We are anonymous, we are legion

What India can Learn from the Snowden Revelations

elonnai — 2013-10-25T07:29:57Z

Big Brother is watching, across cyberspace and international borders. Meanwhile, the Indian government has few safeguards in theory and fewer in practice. There’s no telling how prevalent or extensive Indian surveillance really is.

The title of the article was changed in the version published by Yahoo on October 23, 2013.

Since the ‘Snowden revelations’, which uncovered the United States government’s massive global surveillance through the PRISM program, there have been reactions aplenty to their impact.

The Snowden revelations highlighted the issue of human rights in the context of the existing cross-border and jurisdictional nightmare: the data of foreign citizens surveilled and harvested by agencies such as the National Security Agency through programs such as PRISM are not subject to protection found in the laws of the country. Thus, the US government has the right to access and use the data, but has no responsibility in terms of how the data will be used or respecting the rights of the people from whom the data was harvested.

The Snowden revelations demonstrated that the biggest global surveillance efforts are now being conducted by democratically elected governments – institutions of the people, by the people, for the people – that are increasingly becoming suspicious of all people.

Adding irony to this worrying trend, Snowden sought asylum from many of the most repressive regimes: this dynamic speaks to the state of society today. The Snowden revelations also demonstrate how government surveillance is shifting from targeted surveillance, warranted for a specific reason and towards a specified individual, to blanket surveillance where security agencies monitor and filter massive amounts of information.

This is happening with few checks and balances for cross-border and domestic surveillance in place, and even fewer forms of redress for the individual. This is true for many governments, including India.

India’s reaction

After the first news of the Snowden revelations, the Indian Supreme Court agreed to hear a Public Interest Litigation requesting that foreign companies that shared the information with US security agencies be held accountable for the disclosure. In response to the PIL, the Supreme Court stated it did not have jurisdiction over the US government.

The response of the Supreme Court of India demonstrates the potency of jurisdiction in today’s global information economy in the context of governmental surveillance. Despite being upset at the actions of America’s National Security Agency (NSA), there is little direct legal action that any government or individual can take against the US government or companies incorporated there.

In the PIL, the demand that companies be held responsible is interesting and representative of a global debate, as it implies that in the context of governmental surveillance, companies have a responsibility to actively evaluate and reject or accept governmental surveillance requests. Although I do not disagree with this as a principle, in reality, this evaluation is a difficult step for companies to take.

For example, in India, under Section 69 of the Information Technology Act, 2000, service providers are penalized with up to seven years in prison for non-compliance with a governmental request for surveillance. The incentives for companies to actually reject governmental requests are minimal, but one factor that could possibly push companies to become more pronounced in their resistance to installing backdoors for the government and complying with governmental surveillance requests is market pressure from consumers.

To a certain extent, this has already started to happen. Companies such as Facebook, Yahoo and Google have created ‘transparency reports’ that provide – at different granularities – information about governmental requests and the company’s compliance or rejection of the same.

In India, P. Rajeev, Member of Parliament from Kerala, has started a petition asking that the companies disclose information on Indian data given to US security agencies. Although transparency by complying companies does not translate directly into regulation of surveillance, it allows the customer to make informed choices and decide whether a company’s level of compliance with governmental requests will impact his/her use of that service.

The PIL also called for the establishment of Indian servers to protect the privacy of Indian data. This solution has been voiced by many, including government officials. Though the creation of domestic servers would ensure that the US government does not have direct and unfettered access to Indian data, as it would require that foreign governments access Indian information through a formal Mutual Legal Assistance Treaty process, it does not necessarily enhance the privacy of Indian data.

As a note, India has MLAT treaties with 34 countries. If domestic servers were established, the information would be subject to Indian laws and regulations.

Snooping

The Snowden Revelations are not the first instance to spark a discussion on domestic servers by the Government of India.

For example, in the back-and-forth between the Indian government and the Canadian company RIM, now BlackBerry, the company eventually set up servers in Mumbai and provided a lawful interception solution that satisfied the Indian government. The Indian government made similar demands from Skype and Google. In these instances, the domestic servers were meant to facilitate greater surveillance by Indian law enforcement agencies.

Currently in India there are a number of ways in which the government can legally track data online and offline. For example, the interception of telephonic communications is regulated by the Indian Telegraph Act, 1885, and relies on an order from the Secretary to the Ministry of Home Affairs. Interception, decryption, and monitoring of digital communications are governed by Section 69 of the Information Technology Act, 2000 and again rely on the order of the executive.

The collection and monitoring of traffic data is governed by Section 69B of the Information Technology Act and relies on the order of the Secretary to the government of India in the Department of Information Technology. Access to stored data, on the other hand, is regulated by Section 91 of the Code of Criminal Procedure and permits access on the authorization of an officer in charge of a police station.

The gaps in the Indian surveillance regime are many and begin with a lack of enforcement and harmonization of existing safeguards and protocols. Presently, India is in the process of realizing a privacy legislation.

In 2012, a committee chaired by Justice AP Shah (of which the Center for Internet and Society was a member) wrote The Report of the Group of Experts on Privacy, which laid out nine national privacy principles meant to be applied to different legislation and sectors – including Indian provisions on surveillance.

The creation of domestic servers is just one example of how the Indian government has been seeking greater access to information flowing within its borders. New requirements for Indian service providers and the creation of projects that go beyond the legal limits of governmental surveillance in India enable greater access to details about an individual on a real-time and blanket basis.

For example, telecoms in India are now required to include user location data as part of the ‘call detail record’ and be able to provide the same to law enforcement agencies on request under provisions in the Unified Access Service and Internet Service Provider Licenses.

At the same time, the Government of India is in the process of putting in place a Central Monitoring System that would provide Indian security agencies the ability to directly intercept communications, bypassing the service provider.

Even if the Central Monitoring System were to adhere to the legal safeguards and procedures defined under the Indian Telegraph Act and Information Technology Act, the system can only do so partially, as both provisions create a clear chain of custody that the government and service providers must follow – that is, the service provider was included as an integral component of the interception process.

If the Indian government implements the Central Monitoring System, it could remove governmental surveillance completely from the public eye. Bypassing the service provider allows the government to fully determine how much the public knows about surveillance. It also removes the market and any pressure that consumers could exert from insight provided by companies on the surveillance requests that they are facing.

Though the Indian government could (and should) be transparent about the amount and type of surveillance it is undertaking, currently there is no legal requirement for the government of India to disclose this information, and security agencies are exempt from the Right to Information Act. Thus, unless India has a Snowden somewhere in the apparatus, the Indian public cannot hope to get an idea of how prevalent or extensive Indian surveillance really is.

Policy vacuum

For any government, the surveillance of its citizens, to some degree, might be necessary. But the Snowden revelations demonstrate that there is a vacuum when it comes to surveillance policy and practices. This vacuum has permitted draconian measures of surveillance to take place and created an environment of mistrust between citizens and governments across the globe.

When governments undertake surveillance, it is critical that the purpose, necessity and legality of monitoring, and the use of the material collected are built into the regime to ensure it does not violate the human rights of the people surveilled, foreign or domestic.

In 2013, the International Principles on the Application of Human Rights to Communications Surveillance were drafted, in part, to address this vacuum. The principles seek to explain how international human rights law applies to surveillance of communications in the current digital and technological environment. They define safeguards to ensure that human rights are protected and upheld when governments undertake surveillance of communications.

When the Indian surveillance regime is measured against these principles, it appears to miss a number of them, and does not fully meet several others. In the context of surveillance projects like the Central Monitoring System, and in order to avoid an Indian version of the PRISM program, India should take into consideration the safeguards defined in the principles and strengthen its surveillance regime to ensure not only the protection of human rights in the context of surveillance, but to also establish trust in its surveillance regime and practices with other countries.

Elonnai Hickok is the Program Manager for Internet Governance at the Centre for Internet and Society, and leads its research on privacy.

For more details visit https://cis-india.org/internet-governance/blog/yahoo-october-23-2013-what-india-can-learn-from-snowden-revelations

What if the Net shut down for a few days

praskrishna — 2013-04-03T11:01:38Z

When spammers attacked Spamhaus, a European spam-fighting group in what was billed as the "biggest cyber attack in history", they managed to temporarily slow down the internet. But what if dedicated attackers succeeded in shutting down the internet for a longer time, maybe a few days? What would be the potential impact of such a scenario in a world where crucial data is stored on emails, most financial transactions have shifted online and an entire generation has grown up not realising what life without the web could be like?

The article by Atul Sethi was published in the Times of India on March 30, 2013. Sunil Abraham is quoted.

"The thought itself is frightening," says Vijay Mukhi, president of the Foundation of Information Security and Technology and co-founder of the Internet Users Community of India. "Most people use their email or cloud computing to store their data. What happens when you can't access your crucial information? Also, financial activity in the absence of the internet will come to a standstill since there would be no money flow happening between banks or transactions in the stock market. The implications are huge. And I'm not even thinking of the withdrawal symptoms that many youngsters are going to go through when they can't log on. "

However, contrary to the horror that this situation might elicit from those whose lives revolve around the web, the impact on India, at least, should not be much, says Sunil Abraham, director of the Bangalore-based Centre for Internet and Society. "An internet blackout in India can at most be compared to a bandh. Life becomes uncomfortable but it still goes on. This is because in India, the internet is used by just about 20% of the population. At the most, one can argue that since this 20% also constitutes the elite of the country - bureaucrats, politicians, businessmen, media, etc, any disruption in their work could also affect the remaining 80% of the country indirectly."

Even though complete shutdown of the internet is believed to be virtually impossible - since it is made up of thousands of interconnections which ensure its infallibility - hackers haven't stopped trying as the latest cyber attack shows. Internet security consultant Ankit Fadia points out that the only way somebody can bring down the internet is if a few million hackers combine together as part of a sustained project. "Even then, it's a remote possibility that they can pull it off," he says.

If it does happen, though, remember to polish up your letter-writing skills and go over to your friend's house if you want to chat.

For more details visit https://cis-india.org/news/times-of-india-atul-sethi-march-30-2013-what-if-the-net-shut-down-for-a-few-days

What Frameworks for Cross-Border Online Communities and Services

praskrishna — 2012-12-05T00:10:27Z

Chinmayi Arun, Assistant Professor at National Law University India and Fellow at the CIS India, talks about the Internet Governance Forum 2012 Workshop 154 "What Frameworks for Cross-Border Online Communities and Services", which was hosted by the Internet & Jurisdiction Project on November 8, 2012.

Panelists:

Chinmayi Arun, National Law University India and Fellow at CIS India
Brian Cute, CEO at PIR (.org)
Lee Hibbard, Media and Information Society Division at Council of Europe
Konstantinos Komaitis, Policy Advisor at Internet Society
Michael Niebel, Internet Policy Development at European Commission
Patrick Ryan, Policy Councel Open Internet at Google

More information at www.internetjurisdiction.net

Video by the Internet Governance Forum

For more details visit https://cis-india.org/news/frameworks-for-cross-border-online-communities-and-services

What Does Facebook's Transparency Report Tell Us About the Indian Government's Record on Free Expression & Privacy?

pranesh — 2015-04-05T05:08:37Z

Given India's online population, the number of user data requests made by the Indian government aren't very high, but the number of content restriction requests are not only high on an absolute number, but even on a per-user basis.

Further, Facebook's data shows that India is more successful at getting Facebook to share user data than France or Germany. Yet, our government complains far more about Facebook's lack of cooperation with Indian authorities than either of those countries do. I think it unfair for any government to raise such complaints unless that government independently shows to its citizens that it is making legally legitimate requests.

Since the Prime Minister of India Shri Narendra Modi has stated that "transparency and accountability are the two cornerstones of any pro-people government", the government ought to publish a transparency report about the requests it makes to Internet companies, and which must, importantly, provide details about how many user data requests actually ended up being used in a criminal case before a court, as well as details of all their content removal requests and the laws under which each request was made.

At the same time, Facebook's Global Government Requests Report implicitly showcases governments as the main causes of censorship and surveillance. This is far from the truth, and it behoves Facebook to also provide more information about private censorship requests that it accedes to, including its blocking of BitTorrent links, it's banning of pseudonymity, and the surveillance it carries out for its advertisers.

For more details visit https://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell-us-about-indian-government-record-on-free-expression-and-privacy

What Centre will tell Supreme Court on Aadhaar and social media account linkage

Amrita Madhukalya — 2019-09-02T04:28:45Z

The top court had held in the Aadhaar case that the government can make the linking of the 12-digit-number mandatory only in the case of availing subsidies and welfare benefits. Consequently, Section 57 of the Aadhaar Act was struck down.

The article by Amrita Madhukalya was published in Hindustan Times on August 28, 2019. Gurshabad Grover was quoted.

The Centre will refer to the Aadhaar Act and the Supreme Court’s 2017 privacy judgement when it is directed by the top court to put forward its view on whether the unique identification number should be made mandatory in opening and managing accounts on Facebook, Twitter, WhatsApp and other social media platforms.

“While we are yet to receive a notice from the SC asking for our reply, the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016, and the apex court’s 2017 judgement upholding the Right to Privacy will guide us in drafting a response,” a senior official of the ministry of electronics and information technology, who did not wish to be named, said.

As a division bench of Madras High Court continues to hear two writ petitions on whether social media profiles should be linked to Aadhaar so that users in cases where pornographic material, fake news and communal content is posted on these sites can be traced, Facebook had simultaneously filed a plea to transfer all similar cases in the high courts of Madras, Bombay as well as Madhya Pradesh. The top court will hear the matter on September 13.

During its hearings, Madras High Court made it clear that it will not rule on Aadhaar-linking and the case will concentrate on traceability now. As of now, only one of the transfer petitions, the one in Jabalpur, deals with Aadhaar linking.

Meanwhile, the top court has already asked social media companies for their stand on the matter. Senior lawyers Mukul Rohatgi and Kapil Sibal, who have been representing Facebook and WhatsApp respectively in Madras High Court case, have already said that as both the companies are headquartered outside of India, with operations in dozens of countries, the high court’s judgement will have ramifications globally.

Both Twitter and Google declined to comment on the matter, as the matter is sub-judice, while Facebook was not available.

However, in March this year, Facebook CEO Mark Zuckerberg said that privacy, encryption and secure data storage were some of these principles while unveiling the company’s “vision and principles” in building a “privacy-focused” social platform.

Wherein people can have “clear control over who can communicate with them and confidence that no one else can access what they share”, such communication could be secure with end-to-end encryption, and Facebook will not store sensitive data in countries with “weak records on human rights”.

Gurshabad Grover of the Centre for Internet Security says he welcomes the Centre’s stand but adds that the petition should not have been allowed by the Madras High Court in the first place.

“The case is now deliberating on policy, which is the responsibility of the government. This goes against the basis of separation of power,” he says.

The Centre is dealing with issues surrounding traceability through the Intermediaries Guidelines, which is due in the next few weeks.

The solution, Grover says, lies in diplomatic negotiations.

“Instruments like the US’ Clarifying Lawful Overseas Use of Data Act can come in handy if India can fight for better executive agreements there, provided we have data protection laws in line with human rights standards,” he said.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage

What Bengaluru Thinks of the Big Tech Announcements in Silicon Valley

praskrishna — 2015-10-18T13:26:35Z

There is a split verdict on the big tech announcements made out of California during the Prime Minister's visit, in the desi version of Silicon Valley - Bengaluru.

This was published by NDTV on September 29, 2015. Pranesh Prakash was quoted.

Companies here are still assessing how they will be impacted by the big connectivity projects that Google, Microsoft and others announced when Prime Minister Narendra Modi dropped in at Silicon Valley, the global hub for innovation and technology, over the weekend.

CEO Sunder Pichai said Google would tie up with the government to provide free Wi-Fi at 500 railway stations across the country. Microsoft's Satya Nadela said his company would take broadband connectivity to five lakh villages across the country.

And that its cloud services would operate out of India's data centres.

Some smaller companies in Bengaluru hope they will get some business when these giant projects are implemented. "Smaller companies like ours would be hoping we get a share of the pie when it comes to implementation. The government should ensure that," said Soujanya Prakash, a General Manager at Vee Technologies, to NDTV. Vee one of the companies assigned to implement part of the massive Aadhar identity card project.

Ms Prakash said companies like Microsoft and Google bring great technological expertise with them.

Pranesh Prakash, Policy Director for the Centre for Internet and Technology, had a word of caution as he voiced concern about the privacy policies of some big global companies. "The government should push for a strong data protection regime in India and force these companies to abide by that," he said.

Mr Prakash also said, "These companies need India more than we need them since there are more than one billion customers here. The Indian government must be wise in using this bargaining power."

For more details visit https://cis-india.org/internet-governance/news/ndtv-maya-sharma-september-29-2015-what-bengaluru-thinks-of-big-tech-announcements-in-silicon-valley

What Are You Accused of? Find Out Online

praskrishna — 2011-04-01T16:48:30Z

Starting Tuesday, police authorities in the Indian capital will make many crime reports, also known as First Information Reports, publicly accessible from its Web site. The report can be attained by entering details such as the name of the accused or victim and also the area where the crime took place. So far, no crime reports have been posted on the Web site.

The step is meant to help people who have been accused of a crime, and who aren’t able to find out from police—or who are perhaps reluctant to approach a police station—find out what exactly they’re supposed to have done.

“In case a police officer refuses to reveal the First Information Report, the accused can get a copy online and defend himself,” Rajan Bhagat, Delhi police spokesman told India Real Time Tuesday.

After police register a crime report, they’re supposed to carry out an investigation and then decide whether or not to bring charges.

Mr. Bhagat said the crime reports were being put online to comply with a 35-page Delhi High Court order on December 6.

“The liberty of an individual is inextricably linked with his right to be aware how he has been booked under law and on what allegations,” the court said at the time in an order that quotes Cuban revolutionary José Martí .

Mr. Bhagat said the software for uploading the FIRs has been installed at all police stations across the capital. The crime report is supposed to be made available online within 24 hours after a crime is registered.

Depending on whether the crime reports are searchable or not, and if people other than those named in the reports can access them, they could also prove useful for analyzing crime patterns in the city.

Of course, there exists some ambiguity in the new process, including how many crime reports will actually end up being uploaded online.

Crime reports for offences categorized as “sensitive” need not be uploaded. These include issues of terrorist acts, crimes relating to national security, rape, murder, kidnapping for ransom and “cases in which desperate gangsters are involved and there is the danger of witnesses or the complainant being intimidated,” the court order said.

“We cannot reveal the identity of serious criminals; this can hamper the investigation process,” said Mr. Bhagat, adding that the decision for a crime report not to be uploaded must be made by a senior police officer together with a local magistrate from the area where the crime was committed.

Some legal experts aren’t happy about the “selective” airing of information by the Delhi police.

“The service would be a complete failure,” said Pinaki Misra, senior counsel at the Delhi High Court.

Mr. Misra said the First Information Report is a public document–the first step towards registering criminal activity–and it should be freely accessible.

“There’s no reason why such information should be deemed confidential and selectively uploaded,” he said.

But others said there was good reason to avoid making a crime report public in some cases, such as to protect the identity of victims of sexual crimes, or even to protect suspects in cases where crimes could instigate violence against them.

Sunil Abraham, executive director at the Center for Internet and Society, a think-tank based in Bangalore, said the Delhi police’s new initiative was “a positive step with necessary safeguards.”

He added that the disclosure of too much information by police or other investigating agencies can sometimes lead to incidents of “mob justice,” pointing to recent occasions where bystanders have attacked people involved in highly publicized cases at their court appearances.

“The onus now is on the Delhi police as to how and what they put it in actual practice,” Mr. Abraham said.

Read the original here

For more details visit https://cis-india.org/news/what-are-you-accused

What Are The Consumer Protection Concerns With Crypto-Assets?

Aman Nair and Vipul Kharbanda — 2022-07-18T15:22:02Z

Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

The article was published in Medianama on July 8, 2022

Crypto-asset regulation is at the forefront of India’s financial regulator’s minds. On the 6th of June, the Securities and Exchange Board of India (SEBI) in a response to the Parliamentary Standing Committee on Finance expressed clear consumer protection concerns associated with crypto-assets.

This statement follows multiple notices issued by the Reserve Bank of India (RBI) warning consumers of the risks related to crypto-assets, and even a failed attempt to prevent banks from transacting with any individual trading crypto-assets. Yet, in spite of these multiple warnings, and a significant drop in trading volume due to the introduction of a new taxation structure, crypto-assets still have managed to establish themselves as a legitimate financial instrument in the minds of many.

Recent global developments, however, seem to validate the concerns held by both the RBI and SEBI.

The bear market that crypto finds itself in has sent shockwaves throughout the ecosystem, crippling some of the most established tokens in the space. Take, for example, the death spiral of the algorithmic stablecoin Terra USD and its sister token Luna—with Terra USD going from a top-10-traded crypto-token to being practically worthless. The volatility of token prices has had a significant knock-on effect on crypto-related services. Following Terra’s crash, the Centralised Finance Platform (CeFi) Celsius—which provided quasi-banking facilities for crypto holders—also halted all withdrawals. More recently, the crypto-asset hedge fund Three Arrows also filed for bankruptcy following its inability to meet its debt obligations and protect its assets from creditors looking to get their money back.

Underpinning these stories of failing corporations are the very real experiences of investors and consumers—many of whom have lost a significant amount of wealth. This has been a direct result of the messaging around crypto-assets. Crypto-assets have been promoted through popular culture as a means of achieving financial freedom and accruing wealth quickly. It is this narrative that lured numerous regular citizens to invest substantial portions of their income into crypto-asset trading. At the same time, the crypto-asset space is littered with a number of scams and schemes designed to trick unaware consumers. These schemes, primarily taking the form of ‘pump and dump’ schemes, represent a significant issue for investors in the space.

It seems, therefore, that any attempt to ensure consumer protection in the crypto-space must adopt two key strategies:

First, it must re-orient the narrative from crypto as a simple means of getting wealthy—and ensure that those consumers who invest in crypto do so with full knowledge of the risks associated with crypto-assets
Second, it must provide consumers with sufficient recourse in cases where they have been subject to fraud.

In this article, we examine the existing regulatory framework around grievance redressal for consumers in India—and whether these safeguards are sufficient to protect consumers trading crypto-assets. We further suggest practical measures that the government can adopt going forward.

What is the Current Consumer Protection Framework Around Crypto-assets?

Safeguards Under the Consumer Protection Act and E-commerce Rules

The increased adoption of e-commerce by consumers in India forced legislators to address the lack of regulation for the protection of consumer interests. This legislative expansion may extend to protecting the interests of investors and consumers trading in crypto-assets.

The groundwork for consumer welfare was laid in the new Consumer Protection Act, 2019 which defined e-commerce as the “buying or selling of goods or services including digital products over digital or electronic network.” It also empowered the Union Government to take measures and issue rules for the protection of consumer rights and interests, and the prevention of unfair trade practices in e-commerce.

Within a year, the Union Government exercised its power to issue operative rules known as the Consumer Protection (E-Commerce) Rules, 2020 (the “Rules”), which amongst other things, sought to prohibit unfair trade practices across all models of e-commerce. The Rules define an e-commerce entity as one which owns, operates or manages a digital or electronic facility or platform (which includes a website as well as mobile applications) for electronic commerce.

The definition of e-commerce is not limited only to physical goods but also includes services as well as digital products. So, one can plausibly assume that it would be applicable to a number of crypto-exchanges, as well as certain entities offering decentralized finance (DeFi) services. This is because crypto tokens—be it cryptocurrencies like Bitcoin, Ethereum, or Dogecoin—are not considered currency or securities within Indian law, but can be said to be digital products since they are digital goods.

The fact that the digital products being traded on the e-commerce entity originated outside Indian territory would make no difference as far as the applicability of the Rules is concerned. The Rules apply even to e-commerce entities not established in India, but which systematically offer goods or services to consumers in India. The concept of systematically offering goods or services across territorial boundaries appears to have been taken from the E-evidence Directive of the European Union and seeks to target only those entities which intend to do substantial business within India while excluding those who do not focus on the Indian market and have only a minuscule presence here.

Additionally, the Rules impose certain duties and obligations on e-commerce entities, such as:

The appointment of a nodal officer or a senior designated functionary who is resident in India, to ensure compliance with the provisions of the Consumer Protection Act;
The prohibition on the adoption of any unfair trading practices, thereby making the most important requirements of consumer protection applicable to e-commerce;
The establishment of a grievance redressal mechanism and specifying an outer limit of one month for redressal of complaints;
The prohibition on imposing cancellation charges on the consumer, unless a similar charge is also borne by the e-commerce entity if it cancels the purchase order unilaterally for any reason;
The prohibition on price manipulation to gain unreasonable profit by imposing an unjustified price on the consumers;
The prohibition on discrimination between consumers of the same class or an arbitrary classification of consumers that affects their rights; etc.

The Rules also impose certain liabilities on e-commerce entities relating to the tracking of shipments, the accuracy of the information on the goods or services being offered, information and ranking of sellers, tracking complaints, and information regarding payment mechanisms. Most importantly, the Rules explicitly make the grievance redressal mechanism under the Consumer Protection Act, 2019 applicable to e-commerce entities in case they violate any of the requirements under the Rules.

What this means is that at present crypto-exchanges and crypto-service providers clearly fall within the ambit of consumer protection legislation in India. In real terms, this means that consumers can rest assured that in any crypto transaction their rights must be accounted for by the corporation.

With crypto related scams exploding globally following 2021, it is likely that Indian investors will come into contact, or be subject to various scams and schemes in the crypto marketplace. Therefore, it is imperative that consumers and investors the steps they can take in case they fall victim to a scam. Currently, any consumer who is the victim of a fraud or scam in the crypto space would as per the current legal regime, have two primary redressal remedies:

Lodging a criminal complaint with the police, usually the cyber cell, regarding the fraud. It then becomes the police’s responsibility to investigate the case, trace the perpetrators, and ensure that they are held accountable under relevant legal provisions.
Lodging a civil complaint before the consumer forum or even the civil courts claiming compensation and damages for the loss caused. In this process, the onus is on the consumer to follow up and prove that they have been defrauded.

Filing a consumer complaint may impose an extra burden on the consumer to prove the fraud—especially if the consumer is unable to get complete and accurate information regarding the transaction. Additionally, in most cases, a consumer complaint is filed when the perpetrator is still accessible and can be located by the consumer. However, in case the perpetrator has absconded, the consumer would have no choice but to lodge a criminal complaint. That said, if the perpetrators have already absconded, it may be difficult even for the police to be of much help considering the anonymity that is built into technology.

Therefore, perhaps the best protection that can be afforded to the consumer is where the regulatory regime is geared towards the prevention of frauds and scams by establishing a licensing and supervisory regime for crypto businesses.

A Practical Guide to Consumer Protection and Crypto-assets

What is apparent is that existing regulations are not sufficient to cover the extent of protection that a crypto-investor would require. Ideally, this gap would be covered by dedicated legislation that looks to cover the range of issues within the crypto-ecosystem. However, in the absence of the (still pending) government crypto bill, we are forced to consider how consumers can currently be protected and made aware of the risks associated with crypto-assets.

On the question of informing customers of the risks associated, we must address one of the primary means through which consumers become aware of crypto-assets: advertising. Currently, crypto-asset advertising follows a code set down by the Advertising Standards Council of India, a self-regulating, non-government body. As such, there is currently no government body that enforces binding advertising standards on crypto and crypto-service providers.

While self-regulation has generally been an acceptable practice in the case of advertising, the advertising of financial products has differed slightly. For example, Schedule VI of the Securities and Exchange Board of India (Mutual Funds) Regulations, 1996, lays down detailed guidelines associated with the advertising of mutual funds. Crypto-assets can, depending on their form, perform similar functions to currencies, securities, and assets. Moreover, they carry a clear financial risk—as such their advertising should come under the purview of a recognised financial regulator. In the absence of a dedicated crypto bill, an existing regulator—such as SEBI or the RBI—should use their ad-hoc power to bring crypto-assets and their advertising under their purview.

This would allow for the government to not only ensure that advertising guidelines are followed, but to dictate the exact nature of these guidelines. This allows it to issue standards pertaining to disclaimers and prevent crypto service providers from advertising crypto as being easy to understand, having a guaranteed return on investment, or other misleading messages.

Moreover, financial institutions such as the RBI and SEBI may consider increasing efforts to inform consumers of the financial and economic risks associated with crypto-assets by undertaking dedicated public awareness campaigns. Strongly enforced advertising guidelines, coupled with widespread and comprehensive awareness efforts, would allow the average consumer to understand the risks associated with crypto-assets, thereby re-orienting the prevailing narrative around them.

On the question of providing consumers with clear recourse, current financial regulators might consider setting up a joint working group to examine the extent of financial fraud associated with crypto-assets. Such a body can be tasked with providing consumers with clear information related to crypto-asset scams and schemes, how to spot them, and the next steps they must take in case they fall victim to one.

Aman Nair is a policy officer at the Centre for Internet & Society (CIS), India, focusing on fintech, data governance, and digital cooperative research. Vipul Kharbanda is a non-resident fellow at CIS, focusing on the fintech research agenda of the organisation.

For more details visit https://cis-india.org/internet-governance/blog/what-are-the-consumer-protection-concerns-with-crypto-assets

What are People's Rights in Digital World

praskrishna — 2016-01-12T01:51:53Z

Vanya Rakesh participated in this workshop organized by IT for Change on December 4, 2015 in Bangalore.


Above: Participants from the workshop

This workshop by IT for Change to build conceptions of rights with regard to the digital realm based on our tacit formative consciousness about them and undertake such an exercise to draw the first outlines of the social contract that must underpin our pervasively digital existence. IT for Change brought together thought leaders engaged in rights frameworks (including rights activists across domains and digital rights activists) to participate in this preliminary inquiry, to build from scratch a conception of what constitutes an equitable and just digital society, and what individual and collective rights would be commensurate to such a conception.

For more info click here.

For more details visit https://cis-india.org/internet-governance/news/what-are-peoples-rights-in-digital-world

What 66A Judgment Means For Free Speech Online

geetha — 2015-03-27T16:50:43Z

This week India's Supreme Court redefined the boundaries of freedom of speech on the internet. With the Court's decision in Shreya Singhal & Ors. v. Union of India, Section 66A of the Information Technology Act, 2000, has been struck down in entirety and is no longer good law.

Geetha Hariharan's article was originally published in the Huffington Post on March 26, 2015.

This week India's Supreme Court redefined the boundaries of freedom of speech on the internet. With the Court's decision in Shreya Singhal & Ors. v. Union of India, Section 66A of the Information Technology Act, 2000, has been struck down in entirety and is no longer good law. Through a structured, well-reasoned and heartening judgment, the court talks us through the nuances of free speech and valid restrictions. While previously, intermediaries were required to take down content upon suo moto determination of lawfulness, Section 79(3)(b) of the Act -- the intermediary liability provision -- has been read down to require actual knowledge of a court order or a government notification to take down content. Section 69A of the Act and its corresponding Rules, the provisions enabling the blocking of web content, have been left intact by the court, though infirmities persist.

The Supreme Court's decision comes at a critical moment for freedom of speech in India. In recent years, the freedom guaranteed under Article 19(1)(a) of the Constitution has suffered unmitigated misery: Wendy Doniger's The Hindus: An Alternative History was banned for hurting religious sentiments, publisher Orient Blackswan fearing legal action stayed its release of an academic work on sexual violence in Ahmedabad, the author Perumal Murugan faced harsh criticism for his novel One Part Woman and chose to slay his authorial identity.

"The Supreme Court's decision comes at a critical moment for freedom of speech in India. In recent years, the freedom guaranteed under Article 19(1)(a) of the Constitution has suffered unmitigated misery."

The tale of free speech on the Internet is similar. In response to takedown requests, intermediaries prefer to tread a safe path, taking down even legitimate content for fear of triggering penalties under Section 79 of the IT Act. The government has blocked websites in ways that transgress the bounds of 'reasonable restrictions' on speech. Section 66A alone has gathered astounding arrests and controversy. In 2012, Shaheen Dhada and her friend were arrested in Maharashtra for observing that Bal Thackeray's funeral shut down Mumbai, Devu Chodankar in Goa and Syed Waqar in Karnataka were arrested in 2014 for making posts about PM Narendra Modi, and a Puducherry man was arrested for criticizing P. Chidambaram's son. The misuse of Section 66A, and the inadequacy of other provisions of the IT Act, were well-documented.

Section 66A: No longer draconian

In a writ petition filed in 2012, the law student Shreya Singhal challenged the constitutionality of Section 66A on grounds, inter alia, of vagueness and its chilling effect. More petitions were filed challenging other provisions of the IT Act including Section 69A (website blocking) and Section 79 (intermediary liability), and these were heard jointly by justices Rohinton F. Nariman and G. Chelameshwar. Section 66A, implicating grave issues of freedom of speech on the internet, was at the centre of the challenge.

"It is difficult -impossible, in fact - to foresee or predict what speech is permitted or criminalised under Section 66A. As a result, there is a chilling effect on free speech online, resulting in self-censorship."

Section 66A makes it a criminal offence to send any online communication that is "grossly offensive" or "menacing", or false information sent for the purposes of causing "annoyance, inconvenience, insult, injury, obstruction, enmity, hatred, ill will", etc. These terms are not defined. Neither do they fall within one of the eight subjects for limitation under Article 19(2). It is difficult -impossible, in fact - to foresee or predict what speech is permitted or criminalised under Section 66A. As a result, there is a chilling effect on free speech online, resulting in self-censorship.

With yesterday's decision, the Supreme Court has struck down Section 66A on grounds of vagueness, excessive range and chilling effects on speech online. What is perhaps most uplifting is the court's affirmation of the value of free speech. In the midst of rising conservatism towards free speech, the Court reminds us that an "informed citizenry" and a "culture of open dialogue" are crucial to our democracy. Article 19(1)(a) shields us from "occasional tyrannies of governing majorities", and its restriction should be within Constitutional bounds enumerated in Article 19(2).

What speech is protected?

There are three types of speech, the court says: Discussion, advocacy and incitement. Discussion and advocacy are at the heart of Article 19(1)(a), and are unquestionably protected. But when speech amounts to incitement - that is, if it is expected to cause harm, danger or public disorder- it can be reasonably restricted for any of these reasons: public order, sovereignty and integrity of India, security of the State and friendly relations with foreign states.

" The Union of India argued that Section 66A is saved by the clauses "public order", "defamation", "incitement to an offence" and "decency, morality". But as the court finds that these are spurious grounds."

Section 66A, however, does not meet the legal standards for any of the limitation-clauses under Article 19(2), and so is unconstitutional. The Union of India argued that Section 66A is saved by the clauses "public order", "defamation", "incitement to an offence" and "decency, morality". But as the court finds that these are spurious grounds. For instance, Section 66A covers "all information" sent via the Internet, but does not make any reference (express or implied) to public order. Section 66A is not saved by incitement, either. The ingredients of "incitement" are that there must be a "clear tendency to disrupt public order", or an express or implied call to violence or disorder, and Section 66A is remarkably silent on these. By its vague and wide scope, Section 66A may apply to one-on-one online communication or to public posts, and so its applicability is uncertain. For these grounds, Section 66A has been struck down.

For freedom of speech on the internet, this is fantastic news! The unpredictability and threat of Section 66A has been lifted. Political commentary, criticism and dialogue are clearly protected under Article 19(1)(a). Of course, the government is still keen to regulate online speech, but the bounds within which it may do so have been reasserted and fortified.

Section 69A and website blocking

Section 69A empowers the government and its agencies to block websites on any of six grounds: "in the interest of sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above". The blocking procedure is set out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009. It requires that a Committee for Examination of Request (CER) examines each blocking request, and gives the content-generator or host 48 hours to make a representation. The Secretary of the Department of Electronics and Information Technology then issues the blocking direction to the intermediary.

"[The court has] failed to consider the impact of Section 69A and its Rules. Our free speech rights as listeners are equally affected when legitimate websites containing information are blocked. Transparency, blockpage notifications and judicial review are essential to determine whether each blocking direction is valid."

Now, the Supreme Court decision has left Section 69A and its Rules intact, stating that it is a "narrowly drawn provision with several safeguards". However, the Court has overlooked some crucial details. For instance, no judicial review is available to test the validity of each blocking direction. Moreover, Rule 14 of the Blocking Rules requires that all blocking requests and directions are kept confidential. This means that neither the content-generator, nor the reader/listener or general public, will have any idea of how many blocking directions have been issued or why. There is no standard blockpage display in India, either, and this further aggravates the transparency problem.

Lamentably, the Supreme Court has not considered this. Though the court has recognised and upheld the rights of viewers, readers and listeners in its decision on Section 66A, it failed to consider the impact of Section 69A and its Rules on readers and listeners. Our free speech rights as listeners are equally affected when legitimate websites containing information are blocked. Transparency, blockpage notifications and judicial review are essential to determine whether each blocking direction is valid.

Section 79 and the intermediary as a judge

Section 79 provides a safe harbour for intermediaries: if they abide by the requirements of Section 79(2), they retain immunity. But under Section 79(3)(b), intermediaries can lose their immunity from prosecution if, after receiving a takedown notice, they do not take down content in three circumstances: (1) if they have actual knowledge that third-party information within their control is being used to commit an unlawful act (i.e., by suo moto deciding the lawfulness of content); (2) if a court order requires takedown of content; (3) if a government notification requires takedown. Rule 3(4) of the Intermediaries Guidelines Rules, 2011 has a similar provision.

"The Supreme Court has wisely put an end to private adjudication of lawfulness. Section 79(3)(b) and Rule 3(4) have been read down to mean that the intermediary must have actual knowledge of a court order or government notification."

This leads to a situation where a private intermediary is responsible for deciding what constitutes lawful content. Previous studies have shown that, when placed in such a position, intermediaries prefer overbroad blocking to escape liability. As readers, we can then only access uncontroversial content. But the freedom of speech includes, as the European Court of Human Rights emphasised in Otto-Preminger Institut, the freedom to "offend, shock and disturb".

In Shreya Singhal, the Supreme Court has wisely put an end to private adjudication of lawfulness. Section 79(3)(b) and Rule 3(4) have been read down to mean that the intermediary must have actual knowledge of a court order or government notification. Even if an intermediary chooses not to act in response to a private takedown notice, it will retain its immunity under Section 79.

With Shreya Singhal, India has reaffirmed its protections for freedom of speech on the internet. One may now freely speak online without fear of illegitimate and unconstitutional prosecution. However, a re-examination of the blocking procedure, with its infirmities and direct impact on speech diversity, is essential. But today, we celebrate!

For more details visit https://cis-india.org/internet-governance/blog/huffington-post-geetha-hariharan-march-26-2015-what-66-a-judgment-means-for-free-speech-online

WGIG+8: Stock-Taking, Mapping, and Going Forward

pranesh — 2013-04-04T06:49:31Z

On February 27, 2013, the Centre for Internet and Society conducted a workshop on the Working Group on Internet Governance report, titled "WGIG+8: Stock-Taking, Mapping, and Going Forward" at the World Summit on the Information Society (WSIS) + 10 meeting at Fontenoy Building, conference room # 7, UNESCO Headquarters, Paris from 9.30 a.m. to 11.00 a.m.

Details of the event were published on the UNESCO website.

Session Personnel

Pranesh Prakash was the moderator for the session. There were about 10-15 participants along with 5 remote participants.

There were four speakers:

William Drake, International Fellow and Lecturer, Media Change & Innovation Division, IPMZ at the University of Zurich
Carlos Afonso, Executive Director of the Núcleo de Pesquisas, Estudos e Formação (NUPEF) institute
Avri Doria, Dotgay LLC, Association for Progressive Communications, International School for Internet Governance
Désirée Miloshevic, International Affairs and Policy Adviser, Afilias

Summary of the Discussion

Speakers Summaries

William Drake:
Mr. Drake argued that the WGIG process demonstrated the benefits of multistakeholder collaboration, and facilitated the WSIS negotiations, and the multistakeholder process that WGIG embodied promoted public engagement in the Internet governance debate. The working definition of “Internet governance” that the WGIG came up with demystified the nature and scope of Internet governance. One important outcome of the WGIG report was the proposal of the establishment of the Internet Governance Forum. The WGIG began the holistic assessment of “horizontal issues,” including development, and made some broad but useful recommendations on key “vertical issues”. And lastly, the WGIG offered four models for the oversight of core resources that helped to focus the global debate on the governance of the Internet’s core resources.

Carlos Afonso:
Mr. Afonso commented on the issue of international interconnection costs, and pointed out that they continue to be complex and involve complicated cost accounting. Mr. Afonso then pointed out that the Number Resource Organization (NRO) and the Regional Internet Registries (RIRs) could be doing more in the context of IPv6, in the way of stimulating backbone operators to ensure IPv6 visibility of the networks below them — many are already IPv6-ready but upstream providers do not provide corresponding transit. He also drew attention to “enhanced cooperation” as an issue that had not been anticipated at the time of the report, but had since become an important issue; similarly, he identified social networking and (in response to a question) military uses of the Internet, etc., as other such issues. He opined that the WGIG report needed to be elaborated upon in the present context.

Avri Doria:
Ms. Doria argued that while the report was reluctantly accepted after having been first rejected by the governments, it has proven to be highly useful. She praised the report for its working definition of IG, as it is still being used, and because the report made a clear distinction between governments and the governance of the Internet. She then argued that the definition of roles and responsibilities of stakeholders is very loose in the WGIG report and that these definitions are something that needs further study as they do not take into account the full role and responsibilities of all stakeholders. She also argued that the National Telecommunications and Information Administration is transferring some of its oversight powers over technical governance of the domain name system, to multistakeholder processes as can be seen from the “Affirmation of Commitments” which has replaced the earlier “Memorandum of Understanding” it had with ICANN." She argued that the Affirmation of Commitment based review teams are an important experiment that should be followed with interest.

Désirée Miloshevic:
Ms. Miloshevic pointed out that outside the meta issue of keeping the Internet open for innovation, issues relating to freedom of speech and human rights were the most important challenges facing Internet governance today. She highlighted that several issues, such as economic benefits, consumer protection, freedom to connect and education are issues that have either not been addressed or have been addressed inadequately in the report. She then went on to argue that the IGF, which is an outcome of the WGIG report has had a tangible impact on IG, particularly on clarifying IG as a multi-stakeholder process rather than describing mere institutional regulation models. For example, the IGF allows for newly identified public policy issues to continue to feature as topics in the IGF as emerging issues, such as open data, etc. Ms. Miloshevic also emphasised the need for stakeholders to increase the development of capacity in dealing with IG issues at the global level.

Summary of General Discussion

Overall, it was agreed by all panelists that the WGIG 2005 report and the WSIS process have had a large impact on Internet Governance (IG), particularly in terms of an increase in public awareness and participation in IG as well as in framing of IG as involving multiple stakeholders and not just governments. This has in turn led to a shifting of power equations as well as an increase in openness and transparency. The report has helped create the distinction between governments and governance of the Internet, and framed, through the working definition of IG that was later incorporated in the WSIS Tunis Agenda, the non-technical aspects of IG as a core part of IG. Further, the identification and mapping of issues associated with IG and the generation of institutional governance models were important outcomes of the report. The report was also seen as instrumental in the creation of the Internet Governance Forum (IGF).

Panellists also noted the changed context and the progress (and in many cases, lack of progress) since the WGIG report. Issues were raised around the lack of progress in implementing the specific recommendations made by the report. Inadequate capacity-building of actors in the global South, and efforts of the Number Resource Organization (NRO) and the Regional Internet Registries (RIRs) with respect to IPv6 were used as examples. It was also pointed out that a number of concerns have materialized that had not been anticipated at the time of the report, including 'enhanced cooperation', the emergence of social networking, and military uses of the Internet.

Moderator's summary

The WGIG and its report, the background report and the book that followed from that report, have proven to be crucial in defining the formulation and direction of Internet governance for the past 8 years, and have resulted in a multi-stakeholder governance model for the Internet and the IGF, and have set many norms that have shifted power equations. However, many significant issues that weren't central to Internet governance during the formulation of the WGIG report have since emerged, the majority of the recommendations made in the WGIG report haven't seen much progress, the capacity of actors in the global South to engage in IG issues has not increased greatly, and the IGF needs to gain greater credibility and centrality. Transnational private corporations are emerging as increasingly powerful actors in Internet governance and are slowly shifting the balance, a development that was unforeseen in 2005 when governments were seen as the most powerful actors.

Any agreed recommendations from the session

The panelists recommended the production of an analytical report that would explore the current status of the issues and recommendations laid in the original report issues as well as identify any new concerns that have arisen since 2005. An important aspect of this report would be an emphasis on the benefits of the IGF and the role of the WGIG process and report in underscoring the significance of multi-stakeholder processes. Further recommendations included the continued advancement of Internet rights and principles and enhanced cooperation, as these are two focus areas that have emerged since the WGIG report, and the strengthening of the IGF.

For more details visit https://cis-india.org/internet-governance/blog/wgig-8-stock-taking-mapping-and-going-forward

Webinar on the draft Intermediary Guidelines Amendment Rules

Admin — 2019-01-18T02:13:23Z

CCAOI and the ISOC Delhi Chapter organised a webinar on January 10 to discuss the draft "The Information Technology [Intermediary Guidelines (Amendment) Rules] 2018". Gurshabad Grover was a discussant in the panel.

The agenda of the discussion was:

A brief introduction to the draft highlighting the key issues[Shashank Mishra]
Invited experts sharing their view on the paper and questions asked [Nehaa Chaudhari, Paul Brooks, Arjun Sinha, Gurshabad Grover]
Open Discussion Q&A
Summarizing the session

A recording of the session can be accessed here

For more details visit https://cis-india.org/internet-governance/news/webinar-on-the-draft-intermediary-guidelines-amendment-rules

Webinar on counter-comments to the draft Intermediary Guidelines

Admin — 2019-02-22T01:51:19Z

CCAOI and the ISOC Delhi Chapter organised a webinar on February 11 to discuss the comments submitted to the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018, and counter-comments that were due by February 14.

The agenda of the discussion was:

A brief introduction to the counter comment process [Shashank Mishra]
Invited stakeholders comment on key issues and perspectives on the submissions and the points to be countered.

The following people participated:

Amba Kak, Mozilla
Rajesh Chharia, ISPAI
Gurshabad Grover, CIS
Priyanka Chaudhari, SFLC
Divij Joshi, Vidhi Centre for Legal Policy

For more details visit https://cis-india.org/internet-governance/news/webinar-on-counter-comments-to-the-draft-intermediary-guidelines

Web of Sameness

nishant — 2013-01-18T06:17:29Z

The social Web has been an ominous space at the start of 2013. It has been awash with horror, pain and grief. The recent gang rape and death of a medical student in Delhi prevents one from being too optimistic about the year to come. My live feeds on various social networks are filled with rue and rage at the gruesome incident and the seeming depravity of our society.

Nishant Shah's column was published in the Indian Express on January 18, 2013.

As I contemplate the event, I see that the Web has become a space for coping with pain and mitigating the horror of our lives. I feel comforted, when I go online, and see people grieving for a woman they never knew, and demanding better conditions for all. As I look at these resolves for change, battle cries demanding justice, and angry responses directed at imagined and imaginary perpetrators of these crimes, I realise that I have heard it all before, over and over again.

“Not Again!” has been the refrain of the year. If life were a musical, this would have been the persistent chorus line of 2012. From fighting against censorship and violation of privacy by government and corporations to acts of hatred, or from ridiculing the map glitches on the iPhone to seeing the growing stronghold of authoritarian forces over the social Web, we have repeatedly rolled our digital sleeves, gnashed our fingers on the keyboards and shouted in political solidarity, “Not Again!”. While this show of protest, this robust expression of change holds a promise of how things will change for the better, it is also a refrain that has lost its bite. What does it mean, this ability to repeatedly say “Not Again!” only to experience these horrors in despairing cyclic patterns?

I want to see how the social Web and the new public spheres online might offer us outlets for emotions but not necessarily platforms for action. Some of the earliest critiques of the Web expressed the fear that given the extreme customisation of social networks, we might soon reside only in digital echo chambers. In the heavily informatised ages that we live in, it is not uncommon to set up specific groups that we belong to, identify friends that we talk with, mark people we follow, set up circles we share in, and configure filters that help us receive information that is tailor-made to suit our personalised preferences. Unfortunately, this quest for selective information sampling often means that we separate the digital spaces of life from the physical ones, without even realising it. We might be seamlessly navigating these two spaces, not really caring for the distinctions of “virtual reality” and “real life”, but in instances like these, it is easy to see how we shroud ourselves in echo chambers, never allowing voices to translate into the world of action.

You are sure to have been bombarded with tweets that have insightfully analysed the conditions of safety in our public spaces. And in all of this, like me, you must have been comforted thinking that there is still hope. But for every “like” you received on your status update, for every time your tweet got favourited or retweeted, for every time you found yourself agreeing with the social experts, you also separated yourself from the reality. Because the people who gave your opinions the attention, are actually people just like you. They are already on your side of things. Talking to them, exchanging ideas with them, calling for change side-by-side is like preaching to the choir, but it gives us a sense of having reached out. The voices in an echo chamber are not just repeated ad nauseum, but they are also not heard by anybody else on the outside, thus stifling the energy and passions that might have resulted in real change.

The Web also offers an easy separation of us versus them. As coping mechanisms and as a way of distancing ourselves from these events, the Web offers us a clear disavowal of guilt. The young man, who shot those children in the school, was mentally unstable. The laws that allowed him to purchase guns are because of the politicians and the arms industry. The student, who got raped in a bus, is the responsibility of the ‘rape capital’ Delhi. If we were in charge, these things would not have happened this way. But now they have happened, and so we will be angry, we will be shocked, we will tweet “Not Again!” and then quickly shift our ever-expanding attention to the burgeoning space of information online.

And then we will wait, for the next incident to happen — oh, not the same, but similar — and we will go through this process once again.

If I have to look into the future and hope that 2013 shall be the year of change, then I am hoping that the change will be from “Not Again” to a “Never Again”. We will have to learn how to use the energy, the power of the Web, the influence of the digital crowds on the digital commons, to produce a change that goes beyond the social network feeds.

I hope that the social Web matures. We have to make sure that the promise of change that the digital social network offers, does not die as armchair clicktivism that witnesses but does nothing to change the act that affects us.

For more details visit https://cis-india.org/internet-governance/blog/indianexpress-nishant-shah-january-12-2013-web-of-sameness

We Truly are the Product being Sold

vidushi — 2016-09-01T02:08:37Z

WhatsApp has announced it will begin sharing user data such as names, phone numbers, and other analytics with its parent company, Facebook, and with the Facebook family of companies. This change to its terms of service was effected in order to enable users to “communicate with businesses that matter” to them. How does this have anything to do with Facebook?

The article was published in the Hindustan Times on August 31, 2016.

WhatsApp clarifies in its blog post, “... by coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.”

WhatsApp’s further clarifies that it will not post your number on Facebook or share this data with advertisers. This means little because it will share your number with Facebook for advertisement. It is simply doing indirectly, what it has said it won’t do directly. This new development also leads to the collapsing of different personae of a user, even making public their private life that they have so far chosen not to share online. Last week, Facebook published a list of 98 data points it collects on users. These data points combined with your WhatsApp phone number, profile picture, status message, last seen status, frequency of conversation with other users, and the names of these users (and their data) could lead to a severely uncomfortable invasion of privacy.

Consider a situation where you have spoken to a divorce lawyer in confidence over WhatsApp’s encrypted channel, and are then flooded with advertisements for marriage counselling and divorce attorneys when you next log in to Facebook at home. Or, you are desperately seeking loans and get in touch with several loan officers; and when you log in to Facebook at work, colleagues notice your News Feed flooded with ads for loans, articles on financial management, and support groups for people in debt.

It is no secret that Facebook makes money off interactions on its platform, and the more information that is shared and consumed, the more Facebook is benefitted. However, the company’s complete disregard for user consent in its efforts to grow is worrying, particularly because Facebook is a monopoly. In order for one to talk to friends and family and keep in touch, Facebook is the obvious, if not the only, choice. It is also increasingly becoming the most accessible way to engage with government agencies. For example, Indian embassies around the world have recently set up Facebook portals, the Bangalore Traffic Police is most easily contacted through Facebook, and heads of states are also turning to the platform to engage with people. It is crucial that such private and collective interactions of citizens with their respective government agencies are protected from becoming data points to which market researchers have access.

Given Facebook’s proclivity for unilaterally compromising user privacy, the Federal Trade Commission (FTC) in 2011 charged the company for deceiving consumers by misleading them about the privacy of their information. Following these charges, Facebook reached an agreement to give consumers clear notice and obtain consumers’ express consent before extending privacy settings that they had established. The latest modification to WhatsApp’s terms of service seems to amount to a clear violation of this agreement and brings out the grave need to treat user consent more seriously.

There is a way to opt out of sharing data for Facebook ads targeting that is outlined by WhatsApp on its blog, which is the best example for a case of invasion-of-privacy-by-design. WhatsApp plans to ask the users to untick a small green arrow, and then click on a large green button that says “Agree” (which is the only button) so as to indicate that they are opting-out. The interface of the notice seems to be consciously designed to confuse users by using the power of default option. For most users, agreeing to terms and conditions is a hasty click on a box and the last part of an installation process. Predictably, most users choose to go with default options, and this specific design of the opt-out option is not meaningful at all.

In 2005, Facebook’s default profile settings were such that anyone on Facebook could see your name, profile picture, gender and network. Your photos, wall posts and friends list were viewable by people in your network. Your contact information, birthday and other data could be seen by friends and only you could view the posts that you liked. Fast forward to 2010, and the entire internet, not just all Facebook users, can see your name, profile picture, gender, network, wall posts, photos, likes, friends list and other profile data. There hasn’t been a comprehensive study since 2010, but one can safely assume that Facebook’s privacy settings will only get progressively worse for users, and exponentially better for Facebook’s revenues. The service is free and we truly are the product being sold.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold