We are anonymous, we are legion

India’s dedicated Cryptology centre gets Rs. 115 crore funding

praskrishna — 2014-07-29T07:18:08Z

Work on India's first dedicated cryptology centre – plans for which were first announced in June 2012 – will likely accelerate as the project has gained initial funding of Rs. 115 crore from the federal government, stepping up the nation's efforts to stay on top of an area critical to its military and financial interests.

The blog post by Harichandan Arakali was published in SearchSecurity.in on July 28, 2014. Sunil Abraham gave his inputs.

The research facility, called the RC Bose Centre For Cryptology and Security, is to be built on the campus of the Indian Statistical Institute at Kolkata, where there is already ongoing cryptology research and consultancy work, albeit on a smaller scale, according to professor Rana Barua, the centre's head.

In a world where electronic transactions and access to an ever-increasing number of places, installations and objects have made physical borders less relevant, the task of securing them against threats means strong encryption of data is critical to national defense.

"This centre is of course a welcome initial step, but it can't be the only thing. We will have to, ideally, take a billion dollars from some of the big funds, such as the Universal Service Obligation fund or from the next (wireless) spectrum auctions, and throw it at cryptography," said Sunil Abraham, director for policy at the Centre for Internet and Society, a non-profit research organisation.

"If the country takes our military superiority seriously, then when it comes to cyber wars, without having an upper hand in cryptography, there is no use discussing anything else," he added.

The new cryptology centre will focus on basic research, but take on applied work for India's defense needs and those of its financial institutions, professor Barua said, developing algorithms, testing encryption products for robustness, detecting vulnerabilities and so on.

The center will augment indigenous capabilities in cryptology and information security, Bimal K Roy, director of the India Statistical Institute told India's Press Trust, which reported the funding earlier this month.

"It is an important element of the overall efforts and framework to enhance capabilities to ensure holistic security of the Indian cyber space. With an eminent body of world class experts, it will act as a hub for all cryptographic requirements, cutting edge research and technology development within the country," Press Trust cited Roy as saying.

Once centre is up and running and, over the next two years, it will have the infrastructure to allow more than 30 researchers to work, but "the problem of course is to get good researchers in this area," Barua said.

Pretty much all the best mathematicians in the world today work with the US government either directly or as part of the American academia and via research projects funded by the US government, said the Centre for Internet and Society's Abraham.

Given that most of the standards used today are those set by the National Institute of Standards and Technology (NIST), the US standard-setting organisation, "we should ensure that our participation at NIST is of the highest quality and we need an army of mathematicians," he said.

However, in India there may be a small number of mathematicians who are capable of the highest level of cryptology research. Even if there are more, there is another problem for them to keep abreast of the latest advances.

In the past, maths used to be an open science and all advances would be published and available for peers to learn from each other. With the militarisation of the areas of maths that deal with cryptology, the latest research isn't available and mathematicians have to essentially work things out on their own as well as conjecture what others might be doing.

Today, every country other than the US faces a shortage of skilled cryptographers, according to Abraham: "Everybody is in the soup, but India is in worse soup because we went with this engineering craze instead of pure sciences and math, we've ignored building capacity in that area."

For more details visit https://cis-india.org/news/search-security-july-28-2014-harichandan-arakali-indias-dedicated-cryptology-centre-gets-funding

India’s Data Protection Regime Must Be Built Through an Inclusive and Truly Co-Regulatory Approach

amber — 2018-01-01T16:18:54Z

We must move India past its existing consultative processes for rule-making, which often prompts stakeholders to take adversarial and extremely one-sided positions.

The article was published in the Wire on December 1, 2017.

Earlier this week, the Ministry of Electronics and Information Technology released a white paper by a “committee of experts” appointed a few months back led by former Supreme Court judge, Justice B.N. Srikrishna, on a data protection framework for India. The other members of the committee are Aruna Sundararajan, Ajay Bhushan Pandey, Ajay Kumar, Rajat Moona, Gulshan Rai, Rishikesha Krishnan, Arghya Sengupta and Rama Vedashree.

With the exception of Justice Srikrishna and Krishnan, the rest of the committee members are either part of the government or part of organisations that have worked closely with the government on separate issues relating to technology, with some of them also having taken positions against the fundamental right to privacy.

Refreshingly, the committee and the ministry has opted for a consultative process outlining the issues they felt relevant to a data protection law, and espousing provisional views on each of the issues and seeking public responses on them. The paper states that on the basis of the response received, the committee will conduct public consultations with citizens and stakeholders. Legitimate concerns were raised earlier about the constitution of the committee and the lack of inclusion of different voices on it. However, if the committee follows an inclusive, transparent and consultative process in the drafting of the data protection legislation, it would go a long way in addressing these concerns.

The paper seeks response to as many as 231 questions covering a broad spectrum of issues relating to data protection – including definitions of terms such as personal data, sensitive personal data, processing, data controller and processor – the purposes for which exemptions should be available, cross border flow of data, data localisation and the right to be forgotten.

While a thorough analysis of all the issues up for discussion would require a more detailed evaluation, at this point, the process of rule-making and the kind of governance model envisaged in this paper are extremely important issues to consider.

In part IV of the paper on ‘Regulation and Enforcement’, there is a discussion on a co-regulatory approach for the governance of data protection in India. The paper goes so far as to provisionally take a view that it may be appropriate to pursue a co-regulatory approach which involves “a spectrum of frameworks involving varying levels of government involvement and industry participation”.

However, the discussion on co-regulation in the white paper is limited to the section on regulation and enforcement. A truly inclusive and co-regulatory approach ought to involve active participation from non-governmental stakeholders in the rule-making process itself. In India, unfortunately, we lack a strong tradition of lawmakers engaging in public consultations and participation of other stakeholders in the process of drafting laws and regulation. One notable exception has been the Telecom Regulatory Authority of India (TRAI), which periodically seeks public responses on consultation papers it releases and also holds open houses occasionally. It is heartening to see the committee of experts and the ministry follow a similar process in this case.

However, these are essentially examples of ‘notice and comment’ rulemaking where the government actors stand as neutral arbiters who must decide on written briefs submitted to it in response to consultation papers or draft regulations that it notifies to the public.

This process is, by its very nature, adversarial, and often means that different stakeholders do not reveal their true priorities but must take extreme one-sided positions, as parties tend to at the beginning of a negotiation.This also prevents the stakeholders from sharing an honest assessment of the actual regulatory challenge they may face, lest it undermine their position.

This often pits industry and public interest proponents against each other, sometimes also leading to different kinds of industry actors in adversarial positions. An excellent example of this kind of posturing, also relevant to this paper, is visible in the responses submitted to the TRAI on the its recent consultation paper on ‘Privacy, Security and Ownership of data in Telecom Sector’. One of the more contentious issue raised by the TRAI was about the adequacy of the existing data protection framework under the license agreement with telecom companies, and if there was a need to bring about greater parity in regulation between telecom companies and over-the-top (OTT) service providers. Rather than facilitating an actual discussion on what is a complex regulatory issues, and the real practical challenges it poses for the stakeholders, this form of consultation simply led to the telecom companies and OTT services providers submitting contrasting extreme positions without much scope for engagement between two polar arguments.

A truly co-regulatory approach which also extends to rulemaking would involve collaborative processes which are far less adversarial in their design and facilitate joint problem solving through multiple face to face meetings. Such processes are also more likely to lead to better rule making by using the more specialised knowledge of the different stakeholders about technology, domain-specific issues, industry realities and low cost solutions. Further, by bringing the regulated parties into the rulemaking process, the ownership of the policy is shared, often leading to better compliance.

Within the domain of data protection law itself, we have a few existing models of robust co-regulation which entail the involvement of stakeholders not just at the level of enforcement but also at the level of drafting. The oldest and most developed form of this kind of privacy governance can be seen in the study of the Dutch privacy statute. It involved a central privacy legislations with broad principles, sectoral industry-drafted “codes of conduct”, government evaluations and certifications of these codes; and a legal safe harbour for those companies that follow the approved code for their sector. Over a period of 20 years, the Dutch experience saw the approval of 20 sectoral codes across a variety of sectors such as banking, insurance, pharmaceuticals, recruitment and medical research.

Other examples of policies espousing this approach include two documents from the US – first, a draft bill titled ‘Commercial Privacy Bill of Rights Act of 2011’ introduced before the Congress by John McCain and John Kerry, and second, a White House Paper titled ‘Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy And Promoting Innovation In The Global Digital Economy’ released by the Obama administration. Neither of these documents have so far led to a concrete policy. Both of these policies envisioned broadly worded privacy requirements to be passed by the Congress, followed by the detailed rules to be drafted. The Obama administration white paper is more inclusive in mandating that ‘multi-stakeholder groups’ draft the codes that include not only industry representatives but also privacy advocates, consumer groups, crime victims, academics, international partners, federal and state civil and criminal law enforcement representatives and other relevant groups.

The principles that emerge out this consultative process are likely to guide the data protection law in India for a long time to come. Among democratic regimes with a significant data-driven market, India is extremely late in arriving at a data protection law. The least that it can do at this point is to learn from the international experience and scholarship which has shown that merits of a co-regulatory approach which entails active participation of the government, industry, civil society and academia in the drafting and enforcement of a robust data protection law.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime

India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics

praskrishna — 2013-03-25T10:39:43Z

Malavika Jayaram will be a speaker at this event which is organized by the Center for Global Communication Studies and will be held at Annenberg School of Communication, University of Pennslyvania, Philadelphia, on March 28, 2013, from 12 p.m. to 1.30 p.m.

Read about the event on the website of the Center for Global Communication Studies.

Unlike the US First Amendment, the first amendment to the Constitution of India actually strengthened state regulation over freedom of speech. Irony aside, the amendment that is considered by many scholars as the first media crisis in post-colonial India has increasing relevance today. Its prioritization of sovereignty and national security over democratic rights and institutions has resulted in a zone of contestation between nation building and free speech. This is playing out through a series of battles involving website blocking, book banning, biometric databases and bullying of all kinds.

In the last few months, an all-girl rock band in Kashmir was silenced, a village in Bihar banned women and girls from using mobile phones, and we had yet another Salman Rushdie controversy. Movies were blocked. Facebook and Google were taken to court for hosting objectionable content. Paintings were removed from an art gallery at the “suggestion” of the police because they depicted Hindu deities as semi-nude. At the same time, there was a drive to digitize governance and to build biometric databases to enumerate and record every individual. The impacts on free speech, anonymity, and privacy were considered fair game in the drive towards progress, inclusion, and maintenance of public order.

The relationship between the citizen and the state is undergoing a radical transformation mediated by the marriage of welfare schemes and commercial interests. The privacy of one’s body and identity is challenged by initiatives to capture fingerprints, irises, faces, and transactions. The heckler’s vote is increasingly powerful in silencing free expression. Civil society is under siege for resisting the onslaught of draconian legislation, arbitrary restrictions, and the banning of various forms of cultural output. Narratives are being constructed that attribute all civic engagement with “western values” and with being mouthpieces of foreign interests.

In this talk, I will give an overview of the strands of discord that are forming the fabric of India’s latest crisis of democracy. I will unpack some of the rhetoric behind the government’s drive to grasp the individual, and make the citizen visible to the state in an unprecedented manner. I will also discuss my experiences working with civil society in India, and the tools and techniques used to engage with policy formation and to adapt to the future of advocacy.

A dual-qualified lawyer, Malavika Jayaram spent eight years in London - with global law firm Allen & Overy in the Communications, Media & Technology group, and then with Citigroup. She relocated to India in 2006, and wears 3 hats as a practising lawyer, a Fellow at the Centre for Internet and Society (CIS) and a PhD scholar. As a partner at Jayaram & Jayaram, Bangalore, she focuses on corporate/tech transactions and has a special interest in new media and the arts. At CIS, Malavika collaborates on projects that study legislative and policy changes in the internet governance and privacy domains. As a PhD scholar, she is looking at data protection and privacy in India, with a special focus on e-governance schemes and the new biometric ID project.

A graduate of the National Law School of India, she has an LL.M. from Northwestern University, Chicago. She is on the advisory board of the Indian Journal of Law & Technology and is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Through series, launched this year. She is one of 10 Indian lawyers featured in “The International Who's Who of Internet e- Commerce & Data Protection Lawyers 2012” directory.

She is currently running a research project for Internews, studying internet policy in India. This will produce a landscape overview and interviews with various stakeholders in this domain.

For more details visit https://cis-india.org/news/global-asc-upenn-events-indias-civil-liberties-crisis

India’s Central Monitoring System: Security can’t come at cost of privacy

praskrishna — 2013-07-15T06:43:21Z

During a Google hangout session in June this year, Milind Deora, minister of state for communications and information technology, addressed concerns related to the central monitoring system (CMS).

Danish Raza's article was published in FirstPost on July 10, 2013. Sunil Abraham is quoted.

The surveillance project, described as the Indian version of PRISM, will allow the government to monitor online and telephone data of citizens. prism-milind-deora-cms-central-monitoring-system/” target=”_blank”>

The minister tried to justify the project arguing that the union government will become the sole custodian of citizen’s data which is now accessible to other parties such as telecom operators. But his justification failed to persuade experts who argue that the data is hardly safe because it is held by the government. And the limited information available about the project has raised serious concerns about its need and the consequences of government snooping on such a mass scale.

A release by the Press Information Bureau, dated November 26, 2009, is perhaps the only government document related to CMS available in public domain. It merely states that the project will strengthen the security environment in the country. “In the existing system secrecy can be easily compromised due to manual intervention at many stages while in CMS these functions will be performed on secured electronic link and there will be minimum manual intervention. Interception through CMS will be instant as compared to the existing system which takes a very long time.”

One of the primary concerns raised by experts is the sheer lack of public information on the project. So far, there is no official word from the government about which government bodies or agencies will be able to access the data; how will they use this information; what percentage of population will be under surveillance; or how long the data of a citizen will be kept in the record.

“This makes it impossible for India’s citizens to assess whether surveillance is the only, or the best, way in which the stated goal can be achieved. Also, citizens cannot gauge whether these measures are proportionate i.e. they are the most effective means to achieve this aim. The possibility of having such a debate is crucial in any democratic country,” said Dr Anja Kovacs, project director at Internet Democracy Project, Delhi based NGO working for online freedom of speech and related issues.

There is also no legal recourse for a citizen whose personal details are being misused or leaked from the central or regional database. Unlike America’s PRISM project under which surveillance orders are approved by courts, CMS does not have any judicial oversight. “This means that the larger ecosystem of checks and balances in which any surveillance should be embedded in a democratic country is lacking. There is an urgent requirement for a strong legal protection of the right to privacy; for judicial oversight of any surveillance; and for parliamentary or judicial oversight of the agencies which will do surveillance. At the moment, all three are missing.” said Kovacs.

Given the use of technology by criminals and terrorists, government surveillance per se, seems inevitable. Almost in every nation, certain chunk of population is always under the scanner of intelligence agencies. However, mass-scale tracking the data of all citizens — not just those who are deemed persons of interest — enabled by the CMS has sparked a public furor. Sunil Abraham, executive director, Centre for Internet & Society, Bangalore, compared surveillance with salt in cooking. “A tiny amount is essential but any excess is counterproductive,” he said. “Unlike target surveillance, blanket surveillance increases the probability of false positives. Wrong data analysis will put more number of innocent civilians under suspicion as, by default, their number in the central server is more than those are actually criminals.”

Such blanket surveillance techniques also pose a threat to online business. With all the data going in one central pool, a competitor or a cyber criminal rival can easily tap into private and sensitive information by hacking into the server. “As vulnerabilities will be introduced into Internet infrastructure in order to enable surveillance, it will undermine the security of online transactions,” said Abraham. He notes that the project also can undermine the confidentiality of intellectual property especially pre-grant patents and trade secrets. “Rights-holders will never be sure if their IPR is being stolen by some government in order to prop up national players.”

Every time a surveillance system is exposed or its misuse sparks a debate, governments argue that such programs are required for internal security purposes and to help abort terror attacks. Obama made the same argument after PRISM was revealed to the public. Civil rights groups, on the other hand, argue that security cannot be prioritised by large-scale invasions of privacy especially in a country like India where there is little accountability or transparency. So is there a middle ground that will satisfy both sides?

“Yes, security and privacy can coexist,” said Commander (rtd) Mukesh Saini, former national information security coordinator, government of India, “We can design a system which takes care of national security aspect and yet gains the confidence of the citizens. Secrecy period must not be more than three to four years in such projects. Thereafter who all were snooped and when and why and under whose direction/circumstances must be made public through a website after this time gap.”

Kovacs agrees and says the right kind of surveillance program would focus on the needs of the citizen and not the government. “If a contradiction seems to exist between cyber security and privacy online, this is only because we have lost sight of who is supposed to benefit from any security measures. Only if a measure contributes to citizen’s sense of security, can it really be considered a legitimate security measure.”

For more details visit https://cis-india.org/news/firstpost-danish-raza-july-10-2013-indias-central-monitoring-system-security-cant-come-at-cost-of-privacy

India’s biometric ID scans make sci-fi a reality

praskrishna — 2017-03-28T02:45:28Z

I have been thinking about my fingerprints and the secrets that may lie within my eyes — and whether I want to share them with the Indian government. I may not however have a choice.

The article by Amy Kazmin was published in the Financial Times on March 27, 2017. Sunil Abraham was quoted.

India has the world’s largest domestic biometric identification system, known as Aadhaar. Since 2010, the government has collected fingerprints and iris scans from more than 1bn residents, and each has been assigned a 12-digit identification number.

The scheme is championed by Nandan Nilekani, the billionaire co-founder of IT company Infosys. It was initially conceived to ensure poor Indians received subsidised food entitlements and other welfare benefits that were previously siphoned off by unscrupulous intermediaries. It was also seen as offering poor Indians, many of whom lack birth certificates, with a portable ID that can be used anywhere in the country.

Until now, obtaining an Aadhaar number was voluntary, though most Indians enrolled without hesitation as they see its potential benefits. But New Delhi is now enlisting Aadhaar, which means “foundation” or “base” in Hindi, in more than just welfare schemes. This would mean sharing one’s biometric details isn’t really optional any more despite a Supreme Court ruling that it should be “purely voluntary”.

Last week, the government issued a rule requiring an Aadhaar number for filing tax returns, ostensibly to improve tax compliance. It has also decided that all cell phone numbers must be linked to an Aadhaar number by 2018. Even Indian Railways has plans to demand Aadhaar from those booking train tickets online.

What was once touted as an initiative to improve delivery of welfare suddenly now seems like the foundation of a surveillance state — and I admit the prospect of putting my own biometrics in the database leaves me uneasy.

As a US citizen, I’ve never had to give my biometric data to my government. Domestically, fingerprints are only taken from criminal suspects, or applicants for government jobs, though I know foreign citizens are fingerprinted on arrival.

To me, the idea of sharing eye scans evokes the dystopian Hollywood film, Minority Report, which depicts a near future in which optical-recognition cameras allow the authorities to identify anyone in any public place. The hero on the run, played by Tom Cruise, has an illegal eye transplant to avoid detection.

In recent days, many Indian academics and activists have raised concerns about Aadhaar data security, the lack of privacy rules and the absence of any accountability structure if data are misused.

"Biometrics is being weaponised," says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society. "What you need to be worried about is that someone will clean out your bank account or frame you in a crime," he says.

Pratap Bhanu Mehta, director of the Centre for Policy Research, has written of the “conversion of Aadhaar from a tool of citizen empowerment to a tool of state surveillance and citizen vulnerability”.

I call Mr Nilekani, of whose honourable intentions I have no doubt. After leaving Infosys in 2009, he spent five years in government, working to get Aadhaar off the ground. He says he is “extremely offended” when his project is accused of being part of a surveillance society, a narrative he says is “completely misrepresenting” the project. “I can steal your fingerprint off your glass. I don’t need this fancy technology,” he says. “Surveillance is far better done by following my phone, or when I use a map to order a taxi: the map knows where I am. Our internet companies know where you are.”

But in a society known for ingenious means of bypassing rules, such as having multiple taxpayer ID cards to aid evasion, Mr Nilekani says biometric authentication of individuals can bring discipline and reduce cheating. “It’s like you are creating a rule-based society,” he says, “it’s the transition that is going on right now.” I hang up, hardly reassured. To me, it seems clear that in India, as in so many places these days, Big Brother is increasingly watching.

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-27-2017-amy-kazmin-indias-biometric-id-scans-make-sci-fi-a-reality

India’s Biometric Database Is Creating A Perfect Surveillance State — And U.S. Tech Companies Are On Board

Admin — 2018-09-04T14:40:51Z

The Aadhaar program offers a glimpse of the tech world's latest quest to control our lives, where dystopias are created in the name of helping the impoverished.

The article by Paul Bluementhol and Gopal Sathe was published in Huffington Post on August 25, 2018. Sunil Abraham was quoted.

Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history.

For the past nine years, India has been building the world’s biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means “proof” or “basis” in Hindi), could be a gold mine.

The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company ― Google ― gave a definitive response.

That’s because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India’s poor, the database has become Indians’ gateway to nearly any type of service ― from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.

A Scheme Born In The U.S.

Tapping into Aadhaar would help big tech companies access the data and transactions of millions of users in the second most populous country on earth, explained Usha Ramanathan, a Delhi-based lawyer, legal researcher and one of Aadhaar’s most vocal critics.

The idea for India’s national biometric identification team wasn’t unprecedented, and in fact, it has strong parallels with a system proposed for the United States. Following the Sept. 11, 2001, attacks, the CEO of Oracle, Larry Ellison, offered to build the U.S. government software for a national identification system that would include a centralized computer database of all U.S. citizens. The program never got off the ground amid objections from privacy and civil liberties advocates, but India’s own Ellison figure, Nandan Nilekani, had a similar idea. The billionaire founder of IT consulting giant Infosys, Nilekani conceptualized Aadhaar as a way to eliminate waste and corruption in India’s social welfare programs. He lobbied the government to bring in Aadhaar, and went on to run the project under the administration of Manmohan Singh. Nilekani gained even more influence under current Prime Minister Narendra Modi, who moved to make Aadhaar necessary for almost any kind of business in India.

The first 12-digit Aadhaar ID was issued in 2010. Today, over a billion people (around 89 percent of India’s population) have been included in the system ― from India’s unimaginably wealthy billionaires to the homeless, from residents of the country’s sprawling cities to remote inaccessible villages. While initially a voluntary program, the database is now linked to just about all government programs. You need an Aadhaar ID to get a passport issued or renewed. Aadhaar was made mandatory for operating a bank account, using a cell phone or investing in mutual funds, only for the proposals to be rolled back pending the Supreme Court verdict on the constitutionality of the project.

As Aadhaar identification became integrated into other systems like banking, cell phones and government programs, tech companies can use the program to cross-reference their datasets against other databases and assemble a far more detailed and intrusive picture of Indians’ lives. That would allow them, for example, to better target products or advertising to the vast Indian population. “You can take a unique identifying number and use it to find data in different sectors,” explained Pam Dixon, executive director of the World Privacy Forum, an American public interest research group. “That number can be cross-walked across all the different parts of their life.”

Microsoft, which uses Aadhaar in a new version of Skype to verify users, declined to talk about its work integrating products with the Aadhaar database. But Bill Gates, Microsoft’s founder, has publicly endorsed Aadhaar and his foundation is funding a World Bank program to bring Aadhaar-like ID programs to other countries. Gates has also argued that ID verification schemes like Aadhaar in itself don’t pose privacy issues. Microsoft CEO Satya Nadella has repeatedly praised Aadhaar in both his recent book and a tour across India.

Amazon did not respond to a request for comment, but according to a BuzzFeed report, the company told Indian customers not uploading a copy of Aadhaar “might result in a delay in the resolution or no resolution” of cases where packages were missing.

Facebook, too, failed to respond to repeated requests for comment, though the platform’s prompts for users to log in with the same name as their Aadhaar card prompted suspicions from users that it wanted everyone to use their Aadhaar-verified names and spellings so they could later build in Aadhaar functionality with minimal problems.

A spokesman for Google, which has its own payments platform in India called Tez, told HuffPost that the company has not integrated any of its products with Aadhaar. But there was outrage earlier in August when the Aadhaar helpline was added to Android phones without informing users. Google claimed in a statement to the Economic Times this happened “inadvertently”

Privacy Jeopardized For Millions

But the same features that are set to make tech companies millions are are also the ones that threaten the privacy and security of millions of Indians.

“As long as [the data] is being shared with so many people and services and companies, without knowing who has what data, it will always be an issue,” said Srinivas Kodali, an independent security researcher. “They can’t protect it until they encrypt it and stop sharing data.”

One government website allowed users to search and geolocate homes on the basis of caste and religion ― sparking fears of ethnic and religious violence in a country where lynchings, beatings and mob violence are commonplace. Another website broadcast the names, phone numbers and medical purchases — like generic Viagra and HIV medication — of anyone who buys medicines from government stores. In another leak, a Google search for phone numbers of farmers in Andhra Pradesh would reveal their Aadhaar numbers, address, fathers’ names and bank account numbers.

The leaks are aggravated by “a Star Trek-type obsession” with data dashboards, said Sunil Abraham, executive director of the Center for Internet and Society. Many government departments each created an online data dashboard with detailed personal records on individuals, he explained. The massive centralization of personal data, he said, created a huge security risk as these dashboards were accessible to any government official and in many cases, were even left open to the public.

Authentication failures have led to deaths among the poorest sections of Indian society when people were denied government food rations.

And much like the tech companies, some local governments are using the system to connect data sets and build expansive surveillance. In the state of Andhra Pradesh in India, there’s a war room next to the state chief minister’s office, where a wall of screens shows details from databases that collect information from every department. There are security cameras and dashboards that track every mention of the chief minister on the news. There’s a separate team watching what’s being said about him on social media and there are also dashboards that collect information from IoT [Internet of Things] sensors across the state.

Court Ruling Could Halt Rollout

Those issues around privacy are why the dreams of government bureaucrats and large tech companies to build a perfect surveillance apparatus around Aadhaar may ultimately fall apart. The Supreme Court of India is set to decide on a case that could decide the future of the program.

The court is set to review 27 petitions, including whether requiring an Aadhaar for government subsidies and benefits makes access to these programs conditional, even though the state is constitutionally bound to deliver them. The petitioners include lawyers, academics and a 92-year-old retired judge whose petition also secured the right to privacy as a fundamental right in August 2017. Petitioners also argue that the ability for Aadhaar to be used to track and profile people is unconstitutional.

In its judgment, due any day now, the court will rule on all 27 petitions together. It will decide not only the fate of the Aadhaar Act of 2016, but likely the future involvement of some of tech’s biggest companies in one of the world’s most ambitious and divisive IT projects.

For more details visit https://cis-india.org/internet-governance/news/huffington-post-august-25-2018-paul-bluementhal-and-gopal-sathe-indias-biometric-database-is-creating-a-perfect-surveillance-state

India’s Big Bet on Identity

praskrishna — 2012-03-07T05:44:12Z

The world’s largest biometric authentication system reaches its first major milestone, but lots of challenges remain, writes Joshua J. Romero in ieeespectrum. Sunil Abraham was quoted in this story which was featured in March 2012 edition.

Driving around Bangalore, it’s immediately clear that the infrastructure hasn’t kept up with the IT boom in this once-sleepy South Indian city. Auto rickshaws, scooters, and motorcycles squeeze into a tight phalanx at each red light and choke the air with exhaust. Construction, such as the concrete supports of the new metro rail line that looms overhead, causes detours everywhere, and in spots the entire road abruptly disintegrates into gravel.

But something miraculous happens as you make your way south, past the outer ring road. A ramp lifts a select few vehicles out of the weaving traffic and onto an elevated tollway, where you suddenly have a bird’s-eye view of the urban landscape. This is the road to Electronic City, an oasis of glass and steel high-rises overlooking pristine black asphalt paths that snake through the perfectly manicured lawns of tech companies like Wipro, IBM, and Infosys Technologies.

“If you can have such good roads in the Infosys campus, why are the roads outside so terrible?” That’s the common question foreign visitors would ask Nandan Nilekani, one of the company’s cofounders. “Politics” was his usual reply, according to Nilekani’s 2008 book, Imagining India. Now the man who has been called the Bill Gates of India has jumped into politics to try to use what he learned at the IT giant to transform the dysfunctional country that lies beyond the borders of Electronic City.

Since July 2009, Nilekani has been a cabinet minister, leading hundreds of engineers and entrepreneurs as chairman of the Unique Identification Authority of India (UIDAI). By the most conservative estimates, at least a third of the country’s 1.2 billion citizens live below the poverty line and outside the formal economy. The UIDAI is expected to connect those hundreds of millions of people to government programs, save public money, reduce fraud and corruption, and foster new business opportunities—all by creating an unprecedented biometric system and outside the formal economy. The UIDAI is expected to connect those hundreds of millions of people to government programs, save public money, reduce fraud and corruption, and foster new business opportunities—all by creating an unprecedented biometric system.

“On the one hand, within India and across the world, people of Indian descent have done some remarkable work,” says Nilekani. “And on the other hand, here is a country that needs to solve some very basic problems. This project marries these two worlds.” UIDAI plans to use fingerprints and iris scans to assign every person in the country a unique 12-digit ID number that can be verified online. It’s one of the biggest IT projects in the world, and getting bigger: By early February, the UIDAI had issued 130 million ID numbers, and it can issue up to a million more IDs every day. The agency has set up 36 000 enrollment stations staffed by 87 000 certified enrollment operators. In India the project is called Aadhaar, which means “foundation” or “support,” because it’s meant to be a fundamental technology platform that will enable dozens of new public and private services to be created.

That’s if it all works. It’s easy to list major challenges: How exactly do you collect biometrics from every single person in the world’s second most populous country, especially those living at the margins? How do you keep bad data from getting into the database in a country rife with corruption? And how can you build the entire system around online authentication in a country where fewer than one in 20 people have access to the Internet?

The answers to these questions are getting more than the usual amount of scrutiny, because a lot of political fortunes are riding on the UIDAI.

The program has been heavily supported by the ruling Indian National Congress party; Nilekani was appointed by the prime minister himself, Manmohan Singh. But Singh and his Congress party have had a difficult time enacting many of their biggest policy goals, and the UIDAI has increasingly become the target of criticism.

Earlier this year, the whole scheme seemed in imminent danger of collapse, when a parliamentary committee killed the bill that would have given the program statutory authority, and a political turf war erupted between the UIDAI and the National Population Register, another government project collecting biometrics for the national census. But by late January the two sides had reached an agreement to share biometric data collection, and Aadhaar is once again moving full steam ahead with a new mandate and an estimated budget this year of 15 billion rupees [PDF] (about US $300 million).

Photo: Joshua J. Romero

EXISTING DOCUMENTS: A poster lists the variety of IDs a  person can use to register for an Aadhaar number.

To understand why the government has invested so heavily, it helps to know the current state of affairs in India. Aadhaar is meant to provide a form of identification that’s free, national, impossible to counterfeit—and available to everyone. “There’s an ID divide,” Nilekani explains, between people who have multiple official IDs and the hundreds of millions who have none. Only about 60 million people in India have passports, he says, and only about 100 million have photo ID bank cards. The most prevalent document is a voter ID card, which has been issued to about 700 million people, covering just over half of the country. But these and the rest of the official IDs created by the country’s vast bureaucracy all have shortcomings.

The primary reason for creating a biometric ID system is to give India’s poorest citizens better access to an array of welfare programs. India spends about 2 percent of its gross domestic product on social programs like the Public Distribution System, which provides subsidized rice, wheat, and other staples, and a rural employment scheme that guarantees 100 days of work. But all such programs suffer from severe “leakage”: According to the World Bank, corrupt officials and middlemen siphon away 59 percent of the money before it reaches the intended recipients. Eventually, the government hopes to provide funds directly to each person who needs them.

Most states issue ration cards, but they usually aren’t valid in other states. An official ID that can be used throughout the country is increasingly important as more and more people move away from their hometowns to follow employment, Nilekani says.

Complicating the problem further, existing ID cards are easy to duplicate. Some states have more names on their food ration lists than there are people living in the state. To fight counterfeiting, the Aadhaar team decided to use biometrics instead of issuing just another ID card. From the beginning, they consulted biometric experts, used existing standards when they could, and studied similar systems like the U.S. Visitor and Immigrant Status Indicator Technology program, run by the U.S. Department of Homeland Security.

One thing the team realized early on is that a single biometric measurement wasn’t enough to guarantee uniqueness. In proof-of-concept studies, researchers determined that only by using all 10 fingerprints and a scan of both irises could error rates be kept manageable. Adding iris scans also makes the program more inclusive for people whose fingerprints have been worn down by manual labor.

Photos, clockwise from left: Ruth Fremson/The New York Times/Redux; Joshua J. Romero (2)
NECESSARY GEAR: Each enrollment station has the same basic set of equipment, including an iris scanner [top], a fingerprint scanner [bottom right], a webcam and light [bottom left], a laptop, a second monitor for the resident to view, and a scanner and printer to handle documents.

Getting an Aadhaar number is not a quick process. One Friday after midnight, I watch dozens of families wait patiently in a municipal building where only half the lights are on and there’s always a baby crying. While Anurodh Kanchan waits, he explains that he came at this hour because he’d heard the lines were even longer during the day. He’d already been once before to schedule this appointment. Now his 7-year-old daughter dozes on his wife’s shoulder as the whole family waits another half an hour for the enrollment agent to return from a break.

Hiring and training people to work as agents has been one of the project’s biggest logistical challenges. The UIDAI outsources enrollment to “registrars”—often state governments or banks—which in turn hire accredited agencies to actually set up and staff the centers. The agencies get paid a flat rate for each successful enrollment, as do the agents they hire. A coordinator for one of the largest agencies told me that his organization had significantly overestimated how many enrollments an agent could complete in a day. UIDAI says that an average station (see photos, “Necessary Gear”) can process each enrollment in under 10 minutes, but in the days I spent observing, it wasn’t uncommon for the process to take twice as long. And if you’re an agent looking at a line of people stretching out the door, it’s easy to see how you might begin to rush through your tasks.

That’s why enforcing quality is left to a piece of software known as the enrollment client, installed on each agent’s laptop. The program manages every step of the process and was developed jointly by engineers at UIDAI and MindTree, an Indian IT company. Because enrollment often takes place in remote locations with no Internet access, the client must be fully independent and be able to run off a single laptop. The developers also had to make sure that the enrollment client could work seamlessly with any of the 11 biometric devices from various manufacturers that had been certified for use. And the initial version had to be built fast: MindTree won the contract at the end of April 2010, and the UIDAI wanted to enroll the first resident by that August.

MindTree met the deadline, and the client it designed now manages to prevent and correct most errors an enrollment agent might make. In addition to a simple quality check, the software looks for self-consistency—for instance, verifying that each fingerprint isn’t coming from the operator or another recently enrolled resident and that all 10 fingerprints and two irises are distinct from each other. If something goes wrong in a biometric capture, the software tells the operator how to correct it—for instance, it can distinguish between a facial photo that’s too dark and one in which the person was photographed at the wrong angle.

Still, over the last 21 months, the software engineers have had to continually improve the program to address new challenges encountered in the field. For example, when the UIDAI began enrolling people in the Punjab region of North India, where many men wear long beards and large turbans, enrollment agents had a hard time taking a photo that the software considered acceptable: The turban would be interpreted as an unacceptable background, or the automatic cropping feature would crop around the turban instead of the face. The software team was able to quickly tweak the parameters and release a new version of the client so that enrollment could continue.

It isn’t just the biometric collection that’s tricky. A resident must also supply basic demographic data—name, age, gender, and address. Residents can fill out paper forms in any of the 16 official Indian languages, which agents must first transfer to the computer and then translate into an English version of the form. This is by far the most time-consuming part of the process, and MindTree has tried to speed it up by building transliteration into the client software. But Indic languages have many variations—some are written right to left, and many use unique character sets. Still, the agent is expected to check the results and clean up minor mistakes.

There are obviously both privacy and security concerns when you’re collecting personal data from more than a billion people. “You can’t change your biometrics,” points out Sunil Abraham, the executive director at the Center for Internet and Society, in Bangalore, so if they become compromised, it’s a difficult problem to fix.

Among the precautions the UIDAI takes is to encrypt all data as soon as they’re collected. The data can be decrypted only by UIDAI servers, so the records aren’t even accessible to the operator or enrollment agency that collected them. At the end of each day, all the encrypted enrollment data are stored on USB flash drives, and the drives are transported to a place with Internet access so the data can be uploaded to UIDAI’s servers. It’s in the best interests of the enrollment agencies to safeguard the data, because otherwise they won’t get paid.

From the enrollment centers the action moves to the racks of servers at the UIDAI Central Information Data Repository, which is also in Bangalore. Here is where deduplication—checking each new enrollment against every other record in the database—will arguably make this identity scheme rise above the rest. Ensuring that no person can get two numbers is key to making biometrics a worthwhile investment. A few years ago, one Indian state collected biometrics for everyone below the poverty line, but it didn’t have the technology or a plan to prevent duplicates. It ended up capturing 1.2 times the population, which resulted in a significant leakage of benefits.

Many critics, including members of Parliament, have doubted that it’s even possible to deduplicate records from the entire Indian populace. It’s certainly a big task. In order to issue 1 million Aadhaar numbers in a single day, the current maximum rate, the data center must conduct 100 trillion person matches. To improve this process, the UIDAI came up with an unusual arrangement. Rather than hiring a single firm for the job, it awarded the project to three contractors, each responsible for processing a portion of the enrollments, with the overlapping records used to compare performance between the systems. This arrangement lets the UIDAI know if a system isn’t working correctly and also gives the companies a financial incentive to improve their software—they’ll get to process more records, and get paid more, if their products perform better. The vendors were even required to use the same kind of hardware to build their systems, so the agency isn’t tied to any one company.

In late January, the UIDAI released a report [PDF] that for the first time detailed the results of this deduplication effort. There are two primary factors that determine the accuracy of a biometric system: the false-positive rate, which in this case is how often a newly registered person is incorrectly judged to be already enrolled, and the false-negative rate, which is how often true duplicates are not recognized as such. To measure the false-positive rate, the UIDAI tested 4 million unique records against a subset of the enrollment database containing 84 million records: Of the unique records, 2309 were falsely rejected, for a false-positive rate of 0.057 percent. The agency also tested 31 399 known duplicates. The system caught all but 11, for a false-negative rate of 0.035 percent.

The false-positive rate applies to the total number of records in the database. As that number grows, the rate should increase in a linear fashion, because there are more opportunities for false matches. The false-negative rate, on the other hand, applies only to the small minority of enrollments that really are true duplicates (the UIDAI estimates that these make up only 0.5 percent of all incoming enrollments). Because the false-negative rate doesn’t depend on the total number of records, it should remain steady unless more people try to enroll multiple times.

R.S. Sharma, the director general of UIDAI, says that preventing all duplicates with technology alone is impossible. There are some people who just can’t be uniquely identified through biometrics, because the data for them aren’t good enough—children under age 5, for instance, and people with multiple disabilities. That’s why the responsibility for accuracy and uniqueness isn’t all left up to the software. Several full-time employees manually review the roughly 0.2 percent of cases that the software can’t handle, resolving errors and looking for evidence of fraud.

Even if the system isn’t perfect, it’s likely to be much better than any existing alternative, simply because it will eliminate “ghost identities,” says M.R. Madhavan, who works at the Centre for Policy Research, in New Delhi. “At least people who died in 1995 or 2005 will not get into the system,” he says.

Photo: Joshua J. Romero

AUTHENTICATION TERMINAL: Widespread use of Aadhaar will  rely on biometric terminals, like this prototype at MindTree.

Now that the UIDAI has shown it can collect biometric and demographic data and eliminate duplicate enrollments, much of the attention will shift to the authentication system, where people can prove their identity with just the swipe of a finger. Such systems are still under development, so most residents I met weren’t clear about the benefits of the program. When I asked people why they were enrolling, they often had vague reasons: “It might make it easier to get my benefits,” said one middle-aged woman in Bangalore. “I heard you’ll need it to buy heating gas,” said another woman. “I think it’s mandatory,” an elderly man told me. Nilekani thinks that getting authentication services up and running will be the best way to demonstrate the power of the entire project.

Here’s how such a futuristic system might work: Walking up to a wirelessly connected terminal at a local shop, a person will type in his name and Aadhaar number, and then he’ll scan his fingerprints. The data will be sent to a central database, where the Aadhaar number will be used to locate his record. The submitted name and biometric data will be compared to those on file, and the software will determine whether they match.

The UIDAI imagines that such biometric terminals will eventually be ubiquitous. The first devices deployed will likely be micro-ATMs in rural shops. These machines process transactions electronically, just like a full-size ATM, except they don’t store and dispense cash—that gets handled from the shopkeeper’s till. The hope is that such systems will deliver financial services to the 40 percent of the Indian population who have never had bank accounts. When people enroll for Aadhaar, they simply need to check a box and an Aadhaar-enabled bank account will be created for them.

In January, the UIDAI began a pilot project in the state of Jharkhand, where workers in the rural employment program could collect cash payments by scanning their fingerprints at a micro-ATM. Another pilot program in Maharashtra transferred small amounts of money to individual Aadhaar numbers, showing that bank servers could be easily linked with the UIDAI system.

The authentication system is already available as an application programming interface (API), which means it won’t be limited to just government programs and banks. Private service providers could use it to verify new customers as well. Take India’s vaunted mobile-phone culture: Phone companies are currently required to collect and retain significant documentation for every person they sell a SIM card to, as I found out in the two days I spent collecting the photos and local references I needed to get one myself. “If you look at any service provider, they’re not going to offer the mobile-phone service unless they verify who you are,” says Bala Parthasarathy, an entrepreneur who worked in Silicon Valley but came back to India to volunteer on the project for a year. Parthasarathy says that using Aadhaar for identity verification could provide the telephone companies with major savings.

Still, setting up a nationwide network of biometric terminals has plenty of its own challenges. First, India will need better connectivity. Wireless voice networks now cover most of the country, but wireless data networks have trailed behind. Current penetration of 3G is mostly just in the cities, says Debabrata Das, an IEEE member and a professor of electrical engineering at the International Institute of Information Technology, Bangalore, who has been studying the network challenges of authentication as a technical advisor for the state of Karnataka.

The API will also need to be flexible enough to handle variations in the demographic data that are submitted. The system can’t enforce strict matches: Many Indians use initials in their names, and there is no guarantee that they will always spell their names the same way in English. Further, sometimes a married woman will use her father’s family name instead of her husband’s. Because of the ambiguity in names and addresses, the database must be able to perform partial and fuzzy matches. Eventually, Sharma says, the UIDAI hopes to be able to do database matching for all the Indian languages as well, so the API will continue to undergo revisions.

Now the UIDAI must wait for its partners to begin taking advantage of the system, and Nilekani admits that starting up such services is largely beyond his control. Cooperation with other agencies and industries is all part of Nilekani’s approach to how government initiatives should work. “The big thing to my mind has been, How do you create a model of change, and how do you carry a lot of people with it? How do you think this through in a way that everyone comes on board?” he says. In building the project to this point, he’s managed to bring, if not everyone, then certainly a pretty diverse crowd: technical experts; national, state, and local officials; banks and businesses; and all those millions who willingly wait in line for hours.

“Everyone puts their own aspirations on it…like Obama,” he jokes. But the downside of being so inclusive is that as the project matures, it may be difficult to keep all the interested parties happy, and there’s bound to be disappointment if the project fails to achieve all its lofty ambitions.

The project has made it this far by adapting quickly as problems arise. “Think of it as multigeneration, continuous improvement,” Nilekani says. “You launch and get feedback and you get criticism. You need to build a rapid feedback loop, which is what we’ve built.”

Read the original here

For more details visit https://cis-india.org/news/big-bet-on-identity

India’s ballot battle will also run through Facebook

praskrishna — 2014-03-05T11:49:29Z

Facebook on Tuesday launched its widely awaited “election tracker” for the upcoming general elections, a move that signals the growing importance of social media as a political tool in a rapidly urbanizing India.

The article by Zia Haq was published in the Hindustan Times on March 4, 2014. Sunil Abraham is quoted.

India’s 2014 ballot battle will run through the social-media world, which could likely influence electoral outcomes by swinging 3-4% votes, as more and more young Indians go online to make sense of politics, according to two new surveys.

In these mostly urbanising seats, social-media usage is now “sufficiently widespread” to influence politics, according to the Internet and Mobile Association of India (IAMAI). An offline study conducted by market research firm TNS and Google India suggested similar shifts.

The Facebook tracker (http://on.fb.me/1g6ZJ3k) will help India’s 93 million Facebook users to see which parties and candidates as well as issues are trending.

Social-media platforms are likely to be influential in 160 of India’s 543 Parliament constituencies, making Facebook and Twitter users the nation’s newest voting bloc, according to the IAMAI survey.

These are constituencies where 10% of the voting population uses social media sites such as Facebook, or where the number of social media users is higher than the winning candidate’s margin of victory at the last election.

Research shows that social media is more persuasive than television ads. Nearly 100 million Indians, or more than Germany’s population, use the Internet each day. Of this, 40 million have assured broadband, the ones most likely to have at least one social media account.

“Unlike Obama who used social media directly for votes, Indian politicians have tended to use it more to mould public discourse,” says Sunil Abraham, the CEO of The Centre for Internet and Society.

“I think these trends are over-hyped and the impact, if any, would only be marginal,” said Communist Party of India MP, Gurudas Dasgupta, who created a Facebook account only last month.

For more details visit https://cis-india.org/news/hindustan-times-zia-haq-march-4-2014-india-s-ballot-battle-will-also-run-through-facebook

India’s ‘Self-Goal’ in Telecom

Shyam Ponappa — 2020-04-09T07:18:26Z

This post was first published in the Business Standard, on March 5, 2020.

The government apparently cannot resolve the problems in telecommunications. Why? Because the authorities are trying to balance the Supreme Court order on Adjusted Gross Revenue (AGR), with keeping the telecom sector healthy, while safeguarding consumer interest. These irreconcilable differences have arisen because both the United Progressive Alliance and the National Democratic Alliance governments prosecuted unreasonable claims for 15 years, despite adverse rulings! This imagined “impossible trinity” is an entirely self-created conflation.
If only the authorities focused on what they can do for India’s real needs instead of tilting at windmills, we’d fare better. Now, we are close to a collapse in communications that would impede many sectors, compound the problem of non-performing assets (NPAs), demoralise bankers, increase unemployment, and reduce investment, adding to our economic and social problems.
Is resolving the telecom crisis central to the public interest? Yes, because people need good infrastructure to use time, money, material, and mindshare effectively and efficiently, with minimal degradation of their environment, whether for productive purposes or for leisure. Systems that deliver water, sanitation, energy, transport and communications support all these activities. Nothing matches the transformation brought about by communications in India from 2004 to 2011 in our complex socio-economic terrain and demography. Its potential is still vast, limited only by our imagination and capacity for convergent action. Yet, the government’s dysfunctional approach to communications is in stark contrast to the constructive approach to make rail operations viable for private operators.
India’s interests are best served if people get the services they need for productivity and wellbeing with ease, at reasonable prices. This is why it is important for government and people to understand and work towards establishing good infrastructure.

What the Government Can Do

An absolute prerequisite is for all branches of government (legislative, executive, and judicial), the press and media, and society, to recognise that all of us must strive together to conceptualise and achieve good infrastructure. It is not “somebody else’s job”, and certainly not just the Department of Telecommunications’ (DoT’s). The latter cannot do it alone, or even take the lead, because the steps required far exceed its ambit.

Act Quickly

These actions are needed immediately:

First, annul the AGR demand using whatever legal means are available. For instance, the operators could file an appeal, and the government could settle out of court, renouncing the suit, accepting the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) ruling of 2015 on AGR.

Second, issue an appropriate ordinance that rescinds all extended claims. Follow up with the requisite legislation, working across political lines for consensus in the national interest.

Third, take action to organise and deliver communications services effectively and efficiently to as many people as possible. The following steps will help build and maintain more extensive networks with good services, reasonable prices, and more government revenues.

Enable Spectrum Usage on Feasible Terms

Wireless regulations

It is infeasible for fibre or cable to reach most people in India, compared with wireless alternatives. Realistically, the extension of connectivity beyond the nearest fibre termination point is through wireless middle-mile connections, and Wi-Fi for most last-mile links. The technology is available, and administrative decisions together with appropriate legislation can enable the use of spectrum immediately in 60GHz, 70-80GHz, and below 700MHz bands to be used by authorised operators for wireless connectivity. The first two bands are useful for high-capacity short and medium distance hops, while the third is for up to 10 km hops. The DoT can follow its own precedent set in October 2018 for 5GHz for Wi-Fi, i.e., use the US Federal Communications Commission regulations as a model.1 The one change needed is an adaptation to our circumstances that restricts their use to authorised operators for the middle-mile instead of open access, because of the spectrum payments made by operators. Policies in the public interest allowing spectrum use without auctions do not contravene Supreme Court orders.

Policies: Revenue sharing for spectrum

A second requirement is for all licensed spectrum to be paid for as a share of revenues based on usage as for licence fees, in lieu of auction payments. Legislation to this effect can ensure that spectrum for communications is either paid through revenue sharing for actual use, or is open access for all Wi-Fi bands. The restricted middle-mile use mentioned above can be charged at minimal administrative costs for management through geo-location databases to avoid interference. In the past, revenue-sharing has earned much more than up-front fees in India, and rejuvenated communications.2 There are two additional reasons for revenue sharing. One is the need to manufacture a significant proportion of equipment with Indian IPR or value-added, to not have to rely as much as we do on imports. This is critical for achieving a better balance-of-payments, and for strategic considerations. The second is to enable local talent to design and develop solutions for devices for local as well as global markets, which is denied because it is virtually impossible for them to access spectrum, no matter what the stated policies might claim.

Policies and Organisation for Infrastructure Sharing

Further, the government needs to actively facilitate shared infrastructure with policies and legislation. One way is through consortiums for network development and management, charging for usage by authorised operators. At least two consortiums that provide access for a fee, with government’s minority participation in both for security and the public interest, can ensure competition for quality and pricing. Authorised service providers could pay according to usage.
Press reports of a consortium approach to 5G where operators pay as before and the government “contributes” spectrum reflect seriously flawed thinking.3 Such extractive payments with no funds left for network development and service provision only support an illusion that genuine efforts are being made to the ill-informed, who simultaneously rejoice in the idea of free services while acclaiming high government charges (the two are obviously not compatible).
Instead of tilting at windmills that do not serve people’s needs while beggaring their prospects, commitment to our collective interests requires implementing what can be done with competence and integrity.

Shyam (no space) Ponappa at gmail dot com
1. https://dot.gov.in/sites/default/files/2018_10_29%20DCC.pdf
2. http://organizing-india.blogspot.in/2016/04/ breakthroughs- needed-for-digital-india.html
3. https://www.business-standard.com/article/economy-policy/govt-considering-spv-with-5g-sweetener-as-solution-to-telecom-crisis-120012300302_1.html

For more details visit https://cis-india.org/internet-governance/indias-self-goal-in-telecom

India-China Tech Forum 2018

Admin — 2018-12-26T15:32:20Z

Arindrajit Basu spoke at the India-China Tech Forum 2018 organised by ORF and Peking University at the Ji Xianlin Centre for India-China Studies, Mumbai on December 11 - 12, 2018. The event functioned as a bi-annual dialogue that fosters co-operation in this space between the two countries.

Arindrajit spoke on the panel 'India, China and the future of cyber norms' along with Saravjit Singh,Liu Ke and Weng Wejia. This was a closed door discussion under Chatham House rules. Click here to read the agenda.

For more details visit https://cis-india.org/internet-governance/news/india-china-tech-forum

India, Egypt say no thanks to free Internet from Facebook

praskrishna — 2016-02-03T01:49:25Z

ALWAR, India — Connecting people to the Internet is not easy in this impoverished farming district of wheat and millet fields, where working camels can be glimpsed along roads that curve through the low-slung Aravalli Hills.

The article by Annie Gowen was published in Washington Post on January 28, 2016. Sunil Abraham gave inputs.

So when Facebook chief executive Mark Zuckerberg helicoptered in about a year ago to visit a small computer lab and tout Internet for all, Osama Manzar, director of India’s Digital Empowerment Foundation, was thrilled.

But when Manzar tried Facebook’s limited free Internet service, he was bitterly disappointed. The app, called Free Basics, is a pared-down version of Facebook with other services such as weather reports and job listings.

“I feel betrayed — not only betrayed but upset and angry,” Manzar said. “He said we’re going to solve the problem with access and bandwidth. But Facebook is not the Internet.”

Zuckerberg launched his sweeping Internet.org initiative in 2013 as a way to provide 4 billion people in the developing world with Web access, which he says he sees as a basic human right.

But the initiative has hit a major snag in India, where in recent months Free Basics has been embroiled in controversy — with critics saying that the app, which provides limited access to the Web, does a disservice to the poor and violates the principles of “net neutrality,” which holds that equal access to the Internet should be unfettered to all.

Activist groups such as Save the Internet, professors from leading universities and tech titans such as Nandan Nilekani, the co-founder of Infosys, have spoken out against it. Another well-known Indian entrepreneur dubbed it “poor Internet for poor people.”

The debate escalated in recent weeks after India’s telecommunications regulator suspended Free Basics as it weighs whether such plans are fair, with new rules expected by the end of the month.

A week later, Free Basics was banned in Egypt with little explanation, prompting concern that the backlash could spread to other markets. More recently, Google pulled out of the app in Zambia after a trial period. An estimated 15 million people are using Free Basics in 37 countries, including 1 million in India.

[India’s Modi wants to woo Silicon Valley, but privacy fears grow at home]

“It’s a very important test case for what will be India’s network neutrality regime,” said Sunil Abraham of the Center for Internet and Society in Bangalore.

India’s debate could affect the way other countries address the question of whether it is fair for Internet service providers to price websites differently. The U.S. Federal Communications Commission’s rules on net neutrality went into effect only in June.

Officials at Facebook launched an advertising blitz to counteract the negative publicity. “Who could possibly be against this?” Zuckerberg wondered in a Times of India editorial on Dec. 28.

“I think we’ve been a bit surprised by the strong reaction,” said Chris Daniels, Facebook’s vice president for Internet.org. “Fundamentally, the reason for the surprise is that the program is doing good. It’s bringing people online who are moving onto the broader Internet.”

India, a country of 1.2 billion, has the second-highest number of Internet users in the world, but an estimated 80 percent of the population does not have Internet access.

India’s tech-savvy prime minister, Narendra Modi, is trying to combat this with an ambitious “Digital India” plan to link 250,000 village centers with fiber-optic cable and extend mobile coverage. He has turned to the Indian tech community as well as Silicon Valley for help, securing an agreement with Google to provide free WiFi in railway stations.

India has 130 million Facebook users, second only to the United States, and is a key market as the social-media giant looks to expand beyond the developed world, where its growth has slowed.

“If Facebook manages to get another half a billion users in India, that’s a valuable set of eyeballs to sell to a political party or corporation,” Abraham said.

[Is India the next frontier for Facebook?]

Facebook has long said that its program is about altruism, not eyeballs.

But it does reap new customers. Those who buy a SIM card from Facebook’s local mobile partner, Reliance Communications, are then prompted to pay for additional data. About 40 percent who sign up for Free Basics buy a data plan to move to the wider Web after 30 days, Daniels said.

The service is still running despite the India suspension. A Reliance spokesman said it is in “testing mode” and is not being promoted.

“The thing people forget about Free Basics is that it’s intended to be a temporary transition for people to give them a taste of the Internet and sign up. It’s a marketing program for the carrier in some sense,” said David Kirkpatrick, author of “The Facebook Effect.” But he added: “The idea that it’s some kind of alternative Internet that’s a discriminatory gesture to the poor is the prevailing view among the Indian intelligentsia. It’s fundamentally misunderstood.”

Facebook has pledged to open up to new scrutiny the selection process for companies with new applications, Daniels said. That is a response to concerns by many in India’s tech community that Facebook’s process put India’s fledgling start-ups at a disadvantage.

The project’s proponents say that India’s needs are so great it cannot afford to suspend one program that could help.

Mahesh Uppal, a telecommunications consultant, notes that more than 10 percent of the country does not have mobile phone coverage and that India’s progress in extending fiber-optic cable to village centers is proceeding at a glacial pace. Modi had set a goal of linking all 250,000 by 2016, but only 27,000 have cable so far and it is ready for use in only 3,200, according to a government report.

In comparison, some 80 percent of China’s villages are linked by broadband.

[Inside the Indian temple that draws America’s tech titans]

In Alwar district in the northern state of Rajasthan, many remember when Zuckerberg came to visit but fewer know about Free Basics.

“I’ve heard it’s free and by Facebook and you don’t have to pay for it,” said Umer Farukh, 43, a folk musician. “But I don’t think Facebook should control it. The Internet should be for everybody.”

Farukh has only been computer literate for two years, but he’s already emailing and using YouTube to post videos and promote his band.

He’s become such a proponent that he has donated space for one of Manzar’s computer centers — part of a government initiative to build cyber-hubs in minority communities — and encouraged the female members of his family to take classes, which is rare in his conservative community.

Farukh says that challenges to connecting India go far beyond data plans and fiber-optic cable or the government broadband that often sputters out. Wages are low, and hours are long. Only about half of the women in his state are literate, and about a quarter of the young women in his neighborhood are kept at home and not educated.

“This place is very backward,” he said. “India as a society is lagging far behind in terms of Internet.”

In the small nearby community of Roja Ka Baas, ringed by fields of blooming mustard greens, residents are still awaiting the opening of their planned WiFi center. They are struggling along on cheap mobile phones with slow 2G spectrum until then, they said.

Sakir Khan, 14, said that once the Internet finally arrived in this village, the first thing he would do would be to sign up for Facebook.

Farheen Fatima and Subuhi Parvez contributed to this report.

For more details visit https://cis-india.org/internet-governance/news/washington-post-annie-gowen-january-28-2016-india-egypt-say-no-thanks-to-free-internet-from-facebook

India's Techies Angered Over Internet Censorship Plan

praskrishna — 2011-12-22T05:30:09Z

India has the world's largest democracy, and one of the most rambunctious. Millions of its young people are cutting edge when it comes to high-tech. Yet the country is still very conservative by Western standards, and a government minister recently said that offensive material on the web should be removed.

The way it was reported in India, Communications Minister Kapil Sibal started the whole row by assembling the heads of social networking sites at a meeting in his office in New Delhi.

At the time, he was reported to have asked companies, like Google and Facebook, to devise a system to filter through and edit out objectionable material before it could make its way online.

In an interview with the Indian cable channel CNN-IBN, Sibal pointed to offensive religious content that could cause ethnic or inter-communal conflict.

"We will defend any citizens' right to freedom of speech until our last breath. But we don't want this kind of content to be on the social media," Sibal said in the interview.

India's civil society, and more particularly its very active blogosphere, was outraged.

Pranesh Prakash from the Center for Internet and Society in Bangalore says even the suggestion of censorship is a dangerous idea. Particularly if it's done before the content is posted online.

Indian Telecommunications Minister Kapil Sibal has said that Internet giants such as Facebook and Google have ignored his demands screen derogatory material from their sites, so the government would have to take action on its own.

"Pre-censorship is a very dangerous idea and is also something that actually doesn't happen in countries that are known for censoring the internet," Prakash says. "It will be charting a new path in Internet censorship."

Prakash says the proposal would be impractical, as well as undemocratic. Even with an army of censors, it would impossible to filter through content before it's uploaded, he says.

Stung by the criticism, Kapil Sibal now says he was misunderstood and that it "would be madness" to ask for pre-screening of content on electronic media and social media.

But in that fateful meeting, the Communications Minister also reportedly objected to unflattering portrayals of India's political leaders on the Internet and in Twitter messages. And that idea reinforced concerns that the government was overreaching and muffling dissent.

Censoring hate speech is one thing, but leaving it to the likes of Google to monitor political speech is problematic, says Apar Gupta, an Internet lawyer in New Delhi.

"It may offend you today, it may not cater to your taste, but at the end of the day: is it legal?" says Gupta. "The new proposals are quite a dramatic change, not only in terms of enforcement, but also in terms of what kind of speech it will prohibit."

Up till now, there has been some legal room for the government to censor inflammatory speech. For example, movies in India are subjected to a government censor board that monitors their content before they can be released to the general public. This year, a controversial movie about India's social caste system, was banned in some parts of the country.

But the Internet is less restrictive, says Apar Gupta.

"You can voice your opinion without any social sanctions for your opinions," he says. "So it's been a pressure valve which has allowed a lot of people to let off steam."

But even so, when debate online boils over in India it's the website or search engine that's held responsible. So critics of the proposed restrictions don't see the need for further action.

All this has left Communications Minister Kapil Sibal as something of a hate figure among Internet-savvy Indians. Although he says he's going to be pressing for tighter controls, he has agreed to meet with the Internet companies again.

This article by Elliot Hannon was published in NPR on 20 December 2011. Read the original here

For more details visit https://cis-india.org/news/techies-angered-over-censorship

India's Tech Policy Entrepreneurs

praskrishna — 2016-12-08T16:52:23Z

The people who influence India's evolving technology policy.

The blog post by Rohin Dharmakumar was published by The KEN on December 8, 2016.

Though CIS has lost much of its cachet with the government for a while now (due to what sources term its “antagonistic” submissions to the government on various issues and because of it leaking CERT notifications around blocked websites), Abraham is still seen as a resourceful, agile and passionate leader of a civil society body that manages to track and keep on top of various tech policy moves.

For more details visit https://cis-india.org/internet-governance/news/indias-tech-policy-entrepreneurs

India's Supreme Court Axes Online Censorship Law, But Challenges Remain

subha — 2015-03-27T02:38:20Z

The Supreme Court of India took a remarkable step to protect free expression on March 24, 2015, striking down controversial section 66A of the IT Act that criminalized “grossly offensive” content online. In response to a public interest litigation filed by Indian law student Shreya Singhal, the court made this landmark judgement calling the section “vague”, “broad” and “unconstitutional”. Since Tuesday's announcement, the news has trended nationally on Twitter, with more than 50,000 tweets bearing the hashtags #Sec66A and #66A.

The blog entry by Subhashish Panigrahi was originally published by Global Voices Online on March 25, 2015. Pranesh Prakash is quoted.

Section 66A allowed police to arrest any person who sent online communications deemed “grossly offensive” or known to be false. This has enabled the government take down many websites with allegedly objectionable content. Among various cases since the law was updated in 2008, two people were arrested for making comments on Facebook regarding India's prime minister Narendra Modi and one man was arrested for commenting on public service closures following the death of political leader Bal Thakrey.

The now-defunct Section 66A reads as follows:

66-A. Punishment for sending offensive messages through communication service, etc.
—Any person who sends, by means of a computer
resource or a communication device,—
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device; or
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or
recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.

Internet rights advocate and lawyer Pranesh Prakash, who works with the Center for Internet and Society in Bangalore, has been one of the law's most outspoken critics in recent years. Immediately following the ruling, he tweeted:

Nikhil Pahwa, independent journalist and founder of the MeddiaNama blog, offered his take on the ruling:

This is a great decision for freedom of speech in India…66A is far too vague, and lends itself to arbitrary implementation by the police, especially phrases like “grossly offensive”, annoyance, inconvenience, ill will. Remember that even the right to offend is an integral part of free speech.

Journalist and author Sagarika Ghose sarcastically wondered if the government of India would retroactively offer recompense for all of the actions taken against citizens for violating 66A.

Some were playful in their response to the decision. Siddharth Sing set out to “test” the efficacy of the ruling with a tweet mocking prominent public figures in Indian politics:

Section 69, which provides authorities with the power to censor websites that “create communal disturbance, social disorder, or affect India's relationship with other countries” was upheld however. The Court has yet to clarify this decision. CIS India's Pranesh Prakash tweeted:

Unfortunately 69A (website blocking) has been upheld despite many issues, incl lack of transparency. Need to read full judgment to see why.

— Pranesh Prakash (@pranesh_prakash) March 24, 2015

Tuesday's decision comes after the government of India was heavily criticized in January 2015 for blocking 32 websites in the country.

For more details visit https://cis-india.org/internet-governance/blog/global-voices-march-25-2014-subhashish-panigrahi-indias-supreme-court-axes-online-censorship-law-but-challenges-remain

India's struggle for online freedom

praskrishna — 2012-06-18T06:39:32Z

"65 years since your independence," a new battle for freedom is under way in India — according to a YouTube video uploaded by an Indian member of Anonymous, the global "hacktivist" movement.

Rebecca MacKinnon's article was published in the Sydney Morning Herald on June 9, 2012

With popular websites like Vimeo.com blocked across India by court order, the video calls for action: "Fight for your rights. Fight for India." Over the past several weeks, the group has launched distributed denial-of-service attacks against websites belonging to internet service providers, government departments, India's Supreme Court, and two political parties.

Street protests are being planned for today in as many as 18 cities to protest laws and other government actions that a growing number of Indian internet users believe have violated their right to free expression and privacy online.

A lively national internet freedom movement has grown rapidly across India since the beginning of this year.

The most colourful highlight so far was a seven-day Gandhian hunger strike, otherwise known as a "freedom fast," held in early May on a New Delhi pavement by political cartoonist Aseem Trivedi and activist-journalist Alok Dixit. Trivedi's website was shut down this year in response to a police complaint by a Mumbai-based advocate who alleged that some of Trivedi's works "ridicule the Indian Parliament, the national emblem, and the national flag."

Escalating political and legal battles over internet regulation in India are the latest front in a global struggle for online freedom — not only in countries like China and Iran where the internet is heavily censored and monitored by autocratic regimes, but also in democracies where the political motivations for control are much more complicated.

Democratically elected governments all over the world are failing to find the right balance between demands from constituents to fight crime, control hate speech, keep children safe, and protect intellectual property, and their duty to ensure and respect all citizens' rights to free expression and privacy. Popular online movements — many of them globally interconnected — are arising in response to these failures.

Only about 10 per cent of India's population uses the web, making it unlikely that internet freedom will be a decisive ballot-box issue anytime soon. Yet activists are determined to punish New Delhi's "humourless babus," as one columnist recently called India's censorious politicians and bureaucrats, in the country's media. Grassroots organisers are bringing a new generation of white-collar protesters to the streets to defend the right to use a technology that remains alien to the majority of India's people.

The trouble started with the 2008 passage of the Information Technology (Amendment) Act, whose Section 69 empowers the government to direct any internet service to block, intercept, monitor, or decrypt any information through any computer resource.

Company officials who fail to comply with government requests can face fines and up to seven years in jail. Then, in April 2011, the Ministry of Communications and Information Technology issued new rules under which internet companies are expected to remove within 36 hours any content that regulators designate as "grossly harmful," "harassing," or "ethnically objectionable" — designations that are open to a wide variety of interpretations and that free speech advocates argue have opened the door to abuse.

It is thanks to these rules that the website of the hunger-striking cartoonist, Trivedi, was taken offline. Also thanks to the 2011 rules, Facebook and Google are facing trial for having failed to remove objectionable content. If found guilty, the companies could face fines, and executives could be sentenced to jail time.

Saturday's protesters are calling for annulment of the 2011 rules and the repeal of part of the 2008 act. They are also calling for internet service companies to reverse the wholesale blocking of hundreds of websites, including the file-sharing services isoHunt and The Pirate Bay, as well as the video-sharing site Vimeo and Pastebin, which is primarily used for the sharing of text and links.

Internet service providers were responding to a court order from the Madras High Court demanding the blockage, which is aimed at preventing the online distribution of pirated versions of one particular film. The internet companies, fearing that they would not be able to catch every individual instance on every possible site they host, instead chose to block entire services along with all of their content — which had nothing to do with the film in question.

Such "John Doe" orders, named because they are directed against unknown potential offenders in the present and future, are characterised "by their overly broad and sweeping nature," argue lawyer Lawrence Liang and researcher Achal Prabhala, which extends "to a range of non-infringing activities as well, thus catching a whole range of legal acts in their net."

More broadly, as Delhi-based journalist Shivam Vij wrote in a recent essay: "The current mechanisms of internet censorship in India — blocking, direct removal requests to websites, intermediary rules — are draconian and unconstitutional. They need to be replaced with a new set of rules that are fair, transparent and accessible for public scrutiny. They should not be amenable to misuse by the powers-that-be for their own private interests."

Not only are the rules abused, but researchers find that they are causing extralegal censorship by companies that overcompensate in order to err on the side of caution. Last year, the Bangalore-based Centre for Internet and Society performed an experiment in which it sent "legally flawed" takedown demands to seven companies that provide a range of online services, including search, online shopping, and news with user-generated comments.

The legal flaws in the notices were such that the companies could have rejected them without being in breach of the law. Yet "of the 7 intermediaries to which takedown notices were sent, 6 intermediaries over-complied with the notices, despite the apparent flaws in them," reads the Centre for Internet and Society report.

Despite the growing public opposition, a motion to annul the 2011 rules was defeated by voice vote in the upper house of Parliament last month. Yet the criticism was sufficiently sharp that Communications Minister Kapil Sibal announced that he will hold consultations with all members of Parliament, representatives of industry, and other "stakeholders" to discuss the law's problems and how it might be revised.

Many of the law's critics, however, are skeptical that this will eliminate the law's deep flaws and loopholes for abuse, especially given the government's failure to listen so far. Comments on the 2011 rules submitted last year by the Centre for Internet and Society were not even acknowledged as having been received by the Ministry of Communications and Information Technology. "Sibal uses the excuse of national security and hate speech," says the center's director, Sunil Abraham, "but that is not what is happening."

Abraham worries that what is really happening is a government effort at Internet "behavior modification" through a process akin to an experiment involving caged monkeys, bananas, and ice water. Put four monkeys in a cage and hang a bunch of bananas on the ceiling. Every time one of them climbs up to reach the bananas, you drench all of them with ice water.

Soon enough, the monkeys will start policing themselves — attacking anybody who tries to reach the bananas, making it unnecessary for their masters to deploy the ice water. "This is why the government is being so aggressive so early on, with only 10 percent of India's population online," says Abraham. "If you start the drenching early on, by the time you get to 50 per cent [internet penetration], every one will be well-behaved monkeys."

Companies will act as private internet police for fear of legal punishment before the government is called upon to step in and enforce the law. If it works, Indian politicians could have fewer reasons to worry about online critiques or mockery, because companies fearing prosecution will proactively delete speech that could potentially be designated "harassing" or "grossly harmful."

India is not China or Iran, however. Its politicians may be corrupt, and most of its voters may not understand why Internet freedom matters because they've never used the Internet. But it still has an independent press and boisterous civil society that are not going to give up their critiques and protests anytime soon. India also has a strong, independent judiciary, with a record of ruling against censorship and surveillance measures when a strong case can be made that they conflict with constitutional protections of individual rights. "On free speech I have high faith in the Indian judiciary," says Abraham. "There is a good chance to launch a constitutional challenge."

If Google and Facebook lose at their impending trial — now scheduled for July — they will most certainly appeal, which activists hope could provide just such an opportunity to prevent the sort of "behaviour modification" process that Abraham warns against.

Now India's burgeoning internet freedom movement needs its own reverse "behaviour modification" strategy — imposing consistent and regular doses of political and legal ice water upon India's bureaucrats, politicians, and companies whenever they do things that threaten to corrode the rights of India's internet users. Saturday's protest is just the beginning.

Sunil Abraham is quoted in the article. The report on Intermediary Guidelines co-produced by CIS and Google is also mentioned.

For more details visit https://cis-india.org/news/indias-struggle-for-online-freedom