We are anonymous, we are legion

India’s net neutrality debate is unique and complex

praskrishna — 2015-12-30T16:38:45Z

Connectivity to millions in India is main issue

The article by Pratap Vikram Singh was published in Governance Now on December 14, 2015.

The net neutrality debate has perplexed layman and policy experts alike. For a developing country like India, where a majority of the population doesn’t have access to internet, whether government should stick to the core principles or should it allow flexibility in network management practices to operators is still not clear yet. Whether India should go for an overarching, prophylactic regulation (ex ante), prohibiting any kind of zero rating, or should it adopt evidence-based, contextual regulation (ex post facto)? Whether zero rating should be allowed and if allowed then on what conditions? This is what experts from telecom industry and civil society deliberated in a round table on network neutrality jointly organised by Observer Research Foundation and Centre for Internet and Society on Saturday.

Neutrality refers to open and non-discriminatory nature of internet; information (or say data packets) has always flown freely on the network. Facebook, Google and many other internet businesses have emerged as a result of free and non discriminatory nature of internet.

Warning against taking a 'doctrinaire' approach to net neutrality, a telecom industry expert said that regulators must have flexibility to respond to market demand in the telecom industry. Adding that Indian market is unique with more than seven-ten telecom operators providing internet facility, the expert said that net neutrality will play differently in developing countries.

He said if implemented properly, the zero-rating approach or sponsored content followed by TSPs, “can be one of the ways to scale up internet access” to the unconnected regions.

Another industry expert said that the regulations on network neutrality has to be contextualized in terms of geography. He criticized the ‘savetheinternet’ movement, which galvanised support of one million internet users in favour of strict neutrality, for preventing one billion people from accessing ‘free’ internet. He said that telecom operators’ revenue from zero rating plans is less than one percent.

He was also against bringing net neutrality under the purview of competition commission of India. He said that there are already several laws related to consumer protection, information technology and monopoly to deal with situations arising out of neutrality issue.

An internet freedom activist said that zero rating can be allowed under stringent conditions of transparency, non-exclusivity and reasonability. He said that one way of setting the neutrality debate would be to allow zero rating with an amount of equal rating. This means that telecom players can offer toll free access to certain websites but they would also have to provide free 100 Mb or 200 Mb data connectivity within which a user can access any website or app for free.

“Countries like the US can afford to debate on net neutrality as almost 90 percent of their population are connected to internet. Here (in India) we should first worry about providing internet access to our people,” an ORF researcher said, speaking on the sidelines of the roundtable discussion.

The neutrality debate is getting momentum again with TRAI’s consultation paper being released on December 9. In its second paper, TRAI suggested, “that TSPs could provide initial data consumption for free, without limiting it to any particular content. Current examples of this approach include allowing free browsing or discounted tariffs for specified time windows, or giving away a certain amount of data for free.”

The regulator also called for regulation that “must seek a balance between ensuring wider access to the internet,” and in the manner that does not allow discrimination in charging tariffs from the users consuming varied content. The regulator has asked all stakeholders in telecom industry to come up with alternative methods in order to provide free access of internet to the consumers, and keep competition and innovation in the market intact.

For more details visit https://cis-india.org/internet-governance/news/india2019s-net-neutrality-debate-is-unique-and-complex

India’s National ID Program May Be Turning The Country Into A Surveillance State

praskrishna — 2017-04-07T12:49:30Z

For seven years, India’s government has been scanning the irises and fingerprints of its citizens into a massive database. The once voluntary program was intended to fix the country’s corrupt welfare schemes, but critics worry about its Orwellian overtones.

The blog post by Pranav Dixit was published by BuzzFeedNews on April 4, 2017. Sunil Abraham was quoted.

An abridged version of the blog post containing Sunil Abraham's quotes are reproduced below:

“You can’t change your fingerprints”

Sunil Abraham, the CIS director, calls himself a “technological critic” of the Aadhaar platform. For years, he’s been warning of the security risks associated with a centralized repository of the demographic and biometric details of a billion or so people.

“Aadhaar is a sitting duck,” Abraham told BuzzFeed News. That’s not an unreasonable assessment considering that India’s track record for protecting people’s private data is far from stellar. Earlier this year, for example, a security researcher discovered a website that was leaking the Aadhaar demographic data of more than 500,000 minors. The website was subsequently shut down, but the incident raised questions about Aadhaar’s security protocols — particularly those around data shared with third parties.

Abraham’s concerns are not without global precedent. In 2012, Ecuadorian police jailed blogger Paul Moreno for breaking into the country’s online national identity database and registering himself as Ecuadorian President Rafael Correa. In April 2016, hackers posted a database containing names, national IDs, addresses, and birth dates of more than 50 million Turkish citizens, including Turkish President Recep Tayyip Erdogan; later that month, Mexico’s entire voter database — over 87 million national IDs, addresses, and more — was leaked onto Amazon’s cloud servers by as-yet-untraced sources; and in the Philippines, more than 55 million voters had their private information — including fingerprints — released on the Dark Web.

“When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data.”

“What is the price that we pay as a nation if our database of over a billion people — complete with all 10 fingerprints and iris scans — leaks?” Abraham asked. The consequences, he said, will be permanent. Unlike a password, which you can reset at any time, your biometrics, if compromised, are the ultimate privacy breach. “You can’t change your fingerprints.”

The UIDAI claims that the Aadhaar database is protected using the “highest available public key cryptography encryption (PKI-2048 and AES-256)” and would take “billions of years” to crack.

“Encryption like this doesn’t typically get broken, it gets circumvented,” security researcher Troy Hunt told BuzzFeed News. “For example, the web application that sits in front of it is compromised and data is retrieved after decryption.” Or alternatively, he said, the encryption key itself is compromised. “Naturally, governments will offer all sorts of assurances on these things, but the simple, immutable fact is that once large volumes are centralized like this, there is a heightened risk of security incidents and of the data consequently being lost or exposed,” he added.

Cryptographer and cybersecurity expert Bruce Schneier echoed Hunt’s assessment. “When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data,” he said. “They will go around the encryption.”

Nilekani — who did not respond to BuzzFeed News’ requests for comment — recently dismissed concerns around the project’s privacy implications as “hand-waving.” In an interview with the Economic Times, he repeatedly stressed how secure Aadhaar’s “advanced encryption technology” was. “I can categorically say that it’s the most secure system in India and among the most secure systems in the world,” he said.

Abraham is unconvinced by such assurances. He believes Aadhaar fundamentally changes the equation between a citizen and a state. “There’s a big difference between you identifying yourself to the government, and the government identifying who you are,” he said.

Aadhaar’s opponents say the program’s implementation has left India’s poorest people with no choice but to use it. “If you link people’s food subsidies, wages, bank accounts, and other crucial things to Aadhaar, you hit them where it hurts the most,” Ramanathan argued. “You leave them with no choice but to sign up.”

“Can you imagine if the United States passed a law that said that every person who wished to get food stamps would need their fingerprints registered in a government-owned database?” a journalist turned Aadhaar activist who did not wished to be named told BuzzFeed News. “Imagine what a scandal that would be.”

For Nilekani, such criticism is just overstatement and drama. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he said during a recent interview with Indian business news channel ET Now. “The reality is that a billion people are using Aadhaar. A lot of the accusations are just delusional. Aadhaar is not a system for surveillance. [The critics] live in a bubble and are not connected to reality.”

Abraham laughed off Nilekani’s comments. “The Unique Identification Authority of India will become the monopoly provider of identification and authentication services in India,” he said. “That sounds like a centrally planned communist state to me. I don’t know which left liberal elites he’s talking about.”

For more details visit https://cis-india.org/internet-governance/news/buzzfeednews-pranav-dixit-april-4-2017-indias-national-id-program-may-be-turning-the-country-into-a-surveillance-state

India’s largest bank SBI leaked account data on millions of customers

Admin — 2019-02-01T15:13:15Z

India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions.

The blog post by Zack Whittaker was published Tech Crunch on January 30, 2019. Karan Saini was quoted.

The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500.

But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.

It’s not known for how long the server was open, but long enough for it to be discovered by a security researcher, who told TechCrunch of the leak, but did not want to be named for the story.

SBI Quick allows SBI’s banking customers to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts. It’s ideal for millions of the banking giant’s customers who don’t use smartphones or have limited data service. By using predefined keywords, like “BAL” for a customer’s current balance, the service recognizes the customer’s registered phone number and will send back the current amount in that customer’s bank account. The system can also be used to send back the last five transactions, block an ATM card and make inquiries about home or car loans.

It was the back-end text message system that was exposed, TechCrunch can confirm, storing millions of text messages each day.

A redacted example of some of the banking and credit information found in the database (Image: TechCrunch)

The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer’s partial bank account number. Some would say when a check had been cashed, and many of the bank’s sent messages included a link to download SBI’s YONO app for internet banking.

The bank sent out close to three million text messages on Monday alone.

The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers’ finances.

We verified the data by asking India-based security researcher Karan Saini to send a text message to the system. Within seconds, we found his phone number in the database, including the text message he received back.

“The data available could potentially be used to profile and target individuals that are known to have high account balances,” said Saini in a message to TechCrunch. Saini previously found a data leak in India’s Aadhaar, the country’s national identity database, and a two-factor bypass bug in Uber’s ridesharing app.

Saini said that knowing a phone number “could be used to aid social engineering attacks — which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

SBI claims more than 500 million customers across the glob,e with 740 million accounts.

Just days earlier, SBI accused Aadhaar’s authority, UIDAI, of mishandling citizen data that allowed fake Aadhaar identity cards to be created, despite numerous security lapses and misuse of the system. UIDAI denied the report, saying there was “no security breach” of its system. (UIDAI often uses the term “fake news” to describe coverage it doesn’t like.)

TechCrunch reached out to SBI and India’s National Critical Information Infrastructure Protection Centre, which receives vulnerability reports for the banking sector. The database was secured overnight.

Despite several emails, SBI did not comment prior to publication.

For more details visit https://cis-india.org/internet-governance/news/tech-crunch-zak-whittaker-january-30-2019-indias-largest-bank-sbi-leaked-account-data-on-millions-of-customers

India’s internet shutdowns are costing the economy billions of dollars

Admin — 2018-07-31T16:54:01Z

Frequent internet shutdowns have begun to hurt the Indian economy.

The blog post by Sushma UN was published in Quartz India on July 31, 2018. Akriti Bopanna was quoted.

In recent years, various regional governments and authorities have displayed a growing tendency to simply switch off internet connectivity to contain social and political disturbances. It has already peaked this year.

In just the first seven months of 2018, there have been 92 such incidents across the country; in all of 2017, there were only 79, according to data from internetshutdowns.in. The website’s findings are based on data collected by New Delhi-based pro bono legal services firm Software Freedom Law Center.

“The economic impact itself is very high because our entire economy is gravitating towards internet connectivity,” said Praveen Bhadada, partner at Zinnov Management Consulting. “The estimate is anywhere between $1 billion to $3 billion of productivity losses (over the last five years) because of these outages.”

Most instances of internet shutdowns in India are knee-jerk responses to political turmoil. The latest was reported in Navi Mumbai, Maharashtra, last week. However, state governments are now resorting to it even during local examinations so as to curb cheating.

While the UN has declared access to the internet a basic human right, some argue that shutdowns are effective in certain cases.

“In times of communal riots…internet shutdown is one vehicle through which you can control the situation,” Bhadada of Zinnov said. “Unless and until one is able to ensure that information is accurate and used in the right light, one has to be a little more guarded.”

What India needs to do now is to work on clear guidelines on when such shutdowns can be ordered. While India’s telecom regulator allows for shutdowns, there is ambiguity around when and why this can be done.

“The government should start with updating the rules for internet shutdowns to have specific, narrowly-defined situations in which shutdowns could be effectuated, if at all. The aim should be no or minimum disruption, as a method of last resort,” said Akriti Bopanna, policy officer with Centre for Internet and Society, a Bengaluru-based non-profit organisation.

For more details visit https://cis-india.org/internet-governance/news/quartz-india-sushma-un-july-31-2018-indias-internet-shutdowns-are-costing-the-economy-billions-of-dollars

India’s internet missionaries: The women Google is relying on to spread its Next Billion message

Admin — 2017-11-23T02:33:35Z

Google’s internet saathis have brought 11.5 million women in 105,000 villages online. But there’s a catch: the women are taught to use only Google products.

The article by Sunny Sen was published by Livemint on November 21, 2017.

Until Google came calling at Khaula, one of the nearly 100,000 villages in Uttar Pradesh, early in 2016, few among the womenfolk there had heard about the internet. A few had seen their men watching videos on smartphones, but none had accessed the internet on her own.

Now, more than 1,100 women in Khaula and neighbouring villages know how to access the internet and regularly log in. They teach their children, they teach themselves new skills, they look up fixes to niggling medical problems, and watch YouTube videos.

Khaula is ground zero for an ambitious Google initiative called Next Billion to spread use of the internet in developing economies. The initiative rides on the shoulders of women—internet saathis, who have been roped in to carry the “here’s how to access the internet” message across India. The success or failure of the saathis (saathi means friend in Hindi) in the internet literacy project will make or break the programme.

India, whose over 400 million data consumers make it the No. 2 market by internet users, only behind China, is the top focus country in the Next Billion programme. The project also covers Brazil, Indonesia, Nigeria, and parts of Africa.

The internet saathi programme, run by Google along with Tata Trusts is designed in such a way that two-three women in a village are handpicked and trained to use the internet. They, then, further train thousands of village women—not men—on how to access it. This design is with good reason: less than one-third of internet users in India are women and the number is far lower in its villages, explained Rajan Anandan, Google’s vice president for Southeast Asia and India, in a Mint newspaper article in April.

Neetu’s story

Four years ago, Neetu Bhagour, now 22, had made news in the village when she won a state-level wrestling event and was selected at the national level. But, she never made it to the nationals. “My parents didn’t allow me to… girls in our villages are not allowed to play much,” Bhagour said, her disappointment showing in her smile.

After leaving wrestling, she decided to pursue studies. The college was far away from the village and she didn’t attend every day, yet completed her graduation in science earlier this year—one of the few to do so in Khaula.

It was on one of the days she was home, bunking college, that her uncle told her that if she had time, she could teach village women how to access the internet. That was about one-and-a-half years ago.

“I had only seen my brother using (the internet). He had an Android phone, but he would never let us use it,” Bhagour said. “I decided to learn how to use the internet. People from Google trained us for three-four days… That was the first time I used the internet.”

Google gave her a Lava smartphone and a Celkon tablet—both entry-level brands—to use and train other village women. The cost of the two devices was around Rs11,000, a price that the women of Khaula would perhaps never be able to afford. The trainers also get an umbrella and 2GB of monthly data for each device—all provided by Google.

Till now Google has spent about Rs50 crore on training 35,000 saathis. That’s a tab of between Rs14,000 and Rs15,000 per saathi which includes the Rs11,000 spent on the devices, umbrella and data.

It was not easy for Bhagour to convince women in her village that learning to access the internet would be useful. Often they would scoff at her: “We don’t need it.” She stayed persistent. “It’s okay if you don’t need the internet, but teach it to your children,” she told them. “Use Google to know anything in this world.”

Next billion

Bhagour is one of the 35,000 internet saathis in India Google is backing. And, in a move atypical of the search giant, it is pouring crores of rupees training them. “Tata Trusts are equally funding the initiative for us. Google brings in the devices, the data, and the technical know-how of training the saathis. And Tata Trusts are managing the on-ground implementation, the saathi stipend,” said Neha Barjatya, head of ads marketing & digitizing initiatives, Google India.

The saathis are trained on how the web works, especially how to use various Google products such as Chrome, Search, YouTube, and PlayStore. They are not trained to use any other product, not Facebook or WhatsApp.

Since the beginning of the internet saathis project in 2015, Google has covered 105,000 villages in 12 states and taught 11.5 million women how to use the internet—making it the biggest project by Google under its Next Billion initiative and perhaps the single largest such outreach programme anywhere in the world.

Google wants to take the programme to 300,000 villages. “These women discover the internet (through Google and its products), and eventually discover how to use the internet for their needs,” said Barjatya.

Internet hard-sell

It wasn’t easy for Bhagour or any of the other saathis, initially.

Deepa Rajput of Dehtora village (near Khaula) is a Ph.D in Hindi. She teaches at the Shree Jagdamba Degree College in Agra. She was introduced to the internet saathi initiative by a friend of her husband’s. “Our family is one of the progressive ones in the village, so it was easy to convince my in-laws,” said Rajput.

But when she went out to teach, it was a problem. At the start, women didn’t allow her to take their picture, which is needed to enrol them in the programme. Some even refused to fill the enrolment form.

Rajput’s pitch was simple, yet compelling. “Google pe saara vishwa ka jankari prapt kar sakte hai… Agar aapka bhains bimar ho jata hai toh aap uske karan dekh sakte hai (You can find the entire world’s information on Google… If your buffalo falls sick, you find the reasons there),” she told the village women.

Most women liked the idea but they had to take the permission of their in-laws and husbands. “Women are weak… their survival depends on how much their husbands provide,” Rajput said.

When Google first went to a few villages in 2013, it started by training women directly for three-four hours. This was done at a school or the village community centre. It didn’t work out. The turnout was dismal. Folks at Google knew that they had to fix it if they had to expand beyond towns.

A pilot was done in a village near the Maheshwar town in Madhya Pradesh. Google piloted something called the internet cart, like an ice cream cart, which had internet-enabled tablets. Google-contracted agents would go from village to village, home to home, with these carts and teach the village women how to use the internet.

But, even that wasn’t enough. Google realized that it was important to stay in the village for a long period of time and keep training the women. That’s when the internet saathi concept was born.

The other problem was that women didn’t have devices to access the internet on. So Google gave them devices and free data. In 2015, Google and Tata Trusts started identifying trainers. Initially, Google also provided the saathis with a cycle in 1,500 villages, but stopped it as the women preferred walking.

Changing lives

For many of these beneficiaries, the internet is the only form of empowerment. For Deepmala, a primary school teacher in Atus village not far from Khaula, the internet helps her children learn English. “Children often ask things we don’t know… I have started using Google to explain things to children,” she said.

Deepmala’s first acquaintance with the internet was when she enrolled to become a saathi. She has trained 1,500 women since then. It wasn’t easy to convince her husband to allow her to learn how to use the internet but his mother stepped in. “My mother-in-law allowed me to learn… she used to go with me for the training,” she said.

For all the world that the internet has opened up for her, some centuries-old habits haven’t changed. Deepmala doesn’t know much about her husband’s work or what he earns. All she knows is that her husband works in a shoe factory near Agra. Without her mother-in-law’s backing, Deepmala said, she wouldn’t have been able to become a saathi.

When she showed the village women the internet, they were initially afraid to use it. There are a lot of myths about the ills of the internet in the villages. Rightly so, as often boys and men in the villages click pictures of girls and upload them to porn sites.

Women are shy and shun anything that may intrude on their privacy. It is in such a context that the world of information—access to Bollywood, culture, lifestyle, pornography, information, email, voice calling, and dozens of applications—suddenly opened up to them.

The saathis need to have a minimum education of up to Class VIII and should be comfortable with English. But there are no restrictions on the saathis to pick educated women. Many of their students don’t know how to read or write. For them, Deepa Rajput of Dehtora village said, Google voice commands are the easiest way to search the internet. “Women are seeing videos condemning domestic violence and oppression of women… That is a big change,” she said.

Making money

Deepmala, the school teacher saathi, taught women to search for mehendi designs and facial makeup on Google and YouTube. “Some of them have even started searching new salwar and blouse designs… The women tailors make more money for these designs,” she said.

Some women have started charging Rs50 for drawing mehendi designs. Others have started using the internet to look for agriculture and health-related information.

There are other avenues of making money, too. Deepmala and few of the women she trained landed a contract from research firm Nielsen to do a survey of the villages and the shops, for which they were paid. A list of 96 shops was given to them with a list of 80 questions. “The form was on the internet, we surveyed these villages and filled the form. It was about things like what products are sold, which shops have shut down, updating contact information…,” said Deepmala.

Monica Sisodiya from Barhan village has trained 2,000 women, most of them who are young. After being trained by Monica, two of them opened a beauty parlour. “She gets customers from 10-12 villages because of the new ways she has introduced,” said Monica, who wanted to study law in Agra, but couldn’t because her family wouldn’t allow her to go to the city. She is now pursuing a nursing course at Maa Bhagwati College, 7km from her home.

Google makes most of its revenue by serving digital ads. As more people join the internet and as more of them use the worldwide web, Google can negotiate with brands to get a higher share of the digital advertizing wallet.

Others like Babita Singh are evidence that the lack of information access is not a problem of the poor alone. Babita, 20, whose father is an intelligence officer with the Uttar Pradesh police, lives in a house that is prosperous by Dehtora standards. Her house has four CCTV cameras monitoring the front and rear of the building. The images are captured on a 42-inch LED television on the living room wall.

Yet, Babita used the internet for the first time only four months ago after getting trained by Deepa. Babita refers to the Chrome browser as ‘kromee’. She said she uses the internet to fill forms for banking entrance exams. At leisure, she browses designs of cushion covers and sweaters and tries out new food recipes that she pulls up from the Net.

Babita’s neighbour, Malti Rajput, teaches in a school for the mentally challenged in a nearby village. She isn’t well off and got her first phone from Google.

“We have started using the internet in our schools to teach the children dance steps… They also see craft designs. We sell some of these products to raise some money for the children,” said Malti.

It’s business, of course

For Google, this is not any corporate social responsibility activity. It is about getting every individual in India online. “This is not a social initiative for us. It is very much a business or marketing objective,” said Barjatya.

Getting more people to use the internet lies at the heart of Google’s business. Google makes most of its revenue by serving digital ads. As more people join the internet and as more of them use the worldwide web, Google can negotiate with brands to get a higher share of the digital advertizing wallet.

Barjatya said Google does not measure what it is getting back from the initiative. “It’s very much to get these women online and the rest will follow,” she said. “We are only seeing how many villages and how many women are coming online, and how does it tie back into our Next Billion initiative.”

But experts say Google alone can’t change rural India. “Google is probably worried that rural India might end up like Myanmar where most users stay within Facebook and do not explore the rest of the internet,” said Sunil Abraham, executive director of Bengaluru-based research organization Centre for Internet and Society.

Click here for enlarge

Moving the needle

All the saathis FactorDaily spoke with said that at their training sessions they are taught only how to use Google products, apart from handling the hardware. Those, too, only on Android phones. No Facebook, no WhatsApp, no Snapchat, no Twitter, no Paytm, no Flipkart...

“This is a smart business decision for Google but it does not really bridge the digital divide. We need all stakeholders, including Google to work together to reduce the cost of hardware and connectivity,” Abraham said.

Still, a Google-commissioned study by research firm Ipsos suggests that the internet giant has made some headway in rural India. Here are some pointers from the study:

■ 90% of women who have attended the training have a better understanding of the internet

■ 25% of women continue to use the internet (Gujarat is the highest at 35%)

■ 7% of women trained under the program feel that their social standing has improved

■ 33% trained women think that their economic condition has improved by learning new skills

■ 1% increase in village income in instances where training was conducted

Even though most of the women are not taught to use Facebook and WhatsApp, most of them eventually get on to social media. This is little consolation for Facebook, which has failed to mainstream itself in rural India the way Google has.

While Google gets a large number of the first-time users, some of the women have also started buying things online. Mamta Mahour of Bijpuri village bought earphones and books from Amazon and a saree from Voonik. The products are delivered at one of the shops in the village and Mamta collects it from there.

Some of the households have also started disconnecting their cable connections, said Mamta. Her’s and Deepmala’s houses are two, for instance. Deepmala watches ‘Piya Albela’ and ‘Big Boss’ on YouTube. “We can watch it anytime. There is so much (power) load-shedding that you can’t watch an entire episode on television… that’s not the case on YouTube,” she said.

Slow going

Mamta has taken a Reliance Jio connection. She watches her shows on JioTV and YouTube. “JioTV is free. I don’t see the need of having a cable connection at home. Rather I would use that money to recharge my phone,” she said.

Still, the going is grindingly slow. While Google has been successful in teaching women in these villages to use the internet, three out of four stop using the internet after the training.

When the saathi project started, internet penetration in villages was about 10%, said Barjatya. A recent report by industry lobby Internet and Mobile Association of India and market researcher Kantar IMRB shows that it has gone up to 17%.

Barjatya said Google spent a lot of time understanding the needs of the rural India. These 11.5 million women trained by Google have at least been introduced to the internet. “Over time we have seen that they have found value in going and buying a smartphone,” Barjatya is optimistic.

The data story in India is changing, especially after the launch of Reliance Jio. Google is already in talks with Reliance Jio to provide 4GB of 4G data at Rs149 a month to the saathis. Right now it is 2GB of 2G data.

The feedback from the saathis, meanwhile, is that the training module needs to change: the time is too short to train someone who had never used the internet, according to them. The saathis were given the target of training 250 women in a week, based on which they would receive a stipend from Tata Trust. It varies between Rs4 and Rs8 for each woman trained.

Barjatya said the target has been brought down to 100 women a month.

Changing data story

While Google has set up a call centre to check how many beneficiaries use the internet after training, there is no way it can ensure that women continue to use it. Call centre agents make random calls to check if the training is sufficient and if they are using the internet. Google might also contemplate returning to the same village to train more women.

Also, very few women own devices in male-dominated rural Indian society. “We haven’t really got into creating access beyond spreading awareness. However, yes, this is something we are open to and can consider. But right now it is just the literacy part,” Barjatya said, talking about subsidising mobile phones for women in villages.

In the next two years, Google will need more devices and more data. For its target of covering 300,000 villages, it will need an army of about 100,000 saathis— nearly a 10-fold jump.

Meanwhile, back at Khaula, Bhagour, the former wrestler, has started studying for the entrance test to join Delhi police. YouTube, she said, is handy for her studies. She is learning tricks to solve math problems quicker. Something else happened on Dhanteras, the festival to worship wealth, that made Bhagour proud.

“I got Rs4,211 for training the women. I got the money on the day of Dhanteras,” she said. “I gave the money to my father to get the house painted.”

This story has been published in association with FactorDaily.

For more details visit https://cis-india.org/internet-governance/news/sunny-sen-livemint-november-23-2017-indias-internet-missionaries

India’s Internet Curbs Under Legal Cloud

praskrishna — 2012-08-26T05:48:12Z

India’s crackdown on the Internet has caused much debate. But was it legal?

This article by Rumman Ahmed and R Jai Krishna was published in Wall Street Journal on August 25, 2012. Pranesh Prakash is quoted.

India’s government says its moves this week to block websites, Twitter accounts and news portals was necessary to reduce simmering tensions over ethnic violence in the northeast of the country.

Authorities have far-reaching powers to do just that, laid down in rules framed in April 2011 under the country’s controversial new IT law.

But those rules state authorities must give companies 48 hours notice before blocking Web pages. In cases of emergency, New Delhi can block first and inform a special government committee within 48 hours. That committee must notify the blocked sites.

Many of the sites that India blocked or sought to block, including Twitter accounts of anti-government commentators and mainstream news organizations, say they were given no forewarning of the actions and weren’t contacted afterwards, either.

Indian news website Firstpost.com and Kanchan Gupta, a newspaper columnist who is critical of the government, were among those who faced blocks. Mr. Gupta and First Post Editor-in-Chief R. Jagannathan both said they were not contacted by the government either before or after the blocks.

The Home Ministry this week provided lists of around 300 web pages, including Twitter accounts and news stories, to the Ministry of Communications and IT, which then ordered Internet Service Providers to block them.

Kuldeep Dhatwalia, a Home Ministry spokesman, confirmed the lists. The government, he said, was not bound to give notice in an emergency situation.

The government’s reading of the IT law is unlikely to win it any friends among those who say the government is curtailing Internet freedoms.

“It seems the government is yet to have a well planned strategy in place to counter threats to public security and law and order events arising out of viral distribution of malicious content via social media networks,” said Anirban Banerjee, an associate vice president at CyberMedia Research, a New Delhi-based information technology research firm.

India’s government has defended its conduct by saying the blocked Web pages and Twitter handles were inciting communal hatred amid recent violence between Muslims and northeasterners in the state of Assam that has cost almost 80 lives.

The government says some off the sites hosted fake pictures purporting to show violence against Muslims in Assam. In fact, many of these pictures showed Muslim refugees from Myanmar, authorities say.

“We are only taking strict action against those accounts or people which are causing damage or spreading rumors. We are not taking action against other accounts, be it on Facebook, Twitter or even SMSes. There is no censorship at all,” the Home Ministry said in a statement Friday.

“We decided on taking action because there were pictures of Myanmar etc. online, which were disturbing the atmosphere here in India.”

Critics, though, say the government also targeted Twitter accounts that were critical of Prime Minister Manmohan Singh, giving a political tinge to the censorship.

Some commentators said the government asked Internet Service Providers to block sites without invoking any laws.

“The four orders that were sent to the ISPs don’t say under which section or under what power these orders are being sent,” said Pranesh Prakash, a lawyer and program manager at the Bangalore-based Centre for Internet and Society.

“They were sent without invoking any statute or without invoking any law. The orders just say that those on the list would have to be blocked immediately. It doesn’t say these have be decided by whom, under what provision or what law,” Mr. Prakash added.

One telecom operator said on condition of anonymity that the government has not sent any new lists since Aug. 21. Google Inc and Facebook Inc. say they are working with the government to take down offensive content. Twitter Inc. has not commented.

The latest clampdown comes as public-interest groups are pressing the government to scrap the latest Web censorship laws. Critics say the rules not only limit free speech but also expose Internet companies to unfair liability for material posted by Web users.

“In the 21st century, you cannot censor your way to public tranquility,” said Mishi Choudhary, lawyer and director of international practice at New York-based Software Freedom Law Center.

For more details visit https://cis-india.org/news/wsj-com-aug-25-2012-rumman-ahmed-r-jai-krishna-indias-internet-curbs-under-legal-cloud

India’s ethnic clashes intensify within social-media maelstrom

praskrishna — 2012-08-24T12:25:47Z

It began in mid-July: First came a series of retaliatory killings between ethnic communities in the state of Assam in mid-July. Soon nearly 500,000 people had fled their homes for grim refugee camps. The central government belatedly sent in troops to assist, although that has barely quieted matters. But in the meantime, the violence in remote Assam triggered a bizarre series of knock-on events that has affected the entire country.

Published in the Globe and Mail. Sunil Abraham is quoted.

First a Mumbai demonstration in support of Muslims in Assam turned violent, leaving two people dead. Then tens of thousands of people from the northeast who lived and worked in big cities in the south of India packed up and fled back home – terrorized by Facebook, Twitter and text messages threatening them with violence in “retaliation” for what was happening in the north. The Indian government accused Pakistani agents of producing the threatening material to destabilize India. Then India went on a web crackdown, ostensibly trying to shut off the social media causing the panic – but setting off a fierce debate about censorship in the process.

Violence in the northeast

The seven states in the Indian northeast are connected to the rest of the country by only a tiny strip of land and often seem to exist in a whole other country. Several states have ongoing ethnic conflicts, and are covered by a law giving the Indian armed forces central powers, sharply criticized by human rights organizations. But the rest of the country knows little and, it often seems, cares less about these disputes.

So it was, initially, with the violence in Assam: in mid-July, killings began in the west of the state that has seen historic conflict between people in the Bodo ethnic group, which makes up about 35 per cent of the state population, and Bengali-speaking Muslims who migrated to the region, in some cases generations ago, from farther south – they are about 29 per cent of people in the state. The fight, said Sanjoy Hazarika, who directs the Centre for North East Studies at Jamia Millia University in Delhi, is over access to resources, and land. Simply put, the Bodo, who hold political power in the state, won’t share the resources they receive from New Delhi, which angers other groups, while the Bodo, who fear their status as the dominant group is ebbing, are desperate to hold on to power. Over the course of two weeks, some 79 people were killed, often gruesomely; at least 14,000 homes were burnt and people from both sides of the fight fled to refugee camps in one of the largest movements of people in the region since partition in 1947.

Mr. Hazarika noted that the dispute had existed as warm embers to a long-running demand for a separate Bodo state: “When governments don’t get at the core of issues and when [they] leave things half-baked and unresolved these things fester.” Some 190,000 people were still living in camps left over from riots in the 1990s, he said. “Governments come and go and are incapable of sending people home in safety.”

Right-wing Hindu organizations in the country including the Bharatiya Janata Party (BJP), the official opposition, blamed the trouble on illegal immigrants from Bangladesh. Mr. Hazarika rejected the idea. “Of course there are Bangladeshis coming in but nothing on the scale they are propagating – it’s a mantra to divert attention from the real core issues of natural resources, political power and just economic distribution of central funds.” Because the central government has failed to respond except by sending troops, he added, there is real danger these sporadic clashes could become a wider armed conflict.

Repercussions in the south

The first sign that this episode of violence in the northeast was going to have an impact outside the region came when a demonstration in Mumbai on Aug. 11, organized in support of Muslim victims of alleged atrocities, became violent. Two people were killed and at least 14 were seriously injured. Some protesters said they had been shown images taken from the Internet of Muslim victims in the northeast, which inflamed the crowd.

Days later, the exodus began: thousands of people of northeastern origin who had migrated for work to the more prosperous big cities of the south, such as Bangalore and Pune, suddenly began to flood into train stations, desperate to flee. They said they had received text messages warning them to go or face violent reprisal for what had been done to Muslims in Assam. But it wasn’t just Assamese who were fleeing: people from Manipur and the other five states went too, because Indians from the rest of the country rarely distinguish between the northeast states and they all felt afraid.

In vain, the Prime Minister and other major political figures pleaded with them to stay put and stay in their jobs. Nitin Pai, an expert on social media with a think tank called the Takshashila Institution, said it was the first time India saw what it means to be what he calls a “radically networked” country – more than three-quarters of Indians have cellphones and can receive text messages. Far fewer have Internet access – but one person who sees a Facebook page or Twitter post can quickly text 50 others, he noted. “When people are connected in such a fashion it’s very easy to mobilize them quickly, and mobilization is much faster than counter-mobilization. In Bangalore, by the time people in authority came to know there was a rumour and people were packing their bags, they were too late – by then 5,000 people were at the train station.” The government response needed to go up a hierarchy and across ministries – and meanwhile the text messages were flying.

It was also, said Mr. Pai, indicative of how little faith people had in government’s ability to protect them, and, Mr. Hazarika said, illustrated the deep distrust people from the northeast have for the central government

Internet crackdown

As the government began to dig in to the cause of the panic, the story became increasingly bizarre. Almost none of the images that were ostensibly outraging Muslims in the rest of India, and potentially spurring them to acts of vicious revenge, were actually of Assam. The much-circulated Facebook images were Photoshopped (often badly) pictures of atrocities allegedly carried out against Muslims in Burma several years ago or entirely unrelated pictures (such as those of Buddhist monks helping earthquake victims in Tibet) purporting to be from Assam. But the media consumers in question were not sophisticated, Mr. Pai noted, and the irrationality was lost in the mass panic.

On Aug. 19, Indian Home Minister Sushil Kumar Shinde said that government intelligence agencies had determined that the posts were originating in Pakistan, and that he had asked his Pakistani counterparts to track down and stop those responsible. Pakistan denied responsibility. Relations between the two countries, which had been thawing perceptibly, suddenly became chilly once more.

To try to stanch the exodus to the northeast, the Indian government first banned the sending of bulk text messages and then began to try to block Internet sites that hosted offensive material. But this undertaking fast became fraught: for the past three years the Indian government has battled in court with big Internet companies, such as Facebook and Google, and its own citizens over efforts at censorship. The government has been engaged in a prolonged skirmish with the companies to try to force them to screen and remove “objectionable” material.

But up until now, that material has been satirical Twitter handles and Facebook groups that mock senior members of government or the ruling Indian National Congress. “Now for a change, the government has legitimate grounds to censor speech,” said Sunil Abraham, director of the Centre for Internet and Society in Bangalore, “but they’ve cried wolf on so many occasions before.”

Nevertheless, the companies concerned have engaged the government on the issue, acknowledged that the material in question is causing harm and disrupting public order, and appear to be co-operating in its removal. The government has listed 310 items – Twitter feeds, Facebook pages, URLs – for blocking. But, Mr. Abraham noted, instead of doing that directly with the firms, it is using the much slower and more erratic approach of relying on Internet Service Providers or ISPs to do it.

Mr. Abraham said he fears what may come next: that government will see this incident as reason – or use it as a pretext – to attempt to get an even tighter hold over the Internet. “Then we’re headed for big trouble.”

For more details visit https://cis-india.org/news/www-the-globe-and-mail-stephanie-nolen-august-23-2012-indias-ethnic-clashes-intensify-within-social-media-maelstrom

India’s dreams of web censorship

sunil — 2012-03-26T06:59:36Z

If you are offended by this post, please contact Kapil Sibal, India’s telecoms and IT minister, and he will make sure it is promptly taken down.

Actually, if Sibal has his way and you are offended by this post, the armies of people to be employed by internet companies operating in India to monitor their sites for potentially offensive material – whether it originates in India or abroad – will ensure that it is removed before it can even be published. And good luck to all of them with that.

That, anyway, was the gist of Sibal’s combative press conference in the courtyard of his Delhi home on Tuesday, the day after the New York Times reported he had met executives from Google, Facebook, Yahoo and Microsoft to discuss the preemptive removal of “offensive material”.

The press conference was prompted by uproar that swept Twitter on Monday night – one of the sites, incidentally, that Sibal would like to monitor – and was carried live on all major news channels.

Social networking sites have gained a lot of traction in India and are much used by politicians, celebrities and the burgeoning, young middle class.

"I believe that no reasonable person aware of the sensibilities of large sections of communities in this country and aware of community standards as they are applicable in India would wish to see this content in the public domain," Sibal said, referring to "offensive material" he had shown some reporters prior to the conference. He added that the government did not believe in censorship.

According to the NYT, Sibal showed a group of IT execs a Facebook page that criticized Sonia Gandhi, president of the Congress Party, calling it "unacceptable".

"We will remove any content that violates our terms, which are designed to keep material that is hateful, threatening, incites violence or contains nudity off the service," Facebook said in a statement.

Microsoft did not respond to requests for comment. Google said it would issue a statement later in the day.

Sibal first approached the companies on September 5, giving them four weeks to present proposals for how they might comply with his request, he said. With no response by October 19, the ministry sent a reminder. On November 29, Sibal again met with the IT execs. They responded on Monday, saying they could not comply.

An Indian employee of one of foreign tech company, when asked about Sibal’s demand that each outfit set up dedicated teams to monitor content in real time, let out an extended, almost hysterical laugh, before regaining composure and asking: "Do you know how many users we have?"

Indeed, even in a country with low internet penetration like India – 100m people regularly use the internet, less than 10 per cent of India’s 1.2bn population – the task of monitoring real-time content generated on millions of sites opens up legal wormholes and is technically impossible, Sunil Abraham, executive director of the Bangalore-based Centre for Internet & Society, told beyondbrics.

"Technically what he’s asking for is an impossibility: it’s not possible in the age of web 2.0 to manually curate or censor social media content," he said. “This is obvious to all of us. Isn’t it strange that the minister of IT, who seems to understand a lot of complex issues, is actually in favour of something like this?"

Abraham warned that the focus on blasphemous and vaguely defined "offensive" speech was dangerous, noting that the Hindu profession of belief in multiple gods is blasphemous to Muslims, Christians and Jews.

But Sibal was defiant.

Asked what would be deemed "offensive", he said: “We will define it, don’t worry, certainly, we will evolve guidelines…to ensure that such blasphemous content” is not publicly available in India.

Asked whether his idea was technically feasible, he responded: "It is a feasible proposition, and we will inform you how as and when, we will inform you as and when."

When it was pointed out that the internet was a global phenomenon and that content originating outside of India might be hard to control, Sibal said: "We will certainly ask [companies] to give us information even on content posted outside of India – we will ask them for information, we will evolve guidelines and mechanisms to deal with the issue."

So, again, if you are offended by this post, feel free to drop him a line. And good luck.

The original blog post was published by the Financial Time's beyondbrics on December 6, 2011. Sunil Abraham was quoted in this blog post. Read it here

For more details visit https://cis-india.org/web-censorship

India’s Digital ID Rollout Collides With Rickety Reality

praskrishna — 2017-01-17T15:35:04Z

India’s new digital identification system, years in the making and now being put into widespread use, has yet to deliver the new era of modern efficiency it promised for shop owner Om Prakash and customer Daya Chand.

The article by Gabriele Parussini was published in the Wall Street Journal on January 13, 2017. Hans Varghese Mathews was quoted.

At first, it drove both men up a tree.

The system, which relies on fingerprints and eye scans to eventually provide IDs to all 1.25 billion Indians, is also expected to improve the distribution of state food and fuel rations and eventually facilitate daily needs such as banking and buying train tickets.

But Mr. Prakash couldn’t confirm his customers’ identities until he dragged them to a Java plum tree in a corner of his village near New Delhi’s international airport. That was the only place to get the phone signal needed to tap into the government database.

“I hopped on a chair and put my finger in the machine,” said Mr. Chand, a 60-year-old taxi driver. Getting his state food ration “used to be much easier,” he said.

In a system so vast, even small glitches can leave millions of people empty-handed.

The government began building the system, called Aadhaar, or “foundation,” with great fanfare in 2009, led by a team of pioneering technology entrepreneurs. Since then, almost 90% of India’s population has been enrolled in what is now the world’s largest biometric data set.

Prime Minister Narendra Modi, who set aside early skepticism about the Aadhaar project after taking power in 2014, is betting that it can help India address critical problems such as poverty and corruption, while also saving money for the government.

But the technology is colliding with the rickety reality of India, where many people live off the grid or have fingerprints compromised by manual labor or age.

Panna Singh, a 55-year-old day laborer in the northwestern state of Rajasthan who breaks stones used to build walls, says the machine recognized his scuffed-up fingerprints only a couple of times.

“I’ve come twice today,” he said at a ration shop in the village of Devdungri. “That’s a full day of work, gone.”

Iris scans are meant to resolve situations where fingerprints don’t work, but shops don’t yet have iris scanners.

Ajay Bhushan Pandey, chief executive of the government agency that oversees Aadhaar, said kinks will be ironed out as the system is used, as is the case with software rollouts. It works 92% of the time, and that will rise to 95%, he said.

“On the scale of what [Aadhaar] has achieved, the rollout has been remarkably smooth,” said Nandan Nilekani, the Infosys co-founder who spearheaded the project. “I don’t see any issues that are disproportionate to the size of project.”

An Aadhaar ID is intended to be a great convenience, replacing the multitude of paperwork required by banks, merchants and government agencies. The benefits are only just beginning, backers say, as the biometric IDs are linked to programs and services.

But in rural areas, home to hundreds of millions of impoverished Indians dependent on subsidies, the impact of technical disruptions has already been evident.

After walking for two hours across rough underbrush in Rajasthan to get kerosene for the month, Hanja Devi left empty-handed because the machine couldn’t match her fingerprint with her Aadhaar number.

“It’s always so difficult” using the system, said Ms. Devi, who lives with her husband and a nephew on 1,500 rupees ($22) a month.

Ranjit Singh, who operates the shop, said five of the 37 customers before Ms. Devi also left the shop empty-handed, a failure rate of over 15%.

A shop manager in a neighboring village said identification had failed for a similar portion of his 500 customers.

Any biometric recognition system of Aadhaar’s size is bound to show duplicates, meaning some people’s biometric identifiers will match someone else’s when they try to enroll.The new system hasn’t eliminated attempts at fraud. In August, police in Rajasthan accused two shop managers of linking their fingerprints to a multitude of cards and stealing for months the rations of dozens of clients.

Hans Varghese Mathews, a mathematician at the Bangalore-based Center for Internet and Society, used the results of a test run by Aadhaar officials on a sample of 84 million people to extrapolate the figure for India’s total population. The error level is less than 1%, but in the world’s second-most populous country, the snag would still affect about 11 million people, he said.

Government officials disputed the calculation, saying the number of duplicates would be much smaller—and that it would take only seven analysts to manage the error caseload.

As for trouble connecting to the registry, better infrastructure, including steadier internet connections, will eventually also help, Mr. Pandey said.

For now, Mr. Prakash has found a way to cope without climbing trees. After scouring the village, he set up a shack in a spot with enough bandwidth for his fingerprint scanner to work. It is hardly efficient. He issues receipts in the morning at the shack, then goes back to his shop to hand out the grains. Customers have to line up twice, sometimes for hours.

Mr. Prakash has applied to the government to operate without biometric identification, but his request was turned down, he said. “They said: ‘You have to keep trying.’ ”

For more details visit https://cis-india.org/internet-governance/news/wall-street-journal-gabriele-parussini-january-13-2017-indias-digital-id-rollout-collides-with-rickety-reality

India’s digital check

sunil — 2015-09-15T14:55:47Z

All nine pillars of Digital India directly correlate with policy research conducted at the Centre for Internet and Society, where I have worked for the last seven years. This allows our research outputs to speak directly to the priorities of the government when it comes to digital transformation.

The article was originally published by DNA on July 8, 2015.

Broadband Highways and Universal Access to Mobile Connectivity: The first two pillars have been combined in this paragraph because they both require spectrum policy and governance fixes. Shyam Ponappa, a distinguished fellow at our Centre calls for the leveraging of shared spectrum and also shared backhaul infrastructure. Plurality in spectrum management, for eg, unlicensed spectrum should be promoted for accelerating backhaul or last mile connectivity, and also for community or local government broadband efforts. Other ideas that have been considered by Ponappa include getting state owned telcos to exit completely from the last mile and only focus on running an open access backhaul through Bharat Broadband Limited. Network neutrality regulations are also required to mitigate free speech, diversity and competition harms as ISPs and TSPs innovate with business models such as zero-rating.

Public Internet Access Programme: Continuing investments into Common Service Centres (CSCs) for almost a decade may be questionable and therefore a citizen’s audit should be undertaken to determine how the programme may be redesigned. The reinventing of post offices is very welcome, however public libraries are also in need urgent reinventing. CSCs, post offices and public libraries should all leverage long range WiFi for Internet and intranet, empowering BYOD [Bring Your Own Device] users. Applications will take time to develop and therefore immediate emphasis should be on locally caching Indic language content. State Public Library Acts need to be amended to allow for borrowing of digital content. Flat-fee licensing regimes must be explored to increase access to knowledge and culture. Commons-based peer production efforts like Wikipedia and Wikisource need to be encouraged.

e-Governance: Reforming Government through Technology: DeitY, under the leadership of free software advocate Secretary RS Sharma, has accelerated adoption and implementation of policies supporting non-proprietary approaches to intellectual property in e-governance. Policies exist and are being implemented for free and open source software, open standards and electronic accessibility for the disabled. The proprietary software lobby headed by Microsoft and industry associations like NASSCOM have tried to undermine these policies but have failed so far.

The government should continue to resist such pressures. Universal adoption of electronic signatures within government so that there is a proper audit trail for all communications and transactions should be made an immediate priority. Adherence to globally accepted data protection principles such as minimisation via “form simplification and field reduction” for Digital India should be applauded. But on the other hand the mandatory requirement of Aadhaar for DigiLocker and eSign amounts to contempt of the Supreme Court order in this regard.

e-Kranti — Electronic Delivery of Services: The 41 mission mode projects listed are within the top-down planning paradigm with a high risk of failure — the funds reserved for these projects should instead be converted into incentives for those public, private and public private partnerships that accelerate adoption of e-governance. The dependency on the National Informatics Centre (NIC) for implementation of e-governance needs to be reduced, SMEs need to be able to participate in the development of e-governance applications. The funds allocated for this area to DeitY have also produced a draft bill for Electronic Services Delivery. This bill was supposed to give RTI-like teeth to e-governance service by requiring each government department and ministry to publish service level agreements [SLAs] for each of their services and prescribing punitive action for responsible institutions and individuals when there was no compliance with the SLAs.

Information for All: The open data community and the Right to Information movement in India are not happy with the rate of implementation of National Data Sharing and Accessibility Policy (NDSAP). Many of the datasets on the Open Data Portal are of low value to citizens and cannot be leveraged commercially by enterprise. Publication of high-value datasets needs to be expedited by amending the proactive disclosure section of the Right to Information Act 2005.

Electronics Manufacturing: Mobile patent wars have begun in India with seven big ticket cases filed at the Delhi High Court. Our Centre has written an open letter to the previous minister for HRD and the current PM requesting them to establish a device level patent pool with a compulsory license of 5%. Thereby replicating India’s success at becoming the pharmacy of the developing world and becoming the lead provider of generic medicines through enabling patent policy established in the 1970s. In a forthcoming paper with Prof Jorge Contreras, my colleague Rohini Lakshané will map around fifty thousand patents associated with mobile technologies. We estimate around a billion USD being collected in royalties for the rights-holders whilst eliminating legal uncertainties for manufacturers of mobile technologies.

IT for Jobs: Centralised, top-down, government run human resource development programmes are not useful. Instead the government needs to focus on curriculum reform and restructuring of the education system. Mandatory introduction of free and open source software will give Indian students the opportunity to learn by reading world-class software. They will then grow up to become computer scientists rather than computer operators. All projects at academic institutions should be contributions to existing free software projects — these projects could be global or national, for eg, a local government’s e-governance application. The budget allocated for this pillar should instead be used to incentivise research by giving micro-grants and prizes to those students who make key software contributions or publish in peer-reviewed academic journals or participate in competitions. This would be a more systemic approach to dealing with the skills and knowledge deficit amongst Indian software professionals.

Early Harvest Programmes: Many of the ideas here are very important. For example, secure email for government officials — if this was developed and deployed in a decentralised manner it would prevent future surveillance of the Indian government by the NSA. But a few of the other low-hanging fruit identified here don’t really contribute to governance. For example, biometric attendance for bureaucrats is just glorified bean-counting — it does not really contribute to more accountability, transparency or better governance.

The author works for the Centre for Internet and Society which receives funds from Wikimedia Foundation that has zero-rating alliances with telecom operators in many countries across the world

For more details visit https://cis-india.org/internet-governance/blog/dna-sunil-abraham-july-8-2015-india-digital-check

India’s dedicated Cryptology centre gets Rs. 115 crore funding

praskrishna — 2014-07-29T07:18:08Z

Work on India's first dedicated cryptology centre – plans for which were first announced in June 2012 – will likely accelerate as the project has gained initial funding of Rs. 115 crore from the federal government, stepping up the nation's efforts to stay on top of an area critical to its military and financial interests.

The blog post by Harichandan Arakali was published in SearchSecurity.in on July 28, 2014. Sunil Abraham gave his inputs.

The research facility, called the RC Bose Centre For Cryptology and Security, is to be built on the campus of the Indian Statistical Institute at Kolkata, where there is already ongoing cryptology research and consultancy work, albeit on a smaller scale, according to professor Rana Barua, the centre's head.

In a world where electronic transactions and access to an ever-increasing number of places, installations and objects have made physical borders less relevant, the task of securing them against threats means strong encryption of data is critical to national defense.

"This centre is of course a welcome initial step, but it can't be the only thing. We will have to, ideally, take a billion dollars from some of the big funds, such as the Universal Service Obligation fund or from the next (wireless) spectrum auctions, and throw it at cryptography," said Sunil Abraham, director for policy at the Centre for Internet and Society, a non-profit research organisation.

"If the country takes our military superiority seriously, then when it comes to cyber wars, without having an upper hand in cryptography, there is no use discussing anything else," he added.

The new cryptology centre will focus on basic research, but take on applied work for India's defense needs and those of its financial institutions, professor Barua said, developing algorithms, testing encryption products for robustness, detecting vulnerabilities and so on.

The center will augment indigenous capabilities in cryptology and information security, Bimal K Roy, director of the India Statistical Institute told India's Press Trust, which reported the funding earlier this month.

"It is an important element of the overall efforts and framework to enhance capabilities to ensure holistic security of the Indian cyber space. With an eminent body of world class experts, it will act as a hub for all cryptographic requirements, cutting edge research and technology development within the country," Press Trust cited Roy as saying.

Once centre is up and running and, over the next two years, it will have the infrastructure to allow more than 30 researchers to work, but "the problem of course is to get good researchers in this area," Barua said.

Pretty much all the best mathematicians in the world today work with the US government either directly or as part of the American academia and via research projects funded by the US government, said the Centre for Internet and Society's Abraham.

Given that most of the standards used today are those set by the National Institute of Standards and Technology (NIST), the US standard-setting organisation, "we should ensure that our participation at NIST is of the highest quality and we need an army of mathematicians," he said.

However, in India there may be a small number of mathematicians who are capable of the highest level of cryptology research. Even if there are more, there is another problem for them to keep abreast of the latest advances.

In the past, maths used to be an open science and all advances would be published and available for peers to learn from each other. With the militarisation of the areas of maths that deal with cryptology, the latest research isn't available and mathematicians have to essentially work things out on their own as well as conjecture what others might be doing.

Today, every country other than the US faces a shortage of skilled cryptographers, according to Abraham: "Everybody is in the soup, but India is in worse soup because we went with this engineering craze instead of pure sciences and math, we've ignored building capacity in that area."

For more details visit https://cis-india.org/news/search-security-july-28-2014-harichandan-arakali-indias-dedicated-cryptology-centre-gets-funding

India’s Data Protection Regime Must Be Built Through an Inclusive and Truly Co-Regulatory Approach

amber — 2018-01-01T16:18:54Z

We must move India past its existing consultative processes for rule-making, which often prompts stakeholders to take adversarial and extremely one-sided positions.

The article was published in the Wire on December 1, 2017.

Earlier this week, the Ministry of Electronics and Information Technology released a white paper by a “committee of experts” appointed a few months back led by former Supreme Court judge, Justice B.N. Srikrishna, on a data protection framework for India. The other members of the committee are Aruna Sundararajan, Ajay Bhushan Pandey, Ajay Kumar, Rajat Moona, Gulshan Rai, Rishikesha Krishnan, Arghya Sengupta and Rama Vedashree.

With the exception of Justice Srikrishna and Krishnan, the rest of the committee members are either part of the government or part of organisations that have worked closely with the government on separate issues relating to technology, with some of them also having taken positions against the fundamental right to privacy.

Refreshingly, the committee and the ministry has opted for a consultative process outlining the issues they felt relevant to a data protection law, and espousing provisional views on each of the issues and seeking public responses on them. The paper states that on the basis of the response received, the committee will conduct public consultations with citizens and stakeholders. Legitimate concerns were raised earlier about the constitution of the committee and the lack of inclusion of different voices on it. However, if the committee follows an inclusive, transparent and consultative process in the drafting of the data protection legislation, it would go a long way in addressing these concerns.

The paper seeks response to as many as 231 questions covering a broad spectrum of issues relating to data protection – including definitions of terms such as personal data, sensitive personal data, processing, data controller and processor – the purposes for which exemptions should be available, cross border flow of data, data localisation and the right to be forgotten.

While a thorough analysis of all the issues up for discussion would require a more detailed evaluation, at this point, the process of rule-making and the kind of governance model envisaged in this paper are extremely important issues to consider.

In part IV of the paper on ‘Regulation and Enforcement’, there is a discussion on a co-regulatory approach for the governance of data protection in India. The paper goes so far as to provisionally take a view that it may be appropriate to pursue a co-regulatory approach which involves “a spectrum of frameworks involving varying levels of government involvement and industry participation”.

However, the discussion on co-regulation in the white paper is limited to the section on regulation and enforcement. A truly inclusive and co-regulatory approach ought to involve active participation from non-governmental stakeholders in the rule-making process itself. In India, unfortunately, we lack a strong tradition of lawmakers engaging in public consultations and participation of other stakeholders in the process of drafting laws and regulation. One notable exception has been the Telecom Regulatory Authority of India (TRAI), which periodically seeks public responses on consultation papers it releases and also holds open houses occasionally. It is heartening to see the committee of experts and the ministry follow a similar process in this case.

However, these are essentially examples of ‘notice and comment’ rulemaking where the government actors stand as neutral arbiters who must decide on written briefs submitted to it in response to consultation papers or draft regulations that it notifies to the public.

This process is, by its very nature, adversarial, and often means that different stakeholders do not reveal their true priorities but must take extreme one-sided positions, as parties tend to at the beginning of a negotiation.This also prevents the stakeholders from sharing an honest assessment of the actual regulatory challenge they may face, lest it undermine their position.

This often pits industry and public interest proponents against each other, sometimes also leading to different kinds of industry actors in adversarial positions. An excellent example of this kind of posturing, also relevant to this paper, is visible in the responses submitted to the TRAI on the its recent consultation paper on ‘Privacy, Security and Ownership of data in Telecom Sector’. One of the more contentious issue raised by the TRAI was about the adequacy of the existing data protection framework under the license agreement with telecom companies, and if there was a need to bring about greater parity in regulation between telecom companies and over-the-top (OTT) service providers. Rather than facilitating an actual discussion on what is a complex regulatory issues, and the real practical challenges it poses for the stakeholders, this form of consultation simply led to the telecom companies and OTT services providers submitting contrasting extreme positions without much scope for engagement between two polar arguments.

A truly co-regulatory approach which also extends to rulemaking would involve collaborative processes which are far less adversarial in their design and facilitate joint problem solving through multiple face to face meetings. Such processes are also more likely to lead to better rule making by using the more specialised knowledge of the different stakeholders about technology, domain-specific issues, industry realities and low cost solutions. Further, by bringing the regulated parties into the rulemaking process, the ownership of the policy is shared, often leading to better compliance.

Within the domain of data protection law itself, we have a few existing models of robust co-regulation which entail the involvement of stakeholders not just at the level of enforcement but also at the level of drafting. The oldest and most developed form of this kind of privacy governance can be seen in the study of the Dutch privacy statute. It involved a central privacy legislations with broad principles, sectoral industry-drafted “codes of conduct”, government evaluations and certifications of these codes; and a legal safe harbour for those companies that follow the approved code for their sector. Over a period of 20 years, the Dutch experience saw the approval of 20 sectoral codes across a variety of sectors such as banking, insurance, pharmaceuticals, recruitment and medical research.

Other examples of policies espousing this approach include two documents from the US – first, a draft bill titled ‘Commercial Privacy Bill of Rights Act of 2011’ introduced before the Congress by John McCain and John Kerry, and second, a White House Paper titled ‘Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy And Promoting Innovation In The Global Digital Economy’ released by the Obama administration. Neither of these documents have so far led to a concrete policy. Both of these policies envisioned broadly worded privacy requirements to be passed by the Congress, followed by the detailed rules to be drafted. The Obama administration white paper is more inclusive in mandating that ‘multi-stakeholder groups’ draft the codes that include not only industry representatives but also privacy advocates, consumer groups, crime victims, academics, international partners, federal and state civil and criminal law enforcement representatives and other relevant groups.

The principles that emerge out this consultative process are likely to guide the data protection law in India for a long time to come. Among democratic regimes with a significant data-driven market, India is extremely late in arriving at a data protection law. The least that it can do at this point is to learn from the international experience and scholarship which has shown that merits of a co-regulatory approach which entails active participation of the government, industry, civil society and academia in the drafting and enforcement of a robust data protection law.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime

India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics

praskrishna — 2013-03-25T10:39:43Z

Malavika Jayaram will be a speaker at this event which is organized by the Center for Global Communication Studies and will be held at Annenberg School of Communication, University of Pennslyvania, Philadelphia, on March 28, 2013, from 12 p.m. to 1.30 p.m.

Read about the event on the website of the Center for Global Communication Studies.

Unlike the US First Amendment, the first amendment to the Constitution of India actually strengthened state regulation over freedom of speech. Irony aside, the amendment that is considered by many scholars as the first media crisis in post-colonial India has increasing relevance today. Its prioritization of sovereignty and national security over democratic rights and institutions has resulted in a zone of contestation between nation building and free speech. This is playing out through a series of battles involving website blocking, book banning, biometric databases and bullying of all kinds.

In the last few months, an all-girl rock band in Kashmir was silenced, a village in Bihar banned women and girls from using mobile phones, and we had yet another Salman Rushdie controversy. Movies were blocked. Facebook and Google were taken to court for hosting objectionable content. Paintings were removed from an art gallery at the “suggestion” of the police because they depicted Hindu deities as semi-nude. At the same time, there was a drive to digitize governance and to build biometric databases to enumerate and record every individual. The impacts on free speech, anonymity, and privacy were considered fair game in the drive towards progress, inclusion, and maintenance of public order.

The relationship between the citizen and the state is undergoing a radical transformation mediated by the marriage of welfare schemes and commercial interests. The privacy of one’s body and identity is challenged by initiatives to capture fingerprints, irises, faces, and transactions. The heckler’s vote is increasingly powerful in silencing free expression. Civil society is under siege for resisting the onslaught of draconian legislation, arbitrary restrictions, and the banning of various forms of cultural output. Narratives are being constructed that attribute all civic engagement with “western values” and with being mouthpieces of foreign interests.

In this talk, I will give an overview of the strands of discord that are forming the fabric of India’s latest crisis of democracy. I will unpack some of the rhetoric behind the government’s drive to grasp the individual, and make the citizen visible to the state in an unprecedented manner. I will also discuss my experiences working with civil society in India, and the tools and techniques used to engage with policy formation and to adapt to the future of advocacy.

A dual-qualified lawyer, Malavika Jayaram spent eight years in London - with global law firm Allen & Overy in the Communications, Media & Technology group, and then with Citigroup. She relocated to India in 2006, and wears 3 hats as a practising lawyer, a Fellow at the Centre for Internet and Society (CIS) and a PhD scholar. As a partner at Jayaram & Jayaram, Bangalore, she focuses on corporate/tech transactions and has a special interest in new media and the arts. At CIS, Malavika collaborates on projects that study legislative and policy changes in the internet governance and privacy domains. As a PhD scholar, she is looking at data protection and privacy in India, with a special focus on e-governance schemes and the new biometric ID project.

A graduate of the National Law School of India, she has an LL.M. from Northwestern University, Chicago. She is on the advisory board of the Indian Journal of Law & Technology and is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Through series, launched this year. She is one of 10 Indian lawyers featured in “The International Who's Who of Internet e- Commerce & Data Protection Lawyers 2012” directory.

She is currently running a research project for Internews, studying internet policy in India. This will produce a landscape overview and interviews with various stakeholders in this domain.

For more details visit https://cis-india.org/news/global-asc-upenn-events-indias-civil-liberties-crisis

India’s Central Monitoring System: Security can’t come at cost of privacy

praskrishna — 2013-07-15T06:43:21Z

During a Google hangout session in June this year, Milind Deora, minister of state for communications and information technology, addressed concerns related to the central monitoring system (CMS).

Danish Raza's article was published in FirstPost on July 10, 2013. Sunil Abraham is quoted.

The surveillance project, described as the Indian version of PRISM, will allow the government to monitor online and telephone data of citizens. prism-milind-deora-cms-central-monitoring-system/” target=”_blank”>

The minister tried to justify the project arguing that the union government will become the sole custodian of citizen’s data which is now accessible to other parties such as telecom operators. But his justification failed to persuade experts who argue that the data is hardly safe because it is held by the government. And the limited information available about the project has raised serious concerns about its need and the consequences of government snooping on such a mass scale.

A release by the Press Information Bureau, dated November 26, 2009, is perhaps the only government document related to CMS available in public domain. It merely states that the project will strengthen the security environment in the country. “In the existing system secrecy can be easily compromised due to manual intervention at many stages while in CMS these functions will be performed on secured electronic link and there will be minimum manual intervention. Interception through CMS will be instant as compared to the existing system which takes a very long time.”

One of the primary concerns raised by experts is the sheer lack of public information on the project. So far, there is no official word from the government about which government bodies or agencies will be able to access the data; how will they use this information; what percentage of population will be under surveillance; or how long the data of a citizen will be kept in the record.

“This makes it impossible for India’s citizens to assess whether surveillance is the only, or the best, way in which the stated goal can be achieved. Also, citizens cannot gauge whether these measures are proportionate i.e. they are the most effective means to achieve this aim. The possibility of having such a debate is crucial in any democratic country,” said Dr Anja Kovacs, project director at Internet Democracy Project, Delhi based NGO working for online freedom of speech and related issues.

There is also no legal recourse for a citizen whose personal details are being misused or leaked from the central or regional database. Unlike America’s PRISM project under which surveillance orders are approved by courts, CMS does not have any judicial oversight. “This means that the larger ecosystem of checks and balances in which any surveillance should be embedded in a democratic country is lacking. There is an urgent requirement for a strong legal protection of the right to privacy; for judicial oversight of any surveillance; and for parliamentary or judicial oversight of the agencies which will do surveillance. At the moment, all three are missing.” said Kovacs.

Given the use of technology by criminals and terrorists, government surveillance per se, seems inevitable. Almost in every nation, certain chunk of population is always under the scanner of intelligence agencies. However, mass-scale tracking the data of all citizens — not just those who are deemed persons of interest — enabled by the CMS has sparked a public furor. Sunil Abraham, executive director, Centre for Internet & Society, Bangalore, compared surveillance with salt in cooking. “A tiny amount is essential but any excess is counterproductive,” he said. “Unlike target surveillance, blanket surveillance increases the probability of false positives. Wrong data analysis will put more number of innocent civilians under suspicion as, by default, their number in the central server is more than those are actually criminals.”

Such blanket surveillance techniques also pose a threat to online business. With all the data going in one central pool, a competitor or a cyber criminal rival can easily tap into private and sensitive information by hacking into the server. “As vulnerabilities will be introduced into Internet infrastructure in order to enable surveillance, it will undermine the security of online transactions,” said Abraham. He notes that the project also can undermine the confidentiality of intellectual property especially pre-grant patents and trade secrets. “Rights-holders will never be sure if their IPR is being stolen by some government in order to prop up national players.”

Every time a surveillance system is exposed or its misuse sparks a debate, governments argue that such programs are required for internal security purposes and to help abort terror attacks. Obama made the same argument after PRISM was revealed to the public. Civil rights groups, on the other hand, argue that security cannot be prioritised by large-scale invasions of privacy especially in a country like India where there is little accountability or transparency. So is there a middle ground that will satisfy both sides?

“Yes, security and privacy can coexist,” said Commander (rtd) Mukesh Saini, former national information security coordinator, government of India, “We can design a system which takes care of national security aspect and yet gains the confidence of the citizens. Secrecy period must not be more than three to four years in such projects. Thereafter who all were snooped and when and why and under whose direction/circumstances must be made public through a website after this time gap.”

Kovacs agrees and says the right kind of surveillance program would focus on the needs of the citizen and not the government. “If a contradiction seems to exist between cyber security and privacy online, this is only because we have lost sight of who is supposed to benefit from any security measures. Only if a measure contributes to citizen’s sense of security, can it really be considered a legitimate security measure.”

For more details visit https://cis-india.org/news/firstpost-danish-raza-july-10-2013-indias-central-monitoring-system-security-cant-come-at-cost-of-privacy

India’s biometric ID scans make sci-fi a reality

praskrishna — 2017-03-28T02:45:28Z

I have been thinking about my fingerprints and the secrets that may lie within my eyes — and whether I want to share them with the Indian government. I may not however have a choice.

The article by Amy Kazmin was published in the Financial Times on March 27, 2017. Sunil Abraham was quoted.

India has the world’s largest domestic biometric identification system, known as Aadhaar. Since 2010, the government has collected fingerprints and iris scans from more than 1bn residents, and each has been assigned a 12-digit identification number.

The scheme is championed by Nandan Nilekani, the billionaire co-founder of IT company Infosys. It was initially conceived to ensure poor Indians received subsidised food entitlements and other welfare benefits that were previously siphoned off by unscrupulous intermediaries. It was also seen as offering poor Indians, many of whom lack birth certificates, with a portable ID that can be used anywhere in the country.

Until now, obtaining an Aadhaar number was voluntary, though most Indians enrolled without hesitation as they see its potential benefits. But New Delhi is now enlisting Aadhaar, which means “foundation” or “base” in Hindi, in more than just welfare schemes. This would mean sharing one’s biometric details isn’t really optional any more despite a Supreme Court ruling that it should be “purely voluntary”.

Last week, the government issued a rule requiring an Aadhaar number for filing tax returns, ostensibly to improve tax compliance. It has also decided that all cell phone numbers must be linked to an Aadhaar number by 2018. Even Indian Railways has plans to demand Aadhaar from those booking train tickets online.

What was once touted as an initiative to improve delivery of welfare suddenly now seems like the foundation of a surveillance state — and I admit the prospect of putting my own biometrics in the database leaves me uneasy.

As a US citizen, I’ve never had to give my biometric data to my government. Domestically, fingerprints are only taken from criminal suspects, or applicants for government jobs, though I know foreign citizens are fingerprinted on arrival.

To me, the idea of sharing eye scans evokes the dystopian Hollywood film, Minority Report, which depicts a near future in which optical-recognition cameras allow the authorities to identify anyone in any public place. The hero on the run, played by Tom Cruise, has an illegal eye transplant to avoid detection.

In recent days, many Indian academics and activists have raised concerns about Aadhaar data security, the lack of privacy rules and the absence of any accountability structure if data are misused.

"Biometrics is being weaponised," says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society. "What you need to be worried about is that someone will clean out your bank account or frame you in a crime," he says.

Pratap Bhanu Mehta, director of the Centre for Policy Research, has written of the “conversion of Aadhaar from a tool of citizen empowerment to a tool of state surveillance and citizen vulnerability”.

I call Mr Nilekani, of whose honourable intentions I have no doubt. After leaving Infosys in 2009, he spent five years in government, working to get Aadhaar off the ground. He says he is “extremely offended” when his project is accused of being part of a surveillance society, a narrative he says is “completely misrepresenting” the project. “I can steal your fingerprint off your glass. I don’t need this fancy technology,” he says. “Surveillance is far better done by following my phone, or when I use a map to order a taxi: the map knows where I am. Our internet companies know where you are.”

But in a society known for ingenious means of bypassing rules, such as having multiple taxpayer ID cards to aid evasion, Mr Nilekani says biometric authentication of individuals can bring discipline and reduce cheating. “It’s like you are creating a rule-based society,” he says, “it’s the transition that is going on right now.” I hang up, hardly reassured. To me, it seems clear that in India, as in so many places these days, Big Brother is increasingly watching.

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-27-2017-amy-kazmin-indias-biometric-id-scans-make-sci-fi-a-reality