We are anonymous, we are legion

India’s Internet Curbs Under Legal Cloud

praskrishna — 2012-08-26T05:48:12Z

India’s crackdown on the Internet has caused much debate. But was it legal?

This article by Rumman Ahmed and R Jai Krishna was published in Wall Street Journal on August 25, 2012. Pranesh Prakash is quoted.

India’s government says its moves this week to block websites, Twitter accounts and news portals was necessary to reduce simmering tensions over ethnic violence in the northeast of the country.

Authorities have far-reaching powers to do just that, laid down in rules framed in April 2011 under the country’s controversial new IT law.

But those rules state authorities must give companies 48 hours notice before blocking Web pages. In cases of emergency, New Delhi can block first and inform a special government committee within 48 hours. That committee must notify the blocked sites.

Many of the sites that India blocked or sought to block, including Twitter accounts of anti-government commentators and mainstream news organizations, say they were given no forewarning of the actions and weren’t contacted afterwards, either.

Indian news website Firstpost.com and Kanchan Gupta, a newspaper columnist who is critical of the government, were among those who faced blocks. Mr. Gupta and First Post Editor-in-Chief R. Jagannathan both said they were not contacted by the government either before or after the blocks.

The Home Ministry this week provided lists of around 300 web pages, including Twitter accounts and news stories, to the Ministry of Communications and IT, which then ordered Internet Service Providers to block them.

Kuldeep Dhatwalia, a Home Ministry spokesman, confirmed the lists. The government, he said, was not bound to give notice in an emergency situation.

The government’s reading of the IT law is unlikely to win it any friends among those who say the government is curtailing Internet freedoms.

“It seems the government is yet to have a well planned strategy in place to counter threats to public security and law and order events arising out of viral distribution of malicious content via social media networks,” said Anirban Banerjee, an associate vice president at CyberMedia Research, a New Delhi-based information technology research firm.

India’s government has defended its conduct by saying the blocked Web pages and Twitter handles were inciting communal hatred amid recent violence between Muslims and northeasterners in the state of Assam that has cost almost 80 lives.

The government says some off the sites hosted fake pictures purporting to show violence against Muslims in Assam. In fact, many of these pictures showed Muslim refugees from Myanmar, authorities say.

“We are only taking strict action against those accounts or people which are causing damage or spreading rumors. We are not taking action against other accounts, be it on Facebook, Twitter or even SMSes. There is no censorship at all,” the Home Ministry said in a statement Friday.

“We decided on taking action because there were pictures of Myanmar etc. online, which were disturbing the atmosphere here in India.”

Critics, though, say the government also targeted Twitter accounts that were critical of Prime Minister Manmohan Singh, giving a political tinge to the censorship.

Some commentators said the government asked Internet Service Providers to block sites without invoking any laws.

“The four orders that were sent to the ISPs don’t say under which section or under what power these orders are being sent,” said Pranesh Prakash, a lawyer and program manager at the Bangalore-based Centre for Internet and Society.

“They were sent without invoking any statute or without invoking any law. The orders just say that those on the list would have to be blocked immediately. It doesn’t say these have be decided by whom, under what provision or what law,” Mr. Prakash added.

One telecom operator said on condition of anonymity that the government has not sent any new lists since Aug. 21. Google Inc and Facebook Inc. say they are working with the government to take down offensive content. Twitter Inc. has not commented.

The latest clampdown comes as public-interest groups are pressing the government to scrap the latest Web censorship laws. Critics say the rules not only limit free speech but also expose Internet companies to unfair liability for material posted by Web users.

“In the 21st century, you cannot censor your way to public tranquility,” said Mishi Choudhary, lawyer and director of international practice at New York-based Software Freedom Law Center.

For more details visit https://cis-india.org/news/wsj-com-aug-25-2012-rumman-ahmed-r-jai-krishna-indias-internet-curbs-under-legal-cloud

India’s ethnic clashes intensify within social-media maelstrom

praskrishna — 2012-08-24T12:25:47Z

It began in mid-July: First came a series of retaliatory killings between ethnic communities in the state of Assam in mid-July. Soon nearly 500,000 people had fled their homes for grim refugee camps. The central government belatedly sent in troops to assist, although that has barely quieted matters. But in the meantime, the violence in remote Assam triggered a bizarre series of knock-on events that has affected the entire country.

Published in the Globe and Mail. Sunil Abraham is quoted.

First a Mumbai demonstration in support of Muslims in Assam turned violent, leaving two people dead. Then tens of thousands of people from the northeast who lived and worked in big cities in the south of India packed up and fled back home – terrorized by Facebook, Twitter and text messages threatening them with violence in “retaliation” for what was happening in the north. The Indian government accused Pakistani agents of producing the threatening material to destabilize India. Then India went on a web crackdown, ostensibly trying to shut off the social media causing the panic – but setting off a fierce debate about censorship in the process.

Violence in the northeast

The seven states in the Indian northeast are connected to the rest of the country by only a tiny strip of land and often seem to exist in a whole other country. Several states have ongoing ethnic conflicts, and are covered by a law giving the Indian armed forces central powers, sharply criticized by human rights organizations. But the rest of the country knows little and, it often seems, cares less about these disputes.

So it was, initially, with the violence in Assam: in mid-July, killings began in the west of the state that has seen historic conflict between people in the Bodo ethnic group, which makes up about 35 per cent of the state population, and Bengali-speaking Muslims who migrated to the region, in some cases generations ago, from farther south – they are about 29 per cent of people in the state. The fight, said Sanjoy Hazarika, who directs the Centre for North East Studies at Jamia Millia University in Delhi, is over access to resources, and land. Simply put, the Bodo, who hold political power in the state, won’t share the resources they receive from New Delhi, which angers other groups, while the Bodo, who fear their status as the dominant group is ebbing, are desperate to hold on to power. Over the course of two weeks, some 79 people were killed, often gruesomely; at least 14,000 homes were burnt and people from both sides of the fight fled to refugee camps in one of the largest movements of people in the region since partition in 1947.

Mr. Hazarika noted that the dispute had existed as warm embers to a long-running demand for a separate Bodo state: “When governments don’t get at the core of issues and when [they] leave things half-baked and unresolved these things fester.” Some 190,000 people were still living in camps left over from riots in the 1990s, he said. “Governments come and go and are incapable of sending people home in safety.”

Right-wing Hindu organizations in the country including the Bharatiya Janata Party (BJP), the official opposition, blamed the trouble on illegal immigrants from Bangladesh. Mr. Hazarika rejected the idea. “Of course there are Bangladeshis coming in but nothing on the scale they are propagating – it’s a mantra to divert attention from the real core issues of natural resources, political power and just economic distribution of central funds.” Because the central government has failed to respond except by sending troops, he added, there is real danger these sporadic clashes could become a wider armed conflict.

Repercussions in the south

The first sign that this episode of violence in the northeast was going to have an impact outside the region came when a demonstration in Mumbai on Aug. 11, organized in support of Muslim victims of alleged atrocities, became violent. Two people were killed and at least 14 were seriously injured. Some protesters said they had been shown images taken from the Internet of Muslim victims in the northeast, which inflamed the crowd.

Days later, the exodus began: thousands of people of northeastern origin who had migrated for work to the more prosperous big cities of the south, such as Bangalore and Pune, suddenly began to flood into train stations, desperate to flee. They said they had received text messages warning them to go or face violent reprisal for what had been done to Muslims in Assam. But it wasn’t just Assamese who were fleeing: people from Manipur and the other five states went too, because Indians from the rest of the country rarely distinguish between the northeast states and they all felt afraid.

In vain, the Prime Minister and other major political figures pleaded with them to stay put and stay in their jobs. Nitin Pai, an expert on social media with a think tank called the Takshashila Institution, said it was the first time India saw what it means to be what he calls a “radically networked” country – more than three-quarters of Indians have cellphones and can receive text messages. Far fewer have Internet access – but one person who sees a Facebook page or Twitter post can quickly text 50 others, he noted. “When people are connected in such a fashion it’s very easy to mobilize them quickly, and mobilization is much faster than counter-mobilization. In Bangalore, by the time people in authority came to know there was a rumour and people were packing their bags, they were too late – by then 5,000 people were at the train station.” The government response needed to go up a hierarchy and across ministries – and meanwhile the text messages were flying.

It was also, said Mr. Pai, indicative of how little faith people had in government’s ability to protect them, and, Mr. Hazarika said, illustrated the deep distrust people from the northeast have for the central government

Internet crackdown

As the government began to dig in to the cause of the panic, the story became increasingly bizarre. Almost none of the images that were ostensibly outraging Muslims in the rest of India, and potentially spurring them to acts of vicious revenge, were actually of Assam. The much-circulated Facebook images were Photoshopped (often badly) pictures of atrocities allegedly carried out against Muslims in Burma several years ago or entirely unrelated pictures (such as those of Buddhist monks helping earthquake victims in Tibet) purporting to be from Assam. But the media consumers in question were not sophisticated, Mr. Pai noted, and the irrationality was lost in the mass panic.

On Aug. 19, Indian Home Minister Sushil Kumar Shinde said that government intelligence agencies had determined that the posts were originating in Pakistan, and that he had asked his Pakistani counterparts to track down and stop those responsible. Pakistan denied responsibility. Relations between the two countries, which had been thawing perceptibly, suddenly became chilly once more.

To try to stanch the exodus to the northeast, the Indian government first banned the sending of bulk text messages and then began to try to block Internet sites that hosted offensive material. But this undertaking fast became fraught: for the past three years the Indian government has battled in court with big Internet companies, such as Facebook and Google, and its own citizens over efforts at censorship. The government has been engaged in a prolonged skirmish with the companies to try to force them to screen and remove “objectionable” material.

But up until now, that material has been satirical Twitter handles and Facebook groups that mock senior members of government or the ruling Indian National Congress. “Now for a change, the government has legitimate grounds to censor speech,” said Sunil Abraham, director of the Centre for Internet and Society in Bangalore, “but they’ve cried wolf on so many occasions before.”

Nevertheless, the companies concerned have engaged the government on the issue, acknowledged that the material in question is causing harm and disrupting public order, and appear to be co-operating in its removal. The government has listed 310 items – Twitter feeds, Facebook pages, URLs – for blocking. But, Mr. Abraham noted, instead of doing that directly with the firms, it is using the much slower and more erratic approach of relying on Internet Service Providers or ISPs to do it.

Mr. Abraham said he fears what may come next: that government will see this incident as reason – or use it as a pretext – to attempt to get an even tighter hold over the Internet. “Then we’re headed for big trouble.”

For more details visit https://cis-india.org/news/www-the-globe-and-mail-stephanie-nolen-august-23-2012-indias-ethnic-clashes-intensify-within-social-media-maelstrom

India’s dreams of web censorship

sunil — 2012-03-26T06:59:36Z

If you are offended by this post, please contact Kapil Sibal, India’s telecoms and IT minister, and he will make sure it is promptly taken down.

Actually, if Sibal has his way and you are offended by this post, the armies of people to be employed by internet companies operating in India to monitor their sites for potentially offensive material – whether it originates in India or abroad – will ensure that it is removed before it can even be published. And good luck to all of them with that.

That, anyway, was the gist of Sibal’s combative press conference in the courtyard of his Delhi home on Tuesday, the day after the New York Times reported he had met executives from Google, Facebook, Yahoo and Microsoft to discuss the preemptive removal of “offensive material”.

The press conference was prompted by uproar that swept Twitter on Monday night – one of the sites, incidentally, that Sibal would like to monitor – and was carried live on all major news channels.

Social networking sites have gained a lot of traction in India and are much used by politicians, celebrities and the burgeoning, young middle class.

"I believe that no reasonable person aware of the sensibilities of large sections of communities in this country and aware of community standards as they are applicable in India would wish to see this content in the public domain," Sibal said, referring to "offensive material" he had shown some reporters prior to the conference. He added that the government did not believe in censorship.

According to the NYT, Sibal showed a group of IT execs a Facebook page that criticized Sonia Gandhi, president of the Congress Party, calling it "unacceptable".

"We will remove any content that violates our terms, which are designed to keep material that is hateful, threatening, incites violence or contains nudity off the service," Facebook said in a statement.

Microsoft did not respond to requests for comment. Google said it would issue a statement later in the day.

Sibal first approached the companies on September 5, giving them four weeks to present proposals for how they might comply with his request, he said. With no response by October 19, the ministry sent a reminder. On November 29, Sibal again met with the IT execs. They responded on Monday, saying they could not comply.

An Indian employee of one of foreign tech company, when asked about Sibal’s demand that each outfit set up dedicated teams to monitor content in real time, let out an extended, almost hysterical laugh, before regaining composure and asking: "Do you know how many users we have?"

Indeed, even in a country with low internet penetration like India – 100m people regularly use the internet, less than 10 per cent of India’s 1.2bn population – the task of monitoring real-time content generated on millions of sites opens up legal wormholes and is technically impossible, Sunil Abraham, executive director of the Bangalore-based Centre for Internet & Society, told beyondbrics.

"Technically what he’s asking for is an impossibility: it’s not possible in the age of web 2.0 to manually curate or censor social media content," he said. “This is obvious to all of us. Isn’t it strange that the minister of IT, who seems to understand a lot of complex issues, is actually in favour of something like this?"

Abraham warned that the focus on blasphemous and vaguely defined "offensive" speech was dangerous, noting that the Hindu profession of belief in multiple gods is blasphemous to Muslims, Christians and Jews.

But Sibal was defiant.

Asked what would be deemed "offensive", he said: “We will define it, don’t worry, certainly, we will evolve guidelines…to ensure that such blasphemous content” is not publicly available in India.

Asked whether his idea was technically feasible, he responded: "It is a feasible proposition, and we will inform you how as and when, we will inform you as and when."

When it was pointed out that the internet was a global phenomenon and that content originating outside of India might be hard to control, Sibal said: "We will certainly ask [companies] to give us information even on content posted outside of India – we will ask them for information, we will evolve guidelines and mechanisms to deal with the issue."

So, again, if you are offended by this post, feel free to drop him a line. And good luck.

The original blog post was published by the Financial Time's beyondbrics on December 6, 2011. Sunil Abraham was quoted in this blog post. Read it here

For more details visit https://cis-india.org/web-censorship

India’s Digital ID Rollout Collides With Rickety Reality

praskrishna — 2017-01-17T15:35:04Z

India’s new digital identification system, years in the making and now being put into widespread use, has yet to deliver the new era of modern efficiency it promised for shop owner Om Prakash and customer Daya Chand.

The article by Gabriele Parussini was published in the Wall Street Journal on January 13, 2017. Hans Varghese Mathews was quoted.

At first, it drove both men up a tree.

The system, which relies on fingerprints and eye scans to eventually provide IDs to all 1.25 billion Indians, is also expected to improve the distribution of state food and fuel rations and eventually facilitate daily needs such as banking and buying train tickets.

But Mr. Prakash couldn’t confirm his customers’ identities until he dragged them to a Java plum tree in a corner of his village near New Delhi’s international airport. That was the only place to get the phone signal needed to tap into the government database.

“I hopped on a chair and put my finger in the machine,” said Mr. Chand, a 60-year-old taxi driver. Getting his state food ration “used to be much easier,” he said.

In a system so vast, even small glitches can leave millions of people empty-handed.

The government began building the system, called Aadhaar, or “foundation,” with great fanfare in 2009, led by a team of pioneering technology entrepreneurs. Since then, almost 90% of India’s population has been enrolled in what is now the world’s largest biometric data set.

Prime Minister Narendra Modi, who set aside early skepticism about the Aadhaar project after taking power in 2014, is betting that it can help India address critical problems such as poverty and corruption, while also saving money for the government.

But the technology is colliding with the rickety reality of India, where many people live off the grid or have fingerprints compromised by manual labor or age.

Panna Singh, a 55-year-old day laborer in the northwestern state of Rajasthan who breaks stones used to build walls, says the machine recognized his scuffed-up fingerprints only a couple of times.

“I’ve come twice today,” he said at a ration shop in the village of Devdungri. “That’s a full day of work, gone.”

Iris scans are meant to resolve situations where fingerprints don’t work, but shops don’t yet have iris scanners.

Ajay Bhushan Pandey, chief executive of the government agency that oversees Aadhaar, said kinks will be ironed out as the system is used, as is the case with software rollouts. It works 92% of the time, and that will rise to 95%, he said.

“On the scale of what [Aadhaar] has achieved, the rollout has been remarkably smooth,” said Nandan Nilekani, the Infosys co-founder who spearheaded the project. “I don’t see any issues that are disproportionate to the size of project.”

An Aadhaar ID is intended to be a great convenience, replacing the multitude of paperwork required by banks, merchants and government agencies. The benefits are only just beginning, backers say, as the biometric IDs are linked to programs and services.

But in rural areas, home to hundreds of millions of impoverished Indians dependent on subsidies, the impact of technical disruptions has already been evident.

After walking for two hours across rough underbrush in Rajasthan to get kerosene for the month, Hanja Devi left empty-handed because the machine couldn’t match her fingerprint with her Aadhaar number.

“It’s always so difficult” using the system, said Ms. Devi, who lives with her husband and a nephew on 1,500 rupees ($22) a month.

Ranjit Singh, who operates the shop, said five of the 37 customers before Ms. Devi also left the shop empty-handed, a failure rate of over 15%.

A shop manager in a neighboring village said identification had failed for a similar portion of his 500 customers.

Any biometric recognition system of Aadhaar’s size is bound to show duplicates, meaning some people’s biometric identifiers will match someone else’s when they try to enroll.The new system hasn’t eliminated attempts at fraud. In August, police in Rajasthan accused two shop managers of linking their fingerprints to a multitude of cards and stealing for months the rations of dozens of clients.

Hans Varghese Mathews, a mathematician at the Bangalore-based Center for Internet and Society, used the results of a test run by Aadhaar officials on a sample of 84 million people to extrapolate the figure for India’s total population. The error level is less than 1%, but in the world’s second-most populous country, the snag would still affect about 11 million people, he said.

Government officials disputed the calculation, saying the number of duplicates would be much smaller—and that it would take only seven analysts to manage the error caseload.

As for trouble connecting to the registry, better infrastructure, including steadier internet connections, will eventually also help, Mr. Pandey said.

For now, Mr. Prakash has found a way to cope without climbing trees. After scouring the village, he set up a shack in a spot with enough bandwidth for his fingerprint scanner to work. It is hardly efficient. He issues receipts in the morning at the shack, then goes back to his shop to hand out the grains. Customers have to line up twice, sometimes for hours.

Mr. Prakash has applied to the government to operate without biometric identification, but his request was turned down, he said. “They said: ‘You have to keep trying.’ ”

For more details visit https://cis-india.org/internet-governance/news/wall-street-journal-gabriele-parussini-january-13-2017-indias-digital-id-rollout-collides-with-rickety-reality

India’s digital check

sunil — 2015-09-15T14:55:47Z

All nine pillars of Digital India directly correlate with policy research conducted at the Centre for Internet and Society, where I have worked for the last seven years. This allows our research outputs to speak directly to the priorities of the government when it comes to digital transformation.

The article was originally published by DNA on July 8, 2015.

Broadband Highways and Universal Access to Mobile Connectivity: The first two pillars have been combined in this paragraph because they both require spectrum policy and governance fixes. Shyam Ponappa, a distinguished fellow at our Centre calls for the leveraging of shared spectrum and also shared backhaul infrastructure. Plurality in spectrum management, for eg, unlicensed spectrum should be promoted for accelerating backhaul or last mile connectivity, and also for community or local government broadband efforts. Other ideas that have been considered by Ponappa include getting state owned telcos to exit completely from the last mile and only focus on running an open access backhaul through Bharat Broadband Limited. Network neutrality regulations are also required to mitigate free speech, diversity and competition harms as ISPs and TSPs innovate with business models such as zero-rating.

Public Internet Access Programme: Continuing investments into Common Service Centres (CSCs) for almost a decade may be questionable and therefore a citizen’s audit should be undertaken to determine how the programme may be redesigned. The reinventing of post offices is very welcome, however public libraries are also in need urgent reinventing. CSCs, post offices and public libraries should all leverage long range WiFi for Internet and intranet, empowering BYOD [Bring Your Own Device] users. Applications will take time to develop and therefore immediate emphasis should be on locally caching Indic language content. State Public Library Acts need to be amended to allow for borrowing of digital content. Flat-fee licensing regimes must be explored to increase access to knowledge and culture. Commons-based peer production efforts like Wikipedia and Wikisource need to be encouraged.

e-Governance: Reforming Government through Technology: DeitY, under the leadership of free software advocate Secretary RS Sharma, has accelerated adoption and implementation of policies supporting non-proprietary approaches to intellectual property in e-governance. Policies exist and are being implemented for free and open source software, open standards and electronic accessibility for the disabled. The proprietary software lobby headed by Microsoft and industry associations like NASSCOM have tried to undermine these policies but have failed so far.

The government should continue to resist such pressures. Universal adoption of electronic signatures within government so that there is a proper audit trail for all communications and transactions should be made an immediate priority. Adherence to globally accepted data protection principles such as minimisation via “form simplification and field reduction” for Digital India should be applauded. But on the other hand the mandatory requirement of Aadhaar for DigiLocker and eSign amounts to contempt of the Supreme Court order in this regard.

e-Kranti — Electronic Delivery of Services: The 41 mission mode projects listed are within the top-down planning paradigm with a high risk of failure — the funds reserved for these projects should instead be converted into incentives for those public, private and public private partnerships that accelerate adoption of e-governance. The dependency on the National Informatics Centre (NIC) for implementation of e-governance needs to be reduced, SMEs need to be able to participate in the development of e-governance applications. The funds allocated for this area to DeitY have also produced a draft bill for Electronic Services Delivery. This bill was supposed to give RTI-like teeth to e-governance service by requiring each government department and ministry to publish service level agreements [SLAs] for each of their services and prescribing punitive action for responsible institutions and individuals when there was no compliance with the SLAs.

Information for All: The open data community and the Right to Information movement in India are not happy with the rate of implementation of National Data Sharing and Accessibility Policy (NDSAP). Many of the datasets on the Open Data Portal are of low value to citizens and cannot be leveraged commercially by enterprise. Publication of high-value datasets needs to be expedited by amending the proactive disclosure section of the Right to Information Act 2005.

Electronics Manufacturing: Mobile patent wars have begun in India with seven big ticket cases filed at the Delhi High Court. Our Centre has written an open letter to the previous minister for HRD and the current PM requesting them to establish a device level patent pool with a compulsory license of 5%. Thereby replicating India’s success at becoming the pharmacy of the developing world and becoming the lead provider of generic medicines through enabling patent policy established in the 1970s. In a forthcoming paper with Prof Jorge Contreras, my colleague Rohini Lakshané will map around fifty thousand patents associated with mobile technologies. We estimate around a billion USD being collected in royalties for the rights-holders whilst eliminating legal uncertainties for manufacturers of mobile technologies.

IT for Jobs: Centralised, top-down, government run human resource development programmes are not useful. Instead the government needs to focus on curriculum reform and restructuring of the education system. Mandatory introduction of free and open source software will give Indian students the opportunity to learn by reading world-class software. They will then grow up to become computer scientists rather than computer operators. All projects at academic institutions should be contributions to existing free software projects — these projects could be global or national, for eg, a local government’s e-governance application. The budget allocated for this pillar should instead be used to incentivise research by giving micro-grants and prizes to those students who make key software contributions or publish in peer-reviewed academic journals or participate in competitions. This would be a more systemic approach to dealing with the skills and knowledge deficit amongst Indian software professionals.

Early Harvest Programmes: Many of the ideas here are very important. For example, secure email for government officials — if this was developed and deployed in a decentralised manner it would prevent future surveillance of the Indian government by the NSA. But a few of the other low-hanging fruit identified here don’t really contribute to governance. For example, biometric attendance for bureaucrats is just glorified bean-counting — it does not really contribute to more accountability, transparency or better governance.

The author works for the Centre for Internet and Society which receives funds from Wikimedia Foundation that has zero-rating alliances with telecom operators in many countries across the world

For more details visit https://cis-india.org/internet-governance/blog/dna-sunil-abraham-july-8-2015-india-digital-check

India’s dedicated Cryptology centre gets Rs. 115 crore funding

praskrishna — 2014-07-29T07:18:08Z

Work on India's first dedicated cryptology centre – plans for which were first announced in June 2012 – will likely accelerate as the project has gained initial funding of Rs. 115 crore from the federal government, stepping up the nation's efforts to stay on top of an area critical to its military and financial interests.

The blog post by Harichandan Arakali was published in SearchSecurity.in on July 28, 2014. Sunil Abraham gave his inputs.

The research facility, called the RC Bose Centre For Cryptology and Security, is to be built on the campus of the Indian Statistical Institute at Kolkata, where there is already ongoing cryptology research and consultancy work, albeit on a smaller scale, according to professor Rana Barua, the centre's head.

In a world where electronic transactions and access to an ever-increasing number of places, installations and objects have made physical borders less relevant, the task of securing them against threats means strong encryption of data is critical to national defense.

"This centre is of course a welcome initial step, but it can't be the only thing. We will have to, ideally, take a billion dollars from some of the big funds, such as the Universal Service Obligation fund or from the next (wireless) spectrum auctions, and throw it at cryptography," said Sunil Abraham, director for policy at the Centre for Internet and Society, a non-profit research organisation.

"If the country takes our military superiority seriously, then when it comes to cyber wars, without having an upper hand in cryptography, there is no use discussing anything else," he added.

The new cryptology centre will focus on basic research, but take on applied work for India's defense needs and those of its financial institutions, professor Barua said, developing algorithms, testing encryption products for robustness, detecting vulnerabilities and so on.

The center will augment indigenous capabilities in cryptology and information security, Bimal K Roy, director of the India Statistical Institute told India's Press Trust, which reported the funding earlier this month.

"It is an important element of the overall efforts and framework to enhance capabilities to ensure holistic security of the Indian cyber space. With an eminent body of world class experts, it will act as a hub for all cryptographic requirements, cutting edge research and technology development within the country," Press Trust cited Roy as saying.

Once centre is up and running and, over the next two years, it will have the infrastructure to allow more than 30 researchers to work, but "the problem of course is to get good researchers in this area," Barua said.

Pretty much all the best mathematicians in the world today work with the US government either directly or as part of the American academia and via research projects funded by the US government, said the Centre for Internet and Society's Abraham.

Given that most of the standards used today are those set by the National Institute of Standards and Technology (NIST), the US standard-setting organisation, "we should ensure that our participation at NIST is of the highest quality and we need an army of mathematicians," he said.

However, in India there may be a small number of mathematicians who are capable of the highest level of cryptology research. Even if there are more, there is another problem for them to keep abreast of the latest advances.

In the past, maths used to be an open science and all advances would be published and available for peers to learn from each other. With the militarisation of the areas of maths that deal with cryptology, the latest research isn't available and mathematicians have to essentially work things out on their own as well as conjecture what others might be doing.

Today, every country other than the US faces a shortage of skilled cryptographers, according to Abraham: "Everybody is in the soup, but India is in worse soup because we went with this engineering craze instead of pure sciences and math, we've ignored building capacity in that area."

For more details visit https://cis-india.org/news/search-security-july-28-2014-harichandan-arakali-indias-dedicated-cryptology-centre-gets-funding

India’s Data Protection Regime Must Be Built Through an Inclusive and Truly Co-Regulatory Approach

amber — 2018-01-01T16:18:54Z

We must move India past its existing consultative processes for rule-making, which often prompts stakeholders to take adversarial and extremely one-sided positions.

The article was published in the Wire on December 1, 2017.

Earlier this week, the Ministry of Electronics and Information Technology released a white paper by a “committee of experts” appointed a few months back led by former Supreme Court judge, Justice B.N. Srikrishna, on a data protection framework for India. The other members of the committee are Aruna Sundararajan, Ajay Bhushan Pandey, Ajay Kumar, Rajat Moona, Gulshan Rai, Rishikesha Krishnan, Arghya Sengupta and Rama Vedashree.

With the exception of Justice Srikrishna and Krishnan, the rest of the committee members are either part of the government or part of organisations that have worked closely with the government on separate issues relating to technology, with some of them also having taken positions against the fundamental right to privacy.

Refreshingly, the committee and the ministry has opted for a consultative process outlining the issues they felt relevant to a data protection law, and espousing provisional views on each of the issues and seeking public responses on them. The paper states that on the basis of the response received, the committee will conduct public consultations with citizens and stakeholders. Legitimate concerns were raised earlier about the constitution of the committee and the lack of inclusion of different voices on it. However, if the committee follows an inclusive, transparent and consultative process in the drafting of the data protection legislation, it would go a long way in addressing these concerns.

The paper seeks response to as many as 231 questions covering a broad spectrum of issues relating to data protection – including definitions of terms such as personal data, sensitive personal data, processing, data controller and processor – the purposes for which exemptions should be available, cross border flow of data, data localisation and the right to be forgotten.

While a thorough analysis of all the issues up for discussion would require a more detailed evaluation, at this point, the process of rule-making and the kind of governance model envisaged in this paper are extremely important issues to consider.

In part IV of the paper on ‘Regulation and Enforcement’, there is a discussion on a co-regulatory approach for the governance of data protection in India. The paper goes so far as to provisionally take a view that it may be appropriate to pursue a co-regulatory approach which involves “a spectrum of frameworks involving varying levels of government involvement and industry participation”.

However, the discussion on co-regulation in the white paper is limited to the section on regulation and enforcement. A truly inclusive and co-regulatory approach ought to involve active participation from non-governmental stakeholders in the rule-making process itself. In India, unfortunately, we lack a strong tradition of lawmakers engaging in public consultations and participation of other stakeholders in the process of drafting laws and regulation. One notable exception has been the Telecom Regulatory Authority of India (TRAI), which periodically seeks public responses on consultation papers it releases and also holds open houses occasionally. It is heartening to see the committee of experts and the ministry follow a similar process in this case.

However, these are essentially examples of ‘notice and comment’ rulemaking where the government actors stand as neutral arbiters who must decide on written briefs submitted to it in response to consultation papers or draft regulations that it notifies to the public.

This process is, by its very nature, adversarial, and often means that different stakeholders do not reveal their true priorities but must take extreme one-sided positions, as parties tend to at the beginning of a negotiation.This also prevents the stakeholders from sharing an honest assessment of the actual regulatory challenge they may face, lest it undermine their position.

This often pits industry and public interest proponents against each other, sometimes also leading to different kinds of industry actors in adversarial positions. An excellent example of this kind of posturing, also relevant to this paper, is visible in the responses submitted to the TRAI on the its recent consultation paper on ‘Privacy, Security and Ownership of data in Telecom Sector’. One of the more contentious issue raised by the TRAI was about the adequacy of the existing data protection framework under the license agreement with telecom companies, and if there was a need to bring about greater parity in regulation between telecom companies and over-the-top (OTT) service providers. Rather than facilitating an actual discussion on what is a complex regulatory issues, and the real practical challenges it poses for the stakeholders, this form of consultation simply led to the telecom companies and OTT services providers submitting contrasting extreme positions without much scope for engagement between two polar arguments.

A truly co-regulatory approach which also extends to rulemaking would involve collaborative processes which are far less adversarial in their design and facilitate joint problem solving through multiple face to face meetings. Such processes are also more likely to lead to better rule making by using the more specialised knowledge of the different stakeholders about technology, domain-specific issues, industry realities and low cost solutions. Further, by bringing the regulated parties into the rulemaking process, the ownership of the policy is shared, often leading to better compliance.

Within the domain of data protection law itself, we have a few existing models of robust co-regulation which entail the involvement of stakeholders not just at the level of enforcement but also at the level of drafting. The oldest and most developed form of this kind of privacy governance can be seen in the study of the Dutch privacy statute. It involved a central privacy legislations with broad principles, sectoral industry-drafted “codes of conduct”, government evaluations and certifications of these codes; and a legal safe harbour for those companies that follow the approved code for their sector. Over a period of 20 years, the Dutch experience saw the approval of 20 sectoral codes across a variety of sectors such as banking, insurance, pharmaceuticals, recruitment and medical research.

Other examples of policies espousing this approach include two documents from the US – first, a draft bill titled ‘Commercial Privacy Bill of Rights Act of 2011’ introduced before the Congress by John McCain and John Kerry, and second, a White House Paper titled ‘Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy And Promoting Innovation In The Global Digital Economy’ released by the Obama administration. Neither of these documents have so far led to a concrete policy. Both of these policies envisioned broadly worded privacy requirements to be passed by the Congress, followed by the detailed rules to be drafted. The Obama administration white paper is more inclusive in mandating that ‘multi-stakeholder groups’ draft the codes that include not only industry representatives but also privacy advocates, consumer groups, crime victims, academics, international partners, federal and state civil and criminal law enforcement representatives and other relevant groups.

The principles that emerge out this consultative process are likely to guide the data protection law in India for a long time to come. Among democratic regimes with a significant data-driven market, India is extremely late in arriving at a data protection law. The least that it can do at this point is to learn from the international experience and scholarship which has shown that merits of a co-regulatory approach which entails active participation of the government, industry, civil society and academia in the drafting and enforcement of a robust data protection law.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime

India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics

praskrishna — 2013-03-25T10:39:43Z

Malavika Jayaram will be a speaker at this event which is organized by the Center for Global Communication Studies and will be held at Annenberg School of Communication, University of Pennslyvania, Philadelphia, on March 28, 2013, from 12 p.m. to 1.30 p.m.

Read about the event on the website of the Center for Global Communication Studies.

Unlike the US First Amendment, the first amendment to the Constitution of India actually strengthened state regulation over freedom of speech. Irony aside, the amendment that is considered by many scholars as the first media crisis in post-colonial India has increasing relevance today. Its prioritization of sovereignty and national security over democratic rights and institutions has resulted in a zone of contestation between nation building and free speech. This is playing out through a series of battles involving website blocking, book banning, biometric databases and bullying of all kinds.

In the last few months, an all-girl rock band in Kashmir was silenced, a village in Bihar banned women and girls from using mobile phones, and we had yet another Salman Rushdie controversy. Movies were blocked. Facebook and Google were taken to court for hosting objectionable content. Paintings were removed from an art gallery at the “suggestion” of the police because they depicted Hindu deities as semi-nude. At the same time, there was a drive to digitize governance and to build biometric databases to enumerate and record every individual. The impacts on free speech, anonymity, and privacy were considered fair game in the drive towards progress, inclusion, and maintenance of public order.

The relationship between the citizen and the state is undergoing a radical transformation mediated by the marriage of welfare schemes and commercial interests. The privacy of one’s body and identity is challenged by initiatives to capture fingerprints, irises, faces, and transactions. The heckler’s vote is increasingly powerful in silencing free expression. Civil society is under siege for resisting the onslaught of draconian legislation, arbitrary restrictions, and the banning of various forms of cultural output. Narratives are being constructed that attribute all civic engagement with “western values” and with being mouthpieces of foreign interests.

In this talk, I will give an overview of the strands of discord that are forming the fabric of India’s latest crisis of democracy. I will unpack some of the rhetoric behind the government’s drive to grasp the individual, and make the citizen visible to the state in an unprecedented manner. I will also discuss my experiences working with civil society in India, and the tools and techniques used to engage with policy formation and to adapt to the future of advocacy.

A dual-qualified lawyer, Malavika Jayaram spent eight years in London - with global law firm Allen & Overy in the Communications, Media & Technology group, and then with Citigroup. She relocated to India in 2006, and wears 3 hats as a practising lawyer, a Fellow at the Centre for Internet and Society (CIS) and a PhD scholar. As a partner at Jayaram & Jayaram, Bangalore, she focuses on corporate/tech transactions and has a special interest in new media and the arts. At CIS, Malavika collaborates on projects that study legislative and policy changes in the internet governance and privacy domains. As a PhD scholar, she is looking at data protection and privacy in India, with a special focus on e-governance schemes and the new biometric ID project.

A graduate of the National Law School of India, she has an LL.M. from Northwestern University, Chicago. She is on the advisory board of the Indian Journal of Law & Technology and is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Through series, launched this year. She is one of 10 Indian lawyers featured in “The International Who's Who of Internet e- Commerce & Data Protection Lawyers 2012” directory.

She is currently running a research project for Internews, studying internet policy in India. This will produce a landscape overview and interviews with various stakeholders in this domain.

For more details visit https://cis-india.org/news/global-asc-upenn-events-indias-civil-liberties-crisis

India’s Central Monitoring System: Security can’t come at cost of privacy

praskrishna — 2013-07-15T06:43:21Z

During a Google hangout session in June this year, Milind Deora, minister of state for communications and information technology, addressed concerns related to the central monitoring system (CMS).

Danish Raza's article was published in FirstPost on July 10, 2013. Sunil Abraham is quoted.

The surveillance project, described as the Indian version of PRISM, will allow the government to monitor online and telephone data of citizens. prism-milind-deora-cms-central-monitoring-system/” target=”_blank”>

The minister tried to justify the project arguing that the union government will become the sole custodian of citizen’s data which is now accessible to other parties such as telecom operators. But his justification failed to persuade experts who argue that the data is hardly safe because it is held by the government. And the limited information available about the project has raised serious concerns about its need and the consequences of government snooping on such a mass scale.

A release by the Press Information Bureau, dated November 26, 2009, is perhaps the only government document related to CMS available in public domain. It merely states that the project will strengthen the security environment in the country. “In the existing system secrecy can be easily compromised due to manual intervention at many stages while in CMS these functions will be performed on secured electronic link and there will be minimum manual intervention. Interception through CMS will be instant as compared to the existing system which takes a very long time.”

One of the primary concerns raised by experts is the sheer lack of public information on the project. So far, there is no official word from the government about which government bodies or agencies will be able to access the data; how will they use this information; what percentage of population will be under surveillance; or how long the data of a citizen will be kept in the record.

“This makes it impossible for India’s citizens to assess whether surveillance is the only, or the best, way in which the stated goal can be achieved. Also, citizens cannot gauge whether these measures are proportionate i.e. they are the most effective means to achieve this aim. The possibility of having such a debate is crucial in any democratic country,” said Dr Anja Kovacs, project director at Internet Democracy Project, Delhi based NGO working for online freedom of speech and related issues.

There is also no legal recourse for a citizen whose personal details are being misused or leaked from the central or regional database. Unlike America’s PRISM project under which surveillance orders are approved by courts, CMS does not have any judicial oversight. “This means that the larger ecosystem of checks and balances in which any surveillance should be embedded in a democratic country is lacking. There is an urgent requirement for a strong legal protection of the right to privacy; for judicial oversight of any surveillance; and for parliamentary or judicial oversight of the agencies which will do surveillance. At the moment, all three are missing.” said Kovacs.

Given the use of technology by criminals and terrorists, government surveillance per se, seems inevitable. Almost in every nation, certain chunk of population is always under the scanner of intelligence agencies. However, mass-scale tracking the data of all citizens — not just those who are deemed persons of interest — enabled by the CMS has sparked a public furor. Sunil Abraham, executive director, Centre for Internet & Society, Bangalore, compared surveillance with salt in cooking. “A tiny amount is essential but any excess is counterproductive,” he said. “Unlike target surveillance, blanket surveillance increases the probability of false positives. Wrong data analysis will put more number of innocent civilians under suspicion as, by default, their number in the central server is more than those are actually criminals.”

Such blanket surveillance techniques also pose a threat to online business. With all the data going in one central pool, a competitor or a cyber criminal rival can easily tap into private and sensitive information by hacking into the server. “As vulnerabilities will be introduced into Internet infrastructure in order to enable surveillance, it will undermine the security of online transactions,” said Abraham. He notes that the project also can undermine the confidentiality of intellectual property especially pre-grant patents and trade secrets. “Rights-holders will never be sure if their IPR is being stolen by some government in order to prop up national players.”

Every time a surveillance system is exposed or its misuse sparks a debate, governments argue that such programs are required for internal security purposes and to help abort terror attacks. Obama made the same argument after PRISM was revealed to the public. Civil rights groups, on the other hand, argue that security cannot be prioritised by large-scale invasions of privacy especially in a country like India where there is little accountability or transparency. So is there a middle ground that will satisfy both sides?

“Yes, security and privacy can coexist,” said Commander (rtd) Mukesh Saini, former national information security coordinator, government of India, “We can design a system which takes care of national security aspect and yet gains the confidence of the citizens. Secrecy period must not be more than three to four years in such projects. Thereafter who all were snooped and when and why and under whose direction/circumstances must be made public through a website after this time gap.”

Kovacs agrees and says the right kind of surveillance program would focus on the needs of the citizen and not the government. “If a contradiction seems to exist between cyber security and privacy online, this is only because we have lost sight of who is supposed to benefit from any security measures. Only if a measure contributes to citizen’s sense of security, can it really be considered a legitimate security measure.”

For more details visit https://cis-india.org/news/firstpost-danish-raza-july-10-2013-indias-central-monitoring-system-security-cant-come-at-cost-of-privacy

India’s biometric ID scans make sci-fi a reality

praskrishna — 2017-03-28T02:45:28Z

I have been thinking about my fingerprints and the secrets that may lie within my eyes — and whether I want to share them with the Indian government. I may not however have a choice.

The article by Amy Kazmin was published in the Financial Times on March 27, 2017. Sunil Abraham was quoted.

India has the world’s largest domestic biometric identification system, known as Aadhaar. Since 2010, the government has collected fingerprints and iris scans from more than 1bn residents, and each has been assigned a 12-digit identification number.

The scheme is championed by Nandan Nilekani, the billionaire co-founder of IT company Infosys. It was initially conceived to ensure poor Indians received subsidised food entitlements and other welfare benefits that were previously siphoned off by unscrupulous intermediaries. It was also seen as offering poor Indians, many of whom lack birth certificates, with a portable ID that can be used anywhere in the country.

Until now, obtaining an Aadhaar number was voluntary, though most Indians enrolled without hesitation as they see its potential benefits. But New Delhi is now enlisting Aadhaar, which means “foundation” or “base” in Hindi, in more than just welfare schemes. This would mean sharing one’s biometric details isn’t really optional any more despite a Supreme Court ruling that it should be “purely voluntary”.

Last week, the government issued a rule requiring an Aadhaar number for filing tax returns, ostensibly to improve tax compliance. It has also decided that all cell phone numbers must be linked to an Aadhaar number by 2018. Even Indian Railways has plans to demand Aadhaar from those booking train tickets online.

What was once touted as an initiative to improve delivery of welfare suddenly now seems like the foundation of a surveillance state — and I admit the prospect of putting my own biometrics in the database leaves me uneasy.

As a US citizen, I’ve never had to give my biometric data to my government. Domestically, fingerprints are only taken from criminal suspects, or applicants for government jobs, though I know foreign citizens are fingerprinted on arrival.

To me, the idea of sharing eye scans evokes the dystopian Hollywood film, Minority Report, which depicts a near future in which optical-recognition cameras allow the authorities to identify anyone in any public place. The hero on the run, played by Tom Cruise, has an illegal eye transplant to avoid detection.

In recent days, many Indian academics and activists have raised concerns about Aadhaar data security, the lack of privacy rules and the absence of any accountability structure if data are misused.

"Biometrics is being weaponised," says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society. "What you need to be worried about is that someone will clean out your bank account or frame you in a crime," he says.

Pratap Bhanu Mehta, director of the Centre for Policy Research, has written of the “conversion of Aadhaar from a tool of citizen empowerment to a tool of state surveillance and citizen vulnerability”.

I call Mr Nilekani, of whose honourable intentions I have no doubt. After leaving Infosys in 2009, he spent five years in government, working to get Aadhaar off the ground. He says he is “extremely offended” when his project is accused of being part of a surveillance society, a narrative he says is “completely misrepresenting” the project. “I can steal your fingerprint off your glass. I don’t need this fancy technology,” he says. “Surveillance is far better done by following my phone, or when I use a map to order a taxi: the map knows where I am. Our internet companies know where you are.”

But in a society known for ingenious means of bypassing rules, such as having multiple taxpayer ID cards to aid evasion, Mr Nilekani says biometric authentication of individuals can bring discipline and reduce cheating. “It’s like you are creating a rule-based society,” he says, “it’s the transition that is going on right now.” I hang up, hardly reassured. To me, it seems clear that in India, as in so many places these days, Big Brother is increasingly watching.

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-27-2017-amy-kazmin-indias-biometric-id-scans-make-sci-fi-a-reality

India’s Biometric Database Is Creating A Perfect Surveillance State — And U.S. Tech Companies Are On Board

Admin — 2018-09-04T14:40:51Z

The Aadhaar program offers a glimpse of the tech world's latest quest to control our lives, where dystopias are created in the name of helping the impoverished.

The article by Paul Bluementhol and Gopal Sathe was published in Huffington Post on August 25, 2018. Sunil Abraham was quoted.

Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history.

For the past nine years, India has been building the world’s biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means “proof” or “basis” in Hindi), could be a gold mine.

The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company ― Google ― gave a definitive response.

That’s because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India’s poor, the database has become Indians’ gateway to nearly any type of service ― from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.

A Scheme Born In The U.S.

Tapping into Aadhaar would help big tech companies access the data and transactions of millions of users in the second most populous country on earth, explained Usha Ramanathan, a Delhi-based lawyer, legal researcher and one of Aadhaar’s most vocal critics.

The idea for India’s national biometric identification team wasn’t unprecedented, and in fact, it has strong parallels with a system proposed for the United States. Following the Sept. 11, 2001, attacks, the CEO of Oracle, Larry Ellison, offered to build the U.S. government software for a national identification system that would include a centralized computer database of all U.S. citizens. The program never got off the ground amid objections from privacy and civil liberties advocates, but India’s own Ellison figure, Nandan Nilekani, had a similar idea. The billionaire founder of IT consulting giant Infosys, Nilekani conceptualized Aadhaar as a way to eliminate waste and corruption in India’s social welfare programs. He lobbied the government to bring in Aadhaar, and went on to run the project under the administration of Manmohan Singh. Nilekani gained even more influence under current Prime Minister Narendra Modi, who moved to make Aadhaar necessary for almost any kind of business in India.

The first 12-digit Aadhaar ID was issued in 2010. Today, over a billion people (around 89 percent of India’s population) have been included in the system ― from India’s unimaginably wealthy billionaires to the homeless, from residents of the country’s sprawling cities to remote inaccessible villages. While initially a voluntary program, the database is now linked to just about all government programs. You need an Aadhaar ID to get a passport issued or renewed. Aadhaar was made mandatory for operating a bank account, using a cell phone or investing in mutual funds, only for the proposals to be rolled back pending the Supreme Court verdict on the constitutionality of the project.

As Aadhaar identification became integrated into other systems like banking, cell phones and government programs, tech companies can use the program to cross-reference their datasets against other databases and assemble a far more detailed and intrusive picture of Indians’ lives. That would allow them, for example, to better target products or advertising to the vast Indian population. “You can take a unique identifying number and use it to find data in different sectors,” explained Pam Dixon, executive director of the World Privacy Forum, an American public interest research group. “That number can be cross-walked across all the different parts of their life.”

Microsoft, which uses Aadhaar in a new version of Skype to verify users, declined to talk about its work integrating products with the Aadhaar database. But Bill Gates, Microsoft’s founder, has publicly endorsed Aadhaar and his foundation is funding a World Bank program to bring Aadhaar-like ID programs to other countries. Gates has also argued that ID verification schemes like Aadhaar in itself don’t pose privacy issues. Microsoft CEO Satya Nadella has repeatedly praised Aadhaar in both his recent book and a tour across India.

Amazon did not respond to a request for comment, but according to a BuzzFeed report, the company told Indian customers not uploading a copy of Aadhaar “might result in a delay in the resolution or no resolution” of cases where packages were missing.

Facebook, too, failed to respond to repeated requests for comment, though the platform’s prompts for users to log in with the same name as their Aadhaar card prompted suspicions from users that it wanted everyone to use their Aadhaar-verified names and spellings so they could later build in Aadhaar functionality with minimal problems.

A spokesman for Google, which has its own payments platform in India called Tez, told HuffPost that the company has not integrated any of its products with Aadhaar. But there was outrage earlier in August when the Aadhaar helpline was added to Android phones without informing users. Google claimed in a statement to the Economic Times this happened “inadvertently”

Privacy Jeopardized For Millions

But the same features that are set to make tech companies millions are are also the ones that threaten the privacy and security of millions of Indians.

“As long as [the data] is being shared with so many people and services and companies, without knowing who has what data, it will always be an issue,” said Srinivas Kodali, an independent security researcher. “They can’t protect it until they encrypt it and stop sharing data.”

One government website allowed users to search and geolocate homes on the basis of caste and religion ― sparking fears of ethnic and religious violence in a country where lynchings, beatings and mob violence are commonplace. Another website broadcast the names, phone numbers and medical purchases — like generic Viagra and HIV medication — of anyone who buys medicines from government stores. In another leak, a Google search for phone numbers of farmers in Andhra Pradesh would reveal their Aadhaar numbers, address, fathers’ names and bank account numbers.

The leaks are aggravated by “a Star Trek-type obsession” with data dashboards, said Sunil Abraham, executive director of the Center for Internet and Society. Many government departments each created an online data dashboard with detailed personal records on individuals, he explained. The massive centralization of personal data, he said, created a huge security risk as these dashboards were accessible to any government official and in many cases, were even left open to the public.

Authentication failures have led to deaths among the poorest sections of Indian society when people were denied government food rations.

And much like the tech companies, some local governments are using the system to connect data sets and build expansive surveillance. In the state of Andhra Pradesh in India, there’s a war room next to the state chief minister’s office, where a wall of screens shows details from databases that collect information from every department. There are security cameras and dashboards that track every mention of the chief minister on the news. There’s a separate team watching what’s being said about him on social media and there are also dashboards that collect information from IoT [Internet of Things] sensors across the state.

Court Ruling Could Halt Rollout

Those issues around privacy are why the dreams of government bureaucrats and large tech companies to build a perfect surveillance apparatus around Aadhaar may ultimately fall apart. The Supreme Court of India is set to decide on a case that could decide the future of the program.

The court is set to review 27 petitions, including whether requiring an Aadhaar for government subsidies and benefits makes access to these programs conditional, even though the state is constitutionally bound to deliver them. The petitioners include lawyers, academics and a 92-year-old retired judge whose petition also secured the right to privacy as a fundamental right in August 2017. Petitioners also argue that the ability for Aadhaar to be used to track and profile people is unconstitutional.

In its judgment, due any day now, the court will rule on all 27 petitions together. It will decide not only the fate of the Aadhaar Act of 2016, but likely the future involvement of some of tech’s biggest companies in one of the world’s most ambitious and divisive IT projects.

For more details visit https://cis-india.org/internet-governance/news/huffington-post-august-25-2018-paul-bluementhal-and-gopal-sathe-indias-biometric-database-is-creating-a-perfect-surveillance-state

India’s Big Bet on Identity

praskrishna — 2012-03-07T05:44:12Z

The world’s largest biometric authentication system reaches its first major milestone, but lots of challenges remain, writes Joshua J. Romero in ieeespectrum. Sunil Abraham was quoted in this story which was featured in March 2012 edition.

Driving around Bangalore, it’s immediately clear that the infrastructure hasn’t kept up with the IT boom in this once-sleepy South Indian city. Auto rickshaws, scooters, and motorcycles squeeze into a tight phalanx at each red light and choke the air with exhaust. Construction, such as the concrete supports of the new metro rail line that looms overhead, causes detours everywhere, and in spots the entire road abruptly disintegrates into gravel.

But something miraculous happens as you make your way south, past the outer ring road. A ramp lifts a select few vehicles out of the weaving traffic and onto an elevated tollway, where you suddenly have a bird’s-eye view of the urban landscape. This is the road to Electronic City, an oasis of glass and steel high-rises overlooking pristine black asphalt paths that snake through the perfectly manicured lawns of tech companies like Wipro, IBM, and Infosys Technologies.

“If you can have such good roads in the Infosys campus, why are the roads outside so terrible?” That’s the common question foreign visitors would ask Nandan Nilekani, one of the company’s cofounders. “Politics” was his usual reply, according to Nilekani’s 2008 book, Imagining India. Now the man who has been called the Bill Gates of India has jumped into politics to try to use what he learned at the IT giant to transform the dysfunctional country that lies beyond the borders of Electronic City.

Since July 2009, Nilekani has been a cabinet minister, leading hundreds of engineers and entrepreneurs as chairman of the Unique Identification Authority of India (UIDAI). By the most conservative estimates, at least a third of the country’s 1.2 billion citizens live below the poverty line and outside the formal economy. The UIDAI is expected to connect those hundreds of millions of people to government programs, save public money, reduce fraud and corruption, and foster new business opportunities—all by creating an unprecedented biometric system and outside the formal economy. The UIDAI is expected to connect those hundreds of millions of people to government programs, save public money, reduce fraud and corruption, and foster new business opportunities—all by creating an unprecedented biometric system.

“On the one hand, within India and across the world, people of Indian descent have done some remarkable work,” says Nilekani. “And on the other hand, here is a country that needs to solve some very basic problems. This project marries these two worlds.” UIDAI plans to use fingerprints and iris scans to assign every person in the country a unique 12-digit ID number that can be verified online. It’s one of the biggest IT projects in the world, and getting bigger: By early February, the UIDAI had issued 130 million ID numbers, and it can issue up to a million more IDs every day. The agency has set up 36 000 enrollment stations staffed by 87 000 certified enrollment operators. In India the project is called Aadhaar, which means “foundation” or “support,” because it’s meant to be a fundamental technology platform that will enable dozens of new public and private services to be created.

That’s if it all works. It’s easy to list major challenges: How exactly do you collect biometrics from every single person in the world’s second most populous country, especially those living at the margins? How do you keep bad data from getting into the database in a country rife with corruption? And how can you build the entire system around online authentication in a country where fewer than one in 20 people have access to the Internet?

The answers to these questions are getting more than the usual amount of scrutiny, because a lot of political fortunes are riding on the UIDAI.

The program has been heavily supported by the ruling Indian National Congress party; Nilekani was appointed by the prime minister himself, Manmohan Singh. But Singh and his Congress party have had a difficult time enacting many of their biggest policy goals, and the UIDAI has increasingly become the target of criticism.

Earlier this year, the whole scheme seemed in imminent danger of collapse, when a parliamentary committee killed the bill that would have given the program statutory authority, and a political turf war erupted between the UIDAI and the National Population Register, another government project collecting biometrics for the national census. But by late January the two sides had reached an agreement to share biometric data collection, and Aadhaar is once again moving full steam ahead with a new mandate and an estimated budget this year of 15 billion rupees [PDF] (about US $300 million).

Photo: Joshua J. Romero

EXISTING DOCUMENTS: A poster lists the variety of IDs a  person can use to register for an Aadhaar number.

To understand why the government has invested so heavily, it helps to know the current state of affairs in India. Aadhaar is meant to provide a form of identification that’s free, national, impossible to counterfeit—and available to everyone. “There’s an ID divide,” Nilekani explains, between people who have multiple official IDs and the hundreds of millions who have none. Only about 60 million people in India have passports, he says, and only about 100 million have photo ID bank cards. The most prevalent document is a voter ID card, which has been issued to about 700 million people, covering just over half of the country. But these and the rest of the official IDs created by the country’s vast bureaucracy all have shortcomings.

The primary reason for creating a biometric ID system is to give India’s poorest citizens better access to an array of welfare programs. India spends about 2 percent of its gross domestic product on social programs like the Public Distribution System, which provides subsidized rice, wheat, and other staples, and a rural employment scheme that guarantees 100 days of work. But all such programs suffer from severe “leakage”: According to the World Bank, corrupt officials and middlemen siphon away 59 percent of the money before it reaches the intended recipients. Eventually, the government hopes to provide funds directly to each person who needs them.

Most states issue ration cards, but they usually aren’t valid in other states. An official ID that can be used throughout the country is increasingly important as more and more people move away from their hometowns to follow employment, Nilekani says.

Complicating the problem further, existing ID cards are easy to duplicate. Some states have more names on their food ration lists than there are people living in the state. To fight counterfeiting, the Aadhaar team decided to use biometrics instead of issuing just another ID card. From the beginning, they consulted biometric experts, used existing standards when they could, and studied similar systems like the U.S. Visitor and Immigrant Status Indicator Technology program, run by the U.S. Department of Homeland Security.

One thing the team realized early on is that a single biometric measurement wasn’t enough to guarantee uniqueness. In proof-of-concept studies, researchers determined that only by using all 10 fingerprints and a scan of both irises could error rates be kept manageable. Adding iris scans also makes the program more inclusive for people whose fingerprints have been worn down by manual labor.

Photos, clockwise from left: Ruth Fremson/The New York Times/Redux; Joshua J. Romero (2)
NECESSARY GEAR: Each enrollment station has the same basic set of equipment, including an iris scanner [top], a fingerprint scanner [bottom right], a webcam and light [bottom left], a laptop, a second monitor for the resident to view, and a scanner and printer to handle documents.

Getting an Aadhaar number is not a quick process. One Friday after midnight, I watch dozens of families wait patiently in a municipal building where only half the lights are on and there’s always a baby crying. While Anurodh Kanchan waits, he explains that he came at this hour because he’d heard the lines were even longer during the day. He’d already been once before to schedule this appointment. Now his 7-year-old daughter dozes on his wife’s shoulder as the whole family waits another half an hour for the enrollment agent to return from a break.

Hiring and training people to work as agents has been one of the project’s biggest logistical challenges. The UIDAI outsources enrollment to “registrars”—often state governments or banks—which in turn hire accredited agencies to actually set up and staff the centers. The agencies get paid a flat rate for each successful enrollment, as do the agents they hire. A coordinator for one of the largest agencies told me that his organization had significantly overestimated how many enrollments an agent could complete in a day. UIDAI says that an average station (see photos, “Necessary Gear”) can process each enrollment in under 10 minutes, but in the days I spent observing, it wasn’t uncommon for the process to take twice as long. And if you’re an agent looking at a line of people stretching out the door, it’s easy to see how you might begin to rush through your tasks.

That’s why enforcing quality is left to a piece of software known as the enrollment client, installed on each agent’s laptop. The program manages every step of the process and was developed jointly by engineers at UIDAI and MindTree, an Indian IT company. Because enrollment often takes place in remote locations with no Internet access, the client must be fully independent and be able to run off a single laptop. The developers also had to make sure that the enrollment client could work seamlessly with any of the 11 biometric devices from various manufacturers that had been certified for use. And the initial version had to be built fast: MindTree won the contract at the end of April 2010, and the UIDAI wanted to enroll the first resident by that August.

MindTree met the deadline, and the client it designed now manages to prevent and correct most errors an enrollment agent might make. In addition to a simple quality check, the software looks for self-consistency—for instance, verifying that each fingerprint isn’t coming from the operator or another recently enrolled resident and that all 10 fingerprints and two irises are distinct from each other. If something goes wrong in a biometric capture, the software tells the operator how to correct it—for instance, it can distinguish between a facial photo that’s too dark and one in which the person was photographed at the wrong angle.

Still, over the last 21 months, the software engineers have had to continually improve the program to address new challenges encountered in the field. For example, when the UIDAI began enrolling people in the Punjab region of North India, where many men wear long beards and large turbans, enrollment agents had a hard time taking a photo that the software considered acceptable: The turban would be interpreted as an unacceptable background, or the automatic cropping feature would crop around the turban instead of the face. The software team was able to quickly tweak the parameters and release a new version of the client so that enrollment could continue.

It isn’t just the biometric collection that’s tricky. A resident must also supply basic demographic data—name, age, gender, and address. Residents can fill out paper forms in any of the 16 official Indian languages, which agents must first transfer to the computer and then translate into an English version of the form. This is by far the most time-consuming part of the process, and MindTree has tried to speed it up by building transliteration into the client software. But Indic languages have many variations—some are written right to left, and many use unique character sets. Still, the agent is expected to check the results and clean up minor mistakes.

There are obviously both privacy and security concerns when you’re collecting personal data from more than a billion people. “You can’t change your biometrics,” points out Sunil Abraham, the executive director at the Center for Internet and Society, in Bangalore, so if they become compromised, it’s a difficult problem to fix.

Among the precautions the UIDAI takes is to encrypt all data as soon as they’re collected. The data can be decrypted only by UIDAI servers, so the records aren’t even accessible to the operator or enrollment agency that collected them. At the end of each day, all the encrypted enrollment data are stored on USB flash drives, and the drives are transported to a place with Internet access so the data can be uploaded to UIDAI’s servers. It’s in the best interests of the enrollment agencies to safeguard the data, because otherwise they won’t get paid.

From the enrollment centers the action moves to the racks of servers at the UIDAI Central Information Data Repository, which is also in Bangalore. Here is where deduplication—checking each new enrollment against every other record in the database—will arguably make this identity scheme rise above the rest. Ensuring that no person can get two numbers is key to making biometrics a worthwhile investment. A few years ago, one Indian state collected biometrics for everyone below the poverty line, but it didn’t have the technology or a plan to prevent duplicates. It ended up capturing 1.2 times the population, which resulted in a significant leakage of benefits.

Many critics, including members of Parliament, have doubted that it’s even possible to deduplicate records from the entire Indian populace. It’s certainly a big task. In order to issue 1 million Aadhaar numbers in a single day, the current maximum rate, the data center must conduct 100 trillion person matches. To improve this process, the UIDAI came up with an unusual arrangement. Rather than hiring a single firm for the job, it awarded the project to three contractors, each responsible for processing a portion of the enrollments, with the overlapping records used to compare performance between the systems. This arrangement lets the UIDAI know if a system isn’t working correctly and also gives the companies a financial incentive to improve their software—they’ll get to process more records, and get paid more, if their products perform better. The vendors were even required to use the same kind of hardware to build their systems, so the agency isn’t tied to any one company.

In late January, the UIDAI released a report [PDF] that for the first time detailed the results of this deduplication effort. There are two primary factors that determine the accuracy of a biometric system: the false-positive rate, which in this case is how often a newly registered person is incorrectly judged to be already enrolled, and the false-negative rate, which is how often true duplicates are not recognized as such. To measure the false-positive rate, the UIDAI tested 4 million unique records against a subset of the enrollment database containing 84 million records: Of the unique records, 2309 were falsely rejected, for a false-positive rate of 0.057 percent. The agency also tested 31 399 known duplicates. The system caught all but 11, for a false-negative rate of 0.035 percent.

The false-positive rate applies to the total number of records in the database. As that number grows, the rate should increase in a linear fashion, because there are more opportunities for false matches. The false-negative rate, on the other hand, applies only to the small minority of enrollments that really are true duplicates (the UIDAI estimates that these make up only 0.5 percent of all incoming enrollments). Because the false-negative rate doesn’t depend on the total number of records, it should remain steady unless more people try to enroll multiple times.

R.S. Sharma, the director general of UIDAI, says that preventing all duplicates with technology alone is impossible. There are some people who just can’t be uniquely identified through biometrics, because the data for them aren’t good enough—children under age 5, for instance, and people with multiple disabilities. That’s why the responsibility for accuracy and uniqueness isn’t all left up to the software. Several full-time employees manually review the roughly 0.2 percent of cases that the software can’t handle, resolving errors and looking for evidence of fraud.

Even if the system isn’t perfect, it’s likely to be much better than any existing alternative, simply because it will eliminate “ghost identities,” says M.R. Madhavan, who works at the Centre for Policy Research, in New Delhi. “At least people who died in 1995 or 2005 will not get into the system,” he says.

Photo: Joshua J. Romero

AUTHENTICATION TERMINAL: Widespread use of Aadhaar will  rely on biometric terminals, like this prototype at MindTree.

Now that the UIDAI has shown it can collect biometric and demographic data and eliminate duplicate enrollments, much of the attention will shift to the authentication system, where people can prove their identity with just the swipe of a finger. Such systems are still under development, so most residents I met weren’t clear about the benefits of the program. When I asked people why they were enrolling, they often had vague reasons: “It might make it easier to get my benefits,” said one middle-aged woman in Bangalore. “I heard you’ll need it to buy heating gas,” said another woman. “I think it’s mandatory,” an elderly man told me. Nilekani thinks that getting authentication services up and running will be the best way to demonstrate the power of the entire project.

Here’s how such a futuristic system might work: Walking up to a wirelessly connected terminal at a local shop, a person will type in his name and Aadhaar number, and then he’ll scan his fingerprints. The data will be sent to a central database, where the Aadhaar number will be used to locate his record. The submitted name and biometric data will be compared to those on file, and the software will determine whether they match.

The UIDAI imagines that such biometric terminals will eventually be ubiquitous. The first devices deployed will likely be micro-ATMs in rural shops. These machines process transactions electronically, just like a full-size ATM, except they don’t store and dispense cash—that gets handled from the shopkeeper’s till. The hope is that such systems will deliver financial services to the 40 percent of the Indian population who have never had bank accounts. When people enroll for Aadhaar, they simply need to check a box and an Aadhaar-enabled bank account will be created for them.

In January, the UIDAI began a pilot project in the state of Jharkhand, where workers in the rural employment program could collect cash payments by scanning their fingerprints at a micro-ATM. Another pilot program in Maharashtra transferred small amounts of money to individual Aadhaar numbers, showing that bank servers could be easily linked with the UIDAI system.

The authentication system is already available as an application programming interface (API), which means it won’t be limited to just government programs and banks. Private service providers could use it to verify new customers as well. Take India’s vaunted mobile-phone culture: Phone companies are currently required to collect and retain significant documentation for every person they sell a SIM card to, as I found out in the two days I spent collecting the photos and local references I needed to get one myself. “If you look at any service provider, they’re not going to offer the mobile-phone service unless they verify who you are,” says Bala Parthasarathy, an entrepreneur who worked in Silicon Valley but came back to India to volunteer on the project for a year. Parthasarathy says that using Aadhaar for identity verification could provide the telephone companies with major savings.

Still, setting up a nationwide network of biometric terminals has plenty of its own challenges. First, India will need better connectivity. Wireless voice networks now cover most of the country, but wireless data networks have trailed behind. Current penetration of 3G is mostly just in the cities, says Debabrata Das, an IEEE member and a professor of electrical engineering at the International Institute of Information Technology, Bangalore, who has been studying the network challenges of authentication as a technical advisor for the state of Karnataka.

The API will also need to be flexible enough to handle variations in the demographic data that are submitted. The system can’t enforce strict matches: Many Indians use initials in their names, and there is no guarantee that they will always spell their names the same way in English. Further, sometimes a married woman will use her father’s family name instead of her husband’s. Because of the ambiguity in names and addresses, the database must be able to perform partial and fuzzy matches. Eventually, Sharma says, the UIDAI hopes to be able to do database matching for all the Indian languages as well, so the API will continue to undergo revisions.

Now the UIDAI must wait for its partners to begin taking advantage of the system, and Nilekani admits that starting up such services is largely beyond his control. Cooperation with other agencies and industries is all part of Nilekani’s approach to how government initiatives should work. “The big thing to my mind has been, How do you create a model of change, and how do you carry a lot of people with it? How do you think this through in a way that everyone comes on board?” he says. In building the project to this point, he’s managed to bring, if not everyone, then certainly a pretty diverse crowd: technical experts; national, state, and local officials; banks and businesses; and all those millions who willingly wait in line for hours.

“Everyone puts their own aspirations on it…like Obama,” he jokes. But the downside of being so inclusive is that as the project matures, it may be difficult to keep all the interested parties happy, and there’s bound to be disappointment if the project fails to achieve all its lofty ambitions.

The project has made it this far by adapting quickly as problems arise. “Think of it as multigeneration, continuous improvement,” Nilekani says. “You launch and get feedback and you get criticism. You need to build a rapid feedback loop, which is what we’ve built.”

Read the original here

For more details visit https://cis-india.org/news/big-bet-on-identity

India’s ballot battle will also run through Facebook

praskrishna — 2014-03-05T11:49:29Z

Facebook on Tuesday launched its widely awaited “election tracker” for the upcoming general elections, a move that signals the growing importance of social media as a political tool in a rapidly urbanizing India.

The article by Zia Haq was published in the Hindustan Times on March 4, 2014. Sunil Abraham is quoted.

India’s 2014 ballot battle will run through the social-media world, which could likely influence electoral outcomes by swinging 3-4% votes, as more and more young Indians go online to make sense of politics, according to two new surveys.

In these mostly urbanising seats, social-media usage is now “sufficiently widespread” to influence politics, according to the Internet and Mobile Association of India (IAMAI). An offline study conducted by market research firm TNS and Google India suggested similar shifts.

The Facebook tracker (http://on.fb.me/1g6ZJ3k) will help India’s 93 million Facebook users to see which parties and candidates as well as issues are trending.

Social-media platforms are likely to be influential in 160 of India’s 543 Parliament constituencies, making Facebook and Twitter users the nation’s newest voting bloc, according to the IAMAI survey.

These are constituencies where 10% of the voting population uses social media sites such as Facebook, or where the number of social media users is higher than the winning candidate’s margin of victory at the last election.

Research shows that social media is more persuasive than television ads. Nearly 100 million Indians, or more than Germany’s population, use the Internet each day. Of this, 40 million have assured broadband, the ones most likely to have at least one social media account.

“Unlike Obama who used social media directly for votes, Indian politicians have tended to use it more to mould public discourse,” says Sunil Abraham, the CEO of The Centre for Internet and Society.

“I think these trends are over-hyped and the impact, if any, would only be marginal,” said Communist Party of India MP, Gurudas Dasgupta, who created a Facebook account only last month.

For more details visit https://cis-india.org/news/hindustan-times-zia-haq-march-4-2014-india-s-ballot-battle-will-also-run-through-facebook

India’s ‘Self-Goal’ in Telecom

Shyam Ponappa — 2020-04-09T07:18:26Z

This post was first published in the Business Standard, on March 5, 2020.

The government apparently cannot resolve the problems in telecommunications. Why? Because the authorities are trying to balance the Supreme Court order on Adjusted Gross Revenue (AGR), with keeping the telecom sector healthy, while safeguarding consumer interest. These irreconcilable differences have arisen because both the United Progressive Alliance and the National Democratic Alliance governments prosecuted unreasonable claims for 15 years, despite adverse rulings! This imagined “impossible trinity” is an entirely self-created conflation.
If only the authorities focused on what they can do for India’s real needs instead of tilting at windmills, we’d fare better. Now, we are close to a collapse in communications that would impede many sectors, compound the problem of non-performing assets (NPAs), demoralise bankers, increase unemployment, and reduce investment, adding to our economic and social problems.
Is resolving the telecom crisis central to the public interest? Yes, because people need good infrastructure to use time, money, material, and mindshare effectively and efficiently, with minimal degradation of their environment, whether for productive purposes or for leisure. Systems that deliver water, sanitation, energy, transport and communications support all these activities. Nothing matches the transformation brought about by communications in India from 2004 to 2011 in our complex socio-economic terrain and demography. Its potential is still vast, limited only by our imagination and capacity for convergent action. Yet, the government’s dysfunctional approach to communications is in stark contrast to the constructive approach to make rail operations viable for private operators.
India’s interests are best served if people get the services they need for productivity and wellbeing with ease, at reasonable prices. This is why it is important for government and people to understand and work towards establishing good infrastructure.

What the Government Can Do

An absolute prerequisite is for all branches of government (legislative, executive, and judicial), the press and media, and society, to recognise that all of us must strive together to conceptualise and achieve good infrastructure. It is not “somebody else’s job”, and certainly not just the Department of Telecommunications’ (DoT’s). The latter cannot do it alone, or even take the lead, because the steps required far exceed its ambit.

Act Quickly

These actions are needed immediately:

First, annul the AGR demand using whatever legal means are available. For instance, the operators could file an appeal, and the government could settle out of court, renouncing the suit, accepting the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) ruling of 2015 on AGR.

Second, issue an appropriate ordinance that rescinds all extended claims. Follow up with the requisite legislation, working across political lines for consensus in the national interest.

Third, take action to organise and deliver communications services effectively and efficiently to as many people as possible. The following steps will help build and maintain more extensive networks with good services, reasonable prices, and more government revenues.

Enable Spectrum Usage on Feasible Terms

Wireless regulations

It is infeasible for fibre or cable to reach most people in India, compared with wireless alternatives. Realistically, the extension of connectivity beyond the nearest fibre termination point is through wireless middle-mile connections, and Wi-Fi for most last-mile links. The technology is available, and administrative decisions together with appropriate legislation can enable the use of spectrum immediately in 60GHz, 70-80GHz, and below 700MHz bands to be used by authorised operators for wireless connectivity. The first two bands are useful for high-capacity short and medium distance hops, while the third is for up to 10 km hops. The DoT can follow its own precedent set in October 2018 for 5GHz for Wi-Fi, i.e., use the US Federal Communications Commission regulations as a model.1 The one change needed is an adaptation to our circumstances that restricts their use to authorised operators for the middle-mile instead of open access, because of the spectrum payments made by operators. Policies in the public interest allowing spectrum use without auctions do not contravene Supreme Court orders.

Policies: Revenue sharing for spectrum

A second requirement is for all licensed spectrum to be paid for as a share of revenues based on usage as for licence fees, in lieu of auction payments. Legislation to this effect can ensure that spectrum for communications is either paid through revenue sharing for actual use, or is open access for all Wi-Fi bands. The restricted middle-mile use mentioned above can be charged at minimal administrative costs for management through geo-location databases to avoid interference. In the past, revenue-sharing has earned much more than up-front fees in India, and rejuvenated communications.2 There are two additional reasons for revenue sharing. One is the need to manufacture a significant proportion of equipment with Indian IPR or value-added, to not have to rely as much as we do on imports. This is critical for achieving a better balance-of-payments, and for strategic considerations. The second is to enable local talent to design and develop solutions for devices for local as well as global markets, which is denied because it is virtually impossible for them to access spectrum, no matter what the stated policies might claim.

Policies and Organisation for Infrastructure Sharing

Further, the government needs to actively facilitate shared infrastructure with policies and legislation. One way is through consortiums for network development and management, charging for usage by authorised operators. At least two consortiums that provide access for a fee, with government’s minority participation in both for security and the public interest, can ensure competition for quality and pricing. Authorised service providers could pay according to usage.
Press reports of a consortium approach to 5G where operators pay as before and the government “contributes” spectrum reflect seriously flawed thinking.3 Such extractive payments with no funds left for network development and service provision only support an illusion that genuine efforts are being made to the ill-informed, who simultaneously rejoice in the idea of free services while acclaiming high government charges (the two are obviously not compatible).
Instead of tilting at windmills that do not serve people’s needs while beggaring their prospects, commitment to our collective interests requires implementing what can be done with competence and integrity.

Shyam (no space) Ponappa at gmail dot com
1. https://dot.gov.in/sites/default/files/2018_10_29%20DCC.pdf
2. http://organizing-india.blogspot.in/2016/04/ breakthroughs- needed-for-digital-india.html
3. https://www.business-standard.com/article/economy-policy/govt-considering-spv-with-5g-sweetener-as-solution-to-telecom-crisis-120012300302_1.html

For more details visit https://cis-india.org/internet-governance/indias-self-goal-in-telecom

India-China Tech Forum 2018

Admin — 2018-12-26T15:32:20Z

Arindrajit Basu spoke at the India-China Tech Forum 2018 organised by ORF and Peking University at the Ji Xianlin Centre for India-China Studies, Mumbai on December 11 - 12, 2018. The event functioned as a bi-annual dialogue that fosters co-operation in this space between the two countries.

Arindrajit spoke on the panel 'India, China and the future of cyber norms' along with Saravjit Singh,Liu Ke and Weng Wejia. This was a closed door discussion under Chatham House rules. Click here to read the agenda.

For more details visit https://cis-india.org/internet-governance/news/india-china-tech-forum