We are anonymous, we are legion

Indian government wakes up to risk of Hotmail, Gmail

praskrishna — 2013-12-30T04:24:57Z

Worried by US spying revelations, India has begun drawing up a new email policy to help secure government communications, but the man responsible for drafting the rules still regularly uses Hotmail.

This was originally published by AFP on December 7, 2013, was also mirrored by the Times of India, Livemint, Reuters, Dawn, NDTV, Yahoo News, The Malaysian Insider and Asia One Digital. A slightly modified version was published by Silicon India on December 11. Sunil Abraham is quoted.

Like many of his peers in ministries across New Delhi, IT Minister Kapil Sibal's office recently sent an email inviting journalists to the launch of his new personal website using the free email service.

Others, including senior foreign ministry officials, the information and broadcasting minister and the health ministry secretary, also use Gmail, Hotmail or Yahoo instead of their government accounts.

When asked why he continued to use his Hotmail for official use, Sibal declined to comment, but a senior bureaucrat in his ministry admitted that he personally preferred Gmail because it is "just a lot easier".

"We keep moving, get different designations, go different places and with that, our emails change. You lose contacts and important emails, which you don't need to worry about with a Gmail account," the bureaucrat told AFP.

"To be honest, the quality of our official mail isn't that great yet. It still needs some work," he added on condition of anonymity.

Security concerns

IT security expert Sunil Abraham said the use of Gmail and the like was highly risky since the American services had their servers in the US and the National Security Agency has been known to tap into their database systems.

It is unclear how many state and federal public workers actively use popular email services for office, but some of the estimates are startling.

"As much as 90 percent of government officials use private email (services) for official use... that's because their official email is not as stable or speedy," said Abraham, executive director of the Bangalore-based Centre for Internet and Society.

In September Sibal's ministry announced a new "Email Policy of the Government of India" in the wake of spying allegations about the NSA revealed by former NSA contractor Edward Snowden.
NSA's tentacles not only crept into the Indian embassy in Washington and its UN office in New York, but also accessed email and chat messenger contact lists of hundreds of millions of ordinary citizens worldwide, according to media reports.

During a single day last year, the NSA's Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, The Washington Post said, according to an internal NSA presentation.

The $11 million Indian project aims to bring some five million public employees onto the government's email domain powered by the National Informatics Centre (NIC) as early as mid-December.

It is awaiting clearances and suggestions from all ministries before the proposal goes to the cabinet this month.

J. Satyanarayana, secretary of the department of electronics and IT, dismissed claims that the policy was too late and was a response to the Snowden scandal.

"The policy is not a reaction to any global spying revelations, it was already in the works. It is just a mere coincidence that both came around the same time," he said.

Fresh doubts

Some cyber security experts say bringing millions aboard a centralised server could make a hacker's job easier, with all critical government information available on a single platform.
More than 11,000 Indian websites were hacked or defaced between May and August this year, with a large number of attacks on the ".in" domain whose servers are in India, the Times of India reported last month.

"Making the use of a centralised government server is not the best way to proceed. Having everything on one platform makes it even more vulnerable to cyber attacks and hacking," said Abraham.

"It also brings about new worries of the NIC becoming the local snoop."

Some also predict that the ambitious policy would eventually fizzle out for lack of attention from ministers and bureaucrats, who work in government offices where stacks of yellowing files and papers are still a common sight.

"It's sad but most of these officials don't understand much about technology, so mastering email is something that is miles and miles away," said Vijay Mukhi, a Mumbai-based cyber security expert.

"These guys saw all the snooping news and suddenly they woke up and said 'lets make an email policy'. Enforcing this is not possible on a practical basis."

The IT ministry also plans to conduct workshops to teach employees about email security such as when to change passwords and user names and how to use email.

"Every employee should know how, what and when critical data can be vulnerable... with most work still done on paper, it is important to know the nitty-gritty of using email," Satyanarayana said.

For more details visit https://cis-india.org/news/afp-december-7-2013-annie-banerjee-indian-government-wakes-up-to-risk-of-hotmail-gmail

VII NLSIR Symposium

praskrishna — 2014-01-09T07:08:33Z

The National Law School of India Review (NLSIR) - the flagship journal of the National Law School of India University (NLSIU), Bangalore is pleased to announce the seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” scheduled to be held on December 21 and December 22, 2013 at the National Assessment and Accreditation Council (NAAC, opposite NLSIU Campus, Nagarhavi) Conference Hall, Bangalore.

This was published by NLSIR on December 20, 2013.

The decade following September 11 has been dubbed “liberty’s lost decade”, not just for the United States of America but for the world at large, marked by increasing tension between State interests in national security and individual liberty. As we continue to grapple with the implications of this clash, one clear winner seems to be emerging, best observed by examining changes in legal systems throughout this decade. The recent upsurge of criticism against NSA activity globally, however, could be seen as indicative of a changing trend. The VIIth NLSIR Symposium seeks to trace this dialogue between competing notions of security and liberty, and hopes to assess and analyse similar developments in India Confirmed speakers for the symposium include renowned legal experts such as Hon’ble Justice Muralidhar, Menaka Guruswamy, Mrinal Satish, Bharat Karnad, Aparna Chandra, Chinmayi Arun, Shyam Diwan, Bhairav Acharya, Roshni, Yug Mohit Chaudhary and Saikat Datta.

This year, the discussions will be divided into four panels:

Session I: Securing Liberty from the State - Redefining Criminal Thresholds in Law
(Forenoon, December 21, 2013, Saturday)

Session II: Intrusive Intelligence - Surveillance Programs and Privacy in India
(Afternoon, December 21, 2013, Saturday)

Session III: Beyond Borders - Extradition, Asylum and Concerns of State Security
(Forenoon, December 22, 2013, Sunday)

Session IV: Connecting the Dots
(Afternoon, December 22, 2013, Sunday)

For more details visit https://cis-india.org/news/nlsir-december-21-2013-nlsir-symposium

Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India

maria — 2013-12-26T05:24:39Z

Electronics Today organised a series of expos on smart cards, e-security, RFID and biometric technology in Delhi on 16-18 October 2013. The Centre for Internet and Society is sharing the brochures it collected from these public expos for research purposes.

In Pragati Maidan, New Delhi, many companies from India and abroad gathered to exhibit their products at the following expos which were organised by Electronics Today (India's first electronic exhibition organiser) on 16-18 October 2013:

SmartCards Expo 2013
e-Security Expo 2013
RFID Expo 2013
Biometrics Expo 2013

The Centre for Internet and Society (CIS) attended these exhibitions for research purposes and is sharing the publicly available brochures it gathered through the attached zip file. The use of these brochures constitutes Fair Use.

For more details visit https://cis-india.org/internet-governance/blog/brochures-from-expos-in-india-2013

Nullcon Goa Feb 2014 — International Security Conference

praskrishna — 2013-12-13T06:42:48Z

Nullcon (http://nullcon.net) is celebrating its 5th Anniversary with efforts being made to bring key decision makers, thought leaders with an expectation of 500+ participants from the industry and government sector. Nullcon is scheduled from February 12 to 15, 2014 at Bogmallo Beach Resort, Goa, comprising of 2 days of technical trainings, followed by 2days of talks, workshops, exhibition, networking parties and CTFs.

The Centre for Internet and Society (CIS) is one of the sponsors for this event.

The Conference

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform which caters to the needs of IT Security industry at large in a comprehensive way.

About Nullcon

Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brain storm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

Nullcon is managed and marketed by Payatu Technologies. The idea of nullcon emerged out of null - The open security community, a registered not-for-profit society and the largest active security community in India with over 8 chapters in major cities - Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi. As a tribute to the community nullcon funds null to further null's cause and supports all of its initiatives. If you are interested in knowing how null can help your organization and would like to contribute to null, please get in touch with null team at info@null.co.in

Dates:
Training: February 12 - 13, 2014
Conference: February 14-15, 2014
Registation: http://nullcon.net/website/register.php
Keynotes:

Jeff Moss, VP & CSO - ICANN, Founder - Defcon/Blackhat
Dr. Kiran Bedi, Ex-IPS (Police)

For more details visit https://cis-india.org/events/nullcon-goa-2014-intl-security-conference

MongoDB startup hired by Aadhaar got funds from CIA VC arm

praskrishna — 2013-12-13T11:53:32Z

Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI).

The article by Lison Joseph was published in the Economic Times on December 3, 2013. Sunil Abraham is quoted.

The contract is yet to be announced but what could raise eyebrows is the fact that MongoDB is part-funded by the US' Central Intelligence Agency.

The company is expected to help in capturing and analysing data related to the ambitious plan to issue a unique identity number — Aadhaar — to over a billion citizens.

MongoDB, which makes software that helps manage large databases, especially unstructured data, has raised $231 million (Rs1,400 crore) since being founded in 2007. Some of its funding is from In-Q-Tel, the not-for-profit venture capital arm of CIA.

While MongoDB lists In-Q-Tel as one of its investors on its website, the company has not disclosed the quantum of funding received from it. The fund's stated mission is to identify, adapt and deliver innovative technology solutions to support the missions of CIA and the broader US intelligence community.

Besides CIA, In-Q-Tel works with National Geospatial-Intelligence Agency, Defense Intelligence Agency and Department of Homeland Security Science and Technology Directorate.

"Once an investment is made, IQT (the fund) works with the company and the intelligence community partner agency to complete a work program and facilitate solution delivery," the fund's website said. The quote describes IQT's relationship with any company in which it invests in and is not specific to MongoDB.

Neither UIDAI nor MongoDB responded to queries from ET on whether the CIA link was considered before entering into a partnership. UIDAI Chairman Nandan Nilekani did not respond to emails, messages and phone calls.

A senior UIDAI official confirmed the agency has entered into an agreement with MongoDB and that the company's database software is already being used for analysing the pace at which registration of new beneficiaries is taking place.

It is not clear if MongoDB's vendor relationship would be with UID directly or with one of the system integrators that UID works with. Schireson, the CEO, was also one of the national co-chairs for Technology for Obama, an interest group that campaigned for the reelection of President Barack Obama after his first term.

There is no evidence in the public domain that the firm is controlled or significantly influenced by the CIA in any manner.

But the revelations of Edward Snowden, a former NSA contractor-turned-whistleblower that US intelligence agencies routinely intercepted communication in Europe and Asia, including in India has raised concerns. Experts said the UID's centralised design could pose a risk, where even a single mistake can make the whole system disproportionately vulnerable.

"The risk exposure because of CIA involvement (could be that) if MongoDB is a data controller, then secret courts and secret court orders could be used to get access to the UID data," said Sunil Abraham, executive director at the Centre for Internet and Society.

He added that even if UIDAI is only using the source code without getting into a commercial relationship with MongoDB, they should audit the source code to check if CIA has introduced any back doors. "This is because Snowden has told us that the army of mathematicians working for the US government has compromised some standards even though they were developed in an open, participatory and transparent fashion." MongoDB, whose name is a play on the word humongous, competes with Oracle, IBM and Microsoft. It has around 320 employees and some 600 customers. At its latest round of $150 million in fund-raising in October, the company was valued at about $1.2 billion, according to Bloomberg. Other investors include Intel Capital, Salesforce-.com, Red Hat and Sequoia.

For more details visit https://cis-india.org/news/economic-times-december-30-2013-lison-joseph-mongo-db-startup-hired-by-aadhar-got-funds-from-cia-vc-arm

Legal Issues pertaining to Cloud Computing

praskrishna — 2022-02-07T15:29:00Z

The Law and Technology Society of National Law School of India University, Bangalore is organizing the 6th edition of its flagship conference ‘Consilience’ on December 14 and 15, 2013 at NLSIU Campus, Bangalore. The Centre for Internet and Society is supporting this event.

The Conference will see some of the best lawyers, jurists and industry leaders in India speak on different issues surrounding the theme. The Conference is co- branded with ‘Salesforce.com’, ‘International Technology Law Association’ and the Centre for Internet and Society (http://www.cis-india.org/). Apart from making an effective contribution towards greater understanding of the subject, the Conference will lead to a recommendatory policy paper to the government of India.

Key speakers for the Conference include:

Senapathy (Kris) Gopalakrishnan (Co-Founder and Executive Vice Chairman, Infosys & President, CII )
Pavan Duggal (Advocate, Supreme Court)
Abhishek Malhotra (Founding Partner, TMT Law Practice)
Azmul Haque (Partner, Shook Lin & Bok, Singapore)
Chris Edwards (Senior Associate, DLA Piper, Singapore)
Prof. Rahul De (IIM Bangalore)
Pamela Kumar (Chair, Cloud Computing Innovation Council of India)
Suhaan Mukherji (Expert advisor, Office of Adviser to the Prime Minister of India on Public Information Infrastructure and Innovations)

Registrations for the Conference are open and fee for the same is as follows:

Students: Rs. 500/-
Professionals: Rs. 750/-

Please find attached the concept note, programme schedule and speakers’ profiles. To register, visit http://www.consilience.co.in/index.php/consilience-2013/register-for-the-conference. For any other queries, please write to ltech.nls@gmail.com .

or contact

Shivam Singla (Ph: +91-9916708701)
Ayushi Sutaria (Ph: +91-8123925725)

Conference Programme

Saturday, December 14th, 2013
Venue: Conference Hall, Academic Block, NLSIU

Lunch
08.30 09.30	Breakfast and Registration
09.45 10.00	Inauguration
10.00 10.30	Keynote Address
10.30 12.30	SESSION 1: INTRODUCTION TO CLOUD COMPUTING How does cloud computing work? - An overview of the basic technical features The current legal regime related to cloud computing in India- Main issues and challenges
13.15 15.15	SESSION 2: THE RELATION BETWEEN PARTIES TO CLOUD COMPUTING- USERS, INTERMEDIARIES AND GOVERNMENT BODIES Legal obligations of the intermediaries towards (i) the government and (ii) the users Cyber security concerns Standards of data protection Government's surveillance powers and privacy issues
Tea Break
15.30 17.30	SESSION 3: REGULATION AND MONITORING OF DATA CONTENT Current data control monitoring systems by intermediaries Data ownership and intellectual property issues- Possible threats and need for regulation Sensitive or critical data- Security concerns relating to their storage
High Tea/Networking Session

Sunday, December 15th, 2013
Venue: Conference Hall, Academic Block, NLSIU

Tea Break
09.00 10.00	Breakfast and Registration
10.00 12.00	SESSION 4: THE INTERNATIONAL PERSPECTIVE ON CLOUD COMPUTING Jurisdiction and choice of law issues- how do we counter the confusion? International laws applicable to cloud computing Need for a comprehensive international framework to simplify the situation?
12.15 14.15	SESSION 5: COMPARATIVE ANALYSIS WITH LEGAL FRAMEWORKS IN OTHER COUNTRIES Legal frameworks in UK and Singapore Beneficial features of these legal regimes and their suitability in the Indian context Lessons to be learnt for India
Lunch
15.00 17.00	SESSION 6: THE WAY FORWARD – SUGGESTIONS AND RECOMMENDATIONS Overview of the important challenges and suggestions Possible Policy and Legislative steps to improve the Cloud Computing regime in India
High Tea/Networking Session

Click to read the sub tracks for discussion
Access the speakers' profiles here

For more details visit https://cis-india.org/events/legal-issues-on-cloud-computing

CPDP 2014 Reforming Data Protection: The Global Perspective

praskrishna — 2013-12-11T03:39:50Z

Already in its 7th edition, the annual Computer Privacy and Data Protection conference (organised by CPDP) is being held in Brussels from January 22 to 24, 2014. Malavika Jayaram will be speaking at this event.

The Centre for Internet and Society is one of the sponsors for this event. Click here to read the full programme.

CPDP is a non-profit platform originally founded in 2007 by research groups from the Vrije Universiteit Brussel, the Université de Namur and Tilburg University, which has now grown significantly and incorporates a consortium of 21 conference partners.

CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. In an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, computer scientists and civil society from all over the world to exchange ideas and discuss the latest emerging issues and trends. This unique multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world.

CPDP2014 has become truly global: it is co-organized by conference partners from Europe and the United States, and devotes panels to Latin-America and India. Moreover, CPDP is reaching out to the Asia-Pacific with speakers coming from all over the region.

The progressive growth of CPDP will culminate in an unprecedented 7^th edition. A terrific programme will include more than 60 panels held over three consecutive days. The panels will focus on key issues that cover all current debates: The data protection reform in the European Union, PRISM, big data, cybercrime, data retention, cloud computing, enforcement by Data Protection Authorities, biometrics, e-health, privacy by design, and much, much more. In addition, there will be a day event on the ethical issues of data collection on minorities, and the use of technology to advance the status of Roma.

CPDP will offer valuable contributions from the leading names in the field, including key representatives from all the major European institutions - the European Commission, the European Parliament, the European Data Protection Supervisor, and the Council of Europe.

In addition to the well-known classic Pecha Kucha side event, there will be several public debates held in the evenings – both in Dutch and English.

CDP2014 will continue to pay particular attention to high-level and innovative research from PhD Students and outstanding junior researchers by organizing sessions completely devoted to their work. CPDP2014 will also remain home to several award ceremonies, such as the award for the best Multidisciplinary Privacy Paper and the EPIC International Champion of Freedom Award.

Whether you are involved in the Conference as a sponsor, supporter, partner or participant or not, CPDP2014 welcomes you to join the event and contribute to the debate on emerging privacy and data protection issues.

For up to date information, registration and the programme, please visit http://www.cpdpconferences.org/ and follow CPDP on Facebook (cpdpconferences) and Twitter (@cpdpconferences).

If you have any questions please contact: info@cpdpconferences.org

For more details visit https://cis-india.org/events/cpdp-2014-reforming-data-protection-global-perspective

Technology in Government and Topics in Privacy

praskrishna — 2013-12-27T10:20:33Z

Malavika Jayaram is a speaker at an event organized by Data Privacy Lab at CGIS Cafe, Cambridge Street, Harvard University Campus. She will speak on Biometrics in Beta – India's Identity Experiment on December 9, 2013.

Technology in Government (TIG) and Topics in Privacy (TIP) consist of weekly discussions and brainstorming sessions on all aspects of privacy (TIP) and uses of technology to assess and solve societal, political, and government problems (TIG). Discussions are often inspired by a real-world problems being faced by the lead discussant, who may be from industry, government, or academia. Practice talks and presentations on specific techniques and topics are also common.

Abstract of the Talk

India's identity juggernaut - the Unique Identity (UID) project that has registered around 450 million people and is yet to be fully realized - is already the world's largest biometrics identity scheme. Based on the premise that centralized de-duplication and authentication will establish uniqueness and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad problems and improve welfare delivery, yet its conception and architecture raise significant concerns. In addition to the UID project, there is a slew of "Big Brother" systems that together form a matrix of identity and surveillance schemes: the UID is intended as a common identifier across this matrix as well as other public and private databases. Indian authorities frame Big Data as a panacea for fraud, corruption and abuse, without apprehending the further fraud, corruption and abuse that joined up databases can themselves engender. The creation of a privacy-invading technology layer not simply as a barrier to online participation but to social participation writ large is not fully appreciated by policy makers. Malavika will provide an overview of the identity landscape including the implications for privacy and free speech, and more broadly, democracy and openness.

Malavika Jayaram

Malavika is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression, especially in the context of India's biometric ID project. A Fellow at the Centre for Internet and Society, Bangalore, she is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Done series. She is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection Lawyers directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London. In a different life, she spent 8 years in London, practicing law with global law firm Allen & Overy in the Communications, Media & Technology group, and as VP and Technology Counsel at Citigroup. During 2012-2013, She was a Visiting Scholar at the Annenberg School for Communication, University of Pennsylvania.

Click to read more on the event originally published by Data Privacy Lab here.

For more details visit https://cis-india.org/news/technology-in-government-and-topics-in-privacy

Cyberscholars Working Group at MIT

praskrishna — 2014-01-09T06:41:31Z

Malavika Jayaram is giving a talk on Biometrics or Bust - India’s Identity Crisis at this event organised by Berkman Center for Internet & Society on December 12 at 6.00 p.m.

Read the original published by Harvard University here.

The Cyberscholar Working Group is a forum for fellows and affiliates of MIT, Yale Law School Information Society Project, Columbia University, and the Berkman Center for Internet & Society at Harvard University to discuss their ongoing research. Each session is focused on the peer review and discussion of current projects submitted by a presenter. Meeting alternatively at Harvard, MIT, Yale, the working group aims to expand the shared knowledge of young scholars by bringing together these preeminent centers of thought on issues confronting the information age. Discussion sessions are designed to facilitate advancements in the individual research of presenters and in turn encourage exposure among the participants to the multi-disciplinary features of the issues addressed by their own work.

This month's presentations include:
(1) "Lines of Control: Networks of Imperialism and Independence in India (1840-1947)"
Abstract: This paper examines the history of communications networks in India and the relationship between communications and second-order networks. It draws attention to the wave of colonial network development that took place in India between 1840 and 1948. During these years, Britain constructed a series shipping, rail and telegraph networks to achieve a set of military and commercial goals. This paper studies how first- and second-order networks developed, and the intended and unintended effects of these networks on Indiaʼs economics, politics, and identity. The paper draws on economic and social studies of colonial communications networks in India, original reports by British officials and the Colonial Office, and the literature focusing on the role of technology in British imperialism. It shows how Indiaʼs colonial communication networks, built to augment and extend British control over the subcontinent, became conduits for Indian resistance and nationalism.
Keywords: shipping, telegraph, railroads, imperialism, nationalism, network theory, India

Colin Agur is a PhD candidate at Columbia University and Visiting Fellow at Yale Law School's Information Society Project. His research examines India's telecommunications, focusing on mobile network formation and second-order effects of network growth. He spent the 2012-13 academic year in Delhi and Chennai, conducting document analysis, interviews with industry figures and participant observation related to mobile phone usage. He has published articles about Indian media and culture in Harvard's Nieman Lab, the Journal of Asian and African Studies and Journalism (forthcoming), and about telecommunications history in Information and Culture.

(2) Big Data Dramas in the 1960s and 1970s
Abstract: The recent frenzy in discussing NSA activities and the collecting of Big Data show a widespread critical concern for the current practice of gathering and using personal data. These concerns have their history. In my presentation, I track the beginnings of a growing public awareness and sensitivity towards the societal handling of personal data. I argue that the early computerization phase during the 1960s and 1970s played a crucial role in discussing these issues. Media reports, popular books, scientific publications, and political hearings all of a sudden began – often in quite different ways – to address and question contemporary practices of collecting, sharing, and storing of personal data. Their authors explored and negotiated all kind of societal settings where personal data played a significant role at that time. There have been concerns about these issues with personal data before, but – as I will show in my presentation – not on this broad societal level and to this extent as in the late 1960s and early 1970s. I argue that during that time, the usage of personal data became a highly controversial matter not only of public, but also of private interest.My inquiry examines how the term “data“ and in particular the collection of personal data became loaded with cultural and emotional significance in scientific and media discussions in the 1960s and 1970s in the United States and in Germany. Furthermore, it explores how the early computerization affected our societal handling of data long before the personal computer entered our private lives.

Julia Fleischhack is a visiting postdoctoral research fellow in the program in Science, Technology, and Society at the Massachusetts Institute of Technology. She holds a PhD in anthropology from Zürich University. Her current research is on data centers from the private sector and funded by the Fritz Thyssen foundation.

(3) Biometrics or Bust - India’s Identity Crisis
Abstract: India's identity juggernaut - the Unique Identity (UID) project that has registered around 500 million people and is yet to be fully realized - is already the world's largest ever biometrics identity scheme. Grounded in the premise that centralized de-duplication and authentication will uniquely identify people and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad socio-economic problems, yet its conception and architecture raise significant concerns. Its implementation as a techno-utopian project in a legal vacuum, despite the potential for abuse and exclusion, give pause to the much-vaunted claims of transforming welfare delivery and galvanizing financial inclusion. I will provide an overview of the identity project and highlight some of the key implications for privacy and free speech, and more broadly, democracy and openness. I will also unpack some of the narratives being constructed, describe the current public discourse and legal developments, and locate the project within the broader surveillance state and database nation that India is morphing into.

Malavika Jayaram is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression. A Fellow at the Centre for Internet and Society, Bangalore, she is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London.

For more details visit https://cis-india.org/news/cyberscholars-working-group-mit

"Whatever happened to Privacy?" - International Activism Conference

praskrishna — 2014-02-03T05:56:27Z

Maria Xynou gave a keynote speech and participated as a panelist on the "Suspect Societies" panel. The event was organized by Heinrich Boell Foundation in Berlin on December 5 and 6, 2013.

"Whatever happened to privacy" brought together international activists on focal topics and combined bar camp style work sessions and political round tables with a classic public event, It focussed on an issue which has far reaching consequences for politically active people across the world - the issue of privacy and surveillance. The revelations around the NSA and GCHQ as well as other countries secret service digital surveillance activities have spurred political debate. This debate was intensified at "Whatever happened to Privacy?" formulating political demands, developing action strategies and debating questions such as:

What cultural and political value does privacy have today?
What are the societal implications of the wide spread "I have nothing to hide" attitude?
What political actions are necessary to protect citizens from mass surveillance and what tools exist for people to secure their communications, movements and lives?

For video and more info, click here

For more details visit https://cis-india.org/news/whatever-happened-to-privacy

India for UN body to resolve internet governance issues

praskrishna — 2013-12-26T08:51:05Z

Multi-stakeholder or multi-lateral - two words encapsulating diametrically opposite views on internet governance stands at the heart of a raging debate across the globe.

The article by Kim Arora was published in the Times of India on December 5, 2013. Sunil Abraham is quoted.

At the Working Group on Enhanced Cooperation (WGEC) meeting in Geneva last month, India suggested forming a multi-lateral UN body to co-ordinate on internet governance issues. And several activists feel that is not the right way forward.

Multi-stakeholder control over the world wide web means parties other than governments, which include the tech community, academia, businesses and civil society. In a multi-lateral arrangement, only the governments will be the decision-makers and every other stakeholder barring the state, is relegated to a purely advisory role. Simply put, the choice is between total state control over the internet or a more democratic set-up where other sections of society are also represented.

Civil society and businesses are concerned that being relegated to an advisory role rather than a decision-making one could lead to disregarding or dumping their inputs.

"Everyone must have a seat at the table," says Rajan Mathews, director general of the Cellular Operators Association of India (COAI). "If you are designing a new model, it is important that it is as inclusive as possible. That will create better decisions. It will also discourage back-door bargaining between governments," says Anja Kovacs of the Internet Democracy Project.

The internet architecture has always been controlled by the US. The demand for a more democratised set-up, where other countries also have a voice, started in early 2000s. In 2005, a consensus document, Tunis Agenda, had been signed under the aegis of the UN. It laid out much of the terms of the debate around internet governance, including the focus on enhanced cooperation and the need for a multi-stakeholder model.

In 2011, India put forward a detailed proposal for a multi-lateral UN body that was widely criticised by activists and business bodies at home. In Geneva this November, India's answer to a question on implementing "enhanced cooperation" in a WGEC questionnaire, went like this: "A suitable multilateral, transparent and democratic mechanism must be created where governments, on an equal footing, may carry out their roles and responsibilities in international public policy issues pertaining to the Internet and public policy issues pertaining to coordination and management of critical Internet resources, in consultation with all other stakeholders."

Ajay Kumar of the Department of Electronics and Communication Technology (DeitY), was a part of the delegation representing India at Geneva. The DeitY falls under the union ministry of communication and information technology. Kumar told TOI, that while there is a relook at the 2011 proposal, India has been following the Tunis Agenda when it comes to enhanced cooperation between different countries and other stakeholders.

Nonetheless, Parminder Jeet Singh of the NGO IT for Change has supported the government position at the WGEC meeting. The two other civil society bodies from India at Geneva wanted a multi-stakeholder model. Singh feels that the proposal may have an important role to play at a later stage when "real political talk shapes up". "We don't agree that a Google or an IT for Change should vote in the decision-making about actual public policies. We understand the fear (behind such an arrangement) but we prefer that public policy decisions at global level remain with governments as they are legitimate representatives of the people," he says.

However, Sunil Abraham, executive director of the Center for Internet and Society, warns against the governmental tendency to centralize and for being opaque. He also feels that a single model, whether multilateral or multi-stakeholder, will not work. Every model must change with every issue being brought to the table, he says. "For instance, something like controlling child pornography, will need one kind of model to deal with. The same won't work when dealing with hate speech," Abraham points out.

Activists are hoping that the Brazil global multi-stakeholder meeting in April next year will take the issue of democratised internet governance forward.

For more details visit https://cis-india.org/news/times-of-india-december-5-2013-kim-arora-india-for-un-body-to-resolve-internet-governance-issues

International View of the State-of-the-Art of Cryptography and Security and its Use in Practice (IV)

praskrishna — 2013-12-26T09:05:40Z

Building on the workshop in Dagstuhl in June-July 2011 (International View of the State-of-the-Art of Cryptography and Security and its Use in Practice), Beijing (International View of the State-of-the-Art of Cryptography and Security and its Use in Practice II), and Athens (International View of the State-of-the-Art of Cryptography and Security and its Use in Practice III) that set the stage for discussions on cryptography among a group of key researchers from Europe, Asia, and North America, the one day workshop in Bangalore, following AsiaCrypt 2013 will again bring together internationally recognized scientists to discuss direction and development in theoretical and applied cryptography and surrounding societal issues.

There will be four focus areas:

Real-life cryptography
Standardization
Regulatory requirements
Innovative use cases for cryptography

Each focus area will be anchored in an invited talk and/or panel, but the emphasis will be on discussion. The participants will address broad research directions in encryption and secure computation and their applications in cloud computing, smart grid, mobile and embedded computing, hardware, software, and network security. They will also examine non-technical issues surrounding deployment and adoption of new security technologies using encryption, such as privacy or economic consideration. Approaches and projects in different countries will be discussed, in order to increase awareness of the R&D activities internationally and continue to for a strong community of research and practice and in order to generate new ideas in this field.

Although the workshop will cover a broad spectrum of issues from the list presented below with a specific focus that will be announced shortly. The topics of interest include (but are not limited to) the following subjects:

Secret versus public ciphers
Cipher and algorithm development process
Algorithms maturity and review
Lightweight cryptography
New requirements for cryptography for novel applications
Cipher implementation and interoperability
Standardization
Regulatory initiatives
Privacy enhancing cryptography

8:15 a.m.	Registration
8:30 a.m.	Opening statement (Organizers)
8:40 a.m.	Opening keynote (TBD)
9:10 a.m.	Panel 1 and discussion: Advances in cryptography; new use cases, Participants: Dan Bernstein (University of Illinois at Chicago), Tanja Lange (Eindhoven), Veni Madhavan (ERNET), others TBD
10.30 a.m.	Coffee break
11.00 a.m.	Panel II and discussion: Regulatory environment and standardization: Sunil Abraham (India CIS), Kazue Sako (NEC), Claire Vishik (Intel), others TBD
12.30 a.m.	Lunch
1.30 p.m.	Panel 3 and discussion: Implementation and interoperability for new environments (e.g., smart grid, Internet of things): Reji Kumar (Smart Grid India), other TBD
3.00 p.m.	Coffee break
3.30 p.m.	Panel IV and discussion: Privacy, social networking, ubiquitous connectivity and cryptography: Rene Peralta (NIST), Kumar Ranganathan, others TBD
5.00 p.m.	Thoughts and next workshop
5.20 p.m.	Closing statements (Organizers)
5.30 p.m.	Adjourn

For more details visit https://cis-india.org/news/international-view-of-state-of-the-art-of-cryptography-and-security-and-its-use-in-practice

Card transactions with Aadhaar validation need more time: experts

praskrishna — 2013-12-26T06:25:04Z

Cost and supply implications are seen by experts as the main hurdles in implementing the RBI directive.

The article by Kirti V. Rao and Moulishree Srivastava was published in Livemint on December 5, 2013. Sunil Abraham is quoted.

The Reserve Bank of India’s (RBI’s) move to introduce a new card payment infrastructure able to authenticate transactions using Aadhaar unique identity number-linked biometrics may take some time to implement as it has cost and supply implications.

“All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance,” RBI said in a notification on 26 November.

Europay MasterCard Visa, or EMV, chip and PIN authentication involves card information stored in a chip that is accessible through a PIN or personal identification number, which replaces a cardholder’s signature.

Currently, all card infrastructure in India such as automated teller machines (ATMs) and point-of-sales (PoS) machines are moving towards full compliance with the global EMV standard that requires reading integrated circuit cards to authenticate credit and debit card transactions.

Although all transactions through debit cards are now required to be authenticated by PIN, validating financial transactions by using the biometric Aadhaar identity number database is yet to gain traction. Such a service is expected to begin in May.

Not all experts are in favour of the central bank’s move to use biometrics data to authenticate transactions.

“This is a terrible idea. Biometrics should never be used as authentication factor since it cannot be revoked when it is compromised,” said Sunil Abraham, executive director of Bangalore-based think-tank Centre for Internet and Society. “Digital signatures and its variations like the EMV chip are the right way to proceed.”

A banker did not fully agree with Abraham.

Pulak Sinha, general manager (payment solutions) at State Bank of India, said: “In our experience, there is a need for biometric authentication in certain geographical segments in the country. Our bank has used biometric authentication for financial inclusion initiatives and has found it very useful. Having said that, each bank is the best judge as to which technology is more relevant for their customers.”

Sinha added, “Also changing new infrastructure to accept all types of technologies has its own challenges as well as financial implications. Again, business cases need to be built and when people get additional services they may have to pay.”

There are cost implications if the RBI directive is to be implemented, according to Rajiv Kaul, chief executive of CMS Info Systems Pvt. Ltd, which runs two cash management companies and has recently received an order from SBI to deploy 8,000 cash machines across the country.

“Some of the ATM infrastructure currently installed have some of the capabilities for EMV chip cards, but even as they are hardware-equipped, software will need to be upgraded,” Kaul said. “For biometric compliance, both hardware and software will need to be installed, which will result in extra cost. So, for the short term, from the biometric perspective, the cost will go up.”
Some experts hold that the notification provides a chance to assess the as-yet-untested Aadhaar-linked biometrics model where the EMV model may be hard to implement.

“RBI has been pragmatic in mandating it incrementally as it is giving Aadhaar a runway to evolve in terms of operations, use cases, risk, technology standards, dispute resolution and get these things in order,” Uttam Nayak, group country manager, India and South Asia at Visa Consolidated Support Services (India) Pvt. Ltd, told Mint on 26 November. “Because Aadhaar is tokenless and doesn’t need a card, it has great potential for inclusion.”

Biometrics-enabled cash and PoS machines will require additional expenditure as they need high-speed Internet connectivity to transmit biometrics data, Rajeev Chandrasekhar, member of the upper house of Parliament, said in a letter to RBI governor Raghuram Rajan.

“The hardware and software cost of upgrading a single unit with biometrics hardware is not very much but changing the entire ecosystem would have costs,” acknowledged SBI’s Sinha. “When people get additional services they will have to pay.”

“A high percentage of the population is still unbanked. The opportunity (to reach people through biometric validation and Aadhaar) is too tempting for the acquirers (banks and others using PoS devices) to not take this up,” said Robin Roy, associate director of financial services at consultancy firm PricewaterhouseCoopers Pvt. Ltd.

Whether there would be enough suppliers of machines to implement the directive is also a concern, some experts said.

For more details visit https://cis-india.org/news/livemint-december-5-2013-kirthi-v-rao-moulishree-srivastava-card-transactions-with-aadhar-validation-need-more-time

INSAF National Convention on Crisis of Capitalism and brazen onslaught on DEMOCRACY

praskrishna — 2013-12-26T10:18:35Z

Snehashish Ghosh is participating in this event as a speaker.

Ever since the Neo-liberal agenda began to unfold 22 years back, the democratic spaces within Indian polity have been squeezing continuously and the present scenario of run up to 2014 elections is reflecting the state of disarray in parliamentary democracy. The mainstream discourse appears to have deliberately failed in bringing out the intrinsic relationship between ‘capitalism’; its ‘crisis’ and ‘democracy’ to the core of analyzing and understanding the present amnesia in political process.

The characteristics of crony, fictitious, lumpen and speculative Capital that is on the driving seat of contemporary phase of capitalism are mirrored in the operational levels of parliamentary democracy - from governance to electoral process- in the form of corporate influences on policies and decision making, rampant corruption at the pinnacle of power, control of money and muscle-power in politics.

It is, therefore, important to bring out the correlation between the ensuing crisis in global capitalism - including in India - and the impending crisis in our democracy - to the fore. The divergence in the requirements of the neo-liberal phase of capitalism and ‘democracy’ as its analogous political system seems to be the key in explaining the despair engulfing Indian polity at present. The attempts to transform ‘Democracies’ into ‘Corporatocracies’ that we see today, also emanate from this despondency alone.

Last two decades have also seen the institution of ‘State’ posturing itself more and more aggressively against its own people in order to fulfill its obligations to international financial & trade institutions so to serve the interest of global capital. In such a course, it has extensively resorted to adopt the instrument of ‘fabricating’ cases against the voices of opposition to the interests of the global capital.

Though the instrument of ‘fabrication’ is not new to the ‘State Craft’ but this time it is being used in a targeted and selective manner. Not only the existing criminal laws have been used for this purpose but new laws like UAPA and various state ‘security laws’ were created during this period to meet this requirement.

The ‘Indian State’ is also proceeding feverishly to create a surveillance state through various means of ‘electronic surveillance’ using cutting edge technologies to track mobile phones, internet usage, emails etc. at home while colluding with U.S. military and security establishment internationally against other nations. The business of creating and sharing of its citizen’s databases (both demographic & biometrics etc) has been promoted by Indian establishment by subverting the Constitution, existing norms of parliamentary democracy and citizens’ rights.

It is in this context that INSAF has decided to hold its two day National Convention 2013.

Programme Schedule

Day 1: Crisis of Capitalism and brazen onslaught on DEMOCRACY

10.00 10.30	Registration & Tea/Coffee
10.30 11.00	Introduction by Anil Chaudhary
11.00 13.00	Inaugural address by eminent writer and journalist P. Sainath Chaired by Justice Rajinder Sachar
13.00 14.30	Lunch
14.30 17.30	Panel Discussion: Prof. Vibhuti Patel (Director, Centre for Study of Social Exclusion and Inclusive Policy, SNDT Women's University, Mumbai) Prof. Achin Vanaik (Former Dean of Social Sciences, Delhi University) Prof. Ramesh Dixit (Lucknow, UP)

Day 2: Surveillance state and perils of DEMOCRACY

10.00 10.30	Panel Discussion Dr. Usha Ramanathan (Law researcher and activist, New Delhi) Prabir Purkayastha (Delhi Science Forum) Ms. Subi Chaturvedi (Asstt. Prof. of Journalism Communication, Lady Shri Ram College for Women, Delhi Univ. Founder Hon. Managing Trustee, Media For Change) Snehashish Ghosh (Centre for Internet & Society) Chaired by Ms. Kalyani Menon-Sen (Feminist activist & researcher)
13.00 14.00	Lunch
14.00 16.30	Panel Discussion: Suppressing dissent: Stifling NGOs via FCRA Kabir Dixit (Advocate, Supreme Court of India) Mathew Cherian (Chairperson, Credibility Alliance) Chaired by Sanjay Parikh (Human Rights activist and Advocate, Supreme Court of India)
16.30 17.00	Tea/Coffee

For more details visit https://cis-india.org/news/insafnational-convention-on-crisis

A Three-Way Race Draws Delhi’s Young, and Everyone Else, Out to Vote

praskrishna — 2013-12-26T07:03:54Z

The polling stations were supposed to close at 5:30 p.m. on Wednesday, just after sunset. But with thousands still waiting in the dark to cast their vote in the state assembly elections, the Delhi Election Commission decided to extend the voting until 6:30 p.m. Then to 7:30 p.m.

The article by Betwa Sharma was published in the New York Times on December 4, 2013. Sunil Abraham is quoted.

Finally, the Election Commission said it would wait until 9:30 p.m. to close the polls. At the polling station in the New Delhi district, those waiting in line agreed that a relatively warm winter evening was helping to draw people out to vote.

Though no official data on voter turnout had been released by 9 p.m., it was clear that voters were coming out in unprecedented numbers for this year’s Delhi state elections. Analysts were predicting that this election would break the previous voter turnout record of 61.75 percent in 1993.

Unlike in the past, this year’s contest featured a potential spoiler in the Aam Aadmi, or Common Man, Party. Its leader, the firebrand anticorruption activist Arvind Kejriwal, was battling to dethrone the state’s longtime chief minister, Sheila Dikshit of the Congress Party, and siphon votes from the other establishment choice, the Bharatiya Janata Party, or B.J.P. (Exit polls by the local media on Wednesday night were showing that the B.J.P. was likely to win the most seats in the state assembly.)

The prospect of upending the political status quo brought out young voters like 23-year-old Hina Kousar, although she had to put up a fight with her family to cast her vote for the Aam Aadmi Party. Her mother lectured her on how governments don’t care about people, but that didn’t deter Ms. Kousar.

“They have the wrong mentality, and young people should change it,” she said. “My granny is 70 years old and I told her to vote.”

Many of the youthful voters turned voting into a social activity, both in person and online. At one polling station, most people cast their votes quietly and left, but many of the young voters came with their friends. They talked animatedly about their choices while leaving the polling stations.

Others called their families to say they had voted. Some clicked photos of each other on their smartphones and posted the images on their Facebook pages.

In less than a year, Mr. Kejriwal, 45, and his party has pasted itself quite literally on city’s consciousness with aggressive campaigns and posters of brooms, symbolizing sweeping away the old order. And that’s why he got Ms. Kousar’s vote.

“The most important thing is that he has promised to remove corruption. The money that is going into Swiss banks is our money. The rising market prices are because of it,” she said.

Several voters between the ages of 20 to 25 who were interviewed by India Ink said they were backing Mr. Kejriwal, who represented a change from the three-term winner Ms. Dikshit. The B.J.P. had no star state candidate that appealed to them, even though its prime ministerial candidate, Narendra Modi, engaged with students at Delhi University earlier this year and is extremely active on social media.

Besides corruption, several young voters, both male and female, said that ensuring women’s safety had to be a priority for any Delhi government.

Another Kejriwal voter, Kavita, a 27-year-old teacher who goes by one name, said that Ms. Dikshit’s government hadn’t effectively improved women’s safety after the gang rape of a physiotherapy student one year ago. “I don’t feel the difference,” she said. “I still feel unsafe on the streets, so let’s see what some new leaders can do to change this.”

Abhilash Sasidharan, 26, after he cast his vote at a polling booth in New Delhi on Wednesday.Betwa Sharma Abhilash Sasidharan, 26, after he cast his vote at a polling booth in New Delhi on Wednesday.

Another Kejriwal supporter, Abhilash Sasidharan, 27, said a safe environment for women is “absolutely” the most important thing to him, but the software engineer also was moved that Mr. Kejriwal had left his lucrative job as a revenue service officer to join politics.

Kavita, 27, after she cast her vote at a polling booth in New Delhi on Wednesday.

“I don’t have the courage to step into dirty politics, but he does and I want to support that,” he said. “Look, Congress has had 15 years, so why not see if someone can do better, and all these parties should feel a threat to do better.”

But not all young people are buying Mr. Kejriwal’s promises of sweeping change. Shiv Raj Syal, 20, called them “flowery and too good to believe,” as he cast his vote for Ms. Dikshit. “He is just very new at this and I don’t think it’s wise to hand over the running of a national capital to a party with no experience,” he said.

The chief minister had focused on development, the college student said, making Delhi a hub for foreign brands and corporates, and transforming it into an international city.

Abhilash Sasidharan, 26, after he cast his vote at a polling booth in New Delhi on Wednesday.

Despite the appearance of a robust youth presence at the polls on Wednesday, analysts are waiting on the Election Commission’s numbers before declaring this election cycle the year of the youth vote.

Sanjay Kumar, an election analyst from the Center for the Study of Developing Societies in Delhi, said that as of July, only 68 percent of eligible voters between the ages of 18 and 21 had registered to vote, far lower than the 86 percent average of other demographics.

V.S. Sampath, the chief election commissioner in India, said that youth participation in the electoral process had been a priority in recent years, and several efforts including visiting universities and colleges had been made to register them, which had resulted in a “significant increase.”

In 2011, Mr. Sampath said, 119,000 voters between the ages of 18 and 19 were on the electoral rolls in Delhi, which accounted for 0.93 percent of total Delhi voters, but now the numbers had gone up to 405,000, or 3.4 percent.

Election observers have also pointed out that the hype about social media, especially Twitter, becoming a tool for political expression and organization for the youth has not necessarily translated into a surge in voting in that demographic of users.

The political debates on social media could translate into votes by the next elections, according to Sunil Abraham from the Centere of Internet and Society in Bangalore, who describes the Internet penetration as “limited,” and social media use even smaller and dominated by the economic elite.

Mr. Abraham, however, said social media is influencing the political discourse, not by motivating voters, but by influencing the coverage in mainstream media.

Relative to the country’s population, he added, social media users had a “disproportionate influence on discourse.”

But the young voters who spoke to India Ink said that at least for them, social media did play a role in drawing them into politics this year. Mr. Syal, the Congress voter, for instance, said that he had posted a message on his Facebook wall criticizing some of Mr. Kejriwal’s claims, which drew 50 comments.

And Mr. Sasidharan, the Aam Aadmi Party supporter, posted on Facebook a photo of him holding up his finger stained with ink, showing that he voted, immediately after coming out of the polling station. “I hope that it inspires more people to come and vote,” he said.

For more details visit https://cis-india.org/news/nytimes-december-4-2013-betwa-sharma-a-three-way-race-draws-delhis-young-and-everyone-else-out-to-vote