delivery partners employed by online delivery companies (Swiggy, Zomato, Ola, Flipkart, etc.) had approached his office, with several complaints pertaining to the legal treatment or lack thereof, of gig workers across the nation. They also further identified the day-to-day concerns that they had to face (i.e. health & pay-related issues) as a consequence of their non-recognition under the labour law frameworks in the country.

"The majority of the delivery boys that aggregators (e.g. Swiggy, Ola, Uber, etc.) employ are full-time workers who depend solely on these companies for their income." That was the refrain of most of the spokespeople supporting the cause of gig workers. These were some of the representatives who spoke on behalf of the gig workers employed by online aggregators:

Mr. G. S. Kumar (Food Delivery Partners Association)
Mr. Tanveer Pasha (Ola driver)
Mr. M. Manjunath (Auto Chalaka Okkuta)
Mr. Amit Gupta (Brand Strategist)
Ms. Kaveri (Researcher)
Mr. Basavaraj (Food Delivery Association)

"The delivery partners employed by online aggregators should be treated as full-time employees"

Mr. G.S Kumar, an office-bearer at the Food Delivery Partners Samithi set the context for the conversation, by identifying at the very outset that the term "delivery partners" is a misnomer and that they are largely full-time employees. They are further straddled with family commitments, health concerns, and dwindling pay structures. As such, he proclaimed that they are deserving of the protections statutorily available to employees (in the traditional sense of the term) under the extant labour legislations. It was also specifically highlighted by Mr. K.S. Kumar, that in status quo, delivery boys cannot avail of ESI, or PF benefits.

Furthermore, the protections the companies make available are also quite abysmal, for instance a Rs. 2 lakh accidental cover that's rarely ever paid. The practical exigencies of their itinerant lifestyles inhibit them from maintaining strict compliance with the protocols that are unfortunately condition precedents to obtaining the benefits they so desperately require. The language of these policies in the fine print often contains conditions that are quite hard to satisfy, and as such, the benefits remain inaccessible to the vast majority of drivers employed by these online business platforms. Adding value to this criticism of Mr. K.S. Kumar, Mr. Basavaraj later clarified that conditions such as requiring 24 hours of admittance for the processing of insurance claims, makes it nigh impossible for drivers plying the roads to ever materially avail of health or accidental insurance.

"Ola/Uber drivers face serious health risks, as they ply the roads of Bangalore, and require functional insurance"

Tanveer Pasha, a member of the Ola/Uber Drivers Association, discussed the lived experiences of these delivery boys who ply the road, travelling nearly fifteen to twenty kilometres for each trip in peak Bangalore traffic. He narrated stories of trauma and violence faced by drivers, such as instances of heart attacks and accidents, which made the conversation a little heated. The minister then deftly interjected, by requesting them to be solution-centric, while discussing their grievances, as this aids the government's ability to balance the competing interests of both the aggregators and the gig workers.

"A Government ombudsman is required to address the grievances of gig workers"

To that effect, M. Manjunath from the Auto and Taxi Association asserted that insurance is a basic right that should be provided to the employees. Amit Gupta, Brand Strategist, spoke on behalf of his sister, previously employed at Swiggy, and stated that an ombudsman empowered to take complaints, even from gig workers, should be created. He believed this was imperative given that aggregators are de facto free to violate the terms and conditions prescribed in the employment order, as they have the resources to see the case through in court, whereas employees don't have much recourse, outside of trade unions. He concluded that for these delivery partners devoid of the right to collectivize, it becomes crucially important to maintain at the very least, a Government ombudsman.

"Aggregators should not profit off of the positive network effects gained through delivery partners, and simultaneously deny their right to protest unfair business practices"

Ms. Kaveri, a researcher on the conditions of gig workers, brought to light some of the more egregious problems that are faced by these workers. For instance, they are removed from employment, at a moment's notice if they attempt to protest, and to that effect, she stated that Zomato had fired an employee that very day because he was supposed to participate in the meeting and make his case. She further specified that it was patently unfair to allow these aggregators to profit off of the positive network effects gained solely because of the delivery partners, and subsequently engage in cost-cutting practices like reducing the incentives that they receive.

In response to these claims, the Labour Minister invited representatives of online platforms to shed some clarity on the concerns raised by the gig workers they employ.

These were some of the representatives who spoke on behalf of the online aggregators:

Mr. Manjunath (Flipkart)
Mr. Panduranga (Legal Team, Swiggy)
Mr. Ashok Kumar (Zomato)

"Flipkart does provide significant benefits to its fixed-term contractors"

Mr. Manjunath clarified his position on these issues, with regards to Flipkart, by stating that there is a tripartite classification amongst people who work there:

a) Full-time employees

b) Fixed Term Contractors (e.g. 8 or 10-month contract)

c) Interns

He further affirmed that even for fixed term contractors, Flipkart offers ESI, and PF benefits. He also specified that they don't hire more employees or fixed-term contractors during peak season, but rather hire only interns to meet demand, as it offers the inexperienced interns a chance to gain industry exposure as well.

"Swiggy empowers the agency of its delivery partners, and provides necessary benefits"

Mr. Panduranga, from the legal department at Swiggy, in direct response to the concerns about Swiggy, stated that the gig economy is emergent and that Swiggy and other such aggregators are merely technology platforms, facilitating end-to-end services (between different stakeholders, e.g. customer-driver-restaurant). In that sense, he clarified that the delivery partners they employ have the right to accept or deny deliveries and that there is no compulsion to commit to the work. Moreover, he specified that merely logging off the app frees up a delivery partner of his or her time. He opined that they have the freedom to work for multiple companies, and the process of joining and leaving is highly flexible. In that sense, he stated that a large number of students and after-office hours employees are the ones employing these apps as a means to generating quick cash flows (and as such, should not be treated as full-time employees). He also mentioned that there is up to 1 lakh for medical expenses, (which are currently being disbursed), and Rs. 5 lakhs for accidental death coverage as well. Mr. Ashok Kumar from Zomato also reaffirmed the statements of Mr. Panduranga.

"Incentive and disincentive structures coercively compel gig workers to work hours akin to full-time employees"

Mr. Basavaraj from the Food delivery Association/Samithi, along with all the other representatives clarified that it is extremely unlikely that the majority of gig workers are part-time and only in it for generating quick money. Instead, the majority of gig workers work 9-12-hour workdays, and in that sense, are really no different from traditional employees. Basavaraj stated that an examination of the travel logs of delivery partners will make it clear whether the majority of workers are part-time or full time. He also pointed out that incentive and disincentive structures coercively compel drivers to work long hours with poor working conditions. For example, drivers who don't operate during peak hours do not receive the incentives they are promised. Further, the manner of advertisement of these jobs is itself insidious, as the salary offering is inclusive of the money one would receive if they also met their incentive-targets. Basavaraj specified that the deceptive advertising of these companies is what leads to massive hordes of gig workers working, in essence, full-time jobs, and as such, they must require the protection of their rights enshrined under labour legislations.

There was also collective agreement from the spokespeople making a case on behalf of the gig workers, that the benefits provided on paper (health insurance for accident cases) are rarely ever provided, and that the process of acquiring the same is rife with hassles. However, this was met with fervent opposition from the spokespeople representing the online aggregators, who contended that these insurance payments were being sanctioned freely without inconvenience.

Concluding Observations of the Labour Minister

The Labour Minister, Shri. Suresh Kumar, identified that this is an emergent issue; one that requires serious consideration, as the gig economy is here to stay. He reaffirmed the social responsibility of the Government to inspect this matter and set up a legal framework, as it concerns the deprivation of agency for lakhs of people working as gig workers in the state, and across the country. He also affirmed that he is cognizant of the business interests at play. To that effect, he declared that the Deputy Labour Commissioner, Shri. Balakrishnan would examine the relevant data at hand, hold necessary meetings with both parties, and submit a report on the creation of a prospective framework to regulate gig economies within one month. He stated that the Government will set up a framework with governing rules and regulations, based on the report submitted. He concluded by emphasizing the necessity for both parties to be trusting of one another and not render the working dynamic adversarial, however oppositional their competing interests maybe, as trust is a constitutive component of conflict resolution.

For more details visit https://cis-india.org/internet-governance/blog/department-of-labour-interaction-program-online-business-platforms

Comments to the Code on Social Security, 2019

Aayush Rathi , Amruta Mahuli and Ambika Tandon — 2019-10-27T03:57:15Z

This submission presents a response by researchers at the Centre for Internet & Society, India (CIS) to the draft Code on Social Security, 2019 (hereinafter “ Draft Code ”) prepared by the Government of India’s Ministry of Labour and Employment.

CIS is an 11-year old non-profit organisation that undertakes interdisciplinary research oninternet and digital technologies from policy and academic perspectives. Through itsdiverse initiatives, CIS explores, intervenes in, and advances contemporary discourse andregulatory practices around internet, technology, and society in India, and elsewhere.Current focus areas include cybersecurity, privacy, freedom of speech and artificialintelligence. CIS is also producing research at the intersection of labour, gender andtechnology.

CIS is grateful for the opportunity to put forth its views and comments. Our comments are captured in the prescribed format in the table, click here to view the full comments.

For more details visit https://cis-india.org/internet-governance/blog/aayush-rathi-ambika-tandon-amruta-mahuli-october-25-2019-comments-to-code-on-social-security

Comments to the United Nations Human Rights Commission Report on Gender and Privacy

Aayush Rathi, Ambika Tandon and Pallavi Bedi — 2019-12-30T17:40:20Z

This submission to UNHRC presents a response by researchers at the CIS to ‘gender issues arising in the digital era and their impacts on women, men and individuals of diverse sexual orientations gender identities, gender expressions and sex characteristics’. It was prepared by Aayush Rathi, Ambika Tandon, and Pallavi Bedi in response to a report of consultation by a thematic taskforce established by the Special Rapporteur on the Right to Privacy on ‘Privacy and Personality’ (hereafter, HRC Gender Report).

HRC Gender Report - Consultation version: Read (PDF)

Submitted comments: Read (PDF)

The Centre for Internet and Society (CIS), India, is an 11-year old non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and regulatory practices around internet, technology, and society in India,and elsewhere. Current focus areas include cybersecurity, privacy, freedom of speech, labour and artificial intelligence. CIS has been taking efforts to mainstream gender across its programmes, as well as develop specifically gender-focused research using a feminist approach.

CIS appreciates the efforts of Dr. Elizabeth Coombs, Chair, Thematic Action Stream Taskforce on “A better understanding of privacy”, and those of Professor Joseph Cannataci, Special Rapporteur on the Right to Privacy. We are also grateful for the opportunity to put forth our views and comment on the HRC Gender Report.

For more details visit https://cis-india.org/internet-governance/blog/comments-to-the-unhrc-report-on-gender-and-privacy

Trending Hate Against Muslims: Is Twitter Complicit?

Puja Bhattacharjee — 2019-10-23T00:54:41Z

Twitter claimed that it had ‘prevented’ the Hashtag while it had not.

The blog post by Puja Bhattacharjee was published in News Central on October 21, 2019. Pranesh Prakash was quoted in it.

In 2009, Twitter took down a trending hashtag. The hashtag in question started in South Africa and had the word “darkie” in it. That word is not a slur in South Africa, but it was used as a slur against the African Americans community in the USA. On receiving complaints, Twitter immediately removed that from trending topics though it was a clash of meanings between two different places.

On Sunday evening, a hashtag of more insidious nature was trending in India. The hashtag #मुस्लिमो_का_संपूर्ण_बहिष्कार, translated literally means “Total boycott of Muslims”. The incident is ominous given rising apprehension across the world that India is now in the grip of a violent form of Hindu Nationalism. The tweets in support of the hashtags were mostly from right-wing accounts, some of which not only called for the boycott of Muslims but also celebrated the persecution of Uighurs in China.

Speaking to NewsCentral24x7.com, a Twitter spokesperson claimed that it had ‘prevented’ the hashtag from trending: “There are Rules for trends and we have prevented this hashtag from trending as it is in violation of the Twitter Rules”. (Full statement at the end of the story)

However this was patently false since many users pointed out that the hashtag continued to trend even after Twitter’s statement. In Delhi, the hashtag continues to trend at number one. More disturbingly, as reported by The Wire some of the accounts tweeting in support of the hashtags are followed by the Prime Minister and several cabinet ministers.

Also Read: Need To Change Name To Save Myself From Sword Of Hate: Muslim Bureaucrat From M.P. On The Atmosphere Of Hate In Modi II

Pranesh Prakash, co-founder of Centre for Internet and Society, says that Twitter usually does not ban a hashtag. “They can remove it from trending and if people use it offensively, then they can ban that person or that tweet…. Twitter should put out a statement apologizing for and condemning this given they condemn white nationalists in the US.” he says.

The hashtag was started ostensibly in retaliation of the murder Kamlesh Tiwari, 45, the president of the Hindu Samaj Party. Over the weekend, the police arrested five people in connection to the murder.

However, Kamlesh Tiwari in his last Facebook Live video before his murder protested the removal of his security by the Yogi Adityanath government and trying to hatch a conspiracy to kill him. His mother echoed his sentiments and has come out to say that there is no communal angle to his murder.

The matter once again raises questions about the responsibility Big-Tech platforms like Twitter need to discharge in monitoring and combating hate speech. Many organizations in the USA, UK and Australia such as the Anti-Defamation League (ADL), the Women, Action and the Media (WAM!), Online Hate Prevention Institute and Sentinel Groups for Genocide Prevention have become increasingly invested in combating hate speech online by targeting Internet intermediaries and asking them to take greater responsibility in moderating content, in addition to raising awareness among users.

An interactive map showing the trends of the hashtag from October 20 evening till October 21 morning in the sub-continent.

However, in India, the government’s proposed changes to Section 79 of the IT Act for restricting hate speech has led to fears of widespread censorship. The Internet Freedom Foundation published a comprehensive blog on why such an amendment is undesirable.

In a report released in 2017, the Law Commission of India recommended broadening the existing provisions of hate speech to include other criteria that are based on their gender and sexuality.

“It does not look at underlying reforms. Like understanding the link to violence and whether it should only be a provision which should apply to members of a minority community -linguistic, caste, religion,” says Apar Gupta, executive director, Internet Freedom Foundation

He says if lawmakers are unwilling to substantively tinker with definitions in a very real and substantial way, they should come up with procedural safeguards instead.

Twitter or any social media company has two levels of obligation – its own obligations towards its users which is under the terms of service contract under which it can proactively take down a speech if there is a violation of those standards. “They have a degree of discretion to do it as well. This is where most of the content takedowns happen which also results in a certain amount of criticism because they lack the consistency desired by people,” says Gupta.

The second level of compliance is when a legal notice is sent by a judicial or executive authority. If they do not comply, their online immunity from liability for the content posted by the user can be removed and they can be prosecuted as an accessory or abettor to the content published on their platform. “Twitter can block the hashtag but what we are looking for is a much more credible law enforcement response based on the content of each tweet,” Gupta adds.

In her book, HATE: Why We Should Resist it With Free Speech, Not Censorship by Nadine Strossen, the author argues that that censorial measures are ineffective and do not promote equality. Instead, Strossen, recommends forceful counter-speech and activism.

“In 2016, a report was issued about counterspeech on Twitter, coauthored by a group of scholars from the United States and Canada. The report, which included the first review of the “small body” of existing research about online counterspeech, concluded that hateful and other “extremist” speech was most effectively “undermined” by counterspeech rather than by removing it,” she writes.

Editors Note: The hashtag discussed above is absolutely horrifying and historically widespread calls for ‘boycott’ have preceded genocide. While on one hand we cannot allow hate speech to become an excuse for governments to curb non-harmful, legal speech, the censor or counter debate cannot be allowed to become a veil for big-tech to wash its hands off the matter. There is now significant reportage which shows that hate speech essentially benefits social media platforms and therefore they are unwilling to curb it. In this specific case the double standards twitter has displayed in being prompt in one country while unresponsive in other is also a very disturbing aspect.

Full statement by Twitter:

“At Twitter our singular goal is to improve the health of the public conversation, including ensuring the safety of people who use our service. As outlined in our Hateful Conduct Policy, we do not tolerate the abuse or harassment of people on the basis of religion. As per our Help Center, there are Rules for trends and we have prevented this hashtag from trending as it is in violation of the Twitter Rules. If people on Twitter see something that violates the Twitter Rules, the most important thing they can do is report it, by clicking the drop down arrow at the top of the Tweet and selecting “Report Tweet.”

For more details visit https://cis-india.org/internet-governance/news/news-central-october-21-2019-puja-bhattacharjee-trending-hate-against-muslims

NIPFP Seminar on Exploring Policy Issues in the Digital Technology Arena

Admin — 2019-10-20T07:40:16Z

Anubha Sinha participated in this seminar as a discussant on the "Regulating emerging technologies" panel. The event was held at Indian Institute of Advanced Study, Shimla on October 10 - 11, 2019.

Click to view the agenda here. The session briefs can be seen here.

For more details visit https://cis-india.org/internet-governance/news/nipfp-seminar-on-exploring-policy-issues-in-the-digital-technology-arena

Discussion at CyFy on Technology, Policy and National Security: Building 21st Century Curricula in India’s Law Schools

Admin — 2019-10-20T07:23:11Z

Arindrajit Basu attended the session and gave comments on the course outline which included thoughts on:

Threshold of technical knowledge-comparison with WTO law
Need for India-centric approaches both in domestic and foreign policy
Possibility of executive training of senior diplomats
Need to include fintech security in the syllabus
Necessity of international law as a tool of conflict 6. Sustained collaboration between think-tanks and universities

The event was organized by Centre for Communication Governance at National Law University Delhi and Observer Research Foundation at Villa Medici, Taja Mahal Hotel, Man Singh Road, New Delhi.

For more details visit https://cis-india.org/internet-governance/news/discussion-at-cyfy-on-technology-policy-and-national-security-building-21st-century-curricula-in-india2019s-law-schools

Due Diligence Project FGD by UN Women

Admin — 2019-10-20T07:11:13Z

On October 11, 2019, Radhika Radhakrishnan attended a focussed group discussion at the UN House, New Delhi, organized by UN Women for their multi-country research study on online violence (Due Diligence Project).

The purpose of the discussion was to provide a better understanding of the nature and the scope of this form of VAWG and to provide recommendations to inform policies, plans, programming and advocacy on the issue.

For more details visit https://cis-india.org/internet-governance/news/due-diligence-project-fgd-by-un-women

Roundtable Discussion on Intermediary Liability

Admin — 2019-10-20T07:08:11Z

Tanaya Rajwade participated in a roundtable discussion on intermediary liability organised by SFLC and the Dialogue in New Delhi on October 17, 2019.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/roundtable-discussion-on-intermediary-liability

“Politics by other means”: Fostering positive contestation and charting ‘red lines’ through global governance in cyberspace

basu — 2019-10-21T15:40:38Z

The past year has been a busy one for the fermentation of global governance efforts in cyberspace with multiple actors-states, industry, and civil society spearheading a variety of initiatives. Given the multiplicity of actors, ideologies, and vested interests at play in this ecosystem, any governance initiative will be, by default, political, and desirably so.

Arindrajit Basu's essay for this year's Digital Debates: The CyFy Journal was published jointly by Global Policy and ORF. It was written in response to a framing essay by Dennis Broeders under the governance theme. The article was edited by Gurshabad Grover. Arindrajit also acknowledges the contributions of the editorial team at ORF: Trisha, Akhil and Meher.

There is no silver bullet that will magically result in universally acknowledged rules of the road. Instead, through consistent probing and prodding, the global community must create inclusive processes to galvanize consensus to ensure that individuals across the world can repose trust and confidence in their use of global digital infrastructure.^[2] This includes both ‘red lines’ applicable to clearly prohibited acts of cyberspace and softer norms for responsible state behaviour in cyberspace, that arise from an application of the tenets of International Law to cyberspace.

Infrastructure is political

Networked infrastructures typically originate when a series of technological systems with varying technical standards converge, or when a technological system achieves dominance over other self-contained technologies.^[3] Through this process of convergence, networked infrastructures must adapt to a variety of differing political conditions, legal regulations and governance practices.^[4] Internet infrastructure was never self-contained technology, but an amalgamation of systems, protocols, standards and hardware along with the standards bodies, private actors and states that define it.^[5] The architecture has always been deeply socio-technical^[6] and any attempt to severe the technology from the politics of internet governance would be a fool’s errand.

Politics catalyzed the development of the technological infrastructure that lead to the creation of the internet. During the heyday of nuclear brinkmanship between the USA and USSR, Paul Baran, an engineer with the US Department of Defense think tank RAND Corporation was tasked with building a means of communication that could continue running even if some parts were to be knocked out by a nuclear war.^[7]

As Baran’s ‘Bomb proof network’ morphed into the US Department of Defense funded ARPANET, it was initially apparent that it was not meant for either mass or commercial use, but instead saw its nurturing in the US as a tool of strategic defense.^[8]

This enabled the US to retain a disproportionate -- and till the 1990s, relatively uncontested -- influence on internet governance. As the internet rapidly expanded across the globe, various actors found that single state control over an invaluable global resource was unjust.^[9] Others (9which included US Senator Ted Cruz), argued that the internet would be safer in the hands of the United States than an international forum whose processes could be reduced to stalemate as a result of politicized conflict between democratic and non-democratic states who seek to use online spaces as an instrument of suppression.^[10] The ICANN and IANA transitions were therefore not rooted in technical considerations but much-needed geopolitical pressure from states and actors who felt ‘disregarded’^[11] in the governance of the internet. An inclusive multi-stakeholder process fueled by inclusive geopolitical contestation is far more effective in the long run and has the potential of respecting the rights of ‘disregarded’ communities all across the globe far more than a unilateral process that ignores any voices of opposition.

It is now clear that despite its continued outsized influence, the United States is no longer the only major state player in global cyber governance. China has propelled itself as a major political and economic challenger to the United States across several regimes^[12], including in the cyber domain. China’s export of the ‘information sovereignty’^[13] doctrine at various cyber norms proliferation fora, including at the United Nations-Group of Governmental Experts (GGE), and regional forums like the Shanghai Co-operation (SCO), is an example of its desire to impose its ideological clout on global conceptions of the internet.

As a rising power, China’s aspirations in global internet governance are not limited to ideology. China is at an ‘innovation imperative’, where it needs to develop new technologies to retain its status and fuel long-term growth.^[14] This locks it into direct economic, and therefore strategic competition with the United States that seeks to retain control over the same supply chains and continues to assert its economic and military superiority.

China has dominated the 5G space in an unprecedented way, and has been a product of a concerted ‘whole of government’ effort.^[15] Beijing charted out an industrial policy that enabled the deployment of 5G networks as a key national priority.^[16] China has also successfully weaponized global technical standard-setting efforts to promote its geo-economic interests.^[17] Reeling from the failure of its domestic 3G standard that was ignored globally, China realised the importance of the ‘first-movers’ advantage’ in setting standards for companies and businesses.^[18] Through an aggressive strategic push at a number of international bodies such as the International Telecommunications Union, China’s diplomatic pivot has allowed it to push standards established domestically with little external input, thereby giving Chinese companies the upper hand globally.^[19]

Politics continues to frame the technical solutions that enable cybersecurity.19 Following Snowden’s revelations, some stakeholders in the global community have shaped their politics to frame the problem as one of protecting individuals’ data from governments and private companies looking to extract and exploit it. The technical solutions developed in this frame are encryption standards and privacy enhancing technologies. However, intelligence agencies continue to frame the problem differently: they see it as an issue of collecting and aggregating data in order to identify malicious actors and threat vectors. The technical solutions they devise are increased surveillance and data analysis -- problems the first framing intended to solve. The techno-political gap, both in academic scholarship and global norms proliferation efforts continues to jeopardize attempts at framing cybersecurity governance.^[20] Instead of artificially depoliticizing technology, it is imperative that we ferment political contestation in a manner that holistically promulgates the perception that internet infrastructure can be trusted and utilised by individuals and communities around the world.

Fostering ‘red lines’ and diffusing ‘unpeace’ in cyberspace

‘Unpeace’ in cyberspace continues to ferment through ‘below the threshold’ operations that do not amount to the ‘use of force’ as per Article 2(4), or an ‘armed attack’ triggering the right of self-defense under Article 51 of the United Nations Charter. This makes the application of jus ad bellum (‘right to war’) inapplicable to most cyber operations.^[21] However, the application of ‘jus in bello’ (law that governs the way in which warfare is conducted) or International Humanitarian Law (IHL) does not require armed force to be of a specific intensity but seeks to protect civilians and prevent unnecessary suffering. Therefore the principles of IHL that have evolved in The Geneva Conventions should be used as red lines that limit collateral damage as a result of cyber operations.^[22] No state should conduct cyber operations that intend to harm civilians, and should us all means at its disposal to avoid this harm to civilians. It should act in line with the principles of necessity^[23] and proportionality.^[24]

Cultivating ‘red lines’ is easier said than done. The debate around the applicability of IHL to cyberspace was one of the reasons for the breakdown of the fifth UN-GGE in 2017.^[25] States have also been reluctant to state their positions on the rules developed by the International Group of Experts (IGE) in the Tallinn Manual.^[26] This is due to two main reasons. First, not endorsing the rules may allow them to retain operational advantages in cyberspace where they continue engaging in cyber operations without censure. Second, even those states who wish to apply and adhere to the rules hesitate to do so in the absence of effective processes that censure states that do not comply with the rules.

Both these issues stem from the difficulties in attributing a cyber attack to a state as cyber attacks are multi-stage, multi-step and multi-jurisdictional, which makes the attacker several degrees removed from the victim.^[27] Technical challenges to attribution, however should not take away from international efforts that adopt an integrated and multi-disciplinary approach to attribution which must be seen as a political process working in conjunction with robust technical efforts.^[28] The Cyber Peace Institute, which was set up earlier in September 2019, and adopts an ecosystem approach to studying cyber attacks, thereby improving global attribution standards may institutionally serve this function.^[29] As attribution processes become clearer and hold greater political weight, an increasing number of states are likely to show their cards and abandon their policy of silence and ambiguity -- a process that has already commenced with a handful of states releasing clear statements on the applicability of international law in cyberspace.^[30]

Below the threshold operations are likely to continue. However, the process of contestation should result in the international community drawing out norms that ensure that public trust and confidence in the security of global digital infrastructure is not eroded. This would include norms such as protecting electoral infrastructure or a prohibition on coercing private corporations to aid intelligence agencies in extraterritorial surveillance29 The development of these norms will take time and repeated prodding. However, given the entangled and interdependent nature of the global digital economy, protracted effort may result in universal consensus in some time.

The Future of Cyber Diplomacy

The recently rejuvenated UN driven norms formulation processes are examples of this protracted effort. Both the Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) processes are pushing states towards publicly declaring their positions on multiple questions of cyber governance, which will only further certainty and predictability in this space. The GGE requires all member states to clearly chart out their position on the applicability of various questions of International Law, which will be included as an Annex to the final report and is definitely a step in the right direction.

There are multiple lessons from parliamentary diplomacy culminating in past global governance regimes that negotiators in these processes can borrow from.^[31] As in the past, the tenets of international law can influence collective expectations and serve as a facilitative mechanism for chalking out bargaining points, and driving the negotiations within an inclusive, efficient and understandable framework.^[32]

Both processes will be politicized as before with states seeking to use these as fora for furthering national interests. However, this is not necessarily a bad thing. Protracted contestation is preferable to unilateralism where a select group of states decides the future of cyber governance. The inclusive, public format of the OEWG running in parallel to the closed-door deliberations at the GGE enables concerted dialogue to continue. Most countries had voted for the resolutions setting up both these processes and while the end-game is unknown, it appears that states remain interested in cultivating cyber norms.

Of course, the USA and its NATO allies had voted against the resolution setting up the OEWG and Russia, China and the SCO allies had voted against the resolution resurrecting the GGE. However, given the economic interests of all states in a relatively stable cyberspace, it is clear that both these blocks desire global consensus on some rules of the road for responsible behaviour in cyberspace. This means that both processes may arrive at certain similar outcomes. These outcomes might over time evolve into norms or even crystallise into rules of customary international law if they are representative of the interests of a large number of states.

However, sole reliance on state-centric mechanisms to achieve a stable governance regime may be misplaced. As seen with Dupont’s contribution to the Montreal Protocol that banned the global use of Chloro-Fluoro-Carbons (CFCs)^[33] or the International Committee of the Red Cross’s concerted efforts in rallying states to sign the Additional Protocols to the Geneva Conventions^[34], norm-entrepreneurship and the mantle of leadership in norm-entrepreneurship need not be limited to state actors. Non-state actors often have the gifts of flexibility and strategic neutrality that make them a better fit for this role than states. Microsoft’s leadership and its ascent to this leadership mantle in the cyber governance space must therefore be taken heed off. The key role it played in charting out the CyberSecurity Tech Accords, Paris Call for Trust and Security in Cyberspace and its most recent initiative, the Cyber Peace Institute, must be commended. However, the success of its entrepreneurship relies on how well it can work both with multilateral mechanisms under the aegis of the United Nations and multi-stakeholder fora such as the Global Commission on Stability in Cyberspace. This will lead to a cohesive set of rules that adequately govern the conduct of both state and non-state actors in cyberspace.

It is unfortunate, however, that most governance efforts in cyberspace are driven by the United States or China or their allies. For example, only UK^[35], France^[36], Germany,^[37] Estonia^[38],Cuba^[39] (backed by China and Russia), and the USA^[40] have all engaged in public posturing advocating their ideological position on the applicability of International Law in cyberspace in varying degrees of detail with other countries largely remaining silent. Other emerging economies need to get into the game to make the process more representative and equitable.

More recently, India has begun to take a leadership role in the global debate on cross-border data transfers, spurred largely by their domestic political and policy ecosystem championing ‘digital nationalism.’ At the G20 summit in Osaka in July this year, India, alongside the BRICS grouping emphasized the development dimensions of data for emerging economies and pushed the notion of ‘data sovereignty’-broadly understood as the sovereign right of nations to govern data within their territories/jurisdiction in the national interest and for the welfare of its people.^[41] Resisting calls from Western allies including the United States to get on board Japan’s initiative promoting the free flow of data across borders, Vijay Gokhale also mentioned that discussions on data flows must not take place at plurilateral forums outside the World Trade Organization as this would prevent inclusive discussions.^[42]This form of posturing should be sustained by emerging economies like India and extended to the security domain as well through which the hegemony that a few powerful actors retain over the contours of cyber governance can be reduced.

To paraphrase Clausewitz, technological governance is the conduct of politics by other means. Internet infrastructure has become so deeply intertwined with the political ethos of most countries that it has become the latest front for geopolitical contestation among state and non-state actors alike. Politicizing cyber governance prevents a deracinated approach to the process that ignores simmering inequalities, power asymmetries and tensions that a limited technical lens prevents us from viewing.

The question is, not if but how cyber governance will be politicized. Will it be a politics of inclusion that protects the rights of the disregarded and adequately represents their voices in line with the requirements of International Law, or will it be a politics of convenience through which states and non-state actors utilise cyber governance for reaping strategic dividends? The global cyber policy ecosystem must continue the battle to ensure that the former remains essential.

Endnotes

^[1] Arindrajit Basu and Elonnai Hickok (2018) “Cyberspace and External Affairs: A memorandum for India”, 8-13.

^[2] In its draft definition of cyber stability, The Global Commission on the Stability of Cyberspace has adopted a bottom up user centric definition of Cyber Stability where individuals can be confident in the stability of cyberspace as opposed to an objective top-down determination of cybersecurity metrics.

^[3] PN Edwards, GC Bowker Jackson SJ, R Williams 2009. Introduction: an agenda for infrastructure studies. J. Assoc. Inf. Syst.10(5):364–74

^[4] Brian Larkin, “ The Politics and Poetics of Infrastructure” Annual Rev. Anthropol 2013,42:327-43

^[5] Ibid.

^[6] Kieron O’Hara and Wendy Hall, “Four Internets: The Geopolitics of Digital Governance” CIGI Report No.208, December 2018.

^[7] Cade Metz, “Paul Baran, the link between nuclear war and the internet” Wired, 4th Sept. 2012.

^[8] Kal Raustila (2016) “Governing the Internet” American Journal of International Law 110:3,491

^[9] Samantha Bradshaw, Laura DeNardis, Fen Osler Hampson, Eric Jardine & Mark Raymond, The Emergence of Contention in Global Internet Governance 3 (Global Comm’n on Internet Governance, Paper Series No. 17, July 2015).

^[10] Klint Finley, "The Internet Finally Belongs to Everyone”, Wired, March 18th, 2016.

^[11] Richard Stewart (2014), Remedying Disregard in Global Regulatory Governance: Accountability, Participation and Responsiveness” AJIL 108:2

^[12] Tarun Chhabra, Rush Doshi, Ryan Hass and Emilie Kimball, “Global China: Domains of strategic competition and domestic drivers” Brookings Institution, September 2019.

^[13] According to this view, a state can manage and define its ‘network frontiers; through domestic legislation or state policy and patrol information at it state borders in any way it deems fit. Yuan Yi,. “网络空间的国界在哪 ” [Where Are the National Borders of cyberspace]? 学习时报.May 19, 2016.

^[14] Anthea Roberts, Henrique Choer Moraes and Victor Ferguson (2019), “Toward a Geoeconomic Order in International Trade and Investment” (May 16, 2019).

^[15] Eurasia Group (2018), “The Geopolitics of 5G”

^[16] Ibid.( In 2013, the Ministry of Industry and Information Technology (MIIT), the National Development and Reform Commission (NDRC) and the Ministry of Science and technology (MOST) established the IMT-2020 5G Promotion Group to push for a government all-industry alliance on 5G.)

^[17] Bjorn Fagersten&Tim Ruhlig (2019), "China’s standard power and it’s geopolitical implications for Europe” Swedish Institute for International Affairs.

^[18] Alan Beattie, “Technology: how the US, EU and China compete to set industry standards” Financial Times, Jul 14th, 2019

^[19] Laura Fitchner, Walter Pieters.,&Andre Herdero Texeira(2016). Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. In Proceedings of the 2016 New Security Paradigms Workshop (36-48). New York: Association for Computing Machinery (ACM)

^[20] Michael Crosston,” Phreak the Speak: The Flawed Communications within cyber intelligentsia” in Jan-Frederik Kremer and Benedikt Muller,”Cyberspace and International Relations: Theory, Prospects and Challenges (2013, Springer) 253.

^[21] “Fundamental Principles of International Humanitarian Law".

^[22] Veronique Christory “Cyber warfare: IHL provides an additional layer of protection” 10 Sept. 2019.

^[23] See (The “principle of military necessity” permits measures which are actually necessary to accomplish a legitimate military purpose and are not otherwise prohibited by international humanitarian law. In the case of an armed conflict, the only legitimate military purpose is to weaken the military capacity of the other parties to the conflict.

^[24] See Proportionality; The principle of proportionality prohibits attacks against military objectives which are “expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated”

^[25] Declaration by Miguel Rodriguez, Representative of Cuba, At the final session of group of governmental experts on developments in the field of information and telecommunications in the context of international security (June 23 2017).

^[26] Dan Efrony and Yuval Shany (2018), “ A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice” AJIL 112:4

^[27] David Clark and Susan Landau. “Untangling Attribution.” Harvard National Security Journal (Harvard University) 2 (2011

^[28] Davis, John S., Benjamin Adam Boudreaux, Jonathan William Welburn, Jair Aguirre, Cordaye Ogletree, Geoffrey McGovern and Michael S. Chase. Stateless Attribution: Toward International Accountability in Cyberspace. Santa Monica, CA: RAND Corporation, (2017). At

^[29] See “CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace”.

^[30] Dan Efrony and Yuval Shany (2018), “ A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice” AJIL 112:4

^[31] Arindrajit Basu and Elonnai Hickok (2018), “Conceptualizing an International Security architecture for cyberspace”.

^[32] Monica Hakimi (2017), “The Work of International Law,” Harvard International Law Journal 58:1.

^[33] James Maxwell and Forrest Briscoe (2007),” There’s money in the air: The CFC Ban and Dupont’s Regulatory Strategy” Business Strategy and the Environment 6, 276-286.

^[34] Francis Buignon (2004). “The International Committee of the Red Cross and the development of international humanitarian law.” Chi. J. Int’l L.5: 19137

^[35] Jeremy Wright, “Cyber and International Law in the 21st Century” Govt. UK.

^[36] Michael Schmitt, “France’s Major Statement on International Law and Cyber: An Assessment” Just Security, September 16th, 2019.

^[37] Nele Achten, "Germany’s Position on International Law in Cyberspace”, Lawfare, Oct 2, 2018,

^[38] Michael Schmitt, “Estonia Speaks out on Key Rules for Cyberspace” Just Security, June 10, 2019.

^[39] https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf

^[40] https://www.justsecurity.org/wp-content/uploads/2016/11/Brian-J.-Egan-International-Law-and-Stabilityin-Cyberspace-Berkeley-Nov-2016.pdf

^[41] Justin Sherman and Arindrajit Basu, "Fostering Strategic Convergence in US-India Tech Relations: 5G and Beyond”, The Diplomat, July 03, 2019.

^[42] Aditi Agrawal, "India and Tech Policy at the G20 Summit”, Medianama, Jul 1, 2019.

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-orfonline-october-21-2019-politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace

BSides Delhi 2019 Security Conference

Admin — 2019-10-20T06:47:26Z

Karan Saini attended the BSides Delhi security conference on October 11, 2019. The event was organized by Bsides Delhi in New Delhi.

Click to view the agenda here. Videos of the event can be viewed here.

For more details visit https://cis-india.org/internet-governance/news/bsides-delhi-2019-security-conference

Dystopia vs development: The Kashmir paradox

Asmita Bakshi — 2019-10-20T06:31:00Z

On 26 July, Azmat Ali Mir, 26, landed in her hometown, Srinagar. A day later, uncertainty and panic gripped the Kashmir valley—the Amarnath yatris (pilgrims) and other tourists were being evacuated, there was heavy military deployment and news reports claimed that there could be a threat to the border.

The article by Asmita Bakshi was published by Livemint on October 19, 2019. Ambika Tandon was quoted.

But Mir had a lot of work to do—she had events planned as part of her startup Manzar Experience Curators, which promotes Kashmiri art, culture and fashion made and produced locally for audiences outside the state, particularly Bengaluru, where she now lives. “We are so used to things like this, we were like, ‘these things will keep happening, curfew laga denge (they will impose a curfew), that means you need to have ration in your home. But until then, you have to do your work’," Mir tells me over the phone from Bengaluru. “I had very little time, my tickets were already booked for 5 August, there was so much work, I had no time to think. I was going around, signing contracts, getting things done."

But soon, it became clear that things would be different this time. By August 1, fear and tension had escalated. Rumours of war grew louder, and additional troops were flown in. “The guy who heads the agency that was to help with online promotions for my event said things don’t seem okay and we should wait and see how this goes," says Mir. “Our lives, both personal and professional, are governed around the political calendar of Kashmir."

Across town, on 26 July, Sheikh Samiullah, 28, from downtown Srinagar was at a café called ZeroBridge Fine Dine along with his team and representatives from the state administration, including deputy commissioner Shahid Choudhary, to launch the Android app for his company FastBeetle. The logistics startup, launched last year by Samiullah and co-founder Abid Rashid Lone, is often called “Kashmir’s Dunzo", and provides door-to-door delivery services for businesses ranging from online grocers and retail commerce to pharmacies and individuals.

The launch of their iOS app was scheduled for 13 August, the day after Eid. But this had to be cancelled a few days later due to the prevailing situation in the valley. Today, FastBeetle’s operations—which run on the internet—have ceased. “I invested all my savings in this company. For me, it’s not possible to run this again. It is like starting from the beginning. I have a massive liability on my head," Samiullah tells me in Delhi, where he has gone from running a profitable business to being unemployed and now searching for work.

Over the same period, Qazi Zaid, 30, who runs and edits the news platform Free Press Kashmir, was in overdrive. “As journalists living in Kashmir, we aren’t just reporting the conflict, we are also living the conflict. We are members of the same society," he says. “One of the last stories we did was on the panic—how panic is being manufactured and the standard response of people who are scared and entering panic mode. That’s what happened with us as well." Free Press Kashmir, which is primarily an online news portal, has not published for close to three months. And now Zaid is in the Capital, exploring ways to save his news portal from complete closure and prevent the 15 young journalists he employs from being rendered jobless.

These young Kashmiris and their organizations have been driven into a state of near-obscurity since 5 August, when the Union government abrogated Article 370 of the Constitution, which granted the state of Jammu and Kashmir its special status, and subsequently sent the valley into a communication blackout. Two and a half months later, only landlines and post-paid mobile services (excluding SMS) have been restored. Internet and data services remain closed.

With thousands of arrests, instances of violence from both militants and the Armed Forces reported in the international press, the impact of this shutdown has been immense. But it has also inflicted a huge monetary cost. A report in the BBC, published on 8 October, stated that “the Kashmir Chamber of Commerce and Industry estimates the shutdown has already cost the region more than $1.4bn (around ₹9,800 crore), and thousands of jobs have been lost".

Shutting down of startups

In a region ridden with decades of armed conflict and the presence of the Indian armed forces in large numbers, entrepreneurship is no easy feat. Kashmiris have typically chosen public sector jobs, but the valley’s entrepreneurs agree that over the last decade or so, young and resilient men and women from the valley had been working to change this with online and offline ventures.

In fact, the startup ecosystem in Kashmir seemed to have been poised for growth. Notably, in September last year, the Jammu and Kashmir Entrepreneurship Development Institute (JKEDI), established by the state government, released the J&K Startup Policy 2018, which aimed to boost the startup ecosystem by granting founders a monthly allowance of up to ₹12,000 for a period of one year during incubation. Recognized startups would be provided with one-time assistance of up to ₹12 Lakh for product research and development, marketing and publicity.

It was around this time that Samiullah started FastBeetle. He had noticed that though logistics companies existed, they catered largely to big organizations like Amazon. FastBeetle tied up with smaller businesses, including close to 200 women in the valley who were making and selling apparel and other wares on Instagram. “They would have trouble going out every day on multiple deliveries since it is a conservative society," he says. FastBeetle had over 30 merchants within its first month of operations. Over the first five months, they had grown to making 100 deliveries per day, employed a team of six, got an office space and two bikes. In a year, they had generated a positive cash flow despite numerous internet shutdowns imposed in the valley.

Since August 5, the company has been plunged into what Samiullah believes is an interminable downturn. He estimates monetary losses at approximately ₹15 lakh, not considering the ₹4 lakh he invested in the Android app and another ₹3 lakh on the iOS app that never took off. In the unlikely event that restrictions are lifted immediately and business as usual resumes in the valley, it will cost him another ₹10 lakhs to restart the company.

Financial losses aside, he says, it is the time and passion he had invested in the business that won’t come back. And his young employees face an uncertain future as well. One of his delivery boys, Arsalan Shabir Bhat, 21, doesn’t know what the future holds both for him or the valley. “The salary of ₹10,000 for me was good, I was satisfied. “Aage ka nahi pata par haalaat bohot kharab hai. Filhaal toh baithe hi hai ghar pe (I don’t know about the future but the current situation is grim. For now, I am sitting at home)," he says.

Through all this, the state administration and Union government are trying to push the narrative of development. In late September, minister of state for finance and corporate affairs Anurag Thakur, told news outlets: “Our government has taken a historic decision to abrogate Article 370. Now, J&K will witness massive development." Yet, the 33 startups registered with the JKEDI and 70 with the Startup India portal in J&K, among others that run on private funding and bootstrapping models, have been struggling since this decision was taken. Earlier this week, militants attacked two non-local apple traders in the valley, casting doubt on the claim that Kashmir is safe for business.

It was to assess conflicting claims such as these, by providing an insight into the lives of people in the valley, that Zaid restarted Free Press Kashmir in 2017 (it was previously shut down in 2014), using investments from his family business. “It’s all the more important now. Because authentic voices from Kashmir are not coming out," says Zaid. He says that while the international media focuses on Kashmir from a breaking news perspective and some of the Indian press takes a nationalistic line, human perspectives from the valley largely remained unheard.

“There was a gap of a human narrative coming out of Kashmir, which we saw and filled," he says. “If we were to relaunch right now, I don’t think there would be a lot of positive stories. There would be stories of struggle, survival, trauma, pain, hardship. That’s what we would be reporting right now."

With a civil curfew reportedly in place in the valley as a means of protest, even businesses that could have provided financial assistance to these startups are not in operation.

“The economy is so badly hit and it will take another year or two years or more—no idea how long—to recover. Because right now advertisers will take some time to recover as well," says Zaid. “I don’t think we can sustain that long. Our business was at 50% of sustenance and now it’s down to 0. Traffic is down to 0 form 350,000-500,000 hits."

Some investors like Asmat Ashai, who runs the US-based non-profit organization Funkar International, would provide financial assistance to young Kashmiri artists, nevertheless maintain that the difficult situation will not deter them from providing support. “I will continue to help anyone who asks me for help because we cannot give up and we will not be broken. We will stay the course and save whatever we have in spite of the abrogation of all the articles. That is paperwork. Kashmiris will not be broken."

Lost hope

According to the Software Freedom Law Foundation, a legal services organization working to protect digital freedom, Kashmir has had the maximum number of internet shutdowns in the country—55, of varying durations and extents, in 2019 alone, and a total of 180 since 2015. This time however, the shutdown was far more severe—all media and communication platforms, including landlines, internet, news publications and certain television services were suspended. “A large majority of businesses today rely on the internet for some part if not all of their function," says Ambika Tandon, policy officer, Centre for Internet and Society (CIS), Bengaluru.

CIS published a digital book titled Internet Shutdown Stories in May 2018 which tracked how internet blockades impact lives and livelihoods in India. “We collected stories from Internet Service Providers (ISPs) and digital marketing firms in Kashmir that were on the brink of closing down due to the frequency of shutdowns in the valley. The reporters spoke to musicians who used YouTube as a means to earn a livelihood and popularity, and were doubly upset with the effect on their income and their freedom of expression. Given the absence of any public notice before shutdowns, or information regarding the extent and duration of shutdowns, the government definitely has the minimal responsibility of compensating direct losses incurred by those who cannot afford it," says Tandon.

Take the example of Furqan Qureshi, who set up KartFood, popularly called “Kashmir’s Zomato", when he was still pursuing a commerce degree from Islamia College, Srinagar. He started in 2017 and would take orders on call. Once the response grew, Qureshi had a website and application built. But for two months thereafter, in May and June 2017, there was a clampdown on the internet. “I suffered a loss of close to ₹1.5 lakh and that time I had no investment, but I had employed people and was responsible for them, so I persevered and started again from July. It’s always about working from scratch in Kashmir. Whenever there is a shutdown, you start from zero," he says on the phone from Bengaluru.

Qureshi says they always fought the odds and remained in business through internet shutdowns during which the team, which stood at 25-30 as on 5 August, would call customers and coordinate deliveries on the phone.

This dedication is what eventually resulted in his first round of investment in February 2018, from a local Kashmiri businessman. “I upgraded the app, included more restaurants, added delivery tracking features and was creating jobs."

Since 5 August, however, not only have communication channels been hit, initially there was complete restriction on movement within the valley. “I had to leave Kashmir around six or seven days after the clampdown, since I live in an area where there was stone-pelting every day and the police was entering homes and picking up boys. My parents were scared and said it was better to go to Bengaluru and stay here," he says, now hoping he can set up a small restaurant in the city, using whatever he has managed to save.

As young entrepreneurs leave, the JKEDI remains hopeful that the startup ecosystem will bounce back once normalcy returns. “I think as soon as the internet starts working again we will push the things here as well, with the policy we are trying to give some incentive to these people, so that we can get these startups back and they can inspire other people to start their own," says Irtif Lone, in-charge, Centre for Innovation Incubation and Business Modelling, JKEDI.

“It is difficult for people to choose to pursue a startup and these situations make it even tougher. We will be pushing all the startups that have made a mark and are now suffering due to the financial constraints. They will be given an incentive as soon as possible so that none of them are starved for finances."

But there are doubts about whether such promises can be fulfilled. In any case, it may already be too late. Shayan Nabi, 29, who ran a digital marketing company and had invested in other ventures of his own such as KashmirCalling (to coordinate private carpooling), has given up hope. As he waits for his employees to receive the emails he has sent asking them to look for alternative opportunities, he himself is facing professional uncertainty in Delhi. “I have been very vocal about providing internet freedom in Kashmir. It’s a basic human right. But it always falls on deaf ears." He adds: “I had ideas about making Kashmir digital. But I am sorry, not any more. Not after all the humiliation we have been through."

The road to recovery from here is paved with crippling debt, unemployment and loss of morale. What was once seen as an act of resilience amidst conflict, has today crumbled due to a State diktat, paradoxically executed with promises of peace and prosperity.

When Mir finally landed in Bengaluru on the morning of 5 August, she broke down when she finally heard the news. Today, with payments stuck with vendors and Mir’s inability to reach her artisans and wazas (Kashmiri cooks) in the valley, the Manzar website reads, “All verticals of Manzar Experience Curators... are currently unoperational due to the unprecedented lockdown in Kashmir". She fears that her venture, which set out to create conversations about Kashmir around the country, has lost all meaning and purpose. “I am not someone who set out with hate, I set out with love and passion and this idea of changing things," she says.

“Do you think with the kind of environment that this country has created for a Kashmiri today, I can go out and do what I do? Is it safe for someone like me to take a place somewhere in Bengaluru to open a place that serves authentic Kashmiri food? I am scared it could be burnt down the next day."

The question she now asks herself transcends the uncertainty of business in the valley, and straddles a precariousness both political and personal: “Where do I go from here?"

For more details visit https://cis-india.org/internet-governance/news/livemint-asmita-bakshi-october-18-2019-dystopia-vs-development

Will FASTag raise privacy concerns?

Shreya Nandi and Prathma Sharma — 2019-10-18T15:22:27Z

FASTag, an electronic device that enables direct, cashless toll payment, has been touted as the Aadhaar for vehicles as it would help the government track movement of automobiles. But the move can also stoke fresh concerns on privacy.

The article by Shreya Nandi and Prathma Sharma was published in Livemint on October 15, 2019. Pranesh Prakash was quoted.

The device can track movement of vehicles, toll booth cameras can catch traffic law violations, prevent crime, and help authorities curb tax evasion.

While the movement of commercial vehicles will be tracked by revenue authorities by integrating with e-way bill system under Goods and Services Tax (GST) to curb revenue leakage, experts believe that tracking personal vehicle is a matter of concern.

It is not that the government will only use the stored data or video under limited and well-defined circumstances such as for evidence in case of traffic accidents, according to Pranesh Prakash, fellow, Centre for Internet Society.

“As transport minister Gadkari said (on Monday), the government will also use the video or data for any for analysis. And that will happen in a non-consensual manner, and outside the purview of a data protection framework, and without paying heed to the Supreme Court's landmark judgment on privacy," Prakash said.

On Monday, transport minister Nitin Gadkari said cameras at the toll booth will take photos of passengers in a vehicle, which will be useful for the home ministry as there will be a record of the vehicle’s movement.

FASTag, which comes into effect 1 December, uses radio frequency identification technology to enable direct toll payments from a moving vehicle. The toll fare is deducted from the bank account linked to FASTag. It will not only encourage cashless payments at toll plaza, but also decongest national highways, thereby ensuring seamless movement of vehicles, and reduce pollution and logistics cost.

Amid privacy concerns related to sharing Aadhaar details with banks, telecom companies or any other authority for fulfilling KYC norms, the Supreme Court had in September last year ruled that Aadhaar can only be used for welfare schemes and for delivering state subsidies. It had barred private companies from using Aadhaar data for authenticating customers.
Another expert said since FASTag data includes information that is personally identifiable with the vehicle owner, it can be misused if shared with various entities.
"With FASTag being linked with National Vehicle Database (Vahan database), it does raise privacy concerns, specially as Nitin Gadkari, the minister of road transport and highways, has admitted that the government has provided access to Vahan and Sarathi database to 32 government and 87 private entities for ₹65 crore till date," Salman Waris Managing Partner, TechLegis Advocates & Solicitors, said.

“With the Personal Data Protection Bill still in the making there are little regulatory measures to prevent or even punish FasTag data breaches," Waris said.

For more details visit https://cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns

The Mother and Child Tracking System - understanding data trail in the Indian healthcare systems

ambika — 2019-12-30T17:18:05Z

This article was first published by Privacy International, on October 17, 2019

Case study of MCTS: Read

On October 17th 2019, the UN Special Rapporteur (UNSR) on Extreme Poverty and Human Rights, Philip Alston, released his thematic report on digital technology, social protection and human rights. Understanding the impact of technology on the provision of social protection – and, by extent, its impact on people in vulnerable situations – has been part of the work the Centre for Internet and Society (CIS) and Privacy International (PI) have been doing.

Earlier this year, PI responded to the UNSR's consultation on this topic. We highlighted what we perceived as some of the most pressing issues we had observed around the world when it comes to the use of technology for the delivery of social protection and its impact on the right to privacy and dignity of benefit claimants.

Among them, automation and the increasing reliance on AI is a topic of particular concern - countries including Australia, India, the UK and the US have already started to adopt these technologies in digital welfare programmes. This adoption raises significant concerns about a quickly approaching future, in which computers decide whether or not we get access to the services that allow us to survive. There's an even more pressing problem. More than a few stories have emerged revealing the extent of the bias in many AI systems, biases that create serious issues for people in vulnerable situations, who are already exposed to discrimination, and made worse by increasing reliance on automation.

Beyond the issue of AI, we think it is important to look at welfare and automation with a wider lens. In order for an AI to function it needs to be trained on a dataset, so that it can understand what it is looking for. That requires the collection large quantities of data. That data would then be used to train and AI to recognise what fraudulent use of public benefits would look like. That means we need to think about every data point being collected as one that, in the long run, will likely be used for automation purposes.

These systems incentivise the mass collection of people's data, across a huge range of government services, from welfare to health - where women and gender-diverse people are uniquely impacted. CIS have been looking specifically at reproductive health programmes in India, work which offers a unique insight into the ways in which mass data collection in systems like these can enable abuse.

Reproductive health programmes in India have been digitising extensive data about pregnant women for over a decade, as part of multiple health information systems. These can be seen as precursors to current conceptions of big data systems within health informatics. India’s health programme instituted such an information system in 2009, the Mother and Child Tracking System (MCTS), which is aimed at collecting data on maternal and child health. The Centre for Internet and Society, India, undertook a case study of the MCTS as an example of public data-driven initiatives in reproductive health. The case study was supported by the Big Data for Development network supported by the International Development Research Centre, Canada. The objective of the case study was to focus on the data flows and architecture of the system, and identify areas of concern as newer systems of health informatics are introduced on top of existing ones. The case study is also relevant from the perspective of Sustainable Development Goals, which aim to rectify the tendency of global development initiatives to ignore national HIS and create purpose-specific monitoring systems.

After being launched in 2011, 120 million (12 crore) pregnant women and 111 million (11 crore) children have been registered on the MCTS as of 2018. The central database collects data on each visit of the woman from conception to 42 days postpartum, including details of direct benefit transfer of maternity benefit schemes. While data-driven monitoring is a critical exercise to improve health care provision, publicly available documents on the MCTS reflect the complete absence of robust data protection measures. The risk associated with data leaks are amplified due to the stigma associated with abortion, especially for unmarried women or survivors of rape.

The historical landscape of reproductive healthcare provision and family planning in India has been dominated by a target-based approach. Geared at population control, this approach sought to maximise family planning targets without protecting decisional autonomy and bodily privacy for women. At the policy level, this approach was shifted in favour of a rights-based approach to family planning in 1994. However, targets continue to be set for women’s sterilisation on the ground. Surveillance practices in reproductive healthcare are then used to monitor under-performing regions and meet sterilisation targets for women, this continues to be the primary mode of contraception offered by public family planning initiatives.

More recently, this database - among others collecting data about reproductive health - is adding biometric information through linkage with the Aadhaar infrastructure. This data adds to the sensitive information being collected and stored without adhering to any publicly available data protection practices. Biometric linkage is aimed to fulfill multiple functions - primarily authentication of welfare beneficiaries of the national maternal benefits scheme. Making Aadhaar details mandatory could directly contribute to the denial of service to legitimate patients and beneficiaries - as has already been seen in some cases.

The added layer of biometric surveillance also has the potential to enable other forms of abuse of privacy for pregnant women. In 2016, the union minister for Women and Child Development under the previous government suggested the use of strict biometric-based monitoring to discourage gender-biased sex selection. Activists critiqued the policy for its paternalistic approach to reduce the rampant practice of gender-biased sex selection, rather than addressing the root causes of gender inequality in the country.

There is an urgent need to rethink the objectives and practices of data collection in public reproductive health provision in India. Rather than continued focus on meeting high-level targets, monitoring systems should enable local usage and protect the decisional autonomy of patients. In addition, the data protection legislation in India - expected to be tabled in the next session in parliament - should place free and informed consent, and informational privacy at the centre of data-driven practices in reproductive health provision.

This is why the systematic mass collection of data in health services is all the more worrying. When the collection of our data becomes a condition for accessing health services, it is not only a threat to our right to health that should not be conditional on data sharing but also it raises questions as to how this data will be used in the age of automation.

This is why understanding what data is collected and how it is collected in the context of health and social protection programmes is so important.

For more details visit https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare

Participation in ISO/IEC JTC 1 SC 27 meetings

Admin — 2019-11-02T06:31:46Z

From October 14 - 18, 2019, Gurshabad Grover, participated in the meetings of ISO/IEC JTC 1 SC 27 held in Paris, the committee that develops international standards for IT Security techniques.

Gurshabad focused on the meetings of working group 5 that deals with identity management and privacy technologies. Some highlights of the participation:

I represented the Indian delegation's contributions in the comment resolution meeting on WD TS 27570: Privacy guidelines for smart cities.

Since October 2018, I have been a co-rapporteur on the working groups' study period on the impact of machine learning on privacy. At this meeting, we presented our interim report. We are extending the study period for six months to further collaborate with SC 42 (that deals with artificial intelligence standards) to document privacy aspects for the applications and use cases they have developed.

I will now be a co-rapporteur on the study period on `Privacy for fintech services', which was initiated in this meeting. We will be surveying privacy standards and data protection regulations to assess the need for new work items (standards/guidelines document) in the space.

For more details visit https://cis-india.org/internet-governance/news/participation-in-iso-iec-jtc-1-sc-27-meetings

India's HIV-positive trans people find 'new strength' in technology

Annie Banerji — 2019-10-18T15:28:18Z

Shoved, cursed and ridiculed, Nisha's hospital visits were always stressful as a transgender woman and got worse after she was diagnosed as HIV-positive.

The article by Annie Banerji was published in Reuters on October 17, 2019 and mirrored in the Jakarta Post as well. Ambika Tandon was quoted. It was mirrored in ET Healthworld.com as well.

But a new app introduced as part of a drive to end an HIV epidemic in India by 2030 is providing her and the transgender community better access to doctors, lifesaving drugs - and hope - although it has raised concerns about digital privacy.

India has the world's third largest population living with HIV - 2.1 million people - according to UNAIDS, with recognition that help is needed in the transgender community where the prevalence is 3.1% compared to 0.26% among all adults.

Nisha tested HIV positive last year after earning a living as a sex worker in New Delhi. On the job, she said, condoms would often break or she would not use one for more money.

"That was a bad idea. I ended up with HIV. I felt suicidal after I found out," Nisha, 29, a trans woman who goes by one name, told the Thomson Reuters Foundation.

"It didn't help that going to the hospital was torturous. People made faces, passed lewd comments ... a doctor even kicked me out."

Despite the Supreme Court recognizing India's 2 million transgender people as a third gender with equal rights in 2014, they are often kicked out by their families and denied jobs, education and healthcare, leading them to begging or sex work.

Trans women like Nisha say they face "double discrimination" and the risk of being shunned and abused - first because of their gender identity and then because of their HIV status.

But a counselling program along with a new app is helping health workers track down HIV-positive transgender people, monitor their treatment and link them to doctors and antiretroviral therapy (ART) to suppress the AIDS virus.

"I have found new strength. I don't feel depressed or nervous anymore," said Nisha, who now begs at traffic lights.

"The app helps keep me physically healthy and she ensures I'm mentally and emotionally (healthy)," she said, pointing to her outreach worker Samyra, an HIV-positive trans woman.

The eMpower app - developed by IBM in partnership with India HIV/AIDS Alliance and the Global Fund to Fight AIDS, Tuberculosis and Malaria - monitored more than 1.2 million people between January 2018 and March 2019.

'Half the battle won'

With mobile tablets in hand, HIV-positive transgender outreach workers keep a tab on others in their community living with HIV and counsel them and accompany them to see doctors.

"I tell them 'I'm like you. I'm HIV-positive and I'm taking medicines too. You're not alone'," said Samyra, who works with Vihaan, a national initiative to expand counselling, outreach and follow-up programs to people living with HIV.

"That makes a huge difference because it's coming from one of your own. Half of the HIV battle is won when you have someone to hold your hand along the way."

Health experts said transgender focused initiatives like this and the launch in March of India's first HIV treatment clinic in Mumbai city run for and by LGBT+ people were pushing the country towards its target to end the epidemic by 2030.

But to achieve this target they said it was critical for patients to stick with ART. Sometimes stigma and side effects can cause them to drop out of the treatment.

That is why health workers follow up with clients every few months and record information on the eMpower app, including their weight, viral load and CD4 - white blood cells that fight HIV - and advise them on everything from their diet to safe sex.

They also note whether a client has faced discrimination, and arrange for partners and family members to get tested.

Sonal Mehta, head of India HIV/AIDS Alliance, said the app has helped boost Vihaan's outreach numbers as well as the confidence of trans clients and workers, who often come from poor, semi-literate backgrounds.

"The trans clients definitely feel much more secure ... but the outreach workers themselves also feel very empowered. They are professional officers working on the field, talking to doctors, government officers, engaging with various organisations," she said.

Double-edged sword

While such technological advances are seen as key in the HIV/AIDS fight, health and software experts warn they can come at the cost of privacy.

The eMpower app creates a profile for each client with personal information including name, biometric ID number, occupation and monthly income, and a map pinning their location.

Without proper safeguards, such an app runs the risk of data breach and sharing information with third-parties, which can further ostracize an already marginalized community, said Ambika Tandon, a cyber security expert.

"The potential to monetize is definitely a risk factor," said Tandon, policy officer in gender-based research at the Banaglore-based Centre for Internet and Society.

"Another is informational privacy ... (clients) may not necessarily know where their information is being stored, who will have access to it ... There could be multiple points at which their data could be vulnerable."

Saravanan RM, a senior technical officer at India HIV/AIDS Alliance, said the eMpower app a "fool-proof system".

He said all sensitive data was stored on the organisation's server, which could only be accessed by specific workers through a password-protected system.

None of the information can be seen by any partners - not IBM, state or federal governments. It is further beefed up by a mobile device management (MDM), he said.

"For example, if any device is lost or has gone into someone else's hands, what we can do through MDM is clean out the entire tablet and the data will not be acquired," he said.

Dr. V Sam Prasad, India program manager of the AIDS Healthcare Foundation, said the app should not be dismissed because there was a privacy risk as it came with major benefits.

Several HIV-positive transgender people like Swati, a trans woman who contracted HIV after injecting drugs, felt the same.

"Even if it (personal data) is leaked, what's the worst that could happen? I've faced unimaginable things. Nothing scares me, at least not such things," said Swati, 25, after a follow-up meeting with her outreach worker at her one-room home.

"It is (eMpower) saving me. It is not an enemy."

For more details visit https://cis-india.org/internet-governance/news/reuters-annie-banerji-october-17-2019-indias-hiv-positive-trans-people-find-new-strength-in-technology