We are anonymous, we are legion

First Look: CIS Cybersecurity documentary film

purba — 2013-12-17T08:16:42Z

CIS presents the trailer of its documentary film DesiSec: Cybersecurity & Civil Society in India

The Centre for Internet and Society is pleased to release the trailer of its first documentary film, on cybersecurity and civil society in India.

The documentary is part of the CIS Cybersecurity Series, a work in progress which may be found here.

DesiSec: Cybersecurity and Civil Society in India

The trailer of DesiSec: Cybersecurity and Civil Society in India was shown at the Internet Governance Forum in Bali on October 24. It was a featured presentation at the Citizen Lab workshop, Internet Governance For The Next Billion Users.

The transcript of the workshop is available here: http://www.intgovforum.org/cms/component/content/article/121-preparatory-process/1476-ws-344-internet-governance-for-the-next-billion-users

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer

CIS Cybersecurity Series (Part 12) - Namita Malhotra

purba — 2013-11-18T10:03:29Z

CIS interviews Namita Malhotra, researcher and lawyer at Alternative Law Forum, Bangalore, as part of the Cybersecurity Series.

"In a strange mix of how both capitalism and state control work, what is happening is that more and more of these places that one could access, for various reasons, whether it is for ones own pleasure or for political conversations, are getting further and further away from us. And I think that that mix of both corporate interests and state control is particularly playing a role in this regard." - Namita Malhotra, researcher and lawyer, Alternative Law Forum

Centre for Internet and Society presents its twelfth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Namita Malhotra is a researcher and lawyer at Alternative Law Forum (ALF). She has a keen interest in working on law, technology and media through legal research, cultural studies, new media practices and film making.

ALF homepage: www.altlawforum.org

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-12-namita-malhotra

IDEX Impact Assessment Workshop

praskrishna — 2013-11-14T05:48:51Z

The Centre for Internet and Society is hosting a workshop organised by IDEX at its office in Bangalore on Saturday, November 16, 2013 from 11.30 a.m. to 6.30 p.m.

The IDEX Impact Assessment Workshop will provide a comprehensive and interactive intro and overview of all facets of Impact Assessment, with a specific focus on the Social Enterprise sector. The workshop will be conducted by Andy Bhanot of WeStat (bio below) and will be divided into two portions:

11.30 - 14.30: Impact Assessment Crash Course (Intro to IA, Types of IA, Designing IA, etc)

15.30 - 18.30: Interactive Group Projects + Presentations (Applying IA to Specific Sectors / Projects)*

*The focus of this group work will be based upon projects that the IDEX fellows have been working on over the past few months, across various sectors (Water, Livelihoods, Youth, etc)

Andy Bhanot, MBA

Andy Bhanot is a communications and marketing research expert with extensive experience in both the private and development sectors. Mr. Bhanot's areas of expertise include market research analysis and strategy formulation, business development, and leadership and team management.

Mr. Bhanot is an expert in conducting knowledge, attitude, and practice surveys, formative research, pretesting studies, and monitoring and impact evaluation studies. These studies have ranged from HIV/AIDS prevention and care, condom promotion, maternal and child health and governance to gender empowerment, water and environmental sanitation, education, and disaster risk reduction.

He is well versed in both quantitative and qualitative research methods having directed large national surveys, telephonic interviews, rapid feedback studies, focus group discussions, in-depth and key informant interviews, observations, participatory rural appraisals, and ethnographic immersions with urban and rural audiences. Studies included many difficult-to-reach populations: commercial sex workers, men having sex with men, hijras/ transgenders, injecting drug users, truck drivers, migrant workers, gate keepers in the commercial sex trade, employers of bonded labourers, and people living with HIV/AIDS.

Mr. Bhanot has conducted numerous usage and attitude studies, brand health trackers, and concept and new product tests. He also has expertise in segmentation and positioning studies, advertising and media studies, customer satisfaction studies, and distribution studies for a wide range of clients (Pfizer, Colgate, Unilever, Coca-Cola, Barclays Bank, Shell, BAT, Wrigley's, Glaxo Smithkline, Cadburys, Nestle, Delmonte, East Africa Breweries, and Tetra Pac).

Mr. Bhanot has worked and travelled extensively across India, Bangladesh, Nepal, Afghanistan, Myanmar, Cambodia, Vietnam, Kenya, Uganda, Tanzania, Ethiopia, Eritrea, Djibouti, Somaliland, and South Africa. He has presented and published research papers, and has contributed marketing research case studies to books by prominent authors.

For more details visit https://cis-india.org/internet-governance/events/idex-impact-assessment-workshop

Social media promotions can backfire, too

praskrishna — 2013-11-14T05:24:44Z

Social media is a highly effective marketing tool for companies but its very ubiquity and the speed with which messaging goes viral has meant that it can hurt them badly as well, especially since platforms are not always moderated and can be hacked or misused.

The article by Ratna Bhushan and Varuni Khosla was published in the Times of India on November 11, 2013. Sunil Abraham is quoted.

It's not just bad language and racially or socially insensitive messages seemingly originating from official Twitter handles, some companies are guilty of poorly judged promotions resulting in consumer backlash.

On the eve of the country's largest broadcaster Star India rebranding its sport channels last week, the Star Sports Twitter handle posted abusive language. Star India said the account had had been hacked, but by then the tweet had gone viral.

Just before that, the Board of Control for Cricket in India Twitter handle had cricket legend Sachin Tendulkar's digital autograph along with bad language on the eve of his retirement from the sports.

Two days before Diwali, beverage and snacks maker PepsiCo ran a contest on Twitter asking contestants to tweet their version of the Ramayana. That caused outrage on social media, led by writer Chetan Bhagat.

PepsiCo quickly apologised and removed the promotion but not before it got flooded by tweets from those who were upset by the move. While Star and BCCI blamed hackers and PepsiCo's scored an own goal, social media experts say companies need to be more responsible.

"Our intent was to involve young Indians in one of India's most loved festivals. We took immediate action and withdrew the contest," the beverage maker's spokesperson said.

AStar Sports spokesperson also said the firm had apologised for the offensive tweet. "We have investigated the issue. A thirdparty vendor had abused his privileged access to the account. We are in the process of taking necessary action and will ensure that no such event recurs."

But ensuring third-party quality control may be easier said than done. "Many companies are unable to handle their social media operations because they usually outsource these to companies that don't get paid well enough (say Rs 50,000 to Rs 60,000 per month).

Hence the people handling the accounts could be anyone from an untrained 22-year-old fresh out of college or someone who has no skill set in the social media space," said Gaba.

Sometimes humour can turn offensive too. In the middle of last year, when Sachin Tendulkar made his eagerly awaited 100th international century, a tweet from insurance services firm Bajaj Allianz went: Congrats to Sachin for his long awaited 100th ton. Now don't delay your retirement planning. #RetireRich #JiyoBefikar.

That caused much offence to Tendulkar's fans. Or take the case of Fortis, which sought to promote breast feeding week last year with the hashtag AgarMaKaDudhPia-HaiTo. Predictably, this one too ran into trouble.

"Social media by definition, unlike broadcast media, cannot be controlled. Therefore, even if you take all conceivable precautions there can be unintended consequences. But India is culturally as complicated as a continent — therefore, it requires a very sophisticated understanding and nuance to pull off humour that is universally appealing and does not offend anyone," said Abraham. Last week, the seven-year-old Twitter's stock rose 73% on its debut, with a market value of $31 billion, making it one of the most successful IPOs of the year and beating even its own expectations. Globally, examples abound of companies or institutions making on Twitter bloopers.

"Companies shouldn't always come up with the excuse that their account was hacked... they need to be accountable. A senior member of the team should always oversee tweets before they're sent out," said Ankita Gaba, co-founder of socialsamosa.com, an Indian social media knowledge storehouse.

Sunil Abraham, executive director of the Centre for Internet and Society, a non-profit research organisation that works on policy issues relating to freedom of expression and privacy, said, "The BCCI disaster is because they have taken automation too far. Automation of social media interactions can be useful but without careful human oversight, it can very easily be gamed by rogue elements online."

A PepsiCo India spokesman said the firm's #Ramayana140 Twitter contest "unintentionally caused some concern to consumers".

For more details visit https://cis-india.org/news/economic-times-november-11-2013-ratna-bhushan-varuni-khosla-social-media-promotions-can-backfire-too

The Evolving Cyber Threat and How to Address It

praskrishna — 2013-11-18T10:49:15Z

Larry Clinton, the President and Chief Executive Officer of the Internet Security Alliance will give a talk on cyber threat and how to address the same. The talk will be held at the office of the Centre for Internet and Society in Bangalore on November 22, 2.30 p.m. to 3.30 p.m.

The talk will broadly cover the following:

Using Public-Private Partnerships to Enhance Cyber Security
Ongoing Threat of Cyber-attacks Must be Fought on Both a Technical and Economic Basis
Targeted Education's Critical Role in Cyber security
Combating the Persistent Cyber Security Threat in the Manufacturing Industry / Cyber Security Threats to the Supply Chain
Economics of Cyber Security

Larry Clinton

Larry Clinton is the President and Chief Executive Officer of the Internet Security Alliance (ISA). ISA is a multi-sector trade association with membership from virtually every one of the designated critical industry sectors. The mission of the ISA is to combine advanced technology with economics and public policy to create a sustainable system of cyber security.

Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security “Social Contract,” which is both the first and last source cited in the Executive Summary of President Obama’s “Cyberspace Policy Review” (click here for report). This report also cited more than a dozen of ISA’s white papers – far more than any other source. Recently, these ISA documents were also the inspiration for many of the recommendations in the House Republican Cyber Security Task Force Report (click here for report).

Mr. Clinton is known for his ability to take the complicated issues in this space and explain them clearly to a wide range of audiences: professional, policy makers and the general public. He has been featured in mass media such as USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC. He has also authored numerous professional journal articles on cyber security. This year he has published articles in the Cutter IT Journal, the Journal of Strategic Security and the Journal of Software Technology (click here for a full list of articles and other ISA news appearances).

The ISA’s pro-market, incentives-based approach to cyber security, rather than regulation, is outlined in its numerous publications, including the ISA Cyber Security Social Contract and Financial Management of Cyber Security series, which were written by the ISA Board of Directors and edited by Mr. Clinton (click here for the full list of ISA Publications).

For more details visit https://cis-india.org/internet-governance/events/evolving-cyber-threat-and-how-to-address-it

Interview with Caspar Bowden - Privacy Advocate and former Chief Privacy Adviser at Microsoft

maria — 2013-11-06T08:16:05Z

Maria Xynou recently interviewed Caspar Bowden, an internationally renowned privacy advocate and former Chief Privacy Adviser at Microsoft. Read this exciting interview and gain an insight on India's UID and CMS schemes, on the export of surveillance technologies, on how we can protect our data in light of mass surveillance and much much more!

Caspar Bowden is an independent advocate for better Internet privacy technology and regulation. He is a specialist in data protection policy, privacy enhancing technology research, identity management and authentication. Until recently he was Chief Privacy Adviser for Microsoft, with particular focus on Europe and regions with horizontal privacy law.

From 1998-2002, he was the director of the Foundation for Information Policy Research (www.fipr.org) and was also an expert adviser to the UK Parliament for the passage of three bills concerning privacy, and was co-organizer of the influential Scrambling for Safety public conferences on UK encryption and surveillance policy. His previous career over two decades ranged from investment banking (proprietary trading risk-management for option arbitrage), to software engineering (graphics engines and cryptography), including work for Goldman Sachs, Microsoft Consulting Services, Acorn, Research Machines, and IBM.

The Centre for Internet and Society interviewed Caspar Bowden on the following questions:

1. Do you think India needs privacy legislation? Why / Why not?

Well I think it's essential for any modern democracy based on a constitution to now recognise a universal human right to privacy. This isn't something that would necessarily have occurred to the draft of constitutions before the era of mass electronic communications, but this is now how everyone manages their lives and maintains social relationships at a distance, and therefore there needs to be an entrenched right to privacy – including communications privacy – as part of the core of any modern state.

2. The majority of India's population lives below the line of poverty and barely has any Internet access. Is surveillance an elitist issue or should it concern the entire population in the country? Why / Why not?

Although the majority of people in India are still living in conditions of poverty and don't have access to the Internet or, in some cases, to any electronic communications, that's changing very rapidly. India has some of the highest growth rates in take up with both mobile phones and mobile Internet and so this is spreading very rapidly through all strata of society. It's becoming an essential tool for transacting with business and government, so it's going to be increasingly important to have a privacy law which guarantees rights equally, no matter what anyone's social station or situation. There's also, I think, a sense in which having a right to privacy based on individual rights is much preferable to some sort of communitarian approach to privacy, which has a certain philosophical following; but that model of privacy - that somehow, because of a community benefit, there should also be a sort of community sacrifice in individual rights to privacy - has a number of serious philosophical flaws which we can talk about.

3. "I'm not a terrorist and I have nothing to hide...and thus surveillance can't affect me personally." Please comment.

Well, it's hard to know where to begin. Almost everybody in fact has “something to hide”, if you consider all of the social relationships and the way in which you are living your life. It's just not true that there's anybody who literally has nothing to hide and in fact I think that it's rather a dangerous idea, in political culture, to think about imposing that on leaders and politicians. There's an increasing growth of the idea – now, probably coming from America- that political leaders (and even their staff - to get hired in the current White House) should open up their lives, even to the extent of requiring officials to give up their passwords to their social network accounts (presumably so that they can be vetted for sources of potential political embarrassment in their private life). This is a very bad idea because if we only elect leaders, and if we only employ bureaucrats, who do not accord any subjective value to privacy, then it means we will almost literally be electing (philosophical) zombies. And we can't expect our political leaders to respect our privacy rights, if we don't recognise that they have a right to privacy in their own lives also. The main problem with the “nothing to hide, so nothing to fear” mantra is that this is used as a rhetorical tool by authoritarian forces in government and society, who simply wish to take a more paternalistic and protective attitude. This reflects a disillusionment within the “deep state” about how democratic states should function.

Essentially, those who govern us are given a license through elections to exercise power with consent, but this entails no abrogation of a citizen's duty to question authority. Instead, that should be seen as a civic duty - providing the objections are reasonable. People actually know that there are certain things in their lives that they don't wish other people to know, but by indoctrinating the “nothing to hide” ideology, it inculcates a general tendency towards more conformism in society, by inhibiting critical voices.

4. Should people have the right to give up their right to privacy? Why / Why not?

In European data protection law there is an obscure provision which is particularly relevant to medical privacy, but almost never used in the area of so-called sensitive personal data, like political views or philosophical views. It is possible currently for European governments to legislate to override the ability of the individual to consent. So this might arise, for example, if a foreign company sets up a service to get people to consent to have their DNA analysed and taken into foreign databases, or generally where people might consent to a big foreign company analysing and capturing their medical records. I think there is a legitimate view that, as a matter of national policy, a government could decide that these activities were threatening to data sovereignty, or that was just bad public policy. For example, if a country has a deeply-rooted social contract that guarantees the ability to access medical care through a national health service, private sector actors could try to undermine that social-solidarity basis for universal provision of health care. So for those sorts of reasons I do think it's defensible for governments to have the ability in those sectors to say: “Yes, there are areas where people should not be able to consent to give up their privacy!”

But then going back to the previous answer, more generally, commercial privacy policies are now so complicated – well, they've always been complicated, but now are mind-blowingly devious as well - people have no real possibility of knowing what they're consenting to. For example, the secondary uses of data flows in social networks are almost incomprehensible, even for technologists at the forefront of research. The French Data Protection authorities are trying to penalize Google for replacing several very complicated privacy policies by one so-called unified policy, which says almost nothing at all. There's no possible way for people to give informed consent to this over-simplified policy, because it doesn't even tell anything useful to an expert. So again in these circumstances, it's right for a regulator to intercede to prevent unfair exploitation of the deceptive kind of “tick-box” consent. Lastly, it is not possible for EU citizens to waive or trade away their basic right to access (or delete) their own data in future, because this seems a reckless act and it cannot be foreseen when this right might become essential in some future circumstances. So in these three senses, I believe it is proper for legislation to be able to prevent the abuse of the concept of consent.

5. Do you agree with India's UID scheme? Why / Why not?

There is a valid debate about whether it's useful for a country to have a national identity system of some kind - and there's about three different ways that can be engineered technically. The first way is to centralise all data storage in a massive repository, accessed through remote terminal devices. The second way is a more decentralised approach with a number of different identity databases or systems which can interoperate (or “federate” with eachother), with technical and procedural rules to enforce privacy and security safeguards. In general it's probably a better idea to decentralise identity information, because then if there is a big disaster (or cyber-attack) or data loss, you haven't lost everything. The third way is what's called “user-centric identity management”, where the devices (smartphones or computers) citizens use to interact with the system keep the identity information in a totally decentralised way.

Now the obvious objection to that is: “Well, if the data is decentralised and it's an official system, how can we trust that the information in people's possession is authentic?”. Well, you can solve that with cryptography. You can put digital signatures on the data, to show that the data hasn't been altered since it was originally verified. And that's a totally solved problem. However, unfortunately, not very many policy makers understand that and so are easily persuaded that centralization is the most efficient and secure design – but that hasn't been true technically for twenty years. Over that time, cryptographers have refined the techniques (the alogithms can now run comfortably on smartphones) so that user-centric identity management is totally achievable, but policy makers have not generally understood that. But there is no technical reason a totally user-centric vision of identity architecture should not be realized. But still the UID appears to be one of the most centralised large systems ever conceived.

There are still questions I don't understand about its technical architecture. For example, just creating an identity number by itself doesn't guarantee security and it's a classic mistake to treat an identifier as an authenticator. In other words, to use an identifier or knowledge of an identifier - which could become public information, like the American social security number – to treat knowledge of that number as if it were a key to open up a system to give people access to their own private information is very dangerous. So it's not clear to me how the UID system is designed in that way. It seems that by just quoting back a number, in some circumstances this will be the key to open up the system, to reveal private information, and that is an innately insecure approach. There may be details of the system I don't understand, but I think it's open to criticism on those systemic grounds.

And then more fundamentally, you have to ask what's the purpose of that system in society. You can define a system with a limited number of purposes – which is the better thing to do – and then quite closely specify the legal conditions under which that identity information can be used. It's much more problematic, I think, to try and just say that “we'll be the universal identity system”, and then you just try and find applications for it later. A number of countries tried this approach, for example Belgium around 2000, and they expected that having created a platform for identity, that many applications would follow and tie into the system. This really didn't happen, for a number of social and technical reasons which critics of the design had predicted. I suppose I would have to say that the UID system is almost the anithesis of the way I think identity systems should be designed, which should be based on quite strong technical privacy protection mechanisms - using cryptography - and where, as far as possible, you actually leave the custody of the data with the individual.

Another objection to this user-centric approach is “back-up”: what happens when you lose the primary information and/or your device? Well, you can anticipate that. You can arrange for this information to be backed-up and recovered, but in such a way that the back-up is encrypted, and the recovered copy can easily be checked for authenticity using cryptography.

6. Should Indian citizens be concerned about the Central Monitoring System (CMS)? Why / Why not?

Well, the Central Monitoring System does seem to be an example of very large scale “strategic surveillance”, as it is normally called. Many western countries have had these for a long time, but normally only for international communications. Normally surveillance of domestic communications is done under a particular warrant, which can only be applied one investigation at a time. And it's not clear to me that that is the case with the Central Monitoring System. It seems that this may also be applicable to mass surveillance of communications inside India. Now we're seeing a big controversy in the U.S - particularly at the moment - about the extent to which their international strategic surveillance systems are also able to be used internally. What has happened in the U.S. seems rather deceptive; although the “shell” of the framework of individual protection of rights was left in place, there are actually now so many exemptions when you look in the detail, that an awful lot of Americans' domestic communications are being subjected to this strategic mass surveillance. That is unacceptable in a democracy.

There are reasons why, arguably, it's necessary to have some sort of strategic surveillance in international communications, but what Edward Snowden revealed to us is that in the past few years many countries – the UK, the U.S, and probably also Germany, France and Sweden – have constructed mass surveillance systems which knowingly intrude on domestic communications also. We are living through a transformation in surveillance power, in which the State is becoming more able to monitor and control the population secretively than ever before in history. And it's very worrying that all of these systems appear to have been constructed without the knowledge of Parliaments and without precise legislation. Very few people in government even seem to have understood the true mind-boggling breadth of this new generation of strategic surveillance. And no elections were fought on a manifesto asking “Do people want this or not?”. It's being justified under a counter-terrorism mantra, without very much democratic scrutiny at all. The long term effects of these systems on democracies are really uncharted territory.

We know that we're not in an Orwellian state, but the model is becoming more Kafkaesque. If one knows that this level of intensive and automated surveillance exists, then it has a chilling effect on society. Even if not very much is publicly known about these systems, there is still a background effect that makes people more conformist and less politically active, less prepared to challenge authority. And that's going to be bad for democracy in the medium term – not just the long term.

7. Should surveillance technologies be treated as traditional arms / weapons? If so, should export controls be applied to surveillance technologies? Why / Why not?

Surveillance technologies probably do need to be treated as weapons, but not necessarily as traditional weapons. One probably is going to have to devise new forms of export control, because tangible bombs and guns are physical goods – well, they're not “goods”, they're “bads” - that you can trace by tagging and labelling them, but many of the “new generation” of surveillance weapons are software. It's very difficult to control the proliferation of bits – just as it is with copyrighted material. And I remember when I was working on some of these issues thirteen years ago in the UK – during the so-called crypto wars – that the export of cryptographic software from many countries was prohibited. And there were big test cases about whether the source code of these programs was protected under the US First Amendment, which would prohibit such controls on software code. It was intensely ironic that in order to control the proliferation of cryptography in software, governments seemed to be contemplating the introduction of strategic surveillance systems to detect (among other things) when cryptographic software was being exported. In other words, the kind of surveillance systems which motivated the “cypherpunks” to proselytise cryptography, were being introduced (partly) with the perverse justification of preventing such proliferation of such cryptography!

In the case of the new, very sophisticated software monitoring devices (“Trojans”) which are being implanted into people's computers – yes, this has to be subject to the same sort of human rights controls that we would have applied to the exports of weapon systems to oppressive regimes. But it's quite difficult to know how to do that. You have to tie responsibility to the companies that are producing them, but a simple system of end-user licensing might not work. So we might actually need governments to be much more proactive than they have been in the past with traditional arms export regimes and actually do much more actively to try and follow control after export – whether these systems are only being used by the intended countries. As for the law enforcement agencies of democratic countries which are buying these technologies: the big question is whether law enforcement agencies are actually applying effective legal and operational supervision over the use of those systems. So, it's a bit of a mess! And the attempts that have been made so far to legislate this area I don't think are sufficient.

8. How can individuals protect their data (and themselves) from spyware, such as FinFisher?

In democratic countries, with good system of the rule of law and supervision of law enforcement authorities, there have been cases – notably in Germany – where it's turned out that the police using techniques, like FinFisher, have actually disregarded legal requirements from court cases laying down the proper procedures. So I don't think it's good enough to assume that if one was doing ordinary lawful political campaigning, that one would not be targeted by these weapons. So it's wise for activists and advocates to think about protecting themselves – of course, other professions as well who look after confidential information – because these techniques may also get into the hands of industrial spies, private detectives and generally by people who are not subject to even the theoretical constraints of law enforcement agencies.

After Edward Snowden's revelations, we understand that all our computer infrastructure is much more vulnerable – particularly to foreign and domestic intelligence agencies – than we ever imagined. So for example, I don't use Microsoft software anymore – I think that there are techniques which are now being sold to governments and available to governments for penetrating Microsoft platforms and probably other major commercial platforms as well. So, I've made the choice, personally, to use free software – GNU/Linux, in particular – and it still requires more skill for most people to use, but it is much much easier than even a few years ago. So I think it's probably wise for most people to try and invest a little time getting rid of proprietary software if they care at all about societal freedom and privacy. I understand that using the latest, greatest smartphone is cool, and the entertainment and convenience of Cloud and tablets – but people should not imagine that they can keep those platforms secure.

It might sound a bit primitive, but I think people should have to go back to the idea that if they really want confidential communications with their friends, or if they are involved with political work, they have to think about setting aside one machine - which they keep offline and just use essentially for editing and encrypting/decrypting material. Once they've encrypted their work on their “air gap” machine, as it's called, then they can put their encrypted emails on a USB stick and transfer them to their second machine which they use to connect online (I notice Bruce Schneier is just now recommending the same approach). Once the “air gap” machine has been set up and configured, you should not connect that to the network – and preferably, don't connect it to the network, ever! So if you follow those sorts of protocols, that's probably the best that is achievable today.

9. How would you advise young people working in the surveillance industry?

Young people should try and read a little bit into the ethics of surveillance and to understand their own ethical limits in what they want to do, working in that industry. And in some sense, I think it's a bit like contemplating a career in the arms industry. There are defensible uses of military weapons, but the companies that build these weapons are, at the end of the day, just corporations maximizing value for shareholders. And so, you need to take a really hard look at the company that you're working for or the area you want to work in and satisfy your own standard of ethics, and that what you're doing is not violating other people's human rights. I think that in the fantastically explosive growth of surveillance industries that we've seen over the past few years – and it's accelerating – the sort of technologies particularly being developed for electronic mass surveillance are fundamentally and ethically problematic. And I think that for a talented engineer, there are probably better things that he/she can do with his/her career.

For more details visit https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate

Open Secrets

nishant — 2013-11-30T08:21:21Z

We need to think of privacy in different ways — not only as something that happens between people, but between you and corporations.

Dr. Nishant Shah's article was originally published in the Indian Express on October 27.

If you are a part of any social networking site, then you know that privacy is something to be concerned about. We put out an incredible amount of personal data on our social networks. Pictures with family and friends, intimate details about our ongoing drama with the people around us, medical histories, and our spur-of-the-moment thoughts of what inspires, peeves or aggravates us. In all this, the more savvy use filters and group settings which give them some semblance of control about who has access to this information and what can be done with it.

But it is now a given that in the world of the worldwide web, privacy is more or less a thing of the past. Data transmits. Information flows. What you share with one person immediately gets shared with thousands. Even though you might make your stuff accessible to a handful of people, the social networks work through a "friend-of-a-friend effect", where others in your networks use, like, share and spread your information around so that there is an almost unimaginable audience to the private drama of our lives. Which is why there is a need for a growing conversation about what being private in the world of big data means.

Privacy is about having control over the data and some ownership about who can use it and for what purpose. Interface designs and filters that allow limited access help this process. The legal structures are catching up with regulations that control what individuals, entities, governments and corporations can do with the data we provide. However, most people think of privacy as a private matter. Just look at last month's conversations around Facebook's new privacy policies, which no longer allow you to hide. If you are on Facebook, people can find you using all kinds of parameters — meta data — other than just your name. They might find you through hobbies, pages you like, schools you have studied in, etc. This can be scary because it means that based on particular activities, people can profile and follow you. Especially for people in precarious communities — the young adults, queer people who might not be ready to be out of the closet, women who already face increased misogyny and hostility online. This means they are officially entering a stalkers' paradise.

While those concerns need to be addressed, there is something that seems to be missing from the debate. Almost all of these privacy alarms are about what people can do to people. That we need to protect ourselves from people, when we are in public — digital or otherwise. We are reminded that the world is filled with predators, crackers and scamsters, who can prey on our personal data and create physical, emotional, social and financial havoc. But this is the world we already know. We live in a universe filled with perils and we have learned and coped with the fact that we navigate through dangerous spaces, times and people all the time. The digital is no different than the physical when it comes to the possible perils that we live in, though digital might facilitate some kinds of behaviour and make data-stalking easier.

What is different with the individualised, just-for-you crafted world of the social web is that there are things which are not human, which are interacting with you in unprecedented ways. Make a list of the top five people you interact with on Facebook. And you will be wrong. Because the thing that you interact with the most on Facebook, is Facebook. Look at the amount of chatter it creates — How are you feeling today?; Your friend has updated their status; Somebody liked your comment… the list goes on. In fact, much as we would like to imagine a world that revolves around us, we know that there are a very few people who have the energy and resources to keep track of everything we do. However, no matter how boring your status message or how pedestrian your activity, deep down in a server somewhere, an artificial algorithm is keeping track of everything that you do. Facebook is always listening, and watching, and creating a profile of you. People might forget, skip, miss or move on, but Facebook will listen, and remember long after you have forgotten.

If this is indeed the case, we need to think of privacy in different ways — not only as something that happens between people, but between people and other entities like corporations. The next time there is a change in the policy that makes us more accessible to others, we should pay attention. But what we need to be more concerned about are the private corporations, data miners and information gatherers, who make themselves invisible and collect our personal data as we get into the habit of talking to platforms, gadgets and technologies.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-october-27-2013-nishant-shah-open-secrets

EC guidelines on social media: Welcome move, but not enough

praskrishna — 2013-11-19T10:18:51Z

With election season close by and the growing ubiquity of social media, the Election Commission of India’s recent guidelines for how candidates and political parties must conduct themselves on social media are a well-intentioned step. But are these guidelines enough to regulate how online media is used by parties and candidates, given the kind of proxy wars that are played online? For now, not really.

This article was published in the First Post on November 1. Sunil Abraham is quoted.

For the first time time, the EC is seeking detailed expenditure records, and disclosure of all authentic social media accounts of every candidate. The guidelines have also looked at online advertising and the EC has asked that all ads by political parties should be pre-certified before they are released online. In fact, Firstpost’s Pallavi Pollanki had reported even before the guidelines were published that the EC was working towards monitoring the use of social media. You can read the full story here.

Currently, however, the guidelines don’t take into account, content posted by persons other than candidates and political parties. The last paragraph of the EC’s order states, “As far as the content posted by persons other than candidates and political parties is concerned, the Commission is considering the matter in consultation with the Ministry of Communication and Information Technology on practical ways to deal with the issue, in so far as they relate to, or can be reasonably connected with, the election campaigning of political parties and candidates.”

The nature of the web is such that possible to create many IPs, change Twitter handles, create new user ids on public discussion forums. Thus it becomes very hard to gauge who is a volunteer/ just another ordinary supporter or who is a paid supporter. Even the EC acknowledges that.

Sunil Abraham, Director of the Centre for Internet and Society based in Bangalore, has a valid point on this. He says, “The guidelines only regulate the social media accounts of politicians and their parties. It does not regulate social media content published by others. This basically means that the EC needs to develop sophisticated tools to detect astroturfing, sock puppetry, meat puppetry and other forms of manipulation of the networked public sphere. Without these tools it would not be possible to tell when politicians and political parties use proxies to circumvent the guidelines.”

Astroturfing, for instance is when a site or an independent entity claims to be completely neutral and in favour of a political message without revealing its funding source. Very often software is used to create many online avatars. Sometimes it’s one person with many online identities which is also known as sock puppetry.

So yes, there might be online content or websites that claim to be independent and supports or mocks a particular leader but it might not always be possible to know who is financing them. While the EC might be able to keep a tab on official Twitter handles and Facebook and perhaps other few that are revealed by the party, it will be very hard to pinpoint proxy accounts, websites etc.

For example when it comes to a leader like Modi, there are many websites that are pro and anti-Modi. One in particular which defends Modi is called Godhra Riots the True Story and seeks to tell what it claims is the true tale behind the Godhra riots. When you type Godhra Riots, it is the number two search result in Google. In the About Us section, the website claims to be run by well-wishers of humanity and gives only a vague idea of its owner.

The site tries to absolve Modi, but since it doesn’t claim to be run by any political party, it doesn’t come under the purview of the EC’s guidelines and there is no reason to reveal who runs or funds it.

Counter to that is another website called Truth of Gujarat, which seeks to reveal the truth behind Narendra Modi’s development and other claims. The work published on the site bears bylines prominently but there is no easy way of knowing who finances the site and its research. The fact is that everyone claims to be represent a certain version of the truth on the web and when you don’t know the source, it becomes deeply problematic.

There’s also the question of Internet trolls who are largely un-touched by the guidelines. And there’s no denying that trolls do form a large part of the online political discourse in India.

We asked Ishan Russel, the managing partner for The Image People, a firm that specialises in political campaign management, if the guidelines are insufficient to deal with trolls.

He wrote, “Social media has ensured that a lot more people are expressing their opinion plus the added advantage of anonymity makes it easy for trolling. The days of the political class laying down the agenda are perhaps over… To try and regulate every comment is impossible, the best perhaps the EC can ensure is that no hateful campaigning happens online.”

EC also wants pre-certification for online advertising. But Sunil feels that pre-certification is overkill. He says, “This will greatly reduce the agility required by political parties on social media. Post facto notification would have been a sufficient measure to ensure compliance with the guidelines and other regulations of the EC.”

Ishant however says that pre-certification is good especially for video-based content, “In cases where for example a video ad is used it is good perhaps to pre-screen it so that it does not violate any norms.” He feels it is necessary to ensure that the online space remains fair too.

It would be fair to say that for now while the EC’s guidelines were much-needed but given the way the Internet works, they still have a long way to go.

For more details visit https://cis-india.org/news/firstpost-november-1-2013-shruti-dhapola-ec-guidelines-on-social-media

Mapping Digital Media: Broadcasting, Journalism and Activism in India: A Public Consultation

samantha — 2013-11-07T03:38:45Z

Lawyers, researchers, journalists and activists gathered on Sunday, October 27, 2013 at the Bangalore International Centre in response to India’s country report on Mapping Digital Media, which examines citizen’s access to quality news and information across different industries, and impacts on media freedoms as a result of digitisation. Respondents examined themes related to regulation, journalism and activism, and engaging discussions took place among attendees.

On behalf of event organizers, we invite you to view the report, available online for free access here: "Mapping Digital Media: India.

Event organizers, Alternative Law Forum, The Centre for Internet & Society, and Maraa, held a public consultation at the Bangalore International Centre with the ultimate goals to inform and engage the public within key themes of the Mapping Digital Media: India report, as a new knowledge basis for better understanding India’s transitioning digital landscape. Many resulting ideas about moving forward with the report’s findings also came about, as prospective proceeding steps within the life cycle following the report’s release.

Respondents consisted of reputed media lawyers, researchers, journalists, activist and other media professionals. Each spoke before the meeting room within three panel discussions pertaining to different sections of the report: Policies, Laws and Regulators; Digital Activism; and Digital Journalism. Each speaker shed a new light on key challenges confronting our emergent digital media landscape with special focus given to broadcasting (radio and television), cable operations and newspapers (print & online) as each of these sectors undergo digitisation.

Opening

Vibodh Parthasarathi, who had anchored the country report, started off the consultation by underscoring the report's objective of mapping the different sectors and seemingly disparate aspects of India's complex media landscape. Following a brief introduction to the report was the setting of the stage by Alternative Law Forum Co-founder and Partner, Lawrence Liang, as he shared the ultimate aims of the event in speaking collectively to the report so that we may gain a better understanding of an area that is otherwise opaque by most. Lawrence also brings to the forefront the report’s debunking of the idea of the digital divide for India, and its account of a rich media landscape.

Policies, Laws and Regulators

The consultation’s first panel discussion was started by Lawrence, as he responded to the report from a perspective of legality. Lawrence examines the role of the state in India’s rich media landscape, specifically in terms of the four values at the centre of such: freedom of speech and expression, access to infrastructure, the question of development, and the question of market regulations—all of which are tied together within the country report. Lawrence argues that we must arrive at quantitative measures of accessing diversity and quantity of freedom of speech, but only after understanding the ecology in which freedom of speech operates, and attempts to do so in examining drafted policies, policing measures, and market regulatory measures taken within the context of India.

Thirty attendees including journalists, activists, academics, and lawyers, all brought forth different perspectives on digital media in India.

Following was Matthew John, Associate Professor and Executive Director of the Centre on Public law and Jurisprudence. Matthew shared his impressions on the report, while making reference to three issues the report asks us to rethink; these being: public reason, the regulatory state, and the question of distribution. Matthew gives rise to a democratic problem in the public sphere of communication and claims that how it is addressed and resolved must be paid attention to. He makes reference to the history of telecom cases in responding to the question of how we are going to think about freed up telecom, and contrasts different types of regulatory agencies in asking the question of whether or not we should separate regulation from politics.

An engaging discussion following this panel’s speakers took place. Amongst points made by event attendees includes questions of how to scale up the citizen’s stake in media within a legal paradigm, as well as points made with reference to challenges to equity in media in terms of content and challenges to such.

Digital Media and Society (Digital Activism)

The discussion had begun with panelist, Arjun Venkatraman, Co-founder of the Mojolab Foundation as well as the digital activism platform, Swara. Arjun engages within the digital media debate in speaking on behalf of members of civil society that act from within the digital divide and exposes the gaps within new modes of activism that arise out of a lack of understanding on how to engage with these new medias. He also informed attendees of how to make cheap IVR based voice portals, linking voice users to the web for under USD200 as means of leveraging users’ voices via unlicensed spectrum.

Also contributing to the discussion on digital activism was Meera K, Cofounder of Bangalore News publication, Citizen Matters. In examining examples of new spaces that digital media has provided for the exchange of pluralistic views and alternative voices, Meera critiques different types of activism that have emerged, including social activism, political activism, and middle class activism. She questions whether new media can be seen as sufficient space for free speech with reference to various challenges, such as the polarization of debates, and also compares and contrasts the positive outcomes of new media campaigns—such as tangible capitalized solutions—with corresponding pitfalls.

A debate amongst attendees followed in response to the question of assessing the value of media in terms of impact or size of public outreach, along with how content is generated and controlled.

Digital Media and Journalism

Independent journalist and media analyst, Geeta Seshu, got the conversation started regarding digital media and journalism by comparing the pitfalls of journalism in traditional media with the possibilities offered by digital journalism. Geeta argues that journalists have become devalued and are losing their footing within traditional media. She discussed the new forms of journalism and how news can be generated in an interactive and non-hierarchical manner and examined the intersections of mainstream media and journalism. She questions the possibility of digital journalism existing on its own, without the influence of or incorporation of principles of traditional media, and grapples with possibilities for providing a new model for doing so.

The day’s last speaker was Subhash Rai, Associate Editor of New Indian Express. Subhash offers a mainstream perspective and argues that we must look at traditional and mainstream forms of media as a starting point for emerging forms of journalism before we can begin to understand these journalism models better. Just as well, traditional and mainstreams means of news dissemination can learn from digital media, however we should not be quick to look away from the core of the entire picture, as traditional forms of media are still very strong in comparison.

A discussion followed surrounded questions posed by speakers and attendees, such as what digital journalism should look like, and how such a transition to new forms of media should be imagined. How information has changed with respect to its creation and consumption was debated as well.

Moving Forward

Before the conclusion of the public consultation, attendees and speakers discussed future advancements for the country report. Many recommendations and ideas were generated, including suggestions for future public consultations, advocacy windows offered by the report, and ways to produce another iteration of the report. Prospective initiatives included online working groups to dive deeper into specific themes of the report, a Hackathon where attendees will pool ideas together, and follow-up public consultations.


Participants brainstormed together on how to move forward the report’s findings. Many ideas were drafted, including a Hack-a-thon and online focus groups.

The event's agenda went as follows:

Time	Detail
10.00 a.m.	Introductory Remarks by Vibodh Parthasarathi, CCMG, Jamia
10.15 a.m. - 11.30 a.m.	Policies, Laws and Regulators Session Moderator – Ram Bhat Speakers – Lawrence Liang (ALF) and Mathew John (JGLS)
11.30 a.m. - 11.45 a.m.	Tea Break
11.45 a.m. - 1.15 p.m.	Digital Media and Society (Digital Activism) Session Moderator – Lawrence Liang Speakers – Arjun Venkatraman (Mojolab) and Meera K (Citizen Matters)
1.15 p.m. - 2.00 p.m.	Lunch Break
2.00 p.m. - 3.15 p.m.	Digital Media and Journalism Session Moderator – Vibodh Parthasarathi Speakers – Geeta Seshu (Free Speech Hub) and Subhash Rai (newindianexpress.com)
3.15 p.m. - 4.00 p.m.	The Way Ahead (Moving Forward) Moderated by Lawrence Liang

Event Participants

Rashmi Vallabhrajasyuva
Meera K, Oorvani Foundation
Samantha Cassar, CIS
Sharath Chandra Ram, CIS
Suresh Kumar, Artist
Aruna Sekhar, Amnesty India
Sriram Sharma, Part time Blogger
Ammu Joseph, Independent Researcher
Mathew John, Jindal Global Law School
Swati Mehta, The Rules
James North, The Rules
Bhairav Acharya, Lawyer
Deepa Kurup, The Hindu
Abhilash N, Independent
Deepu, Pedestrian Pictures
Rashmi M, PhD Student at NIAS
Jayanth S, LOCON Solutions Pvt Ltd.
Nehaa Chaudhari, CIS
Dinesh TB, Servelots
Snehashish Ghosh, CIS
Lawrence Liang, ALF
Vibodh Parthasarathi, CCMG, Jamia
Ram Bhat, Maraa
Ashish Sen, AMARC
Subhash Rai, New Indian Express
Geeta Seshu, Free Speech Hub, The Hoot
Arjun Venkatraman, Mojo Lab Foundation
Raajen, Centre for Education and Documentation
Ekta, Maraa
Smarika Kumar, ALF

Press Coverage

Need to increase diversity in online journalism (The New Indian Express, October 28, 2013).
Experts moot holistic approach to media laws (The Hindu, October 28, 2013).

For more details visit https://cis-india.org/internet-governance/blog/mapping-digital-media-broadcasting-journalism-activism-india

October 2013 Bulletin

praskrishna — 2014-01-04T04:31:01Z

Our newsletter for the month of October 2013 can be accessed below.

Highlights

The National Resource Kit team is pleased to bring you its research for the states of Delhi, Madhya Pradesh and Arunachal Pradesh, and the Union Territory of Daman and Diu.
The Department of Electronics and Information Technology invited comments on the Framework on the proposed adoption of Open Source Software in E-Governance Systems. CIS gave its feedback.
The Access to Knowledge team in collaboration with the Goa University re-released the Konkani Vishwakosh under Creative Commons License CC-BY-SA-3.0.
Sunil Abraham, Pranesh Prakash and Chinmayi Arun participated in the Internet Governance Forum held in Bali, Indonesia from October 21 to 25. Overall CIS spoke in 7 panels.
In an article on Spy Files, Maria Xynou examines the legality of India’s surveillance technologies and their potential connection to India’s central monitoring system.
A clause-by-clause comments on the Working draft version of the Human DNA Profiling Bill, 2012 was sent to the Ministry of Science and Technology.
CIS started the first Privacy Watch in India. The map includes data on the UID, NPR and CCTNS schemes, installation of CCTV cameras and the use of drones throughout the country.

Accessibility

As part of our project (under a grant from the Hans Foundation) on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India, we bring you draft chapters for the states of Madhya Pradesh and Arunachal Pradesh, and the union territory of Daman and Diu. With this we have completed compilation of draft chapters for 24 states and 5 union territories. Feedback and comments are invited from readers for the following chapters:

National Resource Kit

The Daman and Diu Chapter (by Anandhi Viswanathan, October 28, 2013).
The Arunachal Pradesh Chapter (by CLPR, October 29, 2013).
The Madhya Pradesh Chapter (by Anandhi Viswanathan, October 30, 2013).
The Delhi Chapter (by Anandhi Viswanathan, October 31, 2013).

Note: All of these are early drafts and will be reviewed and updated.

Survey (Other Organisation)

Accessibility of Banks and Financial Services Institutions: A Global Survey (posted by Nilofar Ansher, October 20, 2013). G3ict and Scotiabank, requests senior managers, COO / CEOs, Managing Directors, IT Directors, HR Directors, and accessibility professionals from banks and financial services companies to participate.

Blog Entry

Bengali eSpeak Aids in Disaster Management (by Anirudh Sridhar, October 15, 2013).

Access to Knowledge

The Access to Knowledge programme addresses the harms caused to consumers and human rights, and critically examines Open Government Data, Open Access to Scholarly Literature, and Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software. We produced a column in the Economic and Political Weekly, submitted our feedback on Framework on Open Source Software Adoption in E-Governance Systems, and conducted 3 Wikipedia workshops:

Article

The Fight for Digital Sovereignty (by Sunil Abraham, Economic and Political Weekly, Vol-XLVIII No. 42, October 19, 2013).

Blog Entries

Mobile Phone Patents: Prior Art Survey (by Nehaa Chaudhari, October 23, 2013).
Ambiguity in the App Store: Understanding India’s emerging IT sector in light of IP (by Samantha Cassar, October 24, 2013).

Submission

Feedback on the Framework on OSS Adoption in E-Governance Systems (by Nehaa Chaudhari, October 26, 2013). In September, 2013, the DeitY invited comments on the Framework on the proposed adoption of Open Source Software in E-Governance Systems. CIS gave its feedback.

Events Participated In

OSOD 2013: International Workshop on Open Science and Open Data (organised by Indian Statistical Institute, Bangalore, October 7, 2013). Nehaa Chaudhari participated as a panelist and gave a presentation on Government Accessibility and Copyright Conundrum.

National Conference on Opening up by Closing the Circle: Strengthening Open Access in India (co-organised by UNESCO, Central Library, Jawaharlal Nehru University and the Commonwealth Educational Media Centre for Asia, October 21, 2013). Nehaa Chaudhari was a panelist in the discussion on "Why Open Access?". She gave a presentation on 'Pondering Copyright and Recasting Openness'.

Note: The following has been done under grant from the Wikimedia Foundation (http://bit.ly/SPqFOl). As part this project (http://bit.ly/X80ELd), we held 3 Wikipedia workshops in October:

Event Co-organised

Re-release of Konkani Vishwakosh under CC-BY-SA 3.0 (organised by Goa University and CIS-A2K, Goa University Conference Hall, September 26, 2013). Nitika Tandon has blogged about the event.

Events Organised

Workshop on Wikipedia in the Indian Undergraduate Language Classrooms (October 1, 203, Christ University, Bangalore). Dr. U.B. Pavanaja conducted the workshop.
Train the Trainer — Four-day long Residential Programme (October 3 – 6, 2013, CEO Center, Gubbi, Bangalore. CIS-A2K Team conducted the workshop. Seventeen people participated in the event.
Konkani Vishwakosh Digitization (Goa University, October 19-20, 2013). CIS-A2K team conducted the workshop. Thirty-seven people participated in the event.

Events Participated In

Re-sourcing Indian Cinema: Humanities Research, New Archives and Collaborative Knowledge Production (organised by the Centre for Contemporary Studies and the Centre for Study of Culture and Society, October 29, 2013). T. Vishnu Vardhan gave a talk on “Let Cinephiles Collaborate: Pleasures and Perils of Indian Film History on Wikipedia”.

Media Coverage

CIS gave its inputs for the following media coverage:

Mangalore: Konkani writers resolve to form all-India forum at JKS conference (Daijiworld, October 1, 2013).
Wikipedia in Indian Languages on Mobile Phones (by Megha Prakash, Sci Dev Net, October 15, 2013).
कोंकणी विश्‍वकोश ‘विकिपीडिया’वर (Navprabha Daily, October 22, 2013). A detailed article about the digitalization of Konkani Vishwakosh.

Internet Governance

CIS is doing a project (under a grant from Privacy International and International Development Research Centre (IDRC)) on conducting research on surveillance and freedom of expression (SAFEGUARDS). So far we have organised seven privacy round-tables and drafted the Privacy (Protection) Bill. This month we bring you clause-by-clause comments on the Human DNA Profiling Bill, 2012, and a map monitoring privacy in India. As part of its project (funded by Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the IDRC) on mapping cyber security actors in South Asia and South East Asia we did an interview with Anja Kovacs on cyber security. With this we have completed a total of 10 video interviews:

Internet Governance Forum

Sunil Abraham, Pranesh Prakash and Chinmayi Arun participated in the Internet Governance Forum held in Bali, Indonesia in the month of October. Overall, CIS spoke in 7 panels:

Charting the Charter: Internet Rights and Principles Online (organised by IRP Coalition, October 22, 2013). Pranesh Prakash was a panelist.
Fair process frameworks for cross-border online spaces (organised by the Internet & Jurisdiction Project, Civil Society of France, Western Europe and Others Group and Internet & Jurisdiction Project, Civil Society of Germany, Western Europe and Others Group, October 22, 2013). Sunil Abraham and Chinmayi Arun were panelists for this workshop.
Removing Barriers to Connectivity: Connecting the Unconnected (organised by Internet Society and ETNO, October 23, 2013). Pranesh Prakash was a panelist.
FOSS: Smart Choice for Developing Countries (organised by TechNation and Open Source Alliance of Central Asia, October 23, 2013). Sunil Abraham spoke on FOSS and IT Growth Policies in South Asia.
Privacy: from regional regulations to global connections? (organised by Internet Society, Bali, October 24, 2013). Sunil Abraham was one of the panelists.
Human rights, freedom of expression and free flow of information on the Internet (a Focus Session on Openness, October 24, 2013). Pranesh Prakash was a speaker at this event.
Taking Stock: Emerging Issues - Internet Surveillance (a session on Internet Surveillance, October 25, 2013). Pranesh Prakash made intervention in this session.
Tweets from Bali IGF 2013: To enable research by those who didn't want to mess around with Twitter's APIs, CIS has made available tweets from the IGF as downloadable .CSV files.

Privacy

Magazine Article

What India can Learn from the Snowden Revelations (by Elonnai Hickok, Yahoo, October 23, 2013). The title of the article was changed in the version published by Yahoo.

Blog Entries

Concerns Regarding DNA Law (by Bhairav Acharya, October 9, 2013): http://bit.ly/1aoxXM9.
Interview with Big Brother Watch on Privacy and Surveillance (by Maria Xynou, October 15, 2013): http://bit.ly/1cRDMbV.
Interview with Bruce Schneier (by Maria Xynou, October 17, 2013): http://bit.ly/GS6oDX.
An Interview with the Tactical Technology Collective (by Maria Xynou, October 18, 2013): http://bit.ly/1i1lVNo.
Interview with Dr. Alexander Dix (by Maria Xynou, October 23, 2013): http://bit.ly/1a7dgtQ.
Open Letter to Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee (by Elonnai Hickok, October 23, 2013): http://bit.ly/17eZntz.
An Interview with Jacob Kohnstamm (by Elonnai Hickok, October 25, 2013): http://bit.ly/17NcQmD.
Spy Files 3: WikiLeaks Sheds More Light on the Global Surveillance Industry (by Maria Xynou, October 25, 2013): http://bit.ly/1d6EmjD.

Comments

Re: The Human DNA Profiling Bill, 2012 (by Bhairav Acharya, October 9, 2013). CIS provided clause-by-clause comments on the on the Working Draft version of the Human DNA Profiling Bill: http://bit.ly/17Jpp63.

Announcement

The India Privacy Monitor Map (by Maria Xynou with assistance from Srinivas Atreya, October 9, 2013). CIS has started a first of its kind Privacy Watch in India. The map includes data on the UID, NPR and CCTNS schemes, as well as on the installation of CCTV cameras and the use of drones throughout the country: http://bit.ly/19A5mCZ.

Event Organised

Privacy Round-table, New Delhi (organised by FICCI, DSCI and CIS, FICCI, Federation House, Tansen Marg, New Delhi, October 19, 2013): http://bit.ly/GAsStr.

Event Participated In

'Free Speech and Media in South Asia: Human Rights Concerns in a Globalizing World (organised by the Programme in Comparative Media Law and Policy, Centre for Socio-Legal Studies, University of Oxford, in collaboration with the Centre for Media and Governance, National Law University, Delhi, Oxford University, October 25, 2013). Chinmayi Arun spoke about “Privacy and Surveillance in India” in a panel discussion: http://bit.ly/18bRGi5.

Cyber Security

Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project:

Part 11: An Interview with Anja Kovacs (October 15, 2013): http://bit.ly/15EAZOE.

Other IG Updates
Event Organised

Mapping Digital Media: Broadcasting, Journalism and Activism in India (co-organised by Alternative Law Forum, Maraa and CIS, Bangalore International Centre, October 27, 2013). Samantha Cassar has blogged about the event: http://bit.ly/17EVtdw. It was covered by the New Indian Express (http://bit.ly/1dGENE6) and Hindu (http://bit.ly/1bcVUIU) on October 28.

Events Participated In

Religious Pluralism and the Tensions between Freedom of Expression and Respect for the 'Other’ (organised by Reset-Dialogues on Civilizations project, in cooperation with Jamia Millia Islamia, India Habitat Centre, New Delhi, October 10, 2013). Chinmayi Arun was a speaker at the session on “Democracy and the Tension between Freedom of Speech and Respect for the Other’s Religion, Culture, Identity, India and Europe”: http://bit.ly/194dtI7.
Fragmentation in a Democracy: The Role of Social Movements and the Media (organised by the Observer Research Foundation, Delhi and Rosa Luxemburg Stiftung, Berlin at Observer Research Foundation, New Delhi, October 16, 2013). Sunil Abraham was a panelist in the session on “Impact of Media, Social Media & Technology on Democracy / Governance”: http://bit.ly/17e3PZ9.
Internet, Mobile & Digital Economy Conference (IMDEC) 2013 (organised by FICCI, in association with the Ministry of Communications & IT, Government of India, New Delhi, October 25, 2013). Sunil Abraham participated as a speaker in the session on "The Internet We Want: A Multistakeholder Approach": http://bit.ly/1b8QHDD.

New and Media Coverage

CIS gave its inputs to the following media coverage:

Decline in web freedom steepest in India: Report (by Javed Anwer, The Times of India, October 3, 2013): http://bit.ly/1cVOJ99.
Google survey: 37% of urban Indian voters are online (by Anuja and Moulishree Srivastava, Livemint, October 8, 2013): http://bit.ly/1gtqqDY.
The quest for genuine clout on the internet (by Karthik Subramanian, October 13, 2013): http://bit.ly/1b8TdKa.
India believes in Complete Freedom of Cyber Space: Kapil Sibal (by Elizabeth Roche, Livemint, October 14, 2013): http://bit.ly/1fZgwd1.
Location Tracking: Why the Govt-Mobile Manufacturer War Won’t End Soon (by Danish Raza, FirstPost, October 15, 2013): http://bit.ly/HkIvF7.
Bouquets & brickbats for Google's new privacy policy (by Indu Nandakumar, Economic Times, October 18, 2013): http://bit.ly/18Rzkqm.
Bali meet to discuss Internet governance issues (by Moulishree Srivastava, October 22, 2013): http://bit.ly/17I4r3M.
Indian politicians yet to tap voters online: CIS’s Abraham (by Venkatesh Upadhyay, Livemint, October 22, 2013): http://bit.ly/17HRV4s.
Beyond the Searchlight (by Debarshi Dasgupta, October 23, 2013): http://bit.ly/17IitlZ.
Nowhere to hide: Govt making your personal details public (by FirstPost editors, FirstPost, October 28, 2013): http://bit.ly/1dGE6KJ.
Your private data may be online, courtesy govt (by Somesh Jha and Surabhi Agarwal, Business Standard, October 29, 2013): http://bit.ly/HpQRMp.
Saving privacy as we knew it (by Somesh Jha and Surabhi Agarwal, Business Standard, October 29, 2013): http://bit.ly/16HNYwu.
E-governance hopes rise as India crosses 1 billion transactions (by J Srikant, Economic Times, October 29, 2013): http://bit.ly/1cnJIKd.

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Events Participated In

GFM 2013 (organized by the University of Luneberg, Germany, October 3 – 5, 2013). Dr. Nishant Shah participated in a panel discussion with Wendy Chun, Tom Levine and Geert Lovink, around 'The End of Bibliographies: New Media and Research'. Nishant also participated as a panelist in a panel discussion on 'Open Up: Pragmatism and Politics of Open Access': http://bit.ly/1f9LCOH.
Digitalization of Culture (organized by Leuphana University, Luneberg, October 8, 2013). Dr. Nishant Shah did an introduction keynote to 1600 undergraduate students. A video of the lecture can be accessed here: http://bit.ly/1enWQPv.
RENEW: The 5th International Conference on the Histories of Media Art, Science and Technology (hosted by RIXC Centre for New Media Culture in Riga in partnership with the Art Academy of Latvia, Stockholm School of Economics in Riga and Danube University’s Center for Image Science, October 8 - 11, 2013). Dr. Nishant Shah was a part of the selection committee for the conference and chaired a session on Network Art on October 9: http://bit.ly/17e41aJ.

Blog Entry

A Hitchhikers Guide to the Cyberspace (by Anirudh Sridhar, October 4, 2013): http://bit.ly/1ga8yfH.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at the Internet Institute website: http://bit.ly/1iQT2UB.

Modules

World Intellectual Property Organisation (by Anirudh Sridhar and Snehashish Ghosh, October 31, 2013). WIPO is a specialized agency of the United Nations which deals with issues related to intellectual property rights throughout the world. Find out more at http://bit.ly/17a8WEk.
An Interview on Internet Governance with Professor Milton Mueller and Jeremy Malcolm (by Anirudh Sridhar, October 31, 2013). Professor Milton Mueller from the Syracuse University School of Information and Jeremy Malcolm, an Information Technology and Intellectual Property Lawyer, spoke about current issues and debates surrounding internet governance: http://bit.ly/17ix3Ro.

About CIS
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Twitter: https://twitter.com/CISA2K

Facebook group: https://www.facebook.com/cisa2k

Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge

E-mail: a2k@cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/october-2013-bulletin

Civil society and Internet Governance: practices from Southeast Asia and beyond

praskrishna — 2013-11-19T09:29:44Z

On 21 October, the day before the opening of the 2013 Internet Governance Forum in Indonesia, Hivos’ Southeast Asia Regional Office co-organised a pre-event workshop with ID-CONFIG, “Civil Society and Internet Governance: Multi-Stakeholder Engagement Practices from Southeast Asia and Beyond,” at the Bali Nusa Dua Convention Centre.

Click to read the original published by Hivos on October 31.

Recognising that the IGF has been a global project for the past eight years, the workshop provided a critical perspective to the forum’s impact on local civil society organisations. In the past, the IGF has been criticised for focusing on policy-level IG debates that lack grassroots, on-the-ground applications. Additionally, it is has been challenged to demonstrate the relevance of IG policies for civil society organisations, which frequently have limited understanding of and involvement in the issue.

By drawing empirical case studies from different regions of Asia, the aim of the workshop was to help civil society organisations find a relevant role in IG and explore how IG frameworks with a focus on the role of civil society can be applied in developing regions to uphold the right of citizens to express themselves through the Internet.

Five speakers discussed the intersections between Internet Freedom and Internet Governance: Arthit Suriyawongkul (Thai Netizen Network, Thailand), Shahzad Ahmad (Bytes 4 All, Pakistan), Donny Budhi Utoyo (ICTWatch, Indonesia), Lobsang Gyatso Sither (Tibet Action Institute), and Pranesh Prakash (Center for Internet and Society, India). Attended by approximately 70 participants, the discussions revolved around the varying feasibility of a multi-stakeholder platform in different political contexts.

The speakers represent civil society organisations in vastly different political environments in South Asia, Southeast Asia and East Asia. They all continuously pointed out how emerging democratic movements are often counterbalanced by political power concentrated in existing state institutions. In such state-centric Internet Governance contexts, civil society organisations are often pitted against official censorship and filtering attempts. While speakers from relatively more democratic countries, namely India and Indonesia, showcased examples of how civil society organisations have engaged the government in Internet policy-making, those from Thailand and Pakistan illustrated the need for a strong litigation capacity for public interests in order to defend citizens from state infringement of their rights. At the other end of the spectrum, Gyatso Sither emphasised the importance of safeguarding Tibetan activists in the homeland and in the diaspora from surveillance by the Chinese state, whose latest strategies have included interceptions, targeted malware, and cyber attacks.

Nonetheless, civil society organisations are uniquely placed to engage both government agencies, as providers of regulatory frameworks, and the private sector, as the primary provider of ICT infrastructure, to demand equitable access to the Internet and maintain the freedom to expression online. Through an ideal multi-stakeholder framework, civil society organisations can empower communities by strategically using ICT to uphold transparency and accountability.

For more details visit https://cis-india.org/news/hivos-october-31-2013-civil-society-and-internet-governance-practices-southeast-asia-and-beyond

Nowhere to hide: Govt making your personal details public

praskrishna — 2013-10-29T06:15:06Z

The worst fears are coming true. Your sensitive private data may be up online turning you into a potential target of frauds. What is all the more dangerous is that you may be not even aware of this.

The article by First Post editors was published on October 28, 2013. Sunil Abraham is quoted.

An investigation by the Business Standard has revealed that various state and central government departments have already started putting up citizen’s personal details such as bank accounts and income on websites. The rationale behind the move is bringing about transparency.

The report also provides details of two persons, which the reporters could access online – a 25-year-old from Haryana and another farmer from Uttar Pradesh.

In the first instance, the paper got the details from the state government website which has published all the details as the youth is a beneficiary of the NREGS.

The Haryana government made public the details of the NREGS beneficiaries in its bid to bring about transparency. In Rural Development Minister Jairam Ramesh’s words, the aim is to make available all these data for public scrutiny.

In the second instance, the paper has obtained the occupation and yearly income, ration card number, full address, age, father’s/husband’s name, category and poverty status of the farmer. These details are available online as the state government is computerising the public distribution system.

If you thought, not everybody’s data will be made public this way, you are wrong, because before long the details of all the beneficiaries of direct benefit transfer will also be published online.

Though the Information Technology Act does not permit publishing sensitive personal financial details online, there is an exception if such information is come under Right to Information Act.

At the face of it transparency is a lame excuse to publish such data. How can the government provide all the details, including the bank account details of its citizen, at a time when cyber crime has increased many-fold.

And nobody knows the gravity of the situation better than the government. Minister of State for Communications & IT Milind Deora recently told Lok Sabha that this year until June as many as 78 government websites were hacked.

Citing Indian Computer Response Team (CERT-In) data he said in 2011 as many as 308 government sites were hacked and in 2012 the figure was 371.

The number of security breach incidents in 2011 stood at 13,301 and in 2012 at 22,060. The corresponding figure for this year until June has already hit 16,035, he said. Security breach included incidents related to spam, malware infection and system break-in.

In such an environment, the governments’ transparency drive comes at the cost of personal security.

The problem with making public details such as date of birth and names of family members is that it helps the hackers crack passwords. Most of the people have such details as their passwords and pins, the BS report says.

Sunil Abraham of Centre for Internet and Society rightly says in the BS report, “If people start publishing information like these and the government doesn’t regulate it through a data protection law, criminal minds can harvest and combine all databases accurately.”

For more details visit https://cis-india.org/news/first-post-october-28-2013-nowhere-to-hide

Your private data may be online, courtesy govt

praskrishna — 2013-10-29T05:50:59Z

Some depts have posted bank account & income details on net for transparency; experts cry privacy breach.

The article by Somesh Jha and Surabhi Agarwal was published in the Business Standard on October 29, 2013. Sunil Abraham is quoted.

To push the government's agenda of greater transparency and accountability, several states and central departments might be, unwittingly, following a bare-it-all approach in posting citizen data online. And, even sensitive and personal information, such as bank account numbers and income status, is not being spared. A Business Standard investigation reveals, with so much citizen data already in the public domain and more getting added every day, the government could be jeopardising the privacy of its 1.2 billion citizens, who stand exposed to a variety of risks, including those of 360-degree profiling and financial frauds.

For instance, the Centre's National Rural Employment Guarantee Scheme puts out full bank account numbers of its beneficiaries, along with details like the amount they received. So, one can easily know the bank in which most residents of, say, Punjab's Machhiwara district have their accounts. Also, their account numbers are complete, with photographs. In the case of Haryana's 25-year-old Ram (surname withheld), the photograph is not available but one can get his financial details on the portal, along with the first eight digits of his Aadhaar number (the last four have been muted).

Sample this: The occupation and yearly income of one Amrita of Uttar Pradesh are just a matter of a few clicks and so are her ration card number, full address, age, father's/husband's name, category and poverty status. A farmer from Amethi district, she doesn't have a gas or an electricity connection, but Lucknow-based Manu, who earns Rs 4 lakh a year, does have. Amrita's yearly income is Rs 1.2 lakh a year. These details are all there on their respective ration cards, out in the open on the government website of Uttar Pradesh, a state that might have gone overboard in revealing citizen data under the ongoing computerisation of the public distribution system.

"If people start publishing information like these and the government doesn't regulate it through a data protection law, criminal minds can harvest and combine all databases accurately," says Sunil Abraham, executive director of Centre for Internet and Society, a Bangalore based think-tank. People often create passwords and pins based on dates and numbers very important to them. "A little bit of intelligence and some amount of social engineering could lead to guesses... and financial fraud." Even by sifting through just three databases, it is quite easy to get a random person's details like voter identity card number, address, name, age, date of birth, ration card number, information on family members, along with income status and photograph.

One can argue the electoral roll is a public document and there is nothing wrong with a person's voter identity card number, full address, name, age, father's name and even date of birth being easily searcheable online. But a few states like Uttarakhand have even published photographs, an element barred from online posting under the law. Experts argue a massive digitisation exercise is underway in the country and, with the lack of standards and clear advisories from the Centre, the situation could worsen in the future.

A Cabinet minister, who did not wish to be named, said there was a continuous tug-of-war between the imperative of privacy, which doesn't allow you to share information; and transparency, which says you should share it. "Also, the Right to Information Act says if somebody is receiving government subsidy, it is public information." However, the Indian laws might not be consistent on this issue as "under Section 43a of the Information Technology Act, any kind of financial information is classified as 'sensitive personal information' and can't be put online," says an official of the communications and information technology ministry who has closely worked on drafting of the IT Act.

But, the IT Act provides an exception for matters covered under the RTI Act. This could infer that when the recently-approved Food Security Act comes into being, the income status of two-thirds of the population (that the Act covers) could be posted online. Also, the law would permit bank account numbers of beneficiaries of various welfare schemes like cooking gas subsidy under the ongoing direct benefit transfer scheme to be made public, as subsidies are transferred directly to accounts under the project.

A statement from the office of Rural Development Minister Jairam Ramesh explained the National Rural Employment Guarantee Act provided for "making available for public scrutiny" all accounts and records related to the scheme. It added "there appears to be no evident risk of misappropriation or financial fraud". Sudhir Kumar, secretary in the Department of Food and Public Distribution, says the whole system needs to be transparent, especially when huge government subsidy is going out in the case of PDS. However, "if states are putting unnecessary details online, it can be looked into". Deputy Election Commissioner Alok Shukla says, according to an EC order, states are not allowed to put photographs of voters online to ensure their privacy is safeguarded. These will be removed if such cases are found. He adds a standard protocol is also being worked out for states.

For more details visit https://cis-india.org/news/business-standard-october-29-2013-somesh-jha-surabhi-agarwal-your-private-data-may-be-online-courtesy-govt

Saving privacy as we knew it

praskrishna — 2013-10-29T05:01:25Z

Long overdue protection law still on the back-burner; meanwhile, depts put more of one's personal details online.

The article by Surabhi Agarwal and Somesh Jha was published in the Business Standard on October 29, 2013. Sunil Abraham is quoted.

It was in 2010 when the central government decided to institute a legal framework on privacy. This was in the wake of increasing data collection by both government and corporate agencies. Concerns had mounted in the wake of projects such as the National Population Register, Aadhaar and the National Intelligence Grid.

Over three years and hundreds of consultations later, several drafts of the proposed Bill were written and rejected, and at least two committees have given recommendations. However, the law has not seen the light of day. Meanwhile, citizen data digitisation is moving at a pace like never before in the country.

Business Standard had reported on October 28 about how an investigation revealed that several states and central departments might be, unwittingly, following a bare-it-all approach in posting citizen data online in order to push the government's agenda of greater transparency and accountability. While the Centre's National Rural Employment Guarantee Scheme puts out full bank account numbers of its beneficiaries, government website of Uttar Pradesh has put out full details of ration card holders, including annual income along with address and information about members of the family. By putting such sensitive information online, the government could be jeopardising the privacy of its 1.2 billion citizens, who stand exposed to a variety of risks, including those of 360-degree profiling and financial frauds. (INFORMATION DELUGE)

According to government officials, the department of personnel and training has finished compiling the final draft of the privacy legislation, now awaiting approval from the prime minister; the department is under him.

"In the absence of a privacy Bill, the only data protection, pseudo, is through Section 43A of the Information Technology (IT) Act. Unfortunately, that is not a data protection law; it is only a data security provision," said Sunil Abraham, executive director of the Centre for Internet and Society.

Pavan Duggal, a Supreme Court lawyer and cyber security expert, said India needs more security while collecting data and "currently a lot of these websites don't have these security layers". Take for instance, the website of the chief electoral officer of New Delhi. Type a person's first or last name and select the constituency - the website throws up the details of all people with this name, along with all the details such as address and voter identity number. According to officials of the Election Commission, the searchability feature helps in easy access of voter details by people themselves or by interested political parties. "There has been no evidence to prove its use otherwise," an official of the EC told Business Standard.

However, experts said otherwise. Abraham said the electronic version of the electoral roll has a unique identifier, the voter ID number. "And, if there are other databases with the same identifier, a comprehensive profile of a citizen can be created." He added, at the moment, we are saved from 360-degree profiling to some extent, since there is no common identifier.

Once a privacy law comes into being, the government or a private agency will have to adequately inform citizens before collecting data, stating the reasons and only collecting as much information as is necessary for the purpose. It will also have to clearly define the time period for which the data will be stored and the security measures taken to protect it from misuse. The law also lays down the penalties in case of a breach.

Though in a less detailed manner, the current IT Act also addresses some of these issues. It defines anything which reveals financial information, biometric, health and medical records, etc, as sensitive financial information which cannot be put in the public domain.

However, experts said the government is lax in even enforcing the existing laws. To be fair, some states and departments have started being prudent about the data they put online. For instance, the state government of Chhattisgarh, a trend setter in effectively implementing the Public Distribution System, doesn't reveal much in terms of citizen information that can identify a person or can be termed as a breach of privacy. Similarly, Odisha and some northeastern states have put in a layer of security which creates some deterrents while using common keywords to search the electoral roll and create a profile of residents in a particular locality.

However, for now, most departments stuck in the tradeoff between privacy and transparency find solace in pointing fingers at contemporaries who might have also put "more sensitive and dangerous" citizen details online. The blame game doesn't end.

For more details visit https://cis-india.org/news/business-standard-october-29-2013-surabhi-agarwal-somesh-jha-saving-privacy-as-we-knew-it

E-governance hopes rise as India crosses 1 billion transactions

praskrishna — 2013-10-29T04:48:58Z

Government agencies and departments, regarded as bywords for inefficiency and red tape, have recorded over a billion e-governance transactions so far this year, watershed for the world's largest democracy that is betting on technology to cure its ills.

The article by J Srikant was published in the Economic Times on October 29, 2013. Sunil Abraham is quoted.

"It is an important milestone for India's e-governance initiative," said J Satyanarayana, secretary in the department of electronics and information technology. "With better accessibility and more projects getting completed, this number should keep rising."

Among states, Gujarat topped the list with around 389 million transactions while online payment for utility and government services was the most used government service with about 258 million transactions clocked in the year.

India is in the middle of implementing a large-scale e-governance programme which includes a vast information technology network to facilitate speedy delivery of public services. The most important of these are 31 'mission mode' projects being implemented by the central governments and states. Technology researcher Gartner estimates that government will spend Rs 36,800 crore on IT products and services in 2013. The most high-profile e-governance scheme is the unique identity project Aadhaar being implemented by former InfosysBSE -0.04 % CEO Nandan Nilekani. The biometric-linked scheme is targeting to enroll 600 million people by 2014.

A year ago, the country successfully commissioned an e-passport project where digitisation of applications and internal files vastly improved the time taken to issue new passports.

"Reaching a billion transactions with just about 100 million internet users is a commendable achievement and we should celebrate it," said Sunil Abraham, executive director of Centre for Internet and Society. "E-governance is a tough area to work in, not just in India but across the globe. So this performance should make us positive."

With more parts of the country getting connected through the National Optic Fibre Network, industry watchers expect more citizens to be accessing government services over the internet. The project aims to connect 2.5 lakh gram panchayats. The network has been launched in pockets of Rajasthan, Andhra Pradesh and Tripura, with some 80,500 transactions already recorded.

"This number (one billion) is a reflection of the increasing access of internet in the country and the acceptance of technology change happening," said Sanjoy Sen, senior director at Deloitte Touche Tohmatsu India. "E-governance helps in reducing cost and bottlenecks for the user and also brings down the time to get the work done. It is an important factor in today's economy."

Experts said that although it is working well for India, there are still certain steps that government needs to take to maintain the pace of expansion.

"Government should look at financially incentivising setting up of cyber cafes in rural India as these are an important aspect of improving the accessibility," said Abraham.

For more details visit https://cis-india.org/news/economic-times-october-29-2013-j-srikant-e-governance-hopes-rise-as-india-crosses-1-billion-transactions