We are anonymous, we are legion

Encryption and Anonymity: Rights and Risks

praskrishna — 2015-10-27T02:37:45Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. ARTICLE 19 and Privacy International are organizing a workshop on Encryption and Anonymity on November 12, 2015. Pranesh Prakash is a speaker.

This was published on the IGF website.

Encryption and anonymity are two key aspects of the right to privacy and free expression online. From real-name registration in Iran to the UK Prime Minister's calls for Internet backdoors to encrypted communications, however, the protection of encrypted and anonymous speech is increasingly under threat. Recognising these challenges, the UN Special Rapporteur on freedom of expression, David Kaye, presented a report to the Human Rights Council in June 2015 which highlighted the need for greater protection of encryption and anonymity.

Five months on from the Special Rapporteur’s report, the participants in this roundtable will discuss his recommendations and the latest challenges to the protection of anonymity and encryption. For example, how can law enforcement demands be met while ensuring that individuals still enjoy strong encryption and unfettered access to anonymity tools? What steps should governments, civil society, individuals and the private sector take to avoid the legal and technological fragmentation of a tool now vital to expression and communication? How can individuals protect themselves from mass surveillance in the digital age?

At the end of the session, the participants should have identified areas for future advocacy both at the international and domestic levels as well as areas for further research for the protection of anonymity and encryption on the Internet.

Agenda

Moderator welcomes speakers and audience.
Outline of key issues on encryption and anonymity, including summary of the UN Special Rapporteur's report.
Each speaker speaks for 5-7 mins, giving their perspective re the issues.
Questions from participants, including remote participation via Twitter.
Conclusion and steps for further action.

About IGF 2015

Internet Governance Forum (IGF) is a multistakeholder, democratic and transparent forum which facilitates discussions on public policy issues related to key elements of Internet governance. IGF provides enabling platform for discussions among all stakeholders in the Internet governance ecosystem, including all entities accredited by the World Summit on the Information Society (WSIS), as well as other institutions and individuals with proven expertise and experience in all matters related to Internet governance.

After consulting the wider Internet community and discussing the overarching theme of the 2015 IGF meeting, the Multistakeholder Advisory Group decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development”. This theme will be supported by eight sub-themes that will frame the discussions at the João Pessoa meeting.

For more details visit https://cis-india.org/internet-governance/news/encryption-and-anonymity-rights-and-risks

Enabling Multi-stakeholder Cooperation - Towards a Transnational Framework for Due Process

praskrishna — 2015-10-14T02:53:07Z

Internet & Jurisdiction Project organized a multi-stakeholder meeting of the global multi-stakeholder dialogue process in 2015 on October 8-9 in Berlin, Germany. Sunil Abraham participated in this meeting.

Since 2012, the Internet & Jurisdiction Project has facilitated a global multi-stakeholder dialogue process to address the tension between the cross-border nature of the Internet and geographically defined national jurisdictions. It provides a neutral platform for states, business, civil society and international organizations to discuss the elaboration of a transnational due process framework to handle the digital coexistence of diverse national laws in shared cross-border online spaces. This pioneering multi-stakeholder cooperation effort seeks to develop a “policy standard” for transnational requests for domain seizures, content takedowns and access to subscriber information.

2015 is an important moment that determines the future of the multi-stakeholder model in global Internet Governance. The Internet & Jurisdiction Project hopes it can provide an opportunity to demonstrate that multi-stakeholder cooperation can produce operational solutions to concrete policy challenges that no stakeholder group can solve on its own.

The meeting will gather key actors from states, Internet companies, technical operators, civil society, academia and international organizations.

This was published on the website of Internet & Jurisdiction Project

For more details visit https://cis-india.org/internet-governance/news/enabling-multi-stakeholder-cooperation-towards-a-transnational-framework-for-due-process

En Inde, le biométrique version très grand public

praskrishna — 2017-05-03T16:27:23Z

Initiée en 2010, l’Aadhaar est désormais la plus grande base de données d’empreintes et d’iris au monde. Carte d’identité destinée aux 1,25 milliard d’Indiens, elle sert aussi de moyen de paiement. Mais la sécurité du système et son utilisation à des fins de surveillance posent question.

The article was published by Liberation on April 27, 2017. Sunil Abraham was quoted.

Le front barré d’un signe religieux hindou rouge, Vivek Kumar se tient droit derrière le comptoir de son étroite papeterie située dans une allée obscure d’un quartier populaire du sud-est de New Delhi. Sous le regard bienveillant d’une idole de Ganesh - le dieu qui efface les obstacles -, le commerçant à la fine moustache et à la chemise bleu-gris au col Nehru réalise des photocopies, fournit des tampons ou des stylos à des dizaines de chalands.

Gaurav, un vendeur de légumes de la halle d’à côté, entre acheter du crédit de communication mobile. Au moment de payer, il sort son portefeuille, mais pas pour chercher de la monnaie. Il y prend sa carte d’identité Aadhaar et fournit ses douze chiffres au commerçant. Qui les entre dans un smartphone, sélectionne la banque de Gaurav et indique le montant de l’achat. Le client n’a plus qu’à poser son pouce sur un lecteur biométrique relié au combiné, connecté à Internet. Une lumière rouge s’allume et un son retentit : la transaction est bien passée.

Depuis mars, 32 banques indiennes fournissent ce service novateur de paiement par empreinte digitale. Appelé Aadhaar Pay, il utilise les informations biométriques, à savoir les dix empreintes digitales et celle de l’iris, recueillies par le gouvernement depuis septembre 2010 pour créer la première carte d’identité du pays. Toute personne résidant en Inde depuis plus de six mois, y compris les étrangers, peut s’inscrire et l’obtenir gratuitement.

«Renverser le système»

L’Aadhaar («la fondation» en hindi) représente aujourd’hui la plus grande base de données biométriques au monde, avec 1,13 milliard de personnes enregistrées sur 1,25 milliard, soit 99 % de la population adulte indienne.

L’objectif initial était double : identifier la population - 10% des Indiens n’avaient jusqu’ici aucun papier, et donc aucun droit - et se servir de ces moyens biométriques pour sécuriser l’attribution de nombreuses subventions alimentaires ou énergétiques, dont le détournement coûte plusieurs milliards d’euros chaque année à l’Etat fédéral.

A partir de 2014, la nouvelle majorité nationaliste hindoue du BJP a étendu les usages de l’Aadhaar pour transformer cet outil de reconnaissance en un vrai «passe-partout» de la vie quotidienne indienne : depuis l’ouverture d’une ligne téléphonique à la déclaration de ses impôts, en passant surtout par la création d’un compte en banque, le numéro Aadhaar sera à présent requis. Dans ce dernier cas, l’Aadhaar permet en prime d’utiliser le paiement bancaire par biométrie pour réduire le recours au liquide, qui représente encore plus de 90 % des transactions dans le pays.

Le Premier ministre, Narendra Modi, a fait de cette inclusion financière l’un de ses principaux chevaux de bataille : en 2014, son gouvernement a lancé un énorme programme qui a permis la création de 213 millions de comptes bancaires en deux ans - aujourd’hui, quasiment tous les foyers en possèdent au moins un. Il a continué dans cette voie énergique en démonétisant, en novembre, les principales coupures. But de la manœuvre : convaincre les Indiens de se défaire, au moins temporairement, de leur dépendance aux billets marqués de la tête de Gandhi.

«Le liquide est gratuit, donc il est difficile de pousser les gens à utiliser d’autres moyens de paiement, explique Ragavan Venkatesan, responsable des paiements numériques à la banque IDFC, pionnière dans l’utilisation de l’Aadhaar Pay. Nous avons donc renversé le système pour que le commerçant soit incité à utiliser les moyens numériques.» L’établissement financier a d’abord développé le «microdistributeur de billets» : une tablette que le vendeur peut utiliser pour créer des comptes, recevoir des petits dépôts ou fournir du liquide aux clients au nom de la banque, contre une commission. Comme l’Aadhaar Pay, cette tablette se connecte au lecteur biométrique - fourni par l’entreprise française Safran - pour l’identification et l’authentification. Dans les deux cas, et à la différence des paiements par carte, ni le marchand ni le client ne paient pour l’utilisation de ce réseau. «Le mode traditionnel de paiement par carte va progressivement disparaître», prédit Ragavan Venkatesan.

Défi

Pour l’instant, le système n’en est toutefois qu’à ses débuts. Environ 70 banques - une minorité du réseau indien - sont reliées à l’Aadhaar Pay, et lors de nos visites dans différents magasins de New Delhi, une transaction a été bloquée pendant dix minutes à cause d’un problème de serveur. La connectivité est d’ailleurs un défi dans un pays dont la population est en majorité rurale : le système nécessite au minimum le réseau 2G, dont sont dépourvus environ 8 % des villages, selon le ministère des Télécommunications.

Mais c’est la protection du système qui est surtout en question : «La biométrie réduit fortement le niveau de sécurité, car c’est facile de voler ces données et de les utiliser sans votre accord, explique Sunil Abraham, directeur du Centre pour l’Internet et la société de Bangalore. Il existe maintenant des appareils photo de haute résolution qui permettent de capturer et de répliquer les empreintes ou l’iris», affirme ce spécialiste en cybersécurité.

Le problème tient au caractère irrévocable de ces données biométriques. A la différence d’une carte bancaire qu’on peut annuler et remplacer, on ne peut changer d’empreinte ou d’iris. L’Autorité indienne d’identification unique (UIDAI), qui gère l’Aadhaar, prévoit bien que l’on puisse bloquer l’utilisation de ses propres données biométriques sur demande, ce qui offre une solution de sécurisation temporaire. «Si un fraudeur essaie de les utiliser, on peut le repérer [grâce au réseau internet, ndlr] et l’arrêter», défend Ragavan Venkatesan, de la banque IDFC.

Mais cela risque de ne pas suffire en cas de recel de ces informations : la police vient d’interpeller un groupe de trafiquants qui étaient en possession des données bancaires de 10 millions d’Indiens, récupérées à travers des employés et sous-traitants, données qu’ils revendaient par paquets. Une femme âgée s’était déjà fait dérober 146 000 roupies (un peu plus de 2 000 euros) à cause de cette fraude.

Outil idéal

Le directeur de l’UIDAI assure qu’aucune fuite ni vol de données n’ont été rapportés à ce jour depuis leurs serveurs - ce qui ne garantit pas que cette confidentialité sera respectée par tous les autres acteurs qui y ont accès. En février, un chercheur en cybersécurité a alerté la police sur le fait que 500 000 numéros Aadhaar ainsi que les détails personnels de leurs propriétaires - exclusivement des mineurs - avaient été publiés en ligne. La loi sur l’Aadhaar punit de trois ans de prison le vol ou le recel de ces données. Ce texte adopté l’année dernière - soit six ans après le début de la collecte - empêche également leur utilisation à d’autres fins que l’authentification pour l’attribution de subventions et de services. Et l’UIDAI ne peut y accéder pleinement qu’en cas de risque pour la sécurité nationale, et selon une procédure spéciale.

Reste qu’il n’existe pas d’autorité, comme la Cnil en France, chargée de veiller de manière indépendante à ce que ces lignes rouges ne soient pas franchies par un Etat à la recherche de nouveaux moyens de renseignement. Car les experts s’accordent sur ce point : le biométrique est un outil idéal pour surveiller une population.

En 2010, le gouvernement britannique avait d’ailleurs mis fin à son projet de carte d’identité biométrique, estimant que le taux d’erreurs dans l’authentification était trop élevé et le risque d’atteinte aux libertés trop important. Les Indiens, souvent subjugués par les nouvelles technologies pour résoudre leurs problèmes sociaux, ne semblent pas prêts de revenir en arrière. Surtout si cela peut en plus servir à mieux ficher un pays menacé par un terrorisme régional et local.

For more details visit https://cis-india.org/internet-governance/news/en-inde-le-biometrique-version-tres-grand-public

Empowering the next billion by improving accessibility

praskrishna — 2015-11-07T14:04:57Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. On Friday, November 13, 2015, Dynamic Coalition on Accessibility and Disability and Global Initiative for Inclusive ICTs (G3ICT) is organizing this workshop. Sunil Abraham is a panelist. Pranesh Prakash will be taking part in the discussions.

While considerable attention is given to the availability of the communication infrastructure to expand usage of the Internet, little attention has been given to the accessibility barriers which prevent over one billion potential users to benefit from the Internet, including for essential services. Those barriers affect persons living with a variety of sensorial or physical disabilities as well as illiterate individuals who may benefit from the same solutions designed for persons with disabilities.

This session will examine the technological and programmatic solutions available today for an effective removal of such barriers, potentially bringing a considerable number of new users to the Internet. Examples in Education, Emergency services, Assistive Technologies for work and independent living in a variety of economic and geographic environments will be covered. The session will also provide a detailed benchmark and statistical overview of the progress made by countries around the world in implementing those solutions. A general discussion with government, industry and persons with disabilities representatives will ensue.

Read more on the IGF website here. List of attendees here.

For more details visit https://cis-india.org/internet-governance/news/empowering-the-next-billion-by-improving-accessibility

Empires: Individuals in Search of Society

praskrishna — 2012-05-24T08:35:46Z

In their 2000 bestseller Empire, Michael Hardt and Toni Negri announced a new international condition no longer built on the imperialist model of the superpowers of old but on the new condition of globalization. This new and emerging networked world held with it the opportunity for politics to bring forward a 21st century of interconnectedness, openness and a shared sense of planetary responsibility.

This article by Marc Lafia was published in Huffington Post on May 18, 2012

What we've discovered since is that the new empire still plays by the games of the old empires: of nation states, of divisiveness, of scarcity, of might, control and fear, even while we have never had such enormous abundance and innovation.

It is this paradox that Empires -- our documentary film and online project, currently raising funds through Kickstarter -- sets out to unravel. The title works on multiple levels. It says that the nationalist empires are back. It also suggests that the empires of law, money, science, speed, nation states, and food are, in fact, complex networks that are inter-related and interdependent.

It is said that you know there is a network when you're excluded from it.

To be included is to have a voice, to participate, to have agency. These things drive the histories of political and philosophical thought. They are not abstract concepts but the very real struggles of networked relations, of powers, peoples, flows of energies and technologies.

How these networks work and how they interact is what Empires sets out to explicate.

We've sat down with an extraordinary group of historians, scientists, network technologists, sociologists, political organizers and artists to construct a conversation that describes the forces that shape our contemporary world. The list includes Manuel Delanda, Saskia Sassen, Florian Cramer, Natalie Jeremijenko, Kazys Varnelis, Geert Lovink, Alex Galloway, Michael Hardt, Anthony Pagden, Cathy Davidson, Greg Lindsay, Nishant Shah, James Delbourgo, Jon Protevi, Wendy Hui Kyong Chun, and soon Paul D. Miller and Douglas Rushkoff.

What we've heard is that our managerial and government elites are dysfunctional and that the new order of things is every man for himself, that things find their own order, from the ground up. Our desires are expressed in our purchasing power. Money is how we vote and the market will continually adjust to accommodate the desires we express. We can all be winners using the network effects to scale up to success, a success each of us has agency to produce. There are no larger structures to trump agency. If you can make it you will make it.

In this ethos of the elevation of our uniqueness to the exclusion of our commonalities, we have become blind to any possible collective power. We now, in the West, are a society of individuals in search of society.

With reluctance today to accept such universalisms as global citizenship, rights to a living wage, to mobility, to social ownership of information channels and planetary resources, we are left with a notion that society, like nature, will be chaotic and disruptive, and that through this new 'natural law' of volatility, of self organization, a new politics will emerge and find its shape.

For more details visit https://cis-india.org/news/individuals-in-search-of-society

Emotional Contagion: Theorising the Role of Affect in COVID-19 Information Disorder

Yesha Tshering Paul and Amrita Sengupta — 2025-04-14T18:51:27Z

In this paper, we investigate the underexplored emotional drivers of information disorder, with a particular focus on how it manifested in COVID-19 misinformation in India. While "fake news" has received considerable attention for its impact on elections, marginalized communities, and public health, mainstream information disorder research does not sufficiently prioritise the underlying psychological factors that influence information trust.

By incorporating theoretical frameworks from psychology, sociology, and communication studies, we reveal the complex foundations of both the creation and consumption of misinformation. From this research, fear emerged as the predominant emotional driver in both the creation and consumption of misinformation, demonstrating how negative affective responses frequently override rational analysis during crises. Our findings suggest that effective interventions must address these affective dimensions through tailored digital literacy programs, diversified information sources on online platforms, and expanded multimodal misinformation research opportunities in India.

Click to download the research paper

For more details visit https://cis-india.org/internet-governance/blog/emotional-contagion-theorising-role-of-affect-in-covid-19-information-disorder

Emotional Contagion: Theorising the Role of Affect in COVID-19 Information Disorder

Yesha Tshering Paul and Amrita Sengupta — 2025-04-14T05:23:21Z

Click to download the research paper

For more details visit https://cis-india.org/internet-governance/emotional-contagion-theorising-role-of-affect-in-covid-19-information-disorder

Emerging Technologies: Issues & Way Forward

Admin — 2018-05-26T00:39:11Z

Aayush Rathi and Gurshabad Grover attended a two day conference on 'Emerging Technologies: Issues & Way Forward' organised by the Technology Policy team at the National Institute of Public Finance and Policy (NIPFP), held on 23rd and 24th May in Bangalore.

The themes for discussion included:

Privacy, surveillance and data protection
Regulation of emerging technologies
Building sound regulators for technology policy, and
Fintech regulation

Click here to read the agenda

For more details visit https://cis-india.org/internet-governance/news/emerging-technologies-issues-way-forward

Emerging Issues in the Internet of Things

Admin — 2017-10-03T01:53:25Z

Andrew Rens will give a talk about research that he is doing at the Internet Governance Lab on October 23, 2017 at the Centre for Internet & Society in Bengaluru.

It seems almost anything can be connected to the Internet: 3D printers, cars, traffic lights and even toasters. This proliferation of Internet enabled devices, the Internet of Things (IoT), raises a cloud of complex problems, of ownership and control, privacy and surveillance, ubiquity and network fragility. IoT doesn't just promise efficiency; cheap sensors and printers might put scientific research and customized manufacturing in the hands of millions more people. The governance of the IoT, exhibits the same super complexity as Internet governance generally; with multiple sites of governance and actors operating across legal borders. Legal regulation, standards and the architecture of technology determine how the IoT is configured and how it will be reconfigured in response to these problems. Where is the technology governance of the IoT currently taking shape? What forces will likely bear on the governance of the IoT? What role will permissionless innovation play, and what its limits? How will intellectual property laws complicate the IoT?"

The event, overall, is expected to be a thought provoking one for discussion on things related to IoT.

For more details visit https://cis-india.org/internet-governance/events/emerging-issues-in-the-internet-of-things

Emerging AI technology in health care in India, health equity and justice: Critical reflections and charting out way forward

Admin — 2019-07-21T15:47:27Z

On July 13, 2019, Radhika Radhakrishnan, participated in a roundtable discussion on "Emerging AI technology in health care in India, health equity and justice: Critical reflections and charting out way forward." The event was organized by HEaL (Health, Ethics, and Law Institute of Training, Research and Advocacy) of FMES (Forum for Medical Ethics Society) in collaboration with CPS (Centre for Policy Studies), Indian Institute of Technology-Bombay.

Radhika chaired a session on the ethics of AI in healthcare in India, and my main submissions included: the medicalization of and experimentation on women's bodies under a medical-industrial complex for the design of AI-based healthcare models, and FAT (Fairness, Accountability, Transparency) concerns with AI. She was also invited to draft some of this content into a paper submission to the Indian Journal of Medical Ethics which is a peer-reviewed and indexed academic journal run by FMES.

For more details visit https://cis-india.org/internet-governance/news/emerging-ai-technology-in-health-care-in-india-health-equity-and-justice-critical-reflections-and-charting-out-way-forward

Emergence of Chinese Technology:Rising stakes for innovation, competition and governance

Admin — 2019-08-19T14:03:21Z

Omidyar Network in partnership with the Esya Centre organized a private discussion on the theme “Emergence of Chinese technology - rising stakes for innovation, competition and governance” on Monday, 12 August 2019 in New Delhi. Arindrajit Basu attended the event.

China Ascendant: Soft Power report by ON focuses on three prongs of power-digital power, fore power and sharp power. Standards have been a major avenue for proliferation of Chinese competition.This is combined with knowledge transfer as 2.8 million Chinese students in the US have largely returned to tech companies in China. Core strength is still not in basic research so by 2020, aiming for 15 per cent of PhD.s to be in basic research. China uses nudges in shaping global governance outcomes by targeting the right stakeholders as opposed to altering the ground rules entirely, Universities in China have focused on how cultural connections can be linked upto negotiating prowess at multilateral fora.

China takes a whole of government approach to technology innovation. Continues to be consumer focused.
China does not look at India as a R+D partner,more as a market.Stability and unpredictability has been an issue.None of India's tech policies were drafted with China in mind.

For more details visit https://cis-india.org/internet-governance/news/emergence-of-chinese-technology-rising-stakes-for-innovation-competition-and-governance

Elite Capture of Governance in Bangalore

praskrishna — 2016-01-12T16:28:20Z

Vanya Rakesh participated in the event held in Bangalore on December 16, 2015.

This was a public consultation on the TENDER Sure Road project, discussing elite capture of Governance in Bangalore by way of this project. The panel comprised of experts to lead the consultation, followed by views of the society members on this issue. The panel discussion was organised by the Forum for Urban Governance and Commons. For more info click here.

For more details visit https://cis-india.org/internet-governance/news/elite-capture-of-governance-in-bangalore

Elements of a Decentralized Web

Admin — 2017-11-23T14:16:26Z

Gene Kogan will deliver a talk on the elements of a decentralized web at the Centre for Internet (CIS) office in Bengaluru on December 11, 5.30 p.m. to 7.30 p.m.

The internet is broken. Straying far from the original vision of democratizing access to knowledge, large tech companies now resemble the industrial barons of the 19th century, presiding over what many scholars regard as a public utility but nevertheless unregulated. As machine learning has entered the picture, the usual suspects like Facebook, Reddit, and Quora, have begun training sophisticated algorithms on personal data to route traffic in order to maximize attention, leading to a web which is more atomized, addictive, and anxiety-inducing.

In response to this, some have begun writing about, conceptualizing, and implementing the open-source protocols of what they consider the future web 3.0. Cryptocurrency enthusiasts have expanded their focus to more generalized blockchains which enable trust in decentralized platforms, while initiatives like IPDB and IPFS ambitiously promise to make hosting, storage, database querying, and even computation itself possible inside of peer-to-peer networks. But all is not well in this techno-utopia -- as the speculative bubble around this "internet of money" grows, so too does interest from the very institutions these new initiatives seek to overcome. The landscape is beginning to look like Silicon Valley of the 1990s and the threat of a crash looms. It's up to us to determine which way this one will play out.

Gene Kogan

Gene Kogan is an artist and a programmer who is interested in generative systems, computer science, and software for creativity and self-expression. He is a collaborator within numerous open-source software projects, and gives workshops and lectures on topics at the intersection of code and art. Gene initiated ml4a, a free book about machine learning for artists, activists, and citizen scientists, and regularly publishes video lectures, writings, and tutorials to facilitate a greater public understanding of the subject.

Links:

genekogan.com

twitter.com/genekogan

For more details visit https://cis-india.org/internet-governance/events/elements-of-a-decentralized-web-talk-by-gene-kogan

Electronication: Ragas and the Future

praskrishna — 2011-04-04T07:18:29Z

What more is better than listening to music and later on getting into a discursive conversation with its composers to better understand the transformative power of high-energy music. CIS is pleased to invite you to an evening conference followed by a concert by Charanjit Singh, Samrat B. and Imaad Shah playing improvised versions of Charanjit Singh's “Ten Ragas to a Disco Beat”.

About the Music

In 1982, seasoned Bollywood composer and arranger Charanjit Singh visited Singapore and got his hands on the now holy trinity of a Roland 303, 808, and Jupiter 8 - the core of acid house and the gear that forged the genesis of electronic dance music as we know it today.

Later that year, EMI India releases an album limited to a few thousand copies: "Synthesizing: Ten Ragas to A Disco Beat". It presents Charanjit's effort at using what was then an entirely new technology to bridge the gap between programmed beats, synth lines, and classical Indian music motifs.

It essentially sinks without a trace.

In 2008, Dutch label Bollywood Connection re-released this LP to an unsuspecting and wholly ignorant public, convinced that these beats were established in the clubs of Chicago and Detroit in 1986, except they never were.

Since the re-release, this album has been raising eyebrows worldwide.

About the Musicians

Charanjit Singh is a seasoned Bollywood composer and arranger who lives in Bombay. We recently met him, and we are now working with him to bring his work back into the twenty-first century and into the public eye, where it belongs. On March 6, he will give a performance from this landmark album for the first time in nearly 30 years.

Samrat B. performs under the name Teddy Boy Kill along with another musician. Streaming from continuous transmutation of music & audio-emotive desires, the sound of Teddy Boy Kill stems out of Psychedelic, Dub, Electro, Rock & Funk. The music is an attempt to revive the dance & groove mentality.

Imaad Shah is a musician, writer, and actor based in Mumbai. An avid enthusiast of music and pop history, he has dug deep into the Bollywood sound culture and is part of Pulp Society, a funk jazz act from Mumbai.

For more details visit https://cis-india.org/events/electronication

Electoral Databases – Privacy and Security Concerns

snehashish — 2014-01-16T11:07:21Z

In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.

The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.[i] After due consideration, the ECI has decided to drop the plan.[ii]

The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.

Publication of Electoral Rolls
The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.

The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document[iii] given that the roll is published and can be circulated on the direction of the ECI.

With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.[iv] In addition to that, the electoral rolls for the entire country are available on the ECI website.[v] However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.[vi]

Security Concerns
The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.

In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “With Great Computing Power Comes Great Surveillance”[vii] Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain

For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.

Current IT Laws does not mandate the protection of the electoral database
A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”[viii] However, the appropriate Government has not notified the electoral database as a protected system[ix]. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.

The Information Technology Rules (IT Rules) are also not applicable to electoral databases, per se. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (hereinafter Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”[x] and should arguably be made subject to the Rules.

The intent of the ECI for hosting the entire country’s electoral database online inter alia is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”[xi] However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.

The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.

Conclusion
Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.

It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.

[i] Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss

[ii] Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at http://eci.nic.in/eci_main1/current/PN09012014.pdf

[iii] Section 74, Indian Evidence Act, 1872

[iv] eci.nic.in/eci_main1/the_function.aspx

[v] http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx

[vi] “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at eci.nic.in/eci_main/eroll&epic/ins06012010.pdf

[vii] http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/

[viii] Section 70, Information Technology Act, 2000

[ix] Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure

[x] Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

[xi] Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at http://eci.nic.in/eci_main1/current/PN09012014.pdf

For more details visit https://cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns