We are anonymous, we are legion

Comparison of Section 35(1) of the Draft Human DNA Profiling Bill and Section 4 of the Identification Act Revised Statute of Canada

elonnai — 2014-03-03T08:20:55Z

A comparison of section 35(1) of the Draft Human DNA Profiling Bill, section 4 of the Identification Act, Revised Statute of Canada, and a review of international best practices.

In continuance of research around the Draft Human DNA Profiling Bill that has been drafted the Department of Biotechnology, this blog entry reviews best practices for the communication of DNA profiles from the DNA Bank Manager to law enforcement and the police, compares the section 35(1) of the Draft Human DNA Profiling Bill and section 4 of the Identification Act Revised Statute of Canada, and recommends a revision of the present provision in the Draft Human DNA Profiling Bill.

Indian Provision

35 (1) “On receipt of a DNA profile for entry in the DNA Data Bank, the DNA Bank Manager shall cause it to be compared with the DNA profiles in the DNA Data Bank in order to determine whether it is already contained in the DNA Data Bank and shall communicate, for the purposes of the investigation or prosecution in a criminal offence, the following information to a court, tribunal, law enforcement agency or DNA laboratory in India which the DNA Data Bank Manager considers is concerned with it, appropriate, namely –

(a) As to whether the DNA profile received is already contained in the Data Bank; and

(b) Any information, other than the DNA profile received, is contained in the Data Bank in relation to the DNA profile received.

(2) The information as to whether a person’s DNA profile is contained in the offenders’ index may be communicated to an official who is authorized to receive the same as prescribed.”

Canadian Provision vs. Indian Provision

According to the Draft Human DNA Profiling Bill 35(1) was adopted from the DNA Identification Act Revised Statute of Canada section 4. The provision found in the Draft Human DNA Profiling Bill is different in three ways:

The Canadian statute limits the communication of whether a DNA profile is contained in the Data Bank or not to law enforcement agencies or other DNA laboratories, where as the provision in the Draft Human DNA Profiling Bill allows the communication to law enforcement agencies, other DNA data banks, and courts and tribunals.
The Canadian statute limits the comparison of any DNA profile to that as entered in the convicted offenders index or the crime scene index with those DNA profiles that are already contained in the databank, where as the Draft Human DNA Profiling Bill allows for any received profile to be compared with the other profiles in the DNA Data Bank.
The Canadian statute defines four types of information that may be communicated to law enforcement or another DNA databank including:

(a) if the DNA profile is not already contained in the data bank, the fact that it is not;
(b) if the DNA profile is already contained in the data bank, the information contained in the data bank in relation to that DNA profile;
(c) if the DNA profile is, in the opinion of the Commissioner, similar to one that is already contained in the data bank, the similar DNA profile; and
(d) if a law enforcement agency or laboratory advises the Commissioner that their comparison of a DNA profile communicated under paragraph (c) with one that is connected to the commission of a criminal offence has not excluded the former as a possible match, the information contained in the data bank in relation to that profile.

While the Draft Human DNA Profiling Bill provides for communication of only (a) and (b) by the DNA Data Bank Manager.

Concerns with 35(1) and Best Practices

The Centre for Internet and Society finds 35(1) problematic because a DNA profile is never a complete match, and is instead a scientific and statistical based probability. There are a number of steps that go into the analysis of a DNA profile. According to the US National Institute of Justice, these include: “1) the isolation of the DNA from an evidence sample containing DNA of unknown origin, and generally at a later time, the isolation of DNA from a sample (e.g., blood) from a known individual; 2) the processing of the DNA so that test results may be obtained; 3) the determination of the DNA test results (or types), from specific regions of the DNA; and 4) the comparison and interpretation of the test results from the unknown and known samples to determine whether the known individual is not the source of the DNA or is included as a possible source of the DNA.”

Though it is common for DNA Banks to communicate responses such as “match”, “no match”, or “partial match” or “inclusion”, “exclusion”, or “inconclusive” to inquiries received from law enforcement and other DNA Banks, this is not the case for communications to courts and tribunals. For example in England and Wales guidelines for presenting DNA evidence in court were laid out in the rule Rv. Dohemy and Adams (1997) 1 Cr. App. R. 396. Along with comprehensive guidelines on how experts should conduct themselves in court to prevent bias, the guidelines require the following information to be presented when DNA material is used as evidence in a case:

“The scientist should adduce the evidence of the DNA comparisons between the crime stain and the defendant’s sample together with the calculations of the Random Match Probability.
Whenever DNA evidence is adduced the Crown should serve on the defence details as to how the calculations have been carried out which are sufficient to enable the defence to scrutinize the basis of the calculations.
The Forensic Science Service should make available to a defence expert, if requested, the databases upon which the calculations have been made.
The expert will, on the basis of empirical statistical data, five the jury the random occurrence rations - the frequency with which the matching DNA characteristics are likely to be found in the population at large.
Provided that the expert has the necessary data, it may then be appropriate for him to indicate how many people with the matching characteristics are likely to be found in the United Kingdom...”

Recommendations

Given the influential weight that DNA evidence can have in a case, it is critical that the evidence is accurately presented to the court and other key stakeholders. The Centre for Internet and Society recommends that the Bill should distinguish the DNA Bank Manager’s response to law enforcement and other DNA Laboratory’s and the DNA Bank Manger’s response to courts and tribunals as below:

Response to Law enforcement agency and DNA Laboratory: The DNA Bank Manger should respond to a request from law enforcement or a DNA laboratory with either: "match" or "partial match" .
Response to Court and tribunal: When DNA evidence is used in a court of law, the Bill should provide that the presentation should include:

The random match probability: The probability that the profile is in the sample from the individual tested if the individual tested has been selected at random.
The frequency with which the matching DNA characteristics are likely to be found in the population at large.
The probability of contamination.

The Bill should also provide for the database upon which the calculations were based to be made available when requested. In addition, the Bill should provide for rules to be made prescribing the procedure for presentation.

[]. http://nij.gov/topics/forensics/evidence/dna/basics/Pages/analyzing.aspx

[2]. http://www.medicalgenomics.co.uk/pdf/Barrister_vol32-2007.pdf

For more details visit https://cis-india.org/internet-governance/blog/comparision-of-draft-human-dna-profiling-bill-and-identification-act-revised-statute-of-canada-provisions

Spreadsheet data on sample of 50 security companies

maria — 2014-02-28T16:13:39Z

For more details visit https://cis-india.org/internet-governance/blog/data-on-surveillance-technology-companies

Big Democracy, Big Surveillance: India's Surveillance State

maria — 2014-02-28T10:35:09Z

In India, surveillance is on the rise by the state to tackle crime and terrorism, and private companies are eager to meet the demand.

This article by Maria Xynou was published by OpenDemocracy on 10 February 2014.

Worried about the secret, mass surveillance schemes being carried out by the NSA? While we should be, some of the surveillance schemes in the world's largest democracy, India, are arguably in the same league.

Surveillance is being globalised to the extent that even India, a country with huge poverty issues, is investing millions of dollars in creating an expansive surveillance regime. However, why would communications monitoring interest Indian authorities, when the majority of the population lives below the line of poverty and only 17% of the population has access to the Internet?

The official political motivation behind surveillance in India appears to be the government's determination to tackle terrorism in the country. The 2008 Mumbai terrorist attacks were arguably a similar landmark to the 9/11 terrorist attacks in the US, and both governments officially announced their intention to carry out surveillance as a counter-terrorism measure. However, unlike in the west, terrorist attacks in India are much more common, and the National Security Adviser reported in 2008 that 800 terrorist cells were operational in the country. With India’s history of major terror attacks in India over the last 25 years, it's easy for one to be persuaded that terrorism is actually a major threat to national security.

India's surveillance schemes

India’s surveillance programs mostly started following the 2008 Mumbai terror attacks. That was when the Ministry of Home Affairs first proposed the creation of a National Intelligence Grid (NATGRID), which will give 11 intelligence and investigative agencies real-time access to 21 citizen data sources to track terror activities. These citizen data sources will be provided by various ministries and departments, otherwise called “provider agencies”, and will include bank account details, telephone records, passport data and vehicle registration details, among other types of data.

The Ministry of Home Affairs has sought over Rs. 3,400 crore (around USD 540 million!) for the implementation of NATGRID, which aims to create comprehensive patterns of intelligence by collecting sensitive information from databases of departments like the police, banks, tax and telecoms to supposedly track any terror suspect and incident.

But NATGRID is far from India's only data sharing scheme. In 2009 the Cabinet Committee on Economic Affairs approved the creation and implementation of the Crime and Criminal Tracking Network & Systems (CCTNS), which would facilitate the sharing of databases among 14,000 police stations across all 35 states and Union Territories of India, excluding 6,000 police offices which are high in the police hierarchy. Rs. 2,000 crore (around USD 320 million) have been allocated for the CCTNS, which is being implemented by the National Crime Records Bureau under the national e-governance scheme. The CCTNS not only increases transparency by automating the function of police stations, but also provides the civil police with tools, technology and information to facilitate the investigation of crime and detection of criminals.

But apparently, sharing data and linking databases is not enough to track criminals and terrorists. As such, in the aftermath of the 2008 Mumbai terror attacks, the Indian government also implemented various interception systems. In September 2013 it was reported that the Indian government has been operating Lawful Intercept & Monitoring (LIM) systems, widely in secret. In particular, mobile operators in India have deployed their own LIM systems allowing for the so-called “lawful interception” of calls by the government. And possibly to enable this, mobile operators are required to provide subscriber verification to the Telecom Enforcement, Resource and Monitoring (TERM) cells of the Department of Telecommunications.

In the case of Internet traffic, the LIM systems are deployed at the international gateways of large Internet Service Providers (ISPs) and expand to a broad search across all Internet traffic using “keywords” and “key-phrases”. In other words, security agencies using LIM systems are capable of launching a search for suspicious words, resulting in the indiscriminate monitoring of all Internet traffic, possibly without court oversight and without the knowledge of ISPs.

India has also automated and centralized the interception of communications through the Central Monitoring System (CMS). This project was initially envisioned in 2009, following the 2008 Mumbai terror attacks and was approved in 2011. The CMS intercepts all telecommunications in India and centrally stores the data in national and regional databases. The CMS will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Intelligence Bureau (IB), the Central Bureau of Investigation (CBI), the Directorate of Revenue Intelligence (DRI), the Research and Analysis Wing (RAW) and the National Investigation Agency (NIA).

Unlike mainstream interception, where service providers are required to intercept communications and provision interception requests to law enforcement agencies, the Central Monitoring System will automate the entire process of interception. This means that the CMS authority will have centralized access to all intercepted data and that the authority can also bypass service providers in gaining such access. Once security agencies have access to this data, they are equipped with Direct Electronic Provisioning, filters and alerts on the target numbers, as well as with Call Details Records (CDR) analysis and data mining tools to identify the personal information of target numbers.

Given that roughly 73% of India's population uses mobile phones, this means that the Central Monitoring System can potentially affect about 893 million people, more than double the population of the United States! However, how is it even possible for Indian authorities to mine the data of literally millions of people? Who supplies Indian authorities with the technology to do this and what type of technology is actually being used?

India's surveillance industry

India has the world's second largest population, consisting of more than a billion people and an expanding middle class. Undoubtedly, India is a big market and many international companies aspire in investing in the country. Unfortunately though, along with everything else being imported into India, surveillance technologies are no exception.

Some of the biggest and most notorious surveillance technology companies in the world, such as ZTE, Utimaco and Verint, have offices in India. Even FinFisher command and control servers have been found in India. However, in addition to allowing foreign surveillance technology companies to create offices and to sell their products and solutions in the country, local companies selling controversial spyware appear to be on the rise too.

Kommlabs Dezign is an Indian company which loves to show off its Internet monitoring solutions at various ISS trade shows, otherwise known as “the Wiretapper's Ball”. In particular, Kommlabs Dezign sells VerbaNET, an Internet Interception Solution, as well as VerbaCENTRE, which is a Unified Monitoring Centre that can even detect cognitive and emotional stress in voice calls and flag them! In other words, Kommlabs Dezign makes a point that not only should we worry about what we text and say over our phones, but that we should also worry about what we sound like when on the phone.

Vehere is another Indian company which sells various surveillance solutions and notably sells vCRIMES, which is a Call Details Records (CDR) analysis system. VCRIMES is used to analyse and gather intelligence and to unveil hidden interconnections and relations through communications. This system also includes a tool for detecting sleeper cells through advanced statistical analysis and can analyse more than 40 billion records in less than 3 seconds.

Paladion Networks is headquartered in Bangalore, India and sells various Internet Monitoring Systems, Telecom Operator Interception Systems, SSL Interception and Decryption Systems and Cyber Cafe Monitoring Systems to law enforcement agencies in India and abroad. In fact, Paladion Networks even states in its website that its customers include India's Ministry of Information Technology and the U.S Department of Justice.

ClearTrail Technologies is yet another Indian company which not only sponsors global surveillance trade shows but also sells a wide range of monitoring solutions to law enforcement agencies in India and abroad. ComTrail is a solution for the centralised mass interception and monitoring of voice and data networks, including Gmail, Yahoo, Hotmail, BlackBerry, ICQ and GSM voice calls. Furthermore, ComTrail is equipped to handle millions of communications per day, correlating identities across multiple networks, and can instantly analyse data across thousands of terabytes.

ClearTrail also sells xTrail, which is a solution for the targeted interception, decoding and analysis of data traffic over IP networks and which enables law enforcement agencies to intercept and monitor targeted communications without degrading the service quality of the IP network. Interestingly, xTrail can filter based on a “pure keyword”, a URL/Domain with a keyword, a mobile number or even with just a user identity, such as an email ID, chat ID or VoIP ID.

Apparently, some the biggest challenges that law enforcement agencies face when monitoring communications include cases when targets operate from public Internet networks and/or use encryption. However, it turns out that ClearTrail's QuickTrail solution is designed to gather intelligence from public Internet networks, when a target is operating from a cyber cafe, a hotel, a university campus or a free Wi-Fi zone. This device can remotely deploy spyware into a target's computer and supports protocol decoding, including HTTP, SMTP, POP3 and HTTPS.

Additionally, QuickTrail can identify a target machine on the basis of metadata, such as an IP address, and can monitor Ethernet LANs in real time, as well as monitor Gmail, Yahoo and all other HTTPS-based communications. ClearTrail's mTrail is designed for the passive 'off-the-air' interception of GSM communications, including the interception of targeted calls from pre-defined suspect lists and the monitoring of SMS and protocol information. MTrail also identifies a target's location by using signal strength, target numbers, such as IMSI, TIMSI, IMEI or MSI SDN, which makes it possible to listen to the conversation of so-called “lawfully intercepted” calls in near real-time.

In short, it looks like India is reaching the top league when it comes to surveillance technologies, especially since many of its companies and their products appear to be just as scary as some of the most sophisticated spying gear sold by the West. India may be the world's largest (by population) democracy, but that means that it has a huge population with way too many opinions...and apparently, the private and public sectors in India appear to be joining forces to do something about it.

So do Indians have nothing to hide?

A very popular rhetoric in both India and the west is that citizens should not be concerned about surveillance because, after all, if they are not terrorists, they should have nothing to hide. However, privacy advocate Caspar Bowden has rightfully stated that this rhetoric is fundamentally flawed and that we should all indeed “have something to hide”. But is privacy just about “having something to hide”? Jacob Appelbaum has stated that this rhetoric is merely a psychological copying mechanism when dealing with security.

It's probably rather comforting and reassuring to think that we are not special or important enough for surveillance to affect us personally. But is that really up to us to decide? Unfortunately not. The very point of data mining is to match patterns, create profiles of individuals and to unveil hidden interconnections and relations. A data analyst can uncover more information about us than what we are even aware of and it is they who decide if our data is “incriminating” or not. Or even worse: in many cases it's up to data mining software to decide how “special” or “important” we are. And unfortunately, technology is not infallible.

The world's largest democracy, which is also one of the most corrupt countries in the world, is implementing many controversial surveillance schemes which lack transparency, accountability and adequate legal backing, and which are largely being carried out in secret. And to make matters worse, India lacks privacy legislation. Over a billion people in a democratic regime are exposed to inadequately regulated surveillance schemes, while a local surveillance industry is thriving without any checks or balances whatsoever. What will this mean for the global future of democracy?

For more details visit https://cis-india.org/internet-governance/blog/big-democracy-big-surveillance-indias-surveillance-state

February 2014 Bulletin

praskrishna — 2014-04-07T07:27:46Z

The Centre for Internet and Society (CIS) welcomes you to the second issue of its newsletter (February) for the year 2014:

-------------------------------
Highlights
-------------------------------

We published revised chapters for the states of Mizoram, Dadra and Nagar Haveli, Himachal Pradesh and Haryana, as part of our National Resource Kit project.
In the concluding blog post of a three-part study Ananth Padmanabhan looks at the Indian law in the Copyright Act and the Information Technology Act, and concludes that both those laws restrain courts and private companies from ordering an ISP to block a website for copyright infringement.
Telugu Wikipedia celebrated its 10^th anniversary. An event was co-organized in Vijaywada to celebrate the same.
The second Institute on Internet and Society was held in Pune from February 11 to 17. The proceedings from the workshop are captured in a blog post.
CIS announced an Open Call for Comments for the latest draft of the Privacy Bill, 2013 prepared by Bhairav Acharya.
Forbes India published its “30 Under 30 List”. Pranesh Prakash is featured in the list.
As part of the Making Change Project, Denisse Albornoz wrote a blog post that compares the production behind a performance with the process of storytelling.
Beli gives an introduction to spectrum sharing. The post looks at GSM and CDMA, and touches upon LTE, and how they might share spectrum.

-----------------------------------------------
Jobs
-----------------------------------------------
CIS is seeking applications for the post of Program Officer (Access to Knowledge): http://bit.ly/1fnydB0. There are two vacancies for this post and it is full-time based in Delhi. To apply, please send your resume to Sunil Abraham (sunil@cis-india.org), Nirmita Narasimhan (nirmita@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org) with three writing samples of which at least one demonstrates your analytic skills, and one that shows your ability to simplify complex policy issues.

----------------------------------------------
Accessibility and Inclusion
----------------------------------------------
As part of our project (under a grant from the Hans Foundation) on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India, we bring you draft chapters for the states of Mizoram, Dadra and Nagar Haveli, Himachal Pradesh and Haryana. With this we have completed compilation of draft chapters for 35 states.

Based upon discussion with the office of the Chief Commissioner for Persons with Disabilities (CCPD) the following chapters were revised:

► National Resource Kit Chapter

The Mizoram Chapter (by CLPR, February 5, 2014): http://bit.ly/1eUSvxW
The Dadra & Nagar Haveli Chapter (by CLPR, February 6, 2014): http://bit.ly/1mv3YhJ
The Haryana Chapter (by Anandhi Viswanathan, February 10, 2014): http://bit.ly/1dVOiKI
The Himachal Pradesh Chapter (by Anandhi Viswanathan, February 12, 2014): http://bit.ly/1jSk03x

► Other

# Participation in Events

National Consultation on Inclusion of Persons with Disabilities in Development Process (organized by CBM India in collaboration with United Nations Solution Exchange for Gender Community, WHO Regional office for South-East Asia, New Delhi, February 12, 2014). Anandhi Viswanathan participated in a panel discussion. She made a presentation on the National Resource Kit project: http://bit.ly/OlkHVq.
Zero Project Conference on Accessibility: Innovative Policies and Practices for Persons with Disabilities (organized by Essl Foundation, the World Future Council and the European Foundation Centre, United Nations Office, Vienna, February 27 and 28, 2014). Pranesh Prakash spoke on Affordable Text-to-Speech Software from India: http://bit.ly/1czo32s. Nominations on e-speak were recognised as examples of innovative practices and policies from India. Pranesh Prakash was also a speaker on Copyright Exception for Accessible Formats: http://bit.ly/1l8HRth.

-----------------------------------------------------------
Access to Knowledge
-----------------------------------------------------------
The Access to Knowledge programme addresses the harms caused to consumers and human rights, and critically examines Open Government Data, Open Access to Scholarly Literature, and Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software.

# Analyses

Can Judges Order ISPs to Block Websites for Copyright Infringement? (Part 2) (by Ananth Padmanabhan, February 5, 2014): http://bit.ly/1cddoKm. Analyses the law laid down by the U.S. Supreme Court and the Delhi High Court on secondary and contributory copyright infringement.
Can Judges Order ISPs to Block Websites for Copyright Infringement? (Part 3) (by Ananth Padmanabhan, February 5, 2014): http://bit.ly/1g35mDg. Analyses the Indian law in the Copyright Act and the Information Technology Act.

# Participation in Events

2nd International Conference on Managing Intellectual Property Rights and Strategy (MIPS 2014) (organized by Shailesh J. Mehta School of Management, IIT Bombay with support from the Ministry of Human Resources Development IPR Chair Project, Government of India): http://bit.ly/PsPEbq.
Consultation on Institutional Arrangements for IP management under MHRD (organized by the Planning Commission and Ministry of Human Resource Development, New Delhi, February 21, 2014). Nehaa Chaudhari participated in this consultation: http://bit.ly/1fTCoar.
National Conference on Use of Technology in Higher Education (organized by the Ministry of Human Resource and Development and Planning Commission in partnership with Microsoft Research and British Council, Indian Institute of Technology, Bombay, February 25, 2014): http://bit.ly/P6u78i. Nehaa Chaudhari participated in the event as a panelist in the session on "Future of Content Creation".

# Media Coverage

Pranesh Prakash: Influencing India's IP Laws (by Samar Srivastava, Forbes India, February 15, 2014): http://bit.ly/1kBzLMq.

The following has been done under grant from the Wikimedia Foundation (http://bit.ly/SPqFOl). As part this project (http://bit.ly/X80ELd), we organised 4 workshops in the month of January, published an article in DNA, and signed a memorandum of understanding with KIIT University and Kalinga Institute of Social Sciences to further the development of Odia Wikipedia:

►Wikipedia

# Articles / Blog Entries

Odia Language's Presence in Digital Media and Wikipedia's Role (by Subhashish Panigrahi, The Samaja, March 2, 2014): http://bit.ly/1ieF3sC.
Indian Wikimedia community coordinates Women’s History Month (by Netha Hussain and Jeph Paul, Wikimedia Foundation, March 6, 2014): http://bit.ly/1cyRfqf,

# Events Co-organized

Cinemathon2014 Bangalore (organized by Pad.ma and CIS-A2K, CIS, Bangalore, February 8-9, 2014): http://bit.ly/MRRkZz.
Tewiki 10th Anniversary (organized by CIS-A2K and Telugu Wikipedia community, February 15, 2014): http://bit.ly/1iI2Pxs. T. Vishnu Vardhan and Rahmanuddin Shaikh were speakers at the event.
Cinemathon2014 Mumbai (organized by Pad.ma and CIS-A2K, CAMP Studio, Mumbai, February 15-16, 2014): http://bit.ly/P5YGL8.
Wikipedia Mangalore Workshop (organized by Roshini Nilaya and CIS-A2K, Mangalore, February 26, 2014). Dr. U.B.Pavanaja gave a presentation on Wikipedia with a special focus on students and women.

CIS gave its inputs to the following media coverage:

# Media Coverage

Father-son duo promote Punjabi online (by Jatinder Preet, Sunday Guardian, February 1, 2014): http://bit.ly/1l87b2h.
୧୦ ବର୍ଷରେ ଓଡ଼ିଆ ୱିକିପିଡିଆ (Rabibara Sambad (Sunday supplement of Odia newspaper The Sambad), February 9, 2014): http://bit.ly/1igMynn. This is a feature about Odia Wikipedia's 10th anniversary and the story of a dead volunteer community reviving after 8 years.
Wikipedia Mangalore Workshop (Prajavani, February 27, 2014): http://bit.ly/1gVMG6f.

# Participation in Event

The Dynamics of Education to Employment Journey: Opportunities and Challenges (organized by KIIT School of Management, KIIT University, Bhubaneswar, February 21-22, 2014). T. Vishnu Vardhan gave a talk: http://bit.ly/1ePwqHc.

Event Organized

Wiki Women's Workshop (ICG – Dona Paula, Goa, March 9, 2014): http://bit.ly/MRRJLy. The event is being organized as part of the commemoration of the International Women's Day.

Openness

# Event Organised

Bitcoin & Open Source with Aaron Koenig (CIS, Bangalore, February 7, 2014): http://bit.ly/1fbN6mP.

-----------------------------------------------
Internet Governance
-----------------------------------------------
CIS is doing a project (under a grant from Privacy International and International Development Research Centre (IDRC)) on conducting research on surveillance and freedom of expression (SAFEGUARDS). So far we have organised seven privacy round-tables and drafted the Privacy (Protection) Bill. Gautam Bhatia gives an analysis of the right to privacy from a constitutional perspective. Bhairav Acharya prepared an updated version of the Privacy Protection Bill which was published for comments.

# Call for Comments

The Privacy Protection Bill, 2013 (by Bhairav Acharya, February 25, 2014): http://bit.ly/1g3TwIX. CIS announced an Open Call for Comments to the latest version of the bill.

# Articles

The Internet Way (by Nishant Shah, Biblio Vol. 19 No.8 (1&2), January – February 2014): http://bit.ly/1kBp9gJ. Dr. Nishant Shah's review of the book “The Everything Store: Jeff Bezos and the Age of Amazon” by Bantam Press/Random House Group, London can be found on page 16.
Surveillance and the Indian Constitution - Part 3: The Public/Private Distinction and the Supreme Court’s Wrong Turn (by Gautam Bhatia, Indian Constitutional Law and Philosophy Blog, February 25, 2014): http://bit.ly/1kBosnw. This was originally published on Indian Constitutional Law and Philosophy Blog.
Big Democracy, Big Surveillance: India's Surveillance State (by Maria Xynou, Open Democracy, February 28, 2014): http://bit.ly/1nkg8Ho.
Will You be Paid to Post a Picture? (by Nishant Shah, Indian Express, February 18, 2014): http://bit.ly/P65d8L.

# Blog Entries

February 11: The Day We Fight Back Against Mass Surveillance (by Divij Joshi, February 14, 2014): http://bit.ly/1e7drCV.
Calcutta High Court Strengthens Whistle Blower Protection (by Divij Joshi, February 24, 2014): http://bit.ly/1cG8v7t.
CIS Welcomes 52nd Report on Cyber Crime, Cyber Security, and Right to Privacy (by Elonnai Hickok, February 24, 2014): http://bit.ly/1oviMJ4.
UIDAI Practices and the Information Technology Act, Section 43A and Subsequent Rules (by Elonnai Hickok, February 25, 2014): http://bit.ly/1fbSfep.

# Events Organized

Nullcon Goa Feb 2014 — International Security Conference (organised by Nullcon, Bogmallo Beach Resort, Goa, February 12 – 15, 2014). CIS is one of the sponsors for this event: http://bit.ly/1lrBu5I.
Counter Surveillance Panel: DiscoTech & Hackathon (co-organized by CIS, MIT Centre for Civic Media Co-Design Lab, Tactical Technology Collective, Hackteria.org, and Shristi School of Art, Design and Technology, Bangalore, March 1, 2014): http://bit.ly/NCGMyH

# Participation in Events

First Meeting of the Multistakeholder Advisory Group for India Internet Governance Forum (organized by the Department of Electronics and Information Technology, New Delhi, February 10, 2014). Sunil Abraham participated in this meeting: http://bit.ly/1fKu5xz.
Internet Intermediary Liability: Towards Evidence-based Policy and Regulatory Reform to Secure Human Rights on the internet (organized by Association for Progressive Communications, The Wedgewood, Melville, Johannesburg, February 10-11, 2014): http://bit.ly/1fMAEK2. Elonnai Hickok was a speaker.
Towards an Equitable and Just Internet (organized by IT for Change, New Delhi, February 14-15, 2014). Bhairav Acharya was a speaker: http://bit.ly/1cz9EDt.
Workshop on Media Law & Policy Curriculum Development (organized by the Centre for Communication Governance, National Law University, Delhi and University of Oxford in support with the International Higher Education-Knowledge Economy Partnerships Programme of the British Council, February 16, 2014, National Law University, Delhi): http://bit.ly/1ovoT00. Bhairav Acharya was a speaker.
The Changing Role of the Media in India: Constitutional Perspectives (organized by School of Law, Christ University, February 28, 2014): http://bit.ly/1lB2nTO. Snehashish Ghosh moderated a session at this conference.

--------------------------------
News & Media Coverage
--------------------------------
CIS gave its inputs to the following recent media coverage:

The Dangers of Birdsong (by Namrata Joshi, Outlook, January 25, 2014): http://bit.ly/1kB8J7L.
A Tale of Two Internet Campaigns (by Deepa Kurup, The Hindu, February 11, 2014): http://bit.ly/1lDdRZy.
Dark days for the creative class in India: Siddiqui (by Haroon Siddiqui, thestar.com, February 16, 2014): http://bit.ly/1gdtgbC.
The Forbes India 30 Under 30 List (by Abhilasha Khaitan, Forbes India, February 21, 2014): http://bit.ly/1ovnvKM. Pranesh Prakash features in the list.
India ‘tea parties’ enable politicians to woo urban youth with technology (by Avantika Chilkoti, Financial Times, February 26, 2014): http://bit.ly/1cGfOMm.

--------------------------------
Digital Humanities
--------------------------------
CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

# Blog Entries

Defending the Humanities in the Digital Age (by Nishant Shah, DML Central, February 24, 2014): http://bit.ly/1czdZqg.
Digital Humanities in India- Mapping Changes at the Intersection of Youth, Technology and Higher Education (by Sneha PP, February 21, 2014): http://bit.ly/1qd6xo4.

--------------------------------
Digital Natives
--------------------------------
CIS is doing a research project titled “Making Change”. The project will explore new ways of defining, locating, and understanding change in network societies. Having the thought piece 'Whose Change is it Anyway' as an entry point for discussion and reflection, the project will feature profiles, interviews and responses of change-makers to questions around current mechanisms and practices of change in South Asia and South East Asia:

►Making Change Project

# Blog Entries

Storytelling as Performance: The Ugly Indian and Blank Noise 1 (by Denisse Albornoz, February 24, 2014): http://bit.ly/1jX4qBb.
Storytelling as Performance: The Ugly Indian and Blank Noise 2 (by Denisse Albornoz, February 27, 2014): http://bit.ly/1fKwQil.

--------------------------------
Telecom
--------------------------------
Shyam Ponappa, a Distinguished Fellow at CIS is a regular columnist with the Business Standard. The articles published on his blog Organizing India Blogspot is mirrored on our website:

# Newspaper Column

Centre- or State-Driven Development? (by Shyam Ponappa, Business Standard, February 5, 2014, Observer India Blogspot, February 7, 2014): http://bit.ly/1ceuWFS.

# Blog Entry

An Introduction to Spectrum Sharing (by Beli, February 24, 2014): http://bit.ly/NZlknd.

----------------------------------------------------------
Knowledge Repository on Internet Access
----------------------------------------------------------
CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at the Internet Institute website: http://bit.ly/1iQT2UB.

►Event Organized

Institute on Internet and Society (organised by Ford Foundation and CIS, Yashada, Pune, February 11-17, 2014): http://bit.ly/1fpTdDS. Bishakha Datta, Ravikiran Annaswamy, Kingsley John, Prof. G. Nagarjuna, Nisha Thompson, Prashant Naik, Nehaa Chaudhari, Bhairav Acharya, Manu Srivastav, Dr. Abhijeet Safai, Payal Malik, Nishant Shah, Laura Stein, Sunil Abraham, Madan Muthu and Chinmayi Arun taught at the institute.

-----------------------------------------------------
About CIS
-----------------------------------------------------
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration:

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language Wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, IDRC and the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/february-2014-bulletin

India ‘tea parties’ enable politicians to woo urban youth with technology

praskrishna — 2014-03-06T12:13:36Z

Babalal Patel’s tiny tea stall in southern Mumbai is a long way from Silicon Valley. It is not even that close to Bangalore, the Indian equivalent.

The article by Avantika Chilkoti was published in the Financial Times on February 26, 2014. Sunil Abraham is quoted.

But one night this month this ramshackle shop became the venue for a social media experiment that highlights the high-tech face of electioneering in India, the world’s largest democracy. A crowd gathered outside to watch two television screens showing a live broadcast with Narendra Modi, prime ministerial candidate for the opposition Bharatiya Janata party, as he answered questions the audience submitted by text message.

Similar “tea parties” were held across the country, designed to ram home Mr Modi’s humble background as a tea seller and his technological credentials. But the nationwide event, organised using mobile technology more commonly seen in US presidential campaigns, also signals a shift in Indian politics.

For decades, political campaigns in India have centred around colossal rallies and billboard advertising. But a growing population of young people, rising internet use and the ubiquity of mobile phones mean the 2014 battle is playing out equally fiercely online.

“We are moving far ahead of saying that we are building ‘likes’ on social media,” says Arvind Gupta, head of IT and social media for the BJP. “Organisation is being done using digital. So if I’m going to tell everybody there’s an event tomorrow, it can be posted on Facebook, websites, on SMS, on WhatsApp, though the real meeting is happening on the ground.”

These techniques, which became familiar during the Arab uprisings of northern Africa, are an increasingly important part of communication strategy ahead of a national election, which must be held in the next three months, and which many believe will be close.

Mr Gupta believes parties are fighting what he calls a “postmodern election” for up to 160 - largely urban - seats of the total 543. More than half the 50-strong team working on communication for the BJP are dedicated to digital campaigning.

India’s internet user base reached a point of inflection last year, passing 200m. While that is a fraction of the 1.3bn population, prompting many to question the power of social media, use is far greater among urban and young voters, millions of whom will be eligible to vote for the first time this year.

“Social media is suddenly becoming important, not for all constituencies but for urban constituencies because for the first time the urban youth and the educated class is very much glued into the election and showing interest,” says Rajeeva Karandikar, a statistician and election analyst.

Mr Modi, chief minister of Gujarat, has adapted particularly quickly to the changing environment. He captured the public imagination by using holograms to address rallies and Google Hangouts to interact with the diaspora. He has 3.4m Twitter followers and more than 10.6m “likes” on his Facebook page, thanks in part to a slick social media team led by high-profile technology entrepreneurs. Meanwhile Rahul Gandhi, the reticent, undeclared candidate for the incumbent Congress party, does not even have a verified Twitter account.

Some were disappointed by low attendance at the national “tea parties”, but the events were lauded for being interactive and, perhaps most importantly in a country where newspaper readership remains high, grabbed column inches in local media. The audience could speak directly to Mr Modi at venues with a two-way video link and the footage was immediately available on YouTube.

“While answering each question Mr Modi has a point of view,” says Pratik Patel, 28, a chartered accountant who organised the event at his grand- father’s tea shop. “He doesn’t have two ways of looking at the same thing - this helps him to be more decisive and forward thinking.”

Social media also provides swaths of information to India’s political parties, as they copy the sophisticated data analytics used by US president Barack Obama’s campaigns.

From its offices in suburban Mumbai, the digital marketing group Pinstorm tracks what social media users are discussing at the constituency level and identifies significant supporters or critics. It describes the service as an early warning system or “social radar”, which allows parties to mobilise workers rapidly to oppose or support a point of view.
Sceptics argue, however, that social media has insufficient traction in India to affect results of the forthcoming poll. But the size of the user base does not reflect its full power. It is educated influential Indians who use these digital networks and the online debate shapes views in traditional media that reach a wider audience.

“The theory is that since the elites are connected and have more time to spare on social media, let us use social media and the internet more generally to influence discourse through these elites,” says Sunil Abraham, executive director for the Bangalore-based Centre for Internet and Society. “It’s an indirect route to the vote.”

An adviser to the Obama campaign warns, however, that, given differences in funding and the local environment, India’s politicians should be wary of using the US presidential race as a model. This year a simpler technology may prove the best tool for campaigns in India: the mobile phone.

“Folks look to the Obama campaign for this sort of stuff,” says Ethan Roeder, who worked on data for the 2008 and 2012 US presidential campaigns. “But a lot of these international campaigns would do best looking elsewhere for a model . . . No campaign in the history of the world has ever spent that much money to elect a single individual to a single office.”

India’s version is, of course, markedly cheaper, thanks to the roadside chai-wallahs and armies of volunteers, pulling in the new breed of voters.

“I have never attended a political rally in my entire life,” says Mr Patel, who helped organise Mr Modi’s nationwide “tea party”.

“If people want to connect with me they need to connect with me on social media or via email.”

Modi’s digital army

The team building the digital campaign for India’s opposition Bharatiya Janata party mixes entrepreneurs and veterans from the technology industry, rather than individuals with experience of electioneering alone.

Rajesh Jain, working on electoral technology, is well known in the industry since setting up successful businesses in online news and digital marketing. These include IndiaWorld Communications, a collection of websites which was bought in 1999 by Satyam Infoway, then India’s largest internet service provider.

He has the archetypal curriculum vitae, with a degree from one of the eminent Indian institutes of technology followed by a master’s degree from Columbia University in New York.

Arvind Gupta, who heads the BJP’s IT and social media cell, has a remarkably similar educational background - with an added stint in Silicon Valley to his name.

At the last count, the party had recruited more than 2m volunteers, who are organised online and will provide support in different ways. But there is also a younger generation of advocates who have given up good jobs to join the digital effort. Citizens for Accountable Governance is a non-profit youth organisation co-ordinating nationwide “tea parties” ahead of this year’s national election, where Narendra Modi, the party’s prime ministerial candidate, interacts with audiences at tea stalls via video link.

About 100 young professionals lead the operation and all come with impressive credentials, including jobs at prominent global consulting groups such as McKinsey, and banks such as JPMorgan.

Beyond that, Mr Modi has had a team working for him personally since he took over as chief minister of Gujarat more than a decade ago.

It is a discreet IT set-up that still functions independently of the party’s operations.

For more details visit https://cis-india.org/news/financial-times-february-26-2014-india-tea-parties-enable-politicians-to-woo-urban-youth-with-technology

Surveillance and the Indian Constitution - Part 3: The Public/Private Distinction and the Supreme Court’s Wrong Turn

pranesh — 2014-03-06T23:02:45Z

After its decision in Gobind, the Supreme Court's privacy floodgates opened; a series of claims involving private parties came before its docket, and the resulting jurisprudence ended up creating confusion between state-individual surveillance, and individual-individual surveillance.

Gautam Bhatia's blog post was originally published on Indian Constitutional Law and Philosophy Blog

We have seen that Gobind essentially crystallized a constitutional right to privacy as an aspect of personal liberty, to be infringed only by a narrowly-tailored law that served a compelling state interest. After the landmark decision in Gobind, Malak Singh v State of P&H was the next targeted-surveillance history-sheeter case to come before the Supreme Court. In that case, Rule 23 of the Punjab Police Rules was at issue. Its vires was not disputed, so the question was a direct matter of constitutionality. An order of surveillance was challenged by two individuals, on the ground that there were no reasonable bases for suspecting them of being repeat criminals, and that their inclusion in the surveillance register was politically motivated. After holding that entry into a surveillance sheet was a purely administrative measure, and thus required no prior hearing (audi alteram partem), the Court then embarked upon a lengthy disquisition about the scope and limitations of surveillance, which deserves to be reproduced in full:

“But all this does not mean that the police have a licence to enter the names of whoever they like (dislike?) in the surveillance register; nor can the surveillance be such as to squeeze the fundamental freedoms guaranteed to all citizens or to obstruct the free exercise and enjoyment of those freedoms; nor can the surveillance so intrude as to offend the dignity of the individual. Surveillance of persons who do not fall within the categories mentioned in Rule 23.4 or for reasons unconnected with the prevention of crime, or excessive surveillance falling beyond the limits prescribed by the rules, will entitle a citizen to the Court’s protection which the court will not hesitate to give. The very rules which prescribe the conditions for making entries in the surveillance register and the mode of surveillance appear to recognise the caution and care with which the police officers are required to proceed. The note following R. 23.4 is instructive. It enjoins a duty upon the police officer to construe the rule strictly and confine the entries in the surveillance register to the class of persons mentioned in the rule. Similarly R.23.7 demands that there should be no illegal interference in the guise of surveillance. Surveillance, therefore, has to be unobstrusive and within bounds. Ordinarily the names of persons with previous criminal record alone are entered in the surveillance register. They must be proclaimed offenders, previous convicts, or persons who have already been placed on security for good behaviour. In addition, names of persons who are reasonably believed to be habitual offenders or receivers of stolen property whether they have been convicted or not may be entered. It is only in the case of this category of persons that there may be occasion for abuse of the power of the police officer to make entries in the surveillance register. But, here, the entry can only be made by the order of the Superintendent of Police who is prohibited from delegating his authority under Rule 23.5. Further it is necessary that the Superintendent of Police must entertain a reasonable belief that persons whose names are to be entered in Part II are habitual offenders or receivers of stolen property. While it may not be necessary to supply the grounds of belief to the persons whose names are entered in the surveillance register it may become necessary in some cases to satisfy the Court when an entry is challenged that there are grounds to entertain such reasonable belief. In fact in the present case we sent for the relevant records and we have satisfied ourselves that there were sufficient grounds for the Superintendent of Police to entertain a reasonable belief. In the result we reject both the appeals subject to our observations regarding the mode of surveillance. There is no order as to costs.”

Three things emerge from this holding: first, the Court follows Gobind in locating the right to privacy within the philosophical concept of individual dignity, found in Article 21’s guarantee of personal liberty. Secondly, it follows Kharak Singh, Malkani and Gobind in insisting that the surveillance be targeted, limited to fulfilling the government’s crime-prevention objectives, and be limited – not even to suspected criminals, but – repeat offenders or serious criminals. And thirdly, it leaves open a role for the Court – that is, judicial review – in examining the grounds of surveillance, if challenged in a particular case.

After Malak Singh, there is another period of quiet. LIC v Manubhai D Shah, in 1993, attributed – wrongly – to Indian Express Newspapers the proposition that Article 19(1)(a)’s free expression right included privacy of communications (Indian Express itself had cited a UN Report without incorporating it into its holding).

Soon afterwards, R. Rajagopal v State of TN involved the question of the publication of a convicted criminal’s autobiography by a publishing house; Auto Shankar, the convict in question, had supposedly withdrawn his consent after agreeing to the book’s publication, but the publishing house was determined to go ahead with it. Technically, this wasn’t an Article 21 case: so much is made clear by the very manner in which the Court frames its issues: the question is whether a citizen of the country can prevent another person from writing his biography, or life story. (Paragraph 8) The Court itself made things clear when it held that the right of privacy has two aspects: the tortious aspect, which provides damages for a breach of individual privacy; and the constitutional aspect, which protects privacy against unlawful governmental intrusion. (Paragraph 9) Having made this distinction, the Court went on to cite a number of American cases that were precisely about the right to privacy against governmental intrusion, and therefore – ideally – irrelevant to the present case (Paras 13 – 16); and then, without quite explaining how it was using these cases – or whether they were relevant at all, it switched to examining the law of defamation (Para 17 onwards). It would be safe to conclude, therefore, in light of the clear distinctions that it made, the Court was concerned in R. Rajagopal about an action between private parties, and therefore, privacy in the context of tort law. It’s confusing observations, however, were to have rather unfortunate effects, as we shall see.

We now come to a series of curious cases involving privacy and medical law. In Mr X v Hospital Z, the question arose whether a Hospital that – in the context of a planned marriage – had disclosed the appellant’s HIV+ status, leading to his social ostracism – was in breach of his right to privacy. The Court cited Rajagopal, but unfortunately failed to understand it, and turned the question into one of the constitutional right to privacy, and not the private right. Why the Court turned an issue between two private parties – adequately covered by the tort of breach of confidentiality – into an Article 21 issue is anybody’s guess. Surely Article 21 – the right to life and personal liberty – is not horizontally applicable, because if it was, we might as well scrap the entire Indian Penal Code, which deals with exactly these kinds of issues – individuals violating each others’ rights to life and personal liberty. Nonetheless, the Court cited Kharak Singh, Gobind and Article 8 of the European Convention of Human Rights, further muddying the waters, because Article 8 – in contrast to American law – embodies a proportionality test for determining whether there has been an impermissible infringement of privacy. The Court then came up with the following observation:

“Where there is a clash of two Fundamental Rights, as in the instant case, namely, the appellant’s right to privacy as part of right to life and Ms. Akali’s right to lead a healthy life which is her Fundamental Right under Article 21, the RIGHT which would advance the public morality or public interest, would alone be enforced through the process of Court, for the reason that moral considerations cannot be kept at bay.”

With respect, this is utterly bizarre. If there is a clash of two rights, then that clash must be resolved by referring to the Constitution, and not to the Court’s opinion of what an amorphous, elastic, malleable, many-sizes-fit “public morality” says. The mischief caused by this decision, however, was replicated in Sharda v Dharmpal, decided by the Court in 2003. In that case, the question was whether the Court could require a party who had been accused of unsoundness of mind (as a ground for divorce under the wonderfully progressive Hindu Marriage Act) to undergo a medical examination – and draw an adverse inference if she refused. Again, whether this was a case in which Article 21 ought to be invoked is doubtful; at least, it is arguable, since it was the Court making the order. Predictably, the Court cited from Mr X v Hospital Z extensively. It cited Gobind (compelling State interest) and the ECHR (proportionality). It cited a series of cases involving custody of children, where various Courts had used a “balancing test” to determine whether the best interests of the child overrode the privacy interest exemplified by the client-patient privilege. It applied this balancing test to the case at hand by balancing the “right” of the petitioner to obtain a divorce for the spouse’s unsoundness of mind under the HMA, vis-à-vis the Respondent’s right to privacy.

In light of the above analysis, it is submitted that although the outcome in Mr X v Hospital Z and Sharda v Dharmpal might well be correct, the Supreme Court has misread what R. Rajagopal actually held, and its reasoning is deeply flawed. Neither of these cases are Article 21 cases: they are private tort cases between private parties, and ought to be analysed under private law, as Rajagopal itself was careful to point out. In private law, also, the balancing test makes perfect sense: there are a series of interests at stake, as the Court rightly understood, such as certain rights arising out of marriage, all of a private nature. In any event, whatever one might make of these judgments, one thing is clear: they are both logically and legally irrelevant to the Kharak Singh line of cases that we have been discussing, which are to do with the Article 21 right to privacy against the State.

For more details visit https://cis-india.org/internet-governance/blog/surveillance-and-the-indian-consitution-part-3

UIDAI Practices and the Information Technology Act, Section 43A and Subsequent Rules

elonnai — 2014-03-06T07:00:21Z

UIDAI practices and section 43A of the IT Act are analyzed in this post.

In the 52^nd Report on Cyber Crime, Cyber Security, and the Right to Privacy – in evidence provided, the Department of Electronics and Information Technology stated “...Section 43A and the rules published under that Section cover the entire privacy in case of digital data. These are being followed by UIDAI also and other organisations...” (pg.46) [1]

This blog post explains the requirements found under Section 43A of the Information Technology Act 2000 and the subsequent Information Technology “ Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011[2] and analyses publicly available documents from the UIDAI website[3] as well as the UIDAI enrolment form[4] to demonstrate the ways in which:

UIDAI practices are in line with section 43A and the Rules,
UIDAI practices are not in line with section 43A and the Rules,
UIDAI practices are partially in with section 43A and the Rules
Where more information is needed to draw a conclusion.

Applicability and Scope

Section 43A of the Information Technology Act 2008 and subsequent Rules apply only to Body Corporate and to digital information.

Body Corporate under the Information Technology Act 2008 is defined as:

“Any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities”

UIDAI Practices - not in line: The UIDAI is not a body corporate. The UIDAI is an attached office under the aegis of the Planning Commission that was set up by an executive order.[5]

The UIDAI collects, processes, stores, and shares both digital and non-digital information. As section 43A and subsequent Rules apply only to digital information, there is not sufficient protection provided over all the information collected, processed, stored, and used by the UIDAI.

Privacy Policy on Website

Rule 4 requires body corporate to provide a privacy policy on their website. The privacy policy must include:

Clear and easily accessible statements of its practices and policies
Type of personal or sensitive personal data or information collected
Purpose of collection and usage of such information
Disclosure of information including sensitive personal information
Reasonable security practices and procedures as provided under rule 8

UIDAI Practices - Partially in Line

Though the UIDAI has placed a privacy policy[6] on their website, the privacy policy only addresses the use of website and does not comprehensively provide clear and accessible statements about all of the UIDAI’s practices and policies.
The UIDAI privacy policy does not state the specific types of personal or sensitive data that could be collected, but instead states “As a general rule, this website does not collect Personal Information about you when you visit the site. You can generally visit the site without revealing Personal Information, unless you choose to provide such information.”

Features on the UIDAI website that require individuals to provide personal information and sensitive personal information include: Booking an appointment, checking aadhaar status, enrolling for e-aadhaar, enrolling for aadhaar, updating aadhaar data. Types of information required for these services include: mobile number, name, address, gender, date of birth, and enrolment ID.[7]

The privacy policy goes on to state: “If you are asked for any other Personal Information you will be informed how it will be used if you choose to give it. If at any time you believe the principles referred to in this privacy statement have not been followed, or have any other comments on these principles, please notify the webmaster through the Contact Us page. Note: The use of the term "Personal Information" in this privacy statement refers to any information from which your identity is apparent or can be reasonably ascertained.”
The UIDAI privacy policy does explain the purpose for collection of information on the website and the use of collected information.
The UIDAI privacy policy does not address the possibility of disclosure of information collected by the UIDAI from the use of its website, except in the case of when an individual provides his/her email at which point the privacy policy states “Your e-mail address will not be used for any other purpose, and will not be disclosed without your consent.”
The UIDAI privacy policy does not provide information about the security practices adopted by the UIDAI.

Consent

Rule 5 requires that prior to the collection of sensitive personal data, the body corporate must obtain consent, either in writing or through fax regarding the purpose of usage before collection of such information.

UIDAI Practices - in Line
The UIDAI collects written consent from individuals through the enrolment form for the issuance of an Aadhaar number.

Collection Limitation

Rule 5 (2) requires that body corporate only collect sensitive personal data if it is connected to a lawful purpose and if it is considered necessary for that purpose.

UIDAI Practices - in Line
The Aadhaar enrolment form requires only the necessary sensitive personal data for the issuance of an Aadhaar number. Individuals are given the option to provide banking and financial information.

Notice During Direct Collection

Rule 5(3) requires that while collecting information directly from an individual the body corporate must provide the following information:

The fact that the information is being collected
The purpose for which the information is being collected
The intended recipients of the information
The name and address of the agency that is collecting the information
The name and address of the agency that will retain the information

UIDAI Practices - Partially in Line
The Aadhaar enrolment form does not provide the following information:

The intended recipients of the information
The name and address of the agency collecting the information
The name and address of the agency that will retain the information

Retention Limitation

Rule 5(4) requires that body corporate must retain sensitive personal data only for as long as it takes to fulfil the stated purpose or otherwise required under law.

UIDAI Practices - Unclear
It is unclear from publicly available information what the UIDAI retention practices are.

Use Limitation

Rule 5(5) requires that information must be used for the purpose that it was collected for.

UIDAI Practices - Unclear
It is unclear from publicly available information if the UIDAI is using collected information only for the purpose for which it was collected for.

Right to Access and Correct

Rule 5(6) requires body corporate to provide individuals with the ability to review the information they have provided and access and correct personal or sensitive personal information.

UIDAI Practices - Partially in Line
Though the UIDAI provides individuals with the ability to access and correct personal information, as stated on the enrolment form, correction is free only if changed within 96 hours of enrolment. Additionally, as stated on the enrolment form, if an individual chooses to allow for the UIDAI to facilitate the opening of a bank account and link present bank accounts to the UID number, this information, after being provided, cannot be corrected. The UIDAI website has a portal for updating information, but only name, address, gender, data of birth, and mobile number can be updated through this method. [9]

Right to ‘Opt Out’ and Withdraw Consent

Rule 5(7) requires that body corporate must provide individuals with the option of 'opting out' of providing data or information sought. Individuals also have the right to withdraw consent at any point of time. Body corporate has the right to withdraw services if consent is withdrawn.

UIDAI Practices - Partially in Line
The UID enrolment form provides individuals with one ‘optional’ field - the option of having the UIDAI open a bank account and link it to the individuals UID number or having the UIDAI link present bank accounts to individuals UID number. No other option to ‘opt out’ or withdraw consent is present on the enrolment form or the UIDAI privacy policy, terms of use, or website.

Security of Information

Rule 8 requires that body corporate must secure information in accordance with the ISO 27001 standard. These practices must be audited on an annual basis or when the body corporate undertakes a significant up gradation of its process and computer resource.

UIDAI Practices - Unclear
The security practices adopted by the UIDAI are not mentioned in the website privacy policy, on the website, or on the enrolment form, thus it is unclear from publicly available information if the UID is compliant with ISO 27001 standards. Though the UIDAI has been functioning since 2010, and it is unclear from publicly available information if annual audits of the UIDAI security practices have been undertaken.

Disclosure with Consent

Rule 6 requires that body corporate must have consent before disclosing sensitive personal data to any third person or party, except in the case with Government agencies for the purpose of verification of identity, prevention, detection, investigation, including cyber incidents and prosecution and punishment of offenses, on receipt of a written request.

UIDAI Practices - Partially in Line
In the enrolment form, consent for disclosure is stated as ‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” This is a blanket statement and allows for all future possibilities of sharing and disclosure of information provided with any organization that the UIDAI deems as ‘engaged in the delivery of welfare services’.

The UIDAI privacy policy only addresses the disclosure of an individual’s email address with consent. Though not directly addressing disclosure, the UIDAI privacy policy also states “ We will not identify users or their browsing activities, except when a law enforcement agency may exercise a warrant to inspect the service provider's logs.”

Prohibition on Publishing and Further Disclosure

Rule 6(3) and 6(4) prohibit the body corporate from publishing sensitive personal data or information. Similarly, organizations receiving sensitive personal data are not allowed to disclose it further.

UIDAI Practices - in Line
The UDAI does not publish sensitive personal data. It is unclear what practices and standards registrars and enrolment agencies are functioning under.

Requirements for Transfer of Sensitive Personal Data

Rule 7 requires that body corporate may transfer sensitive personal data into another jurisdiction only if the country ensures the same level of protection.

UIDAI Practices - Unclear
It is unclear from publicly available information if information collected by the UIDAI is transferred outside of India.

Establishment of Grievance Officer

Rule 5(9) requires that body corporate must establish a grievance officer and the details must be posted on the body corporates website and grievances must be addressed within a month of receipt.

UIDAI Practices - in Line
The website of the UIDAI provides details of a grievance officer that individuals can contact.[10] It is unclear from publicly available information if grievances are addressed within a month.

[1]. http://164.100.47.134/lsscommittee/Information%20Technology/15_Information_Technology_52.pdf

[2]. http://dispur.nic.in/itact/it-procedures-sensitive-personal-data-rules-2011.pdf

[3]. http://uidai.gov.in/

[4]. http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf

[5]. http://uidai.gov.in/organization-details.html

[6]. http://uidai.gov.in/privacy-policy.html

[7]. http://resident.uidai.net.in/home

[8]. http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf

[9]. https://ssup.uidai.gov.in/web/guest/ssup-home

[10]. http://uidai.gov.in/contactus.html

For more details visit https://cis-india.org/internet-governance/blog/uid-practices-and-it-act-sec-43-a-and-subsequent-rules

Open Call for Comments: The Privacy Protection Bill 2013 drafted by the Centre for Internet and Society

bhairav — 2014-02-25T05:38:27Z

The Centre for Internet and Society is announcing an Open Call for Comments to the CIS Privacy Protection Bill 2013.

In early 2013 the Centre for Internet and Society drafted the Privacy (Protection) Bill 2013 as a citizen’s version of privacy legislation for India. The Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

The Centre for Internet and Society has been collecting comments to the Privacy Protection Bill since April 2013 with the intention of submitting the Bill to the Department of Personnel and Training as a citizen’s version of a privacy legislation for India. If you would like to submit comments on the Privacy Protection Bill to be included as part of the Centre for Internet and Society’s submission to the Department of Personnel and Training, please email comments to bhairav@cis-india.org.

Download the latest version of the Privacy Protection Bill (February 2014)

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-open-call-for-comments

CIS Welcomes 52nd Report on Cyber Crime, Cyber Security, and Right to Privacy

elonnai — 2014-02-24T10:49:46Z

The “Fifty Second Report on Cyber Crime, Cyber Security, and Right to Privacy” issued by the 2013 -2014 Standing Committee on Information Technology on February 12th 2014, highlights the urgent need for reform in India’s cyber security framework and the need for the much awaited privacy legislation to be finalized and made into a law.

Read the Fifty-Second Report on Cyber Crime, Cyber Security and Right to Privacy released by the Department of Electronics and Information Technology

The Report consists of questions on the state of cyber security, cyber crime, and privacy posed by the Standing Committee and briefings and evidence provided by the Department of Electronics and Information Technology (DEITY ) in reply. The Report concludes with recommendations from the Standing Committee on the way forward.

The Report represents an important step forward in the realm of privacy and cyber security in India as the evidence provided by DEITY clarifies a number of aspects of India’s present and upcoming cyber security policies and practices. Furthermore, the recommendations by the Standing Committee highlight present gaps and inadequacies in India’s policies and practices and needed steps forward– particularly the need for a privacy legislation in India in the context of cyber security, increased transactions of sensitive data, and governmental projects like the Unique Identification Project.

Broadly, the Standing Committee sought input from DEITY on eight different aspects of cyber crime, cyber security, and privacy in India - namely: the growing incidents of cyber crime and resulting financial loss, the challenges and constraints of cyber crime, the role of relevant governmental organizations in India with respect to cyber security, preparedness and policy initiatives, cyber security and the right to privacy, monitoring and grievance redressal mechanism, and education and awareness initiatives. The evidence provided by DEITY sheds light on the present mindset of the Government at this time, upcoming policies, and capacity and infrastructure gaps in India’s cyber security framework.

The Centre for Internet and Society appreciates the Report and we would like to highlight and emphasize the following aspects:

Need for a privacy legislation and inadequacy of privacy provisions in Information Technology Act: When asked by the Standing Committee about the right to privacy and cyber security, DEITY highlighted the fact that the Information Technology Act contains sufficient safeguards for privacy, and added that the Department of Personnel and Training (DoPT) is in the process of developing a privacy legislation that will address the general concerns of privacy in the country, and thus the two together will be sufficient. DEITY also noted that no study on the extent of privacy breach due to cyber crime in India has been conducted. In their recommendations, the Standing Committee noted that it was unhappy that the Government has yet to institute a legal framework on privacy, as the increased transfer of sensitive data and projects like the UID leave citizens vulnerable to privacy violations . Significantly, the Standing Committee recommended that though the DoPT is currently responsible for drafting the Privacy Bill, DEITY should coordinate with the DoPT and become involved in the process.

As recognized by the Standing Committee, the Centre for Internet and Society would like to further emphasize the inadequacy of the provisions relating to privacy in the Information Technology Act, and the need for a privacy legislation in India. Inadequate aspects of the provisions have been pointed out by a number of sources. For example:

The Report of the Group of Experts on Privacy: Prepared by the committee chaired by Justice AP Shah
First Analysis of the Personal Data Protection Law in India: Prepared by the University of Namur for the Commission of the European Communities Directorate General for Justice, Freedom, and Security
Comments on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011: Prepared by the Centre for Internet and Society and submitted to the Committee on Subordinate Legislation of the 15th Lok Sabha
India’s U-Turns on Data Privacy: Prepared by Graham Greenleaf for the Privacy Laws & Business International Report, Issues 110 -114, 2011

Unclear Enforcement of 43A and associated rules: In evidence provided, DEITY, while discussing section 43A and the associated Rules, noted that the Data Security Council of India and empanelled security auditors through CERT-in are responsible for the ‘auditing of best practice’s (pg 24). The Standing Committee did not directly respond to this comment.

The Centre for Internet and Society would like to point out that DEITY did not clearly state that DSCI and the auditors through CERT-in were responsible for auditing organizational security practices for compliance with 43A. Furthermore, there is no publicly available information regarding audits ensuring compliance with 43A or information about the number of companies that have been found to be compliant. The Centre for Internet and Society would like to encourage that this information be made public, and compliance with 43A be enforced at the organizational level.

UIDAI not in compliance with 43A and associated Rules: In evidence provided, DEITY noted that “..Section 43A and the rules published under that Section cover the entire privacy in case of digital data. These are being followed by UIDAI also and other organisations...” (pg.46) In their recommendations the Standing Committee did not directly address this comment, but did emphasize the need for a privacy legislation in light of the UID scheme.

The Centre for Internet and Society appreciates that the Standing Committee raised concern about the privacy implications of the UID project. We would like to highlight that the UIDAI is not a Body Corporate, and is not in compliance with 43A or the subsequent Rules in the Information Technology Act. Furthermore, the UID project involves the handling and processing of data in analogue and digital formats, and thus the privacy protections found under 43A are not sufficient.

The potential harms of metadata: In evidence provided, the Department noted “...we have been assured that whatever data has been gathered by them for surveillance relates only to the metadata..but we expressed that any incursion into the content will not be tolerated and is not tolerable from the Indian stand and point of view.” (pg.47) The Standing Committee did not respond directly to this comment.

The Centre for Internet and Society would like to thank the Standing Committee for noting that the Government should have taken prior steps to preventing such an interception from taking place and for recommending the Department to take develop a policy to prevent future instances of interception from taking place. The Centre for Internet and Society would like to emphasize the importance and potential sensitive nature of metadata. Metadata can, and often does, disclose more about an individual or an activity than the actual content. For example, metadata can reveal identity, behaviour patterns, associations, and can enable the mapping of location and individual movement. As such, the Centre for Internet and Society would recommend that the Government of India treat access to all information generated by individual and governmental communications as sensitive and confidential.

Inadequacy of the Information Technology Act: When asked by the Standing Committee if the Information Technology Act provided sufficient legal safeguards for cyber security and cyber crime, DEITY highlighted the fact that the Information Technology Act 2000 addresses all aspects of cyber crime in a comprehensive manner. DEITY also pointed out that the National Cyber Security Policy 2013 has provisions to enable the development of a legal framework, and the Department of Personnel and Training is in the process of drafting a privacy legislation for India that will fill any gaps that exist. In their recommendations, the Standing Committee recognized that the Information Technology Act does contain provisions that address cyber security and cyber crime, but, especially in the recent controversy over section 66A of the Act, Standing Committee emphasized the need for periodical reviews of the IT Act.

The Centre for Internet and Society appreciates the fact that the Committee recognized the need for periodical review of the Information Technology Act, particularly in light of the controversy over 66 A. The Centre for Internet and Society would like to underscore the problems associated with 66A and would like to highlight that with regards to privacy and cyber security, the IT Act is not adequate and falls short in a number of areas. Research that the Centre for Internet and Society has conducted explaining these weaknesses can be found through the below links:

Breaking Down Section 66A of the IT Act
Short note on IT Amendment Act, 2008

Implications of domestic servers: In response to questions posed by the Standing Committee about security risks associated with the importation of electronics and IT products, as well as the hosting of servers outside the country, DEITY noted the security risk of using foreign infrastructure and pointed to the hosting of servers in India as a solution to protecting the security and privacy of Indian data. The Standing Committee supported this initiative, and encouraged DEITY to take further steps towards securing and protecting the privacy of Indian data through the hosting of servers for critical sectors within India.

The Centre for Internet and Society appreciates the fact that the Standing Committee carefully limited the recommendation of locating servers in India to those in critical sectors, but would caution the Government of potential implications on users ability to freely access content and services, and highlight the fact that localization of servers is not a security solution in itself as a comprehensive solution and hardening of critical assets against cyber attacks is essential.

Incorporation of safeguards into MOU’s for international cooperation: When asked about MOU’s for international cooperation that DEITY has engaged in with other countries, DEITY reported that currently CERT-in is entering into a number of MOU’s with other countries to facilitate cooperation for cyber security purposes. Presently there are MOUs with the US, Japan, South Korea, Mauritius, Kasakhstan, Finland, and the Canada Electronics and ICT sector. DEITY is also seeking MOUs with Malaysia, Israel, Egypt, Canada, and Brazil. The Standing Committee supported India entering into MOU’s for purposes of international cooperation, and encouraged DEITY to continue entering into MOU’s to mitigate jurisdictional complications when seeking to address issues related to cyber security.

The Centre for Internet and Society recognizes the importance of international cooperation when handling issues related to cyber security and cyber crime. To ensure that this process is in line with human rights, the Centre for Internet and Society would encourage DEITY to ensure that all MOU’s and/or Mutual Legal Assistance Agreements:

Uphold the principle of dual criminality
Apply the highest level of protection for individuals in the case where the laws of more than one state could apply to communications surveillance
Are not used by any party involved to circumvent domestic legal restrictions on communications surveillance.
Are clearly documented and publicly available
Contain provisions guaranteeing procedural fairness.[1]

Hactivism as a benefit to society: In evidence provided on page 14, DEITY, among other elements, referred to Hactivism as a societal challenge to securing cyber security and tackling cyber crime. The Standing Committee did not directly address this comment.

The Centre for Internet and Society would like to point out that hacktivism is a complex topic and consists of methods. Though some methods used by hacktivists are illegal, and some use hacktivism for censorship purposes and to target certain groups, other forms of hacktivism can benefit society and strengthen cyber security by finding and revealing vulnerabilities in a system, and bringing attention to illegal or violative practices.

This works towards ensuring that a system is adequately secure. Because of the dynamic nature of hacktivism, the Centre for Internet and Society believes that hacktivism needs to be evaluated on a case by case basis and the Government should not broadly label hacktivism as a challenge to cyber security and cyber crime.[2]

Importance of the anonymous speech: In evidence provided, DEITY noted the threat to cyber security that the anonymous nature of the internet posed. This was reiterated by the Standing Committee in their recommendations.

While recognizing the potential threat to cyber security that the anonymous nature of the internet can pose, the Centre for Internet and Society would like to highlight the importance of anonymous speech online to an individual’s right to free expression.

Conclusion

Recognizing the direct connection between a strong privacy framework and a strong cyber security framework, as security cannot be achieved without privacy, and recognizing the need for a privacy legislation in light of governmental projects like the UID, the Centre for Internet and Society welcomes the Fifty Second Report on Cyber Crime, Cyber Security, and the Right to Privacy and echoes the Standing Committees recommendation and emphasis on the need for a comprehensive privacy legislation to be passed in India.

[1]. These safeguards are reflected in the principle of “safeguards for International Cooperation” found in the International Principles on the Application of Human Rights to Communications Surveillance” https://en.necessaryandproportionate.org/text

[2]. For more information about hacktivism see: Activism, Hacktivism, and Cyberterrorism. The Internet as a Tool for Influencing Foreign Policy. By Dorothy E. Denning. Georgetown University. Available at: http://www.iwar.org.uk/cyberterror/resources/denning.htm

For more details visit https://cis-india.org/internet-governance/blog/cis-welcomes-fifty-second-report-on-cyber-crime-cyber-security-right-to-privacy

Calcutta High Court Strengthens Whistle Blower Protection

divij — 2014-02-24T06:38:44Z

Calcutta High Court has ordered for protection of whistle blower's privacy in its November 20, 2013 order. The court has directed the government to accept RTI applications without the applicant's personal details.

In the absence of any law for the protection of whistle-blowers in the country, exposing the rampant corruption in our public institutions has become a hazardous occupation, with reports of threat and intimidation and even incidents of murder of whistle-blowers commonplace.[1] With the Whistle blower’s Protection Bill in abeyance and without any strict laws protecting the identities of the whistle-blowers who challenge such a corrupt system, even the mechanisms like the Right to Information Act which are meant to safeguard against systemic abuse and ensure transparency are being severely undermined.

For this reason, the Calcutta High Court’s affirmation of whistle-blowers’ privacy and identity protection is an important development. Through its order on the 20th of November, 2013, the Calcutta High Court held that for the purposes of section 6(2), which requires an application to the Public Information Officer to provide contact details of the applicant, it is sufficient in such application to disclose only the post-box number of the applicant. The court directed the Government to accept RTI applications without personal details or detailed whereabouts, when a post-box number or sufficient detail has been provided to establish contact between the whistle-blower and the authority. However if a public authority has any difficulty contacting the applicant through the Post Box No. the applicant may be asked to provide other contact details. The court further directed that personal details of applicants are not to be posted on the authorities’ websites.

The order, which was notified by the Government last week, ensures to some extent the protection of a whistle-blowers identity, and reduces the chances of the RTI being undermined by threats or acts of violence by those who are a part of the corrupt system, against persons exercising their right to information. However, its implementation is liable to be contingent on the authorities’ interpretation of when it would be “difficult” to establish contact between the authority and the applicant. Certain practical difficulties could also undermine the actual impact of the order, such as the fact that many applications are sent through registered or speed post, which cannot be mailed to a post-box number, especially since ordinary post cannot be tracked online like speed or registered post.[2]

Developing a system in which ordinary citizens do not have to fear retaliation for exposing corruption requires a comprehensive legislation protecting whistle-blowers identities and ensuring data security. However, the important message this judgement sends out is that the judiciary is still committed to protecting whistle-blowers, in lieu of the government’s actions. This is a particularly important stance taken by the Court, considering the Supreme Court in the past has refused to frame guidelines for whistle-blower protection, citing the imperative in enacting a whistle-blower legislation to be the Parliament’s.[3]

A full text of the judgement is available here.

[1].Whistleblower shot dead in Bihar, THE HINDU, available at http://www.thehindu.com/news/national/whistleblower-shot-dead-in-bihar/article4542293.ece; Tamil Nadu Whistleblower alleges death threats; Silence from Government, NDTV, available at http://www.ndtv.com/article/india/tamil-nadu-whistleblower-alleges-death-threats-silence-from-govt-410450.

[2]. Indian Postal Tracking Portal, http://www.indiapost.gov.in/tracking.aspx.

[3]. Supreme Court refuses to frame guidelines for protection of whistleblowers, Daily News and Analysis, available at http://www.dnaindia.com/india/report-supreme-court-refuses-to-frame-guideline-for-protection-of-whistleblowers-1525622.

For more details visit https://cis-india.org/internet-governance/blog/calcutta-hc-strengthens-whistle-blower-protection

Counter Surveillance Panel: DiscoTech & Hackathon

praskrishna — 2014-02-28T05:36:15Z

We invite you to a Counter Surveillance DiscoTech and Hackathon at the Centre for Internet and Society in Bangalore on Saturday, March 1, 2014 (9.00 a.m. to 5.00 p.m.). The event is being co-organized by the Centre for Internet and Society in tandem with the MIT Centre for Civic Media Co-Design Lab, with support from members of Tactical Technology Collective, Hackteria.org and Srishti School of Art Design and Technology. Registrations begin at 9.00 a.m. The event shall close with a featured talk by renown information activist and maker lab innovator Smari McCarthy, titled "Privacy for Humanity" at 5.00 p.m.

Overview

Mirroring the call by MIT Civic Media Lab Co-Design Studio, this event brings together students, technologists, designers and citizens to explore counter-surveillance strategies. The event will be held simultaneously across various locations including Boston, Palestine, Lisbon and Buenos Aires. Click here for the definition of DiscoTech.(Discovering Technology)

Agenda

We shall begin with brief contextualized introductions catalyzed by researchers in the field of privacy & surveillance, followed by workshops and hackathons led by expert practitioners. Participants are welcome from diverse backgrounds looking to be involved in designing engaging and creative ways to counter surveillance. The event shall close with a featured talk by renown information activist and maker lab innovator Smari McCarthy , titled "Privacy for Humanity" at 5.00 p.m.

Introductory Catalyst Sessions

Malavika Jayaram: Fellow at Berkman Center for Internet and Society at Harvard University and the Centre for Internet and Society, Bangalore
Laird Brown: DesiSec Project at the Centre for Internet and Society, Bangalore and University of Toronto
Kaustubh Srikant: Head of Technology, Tactical Technology Collective and Maya Indira Ganesh (Program Director)
Abhay Raj Naik: Assistant Professor, Azim Premji University

Design and Hackathon Lead Catalysts

Yashas Shetty:Faculty@ www.srishti.ac.in and Co-Founder Hackteria.org (DNA Spoofing, Surveillance Camera: Avoidance, Microscopic Re-Appropriation & Bacterial Discotheque)

Hari Dilip Kumar: Co, Founder, FluxGen: (Introducing data transmission protocols, Software Defined Radio (SDR) design and surveillance detection )

Sharath Chandra Ram: Researcher @ CIS Open Lab and Faculty@Srishti (Civic Media solutions using open citizen networks and the web, spectrum scanning, visual communication design strategies, finger print mash-up publishing)

Featured Talk and Interactive Closing Session by Smari McCarthy

(Executive Director, International Modern Media Institute and Founder, Icelandic Pirate Party & Icelandic Digital Freedom Society)

Title of Talk: PRIVACY for HUMANITY - 5.00 p.m.

Click to download the flyer invite
Date: Saturday, March 1, 2014
Time: 9.00 a.m. to 5.00 p.m. (Registration 9.00 a.m. sharp)
Venue: Centre for Internet and Society, Bangalore
Map : http://bit.ly /1fcDDLG

Please RSVP due to limited space and logistics for lunch and refreshments

For more details visit https://cis-india.org/events/counter-surveillance-panel-disco-tech-hackathon

The Forbes India 30 Under 30 List

praskrishna — 2014-02-21T07:59:41Z

Showcasing an enterprising new generation that dreams big and refuses to say die.

This article by Abhilasha Khaitan appeared in the Forbes India magazine of 21 February, 2014. Pranesh Prakash features in the list.

To borrow from Ayn Rand, ‘the question for this generation isn’t who is going to let them but who is going to stop them’. As a torchbearer of individualism, Rand would have approved of the first-ever Forbes India 30 Under 30 list. Sort of. The rider: This isn’t just a celebration of capitalism and profit; it is also in recognition of social value. Do-gooders, geeks, greens, musicians, sportspersons, creative-types and biz kids: The net was thrown wide to catch the best and the brightest.

As the names on the previous page will tell you, it was a worthwhile effort.

It was also an education. Generalisations, it appears, do not apply to the youth. Consider India’s reputation as nerd-land and a skew in favour of techpreneurs and IT geniuses would be expected. But while brilliant professionals dot the landscape, only a few seem to have translated an original thought into a viable, disruptive business proposition. Pallav Nadhani of FusionCharts, Rahul Yadav of Housing.com and Nischal Shetty of JustUnfollow , for instance, score high on both originality and utility.

If there is a slant, it is towards verticals that best suit the lone ranger: Sports, entertainment, the arts. Even there, though, we tried to separate the clichéd from the uncharted and zeroed in on Sushant Singh Rajput and Rajkummar Rao; and Suhail Yusuf Khan and Aathira Krishna; and Rahul Dravid’s purported successor Cheteshwar Pujara.

Plot this list on a heat map and the social entrepreneurship and policy dots would glow red too. Sectors with the potential for real change are drawing them in hordes. There is Rwitwika Bhattacharya who figured out the best way to get political leaders to perform is by helping them do it; Shashank Kumar who is committed to empowering farmers. Even those with different skill sets—design, in this case—are not oblivious: So a communication designer, Aditi Gupta, tries to create awareness about menstruation, a taboo subject.

Then some are in it for the happiness quotient: Pooja Dhingra for her macarons and Shivan and Narresh for their bikini sari.

This might be a good point to ask: Where is Virat Kohli? Deepika Padukone? Any sub-30 list should lead with those names. Here’s the thing: They don’t even make our consideration set. The reason is in the purpose behind this search: Forbes India was looking for a spark, for a story that is still waiting to be told and, for the most part, only starting to unfold.

To that end, individuals who are already forces in their fields—household names—will feature on another day, on another list.

As for those who are part of this list of possibility, it really is a question of who is going to stop them.

30 Under 30 list

Art & Culture
Suhail Yusuf Khan, 26
Sarangi Player / Vocalist

Aathira Krishna, 25
Carnatic Violinist

Design
Moneet Chitroda, 28
Sr Designer - Interiors, Renault Techno Centre

Aditi Gupta, 29
Co-Founder, Menstrupedia.com

Lokesh Karekar, 29
Visual Artist & Director, Locopopo

Alok Shetty, 27
Principal Architect & Founder, Bhumiputra Architecture

E-Commerce
Rahul Yadav, 24
Co-founder & CEO, Housing.com

Bhavish Aggarwal, 28
Co-Founder and CEO, Olacabs

Entertainment
Sushant Singh Rajput, 27
Actor

Rajkummar Rao, 29
Actor

Kishan SS, 18
Actor / Director

Fashion
Shivan Bhatiya & Narresh Kukreja, 29, 28
Swimwear Designers

Finance
Raghu Kumar, 28
Co-Founder, RKSV

Manju Bhatia, 27
Joint MD, Vasuli Recovery

Food & hospitality
Pooja Dhingra, 27
Founder-Chef, Le15 Patisserie

Greentech & sustainability
Abhishek Humbad, 27
Founder, NextGen PMS

Healthcare
Kabir Chadha, 27
Founder & CEO, Epoch Elder Care

Law, policy & Politics
Rwitwika Bhattacharya, 27
Founder, Swaniti Initiative

Pranesh Prakash, 28
Policy Director, Centre for Internet and Society

Apar Gupta, 29
Partner, Advani & Co.

NGOs & Social Entrepreneurship
Shashank Kumar, 28
Co-Founder, Farms n Farmers

Tarique Mohammad Quereshi, 29
Founder, Koshish

Anoj Viswanathan, 26
Co-Founder & President, Milaap

Kuldeep Dantewadia, 25
CEO & Co-Founder, Reap Benefit

Social Media / Mobile / Digital
Nischal Shetty, 28
Founder, JustUnfollow

Sports
Deepika Kumari, 19
Archer

Cheteshwar Pujara, 26
Cricketer

Gaganjeet Bhullar, 25
Golfer

Technology
Pallav Nadhani, 29
Co-Founder & CEO, FusionCharts

Paras Chopra, 26
Founder, Wingify

Methodology

Will we find 30 under-30s? That was the question that troubled when we started work on this project. The numbers are easy enough to add up but the list had to be representative, relevant and, well, not half-baked.

It was never going to be exhaustive. We knew that. The landscape was too vast, the information too sparse and spread out. But limited though it may be in geographical scope, the rigour in research—and the depth in young talent—has produced quality that satisfies the parameters we had set at the beginning. These are: Trigger: The extent of achievement and his/her impact in a short span of time and the level of disruption/innovation that has been shown; Scope: Scalability of his/her business or line of work; Sustainability: Signs of being a flash in the pan or is there enough indication of a long-run play?

The research took on two legs: One, interviews by Forbes India staffers with sources across relevant categories as well as through studies of databases and media coverage. Two, an online application on forbesindia.com inviting applications from entrepreneurs/professionals who felt they qualified. This helped us arrive at a long list which went up to over 300 names across the 14 categories. (Even this number went through an initial vetting.)

The next step was narrowing down to a ‘short long’ list—the names most likely to make it to the top 30. This pool of 75 names was decided in consultation with experts and observers—and this was the toughest leg. Consider that we had entered the ‘first among equals’ phase where separating the final 30 from the other contenders was, really, a judgment call.

But armed with expert views, the Forbes India editorial team debated, argued and vetoed for hours to finalise the 30 individuals you will read about here. There are those outside the list that couldn’t be left out. They find mention too.

For more details visit https://cis-india.org/news/forbes-india-abhilasha-khaitan-feb-7-2014-india-under-30-list

Will You be Paid to Post a Picture?

nishant — 2014-03-06T11:58:41Z

The wave of free information production on the web is on the wane.

The article was published in the Indian Express on February 18, 2014

The age of volunteerism is officially over. The last decade of the mass adoption of the internet has been fuelled by endless human hours being spent in producing information which is the new currency of our times. The big transition to Web 2.0 began when the individual “user” became more than either an individual or the user. The individual found herself as a part of a collective, finding a voice and a community of others to belong to. Simultaneously, instead of being a passive consumer of the web, the user started producing data — blogs, videos, tweets, content management systems, online discussion boards, massively multiple online role-playing platforms, social network transactions — all of which became a part of the new Web’s widespread popularity.

Almost everything that we understand as the social web today is contingent upon people producing data in their interactions with the world around them. From knowledge producing websites like Wikipedia to entertainment platforms like YouTube, visualisation and data gathering spaces like Pinterest to photographs of self, food and cute animals on Instagram, political and social commentaries on Tumblr to Listicles and memes on Buzzfeed, the internet is a veritable smorgasbord of new information forms, formats and functions that are generated by the users.

What is possibly the most exciting about this burgeoning information universe has been the amount of free labour that goes into it, and often remains invisible. As digital labour scholar Trebor Schulz points out, the internet has become both a factory and a playground, where our leisure time is capitalised into producing work that sustains the new attention and information economies. For instance, the world’s largest social networking site, Facebook, does not produce any of its contents. It is, in fact, a system of information mining and sorting, which works as long as a growing user base continues to produce information on it. Tomorrow, if all of us stop producing Facebook, and only lurk on it, the platform will collapse. Which is why, Facebook continues to acquire new platforms and applications to be integrated into its universe.

Similarly, the real effort that goes into the sustenance of sites like Wikipedia, which has become the de facto reference for global knowledge systems, is carried out by unsung and invisible editors who patiently, meticulously, and without almost any expectation, continue to add, verify, strengthen and curate reliable information that we can use. When the non-profit organisation WikiMedia Foundation prides itself in running one of the least expensive websites in the top 10 most visited sites in the world, it is signalling its deep appreciation for the countless human hours that have made Wikipedia possible.

But, in recent years, there is noticeable stagnation in the wave of free information production on the Web. Oh, don’t get me wrong. We are producing an unprecedented amount of data — we are constantly being watched by surveillance technologies that detect biometric and genetic make-up of all our transactions, or we are inviting people to watch us on social network sites where we reveal some of our deepest secrets and desires, or we are watching ourselves, quantifying everything from things we ate to the number of hours we sleep. And yet, as we live in a world of Big Data, there is a definite decrease in people contributing to production of free information.

As the digital natives move from the web to mobile phones, traditional websites are already facing a crisis. News and media agencies that have celebrated the global citizen media networks have started realising that the individual user is more interested in local networks and information ecologies which are independent of mainstream conglomerates. And people are realising that their time and effort is worth money. They can be easily compensated for their online activities and gain reputation and importance.

The tension only becomes more palpable when people start realising that there are others who are being paid to work on the platforms that they are contributing to. We all knew that this model of depending on free information was not a sustainable one. But it seems the day has arrived, especially with the recent drives on Wikipedia to build specialised knowledge editors. In the last few months, we have seen people in the FemTechNet project — an academic activist feminist project that seeks to remind us of the intersections of feminism and technology in network societies — carry out “Wikistorming”, where students are adding pages of women’s contribution to technologies on Wikipedia. More recently, medicine students at University of Chicago have taken to correcting and adding accurate information to Wikipedia, which is often a source of health information.

Both of these are fantastic efforts to add to the platform that was the underdog that overthrew the mammoth encyclopaedia like The Encyclopaedia Britannica. We hope more specialised users in different locations, fields, disciplines and languages continue to edit and contribute to Wikipedia. However, it is also a signal that the generalist information producer is on the decline. We are transitioning into a new age, where people are going to need rewards, incentives and benefits for performing information transactions on the web. The user is no longer going to be available for free labour, and it is time we started thinking of “paid usership”.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-february-18-2014-nishant-shah-will-you-be-paid-to-post-a-picture

Dark days for the creative class in India: Siddiqui

praskrishna — 2014-02-17T09:14:43Z

As India’s literacy rate improves, governments, courts, media, publishers and big business are all stifling free speech.

Haroon Siddiqui's article was published in thestar.com on February 16, 2014. Pranesh Prakash is quoted.

In contrast to North America and Europe, India’s book publishers, newspapers and TV/radio stations are doing well, thanks to a rising literacy rate and a growing middle class. Authors, artists, journalists and filmmakers are enjoying big audiences and relatively good paycheques. Yet, paradoxically, free speech has never been so imperilled in the world’s largest democracy, for several reasons.

Governments are using colonial-era laws to stifle free speech. The lower courts and police are caving in to religious bigots who demand bans on what they don’t want to see and hear. Vigilante groups are using goon tactics to intimidate the creative class. Big business is slapping lawsuits and creating libel chill. Publishing houses are capitulating to legal, political and economic pressure. The media are too busy mollycoddling governments and advertisers to stand up for free speech.

Legal framework

The constitution guarantees free speech but, as in Canada and several European nations, it also imposes “reasonable restrictions” to maintain peace and public order. The Supreme Court has set a high bar for imposing any restrictions, yet both the federal and state governments routinely shut down anything that might flare communal riots, especially between Hindus and Muslims — a real and ever-present danger. Politicians don’t want blood on their hands to uphold the right of a preening writer to poke people in the eye. Critics counter that the political class doesn’t really care for intellectual freedom.

Libel and defamation laws criminalize speech and prescribe jail terms. This, again, is not much different than, say, the Canadian Criminal Code, under which those convicted of hate speech may be jailed for up to three years. (That’s what we are left with after the Stephen Harper Conservatives axed the civilian remedy that was available under the Human Rights Act.)

India’s Anti-Sedition Act prohibits words and actions that may cause “hatred or contempt or disaffection” toward government. This is used even against journalists, activists and those protesting government policies. As many as 6,000 farmers and fishermen were charged for opposing a nuclear plant along the southeast coast.

The Penal Code makes it an offence, punishable by up to three years in jail, to hurt anyone’s religious sensibilities; promote enmity between different religious groups; circulate “any statement or report containing rumour or alarming news with intent to create or promote, or which is likely to create or promote, on grounds of religion, race, place of birth, residence, language, caste or community feelings of enmity,” etc., etc.

Worse, the code allows anyone offended by anything to demand that the offensive material be removed.

Indians are easily offended, indeed are “desperate to be offended,” jokes novelist Manu Joseph. The milieu allows religious leaders and politicians to stoke real or imagined grievances and rush to the courts and the police, both of which usually cave in rather than risk the wrath of frenzied protesters.

“Instead of protecting the right of free expression, the state defends the offended,” writes Salil Tripathi on the website Index on Censorship.

Adds Kian Ganz, editor of the website Legally India: “Many of these British-colonial laws were written and enforced to ‘control’ a multi-ethnic and religious population. Yet they are still around and are regularly used to stifle free speech.”

Religious bigotry

While we hear mostly of angry Muslims taking offence to alleged insults to Islam — the 1988 ban on Salman Rushdie’s The Satanic Verses being the prime example — increasingly it is Hindu fundamentalists who have been agitating successfully against what they do not like.

“Hindu bigots have matched, or perhaps even outperformed, their Islamic counterparts,” writes Ramachandra Guha, India’s pre-eminent historian. He was condemning Penguin India’s decision last week to recall and pulp American academic Wendy Doniger’s The Hindus: an Alternative History, under pressure from a Hindu group that said the 2009 book contained “heresies” and was focused on “sex and eroticism.”

There has been no bigger victim of Hindu wrath than the late M.F. Hussain, the “Picasso of India.” His priceless work was vandalized, he was slapped with hundreds of lawsuits and threatened with death for painting Hindu deities in the nude. He went into exile in Doha, Qatar, where I spoke to him on the phone in 2011 and heard his pain at having been hounded out of his beloved India. We agreed to meet later but he died soon after, at age 95.

Last year, India’s leading intellectual Ashish Nandy was threatened with arrest for ostensibly offending Dalits (Hindus of a lower caste, formerly known as untouchables).

In 2012, Mumbai police arrested a young woman who complained on Facebook about the shutdown of the city of 18 million on the death of Bal Thackeray, leader of a chauvinist regional Hindu party. Another woman who “liked” the page was also detained,both for “hurting religious sentiments.”

In 2011, the western state of Gujarat stopped the sale of American journalist Joseph Lelyveld’s biography of Mahatma Gandhi, which suggested that the great leader may have had a sexual relationship with a male German architect. The chief minister (premier), Narendra Modi, is now the prime ministerial candidate of the Hindu nationalist Bharata Janata Party for federal elections in May, which he is favoured to win.

In 2010, Canadian author Rohinton Mistry’s 1995 book, A Fine Balance, was removed from the syllabus of Bombay University, his alma mater, following objections by a student, the grandson of Thackeray. The head of the university’s English Department had to go into hiding after receiving death threats.

In 2008, Delhi University expunged from its history course an essay by A.K. Ramanujam on Hinduism following complaints by a Hindu group, and Oxford University Press India temporarily stopped printing it.

Other examples:

In 2007, a court issued an arrest warrant for actor Richard Gere for kissing Bollywood actress Shilpa Shetty, following complaints by irate Hindus. An institute in the western city of Pune was vandalized because American academic James Laine had done part of his research there for his book, Shivaji: Hindu King in Islamic India. An art gallery in Bangalore hastily removed partially nude pictures of Hindu deities fearing retaliation by a Hindu moral squad.

Guha, the historian, once suggested that both Rushdie and Hussain, one pilloried by Muslims and the other by Hindus, be conferred India’s highest civilian honours. “That would have been a blow for artistic freedom. And it’d have equally offended Hindu and Islamic bigots.”

Libel chill

There has been a steady rise in what free speech advocates see as nuisance lawsuits by corporate houses, businessmen and political parties.

In December, Jitender Bhargava, executive director of Air India until 2010, saw his book on the national airline withdrawn by Bloomsbury India, allegedly under political pressure.

The same month, another book, Sahara: The Untold Story, on the controversial finance and real estate conglomerate, was held back under a court order.

In 2011, Penguin removed a chapter in The Beautiful and the Damned from its Indian edition after Arindam Chaudhuri, who runs business schools, sued about his profile in it. He also sued Caravan, a journal of politics and culture, for an article on how he had “made a fortune off the aspirations and insecurities of India’s middle class.” The Delhi-based businessman still has the Delhi-based magazine entangled in the case he filed in a jurisdiction 1,750 kilometres away — and 300 kilometres from the nearest airport.

Penguin also held back a biography of J. Jayalalithaa, chief minister of the southern state of Tamil Nadu, who had a stay order issued against it.

In 1998, a book about the head of a textile conglomerate, Dhirubhai Ambani, was not published in India after the publisher was threatened with lawsuits. A second edition of The Polyester Prince was issued in India but with the offending material cut out.

It is difficult for outsiders, especially without the benefit of reading the materials in dispute, to judge the timidity of the publishers. But there’s no questioning the creeping self-censorship.

Obeisant media

Vinod Jose, executive editor of Caravan, writes in its annual media issue:

“Media owners bargained with the government to secure lucrative licences to mine coal blocks in return for their power to influence the public. Editors got caught on tape striking deals with lobbyists but remained arrogantly unapologetic. Owners fired political editors who wrote about politics independently . . . Forbes India pulled a story because it irked the finance ministry.”

Jose said that in 2013, the year surveyed, “the dominant mood of the press was docility.” If in the 1950s and 1960s, the media served the state, now they serve big business. They have begun to expose government corruption but remain mostly mum on corporate malfeasance. The Times of India, the country’s largest English daily, takes equity in some companies it provides advertising space to.

State surveillance

India, like the United States and other democracies, is under heavy criticism for invasion of citizen privacy under sweeping state surveillance, especially by its eight intelligence agencies that operate under mostly secretive powers.

“The real problem is that we don’t know what powers they do have — we only know bits and pieces about the Centralised Monitoring System (CMS), from some tender documents that indicate that the government intends to track web usage, phone calls, text messages and map location information, apparently without the knowledge of even telecom operators,” says Nikhil Pahwa of MediaNama (Media Journal), a website that provides news and analysis of digital media. “The issue is even less obvious here than that of the NSA,” the National Security Agency in the United States.

“The rules give the Indian government the ability to gag free speech, and block any website it deems fit, without publicly disclosing why or who blocked it — or providing adequate recourse for getting the block removed.”

“Intelligence agencies are not answerable to parliament, only to the Home ministry,” says Anja Kovacs of the Centre for Internet and Society. There are few checks and balances, little or no civilian oversight.

“The Indian government’s centralized monitoring is chilling, given its reckless and irresponsible use of the sedition and Internet laws,” says Human Rights Watch. “New surveillance capabilities have been used . . . to target critics, journalists and human rights activists.”

“Every month at the federal level, 7,000 to 9,000 phone taps are authorized or re-authorized,” writes Pranesh Prakash, policy director for the Centre for Internet and Society.

Conclusion

It is useful to remember that whatever is true of India, the exact opposite may also be true. So, while the situation is getting bleaker on the free speech front, in India the state is not the sole culprit, unlike in Russia, China or other authoritarian places. India also has a vibrant civil society that’s hammering away — is free to hammer away — at the need for a liberal polity to be liberal. The intellectuals, activists and NGOs I have quoted, testify to that. Here’s another:

The PEN All-India Centre in Mumbai and the newly formed Delhi Pen, both part of the global network of writers dedicated to free speech, said this last week:

“The removal of books from our bookshops, bookshelves and libraries, whether through state-sanctioned censorship, private vigilante action or publisher capitulation are all egregious violations of free speech that we shall oppose in all forms at all times.”

For more details visit https://cis-india.org/news/the-star-op-ed-february-16-2014-haroon-siddiqui-dark-days-for-creative-class-in-india

Workshop on Media Law & Policy Curriculum Development

praskrishna — 2014-02-17T10:25:54Z

Centre for Communication Governance, National Law University, Delhi and University of Oxford in support with the International Higher Education-Knowledge Economy Partnerships Programme of the British Council is organizing this workshop on February 16 at National Law University in Delhi.

Chinmayi Arun is a speaker and Bhairav Acharya will be speaking at this event.

Timing	Programme
10.00 10.10	Welcome Address Prof. (Dr.) Srikrishna Deva Rao, Registrar & Professor of Law, National Law University, Delhi
10.10 10.15	Introduction to the Project Chinmayi Arun, Research Director, Centre for Communication Governance at National Law University, Delhi
10.15 10.45	Session 1: Introductory Material The Media Landscape, Media & Democracy Lead discussants: Aloke Thakore, Kanamma Raman, Sukumar Muralidharan and Vibodh Parthasarathi Freedom of Expression & Freedom of Press Lead discussants: Arudra Burra, Bhairav Acharya, Manav Kapur and Sukumar Muralidharan
10.45 11.30	Session 2: Media Law The State and the Media (Sedition, Contempt of Court, Parliamentary Privilege and Reporting Court Proceedings) Geeta Seshu, Jawahar Raja, Manav Kapur, Praveen and Sukumar Muralidharan Citizen, Society and the Media (Defamation, Obscenity, Public Order & Communal Harmony and Privacy) Arudra Burra, Bhairav Acharya, Jawahar Raja, Praveen and Saurav Datta
11.30 11.45	Tea
11.45 12.15	Session 3: Media Content & Regulatory Mechanism and Public Service Broadcasting Media Carriage, Pluralism, Ownership & Cross Ownership Lead discussants: Aloke Thakore, Geeta Seshu, Saurav Datta and Vibodh Parthasarathi
12.15 12.45	Session 4: Converged Media, Globalised Media and the Internet Lead discussants: Aloke Thakore, Abhinav Srivastava, Geeta Seshu Kanamma Raman and Sukumar Muralidharan
12.45 13.30	General Feedback about accessibility, structure and other miscellaneous factors

For more details visit https://cis-india.org/news/workshop-media-law-and-policy-curriculum-development