We are anonymous, we are legion

India Subject to NSA Dragnet Surveillance! No Longer a Hypothesis — It is Now Officially Confirmed

maria — 2013-11-06T10:20:46Z

As of last week, it is officially confirmed that the metadata of everyone´s communications is under the NSA´s microscope. In fact, the leaked data shows that India is one of the countries which is under NSA surveillance the most!

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC. This blog was cross-posted in Medianama on 24th June 2013.

¨Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”, the democratic senator, Ron Wyden, asked James Clapper, the director of national intelligence a few months ago. “No sir”, replied Clapper.

True, the National Security Agency (NSA) does not collect data on millions of Americans. Instead, it collects data on billions of Americans, Indians, Egyptians, Iranians, Pakistanis and others all around the world.

Leaked NSA surveillance

Verizon Court Order

Recently, the Guardian released a top secret order of the secret Foreign Intelligence Surveillance Court (FISA) requiring Verizon on an “ongoing, daily basis” to hand over information to the NSA on all telephone calls in its systems, both within the US and between the US and other countries. Verizon is one of America's largest telecoms providers and under a top secret court order issued on 25 April 2013, the communications records of millions of US citizens are being collected indiscriminately and in bulk supposedly until 19 July 2013. In other words, data collection has nothing to do with whether an individual has been involved in a criminal or terrorist activity or not. Literally everyone is potentially subject to the same type of surveillance.

USA Today reported in 2006 that the NSA had been secretly collecting the phone call records of millions of Americans from various telecom providers. However, the April 25 top secret order is proof that the Obama administration is continuing the data mining programme begun by the Bush administration in the aftermath of the 09/11 terrorist attacks. While content data may not be collected, this dragnet surveillance includes metadata such as the numbers of both parties on a call, location data, call duration, unique identifiers, the International Mobile Subscriber Identity (IMSI) number and the time and duration of all calls.

Content data may not be collected, but metadata can also be adequate to discover an individual's network of associations and communications patterns. Privacy and human rights concerns rise from the fact that the collection of metadata can result in a highly invasive form of surveillance of citizens´ communications and lives. Metadata records can enable the US government to know the identity of every person with whom an individual communicates electronically, as well as the time, duration and location of the communication. In other words, metadata is aggregate data and it is enough to spy on citizens and to potentially violate their right to privacy and other human rights.

PRISM

Recently, a secret NSA surveillance programme, code-named PRISM, was leaked by The Washington Post. Apparently, not only is the NSA gaining access to the meta data of all phone calls through the Verizon court order, but it is also tapping directly into the servers of nine leading Internet companies: Microsoft, Skype, Google, Facebook, YouTube, Yahoo, PalTalk, AOL and Apple. However, following these allegations, Google, Microsoft and Facebook recently asked the U.S. government to allow them to disclose the security requests they receive for handing over user data. It remains unclear to what extent the U.S. government is tapping into these servers.

Yet it appears that the PRISM online surveillance programme enables the NSA to extract personal material, such as audio and video chats, photographs, emails and documents. The Guardian reported that PRISM appears to allow GCHQ, Britain's equivalent of the NSA, to secretly gather intelligence from the same internet companies. Following allegations that GCHQ tried to circumvent UK law by using the PRISM computer network in the US, the British foreign secretary, William Hague, stated that it is “fanciful nonsense” to suggest that GCHQ would work with an agency in another country to circumvent the law. Most notably, William Hague emphasized that reports that GCHQ are gathering intelligence from photos and online sites should not concern people who have nothing to hide! However, this implies that everyone is guilty until proven innocent...when actually, democracy mandates the opposite.

James R. Clapper, the US Director of National Intelligence, stated:

“Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”

So essentially, Clapper stated that in the name of US national security, the personal data of billions of citizens around the world is being collected. By having access to data stored in the servers of some of the biggest Internet companies in the world, the NSA ultimately has access to the private data of almost all the Internet users in the world.

Boundless Informant

And once the NSA has access to tons of data through the Verizon court order and the PRISM surveillance programme, how does it create patterns of intelligence and generally mine huge volumes of data?

The Guardian released top secret documents about the NSA data mining tool, called Boundless Informant; this tool is used to detail and map by country the volumes of information collected from telephone and computer networks. The focus of the Boundless Informant is to count and categorise the records of communication, known as metadata, and to record and analyse where its intelligence comes from. One of the leaked documents states that the tool is designed to give NSA officials answers to questions like: “What type of coverage do we have on country X”. According to the Boundless Informant documents, the NSA has been collecting 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013. During the same month, 97 billion pieces of intelligence from computer networks were collected worldwide.

The following “global heat map” reveals how much data is being collected by the NSA from around the world:

The colour scheme of the above map ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance). India is notably orange and is thus subject to some of the highest levels of surveillance by the NSA in the world.

During a mere 30-day period, the largest amount of intelligence was gathered from Iran with more than 14 billion reports, while Pakistan, Jordan and Egypt were next in line in terms of intelligence gathering. Unfortunately, India ranks 5th worldwide in terms of intelligence gathering by the NSA. According to the map above, 6.3 billion pieces of intelligence were collected from India by the NSA from February to March 2013. In other words, India is currently one of the top countries worldwide which is under the US microscope, with 15% of all information being tapped by the NSA coming from India during February-March 2013.

Edward Snowden is the 29-year-old man behind the NSA leaks...who is responsible for one of the most important leaks in US (and one may argue, global) history.

So what does this all mean for India?

In his keynote speech at the 29th Chaos Communications Congress, Jacob Appelbaum stated that surveillance should be an issue which concerns “everyone´s department”, especially in light of the NSA spying on citizens all over the world. True, the U.S. appears to have a history in spying on civilians, and the Corona, Argon, and Lanyard satellites used by the U.S. for photographic surveillance from the late 1950s is proof of that. But how does all this affect India?

By tapping into the servers of some of the biggest Internet companies in the world, such as Google, Facebook and Microsoft, the NSA does not only gain access to the data of American users, but also to that of Indian users. In fact, the “global heat map” of the controversial Boundless Informant data mining tool clearly shows that India ranked 5th worldwide in terms of intelligence gathering, which means that not only is the NSA spying on Indians, but that it is also spying on India more than most countries in the world. Why is that a problem?

India has no privacy law. India lacks privacy legislation which could safeguard citizens from potential abuse by different types of surveillance. But the worst part is that, even if India did have privacy laws, that would still not prevent the NSA from tapping into Indians´ data through the servers of Internet companies, such as Google. Moreover, the fact that India lacks a Privacy Commissioner means that the country lacks an expert authority who could address data breaches.

Recent reports that the NSA is tapping into these servers ultimately means that the U.S. government has access to the data of Indian internet users. However, it remains unclear how the U.S. government is handling Indian data, which other third parties may have access to it, how long it is being retained for, whether it is being shared with other third parties or to what extent U.S. intelligence agencies can predict the behaviour of Indian internet users through pattern matching and data mining.

Many questions remain vague, but one thing is clear: through the NSA´s total surveillance programme, the U.S. government can potentially control the data of billions of internet users around the world, and with this control arises the possibility of oppression. It´s not just about the U.S. government having access to Indians´ data, because access can lead to control and according to security expert, Bruce Schneier:

“Our data reflects our lives...and those who control our data, control our lives”.

How are Indians supposed to control their data, and thus their lives, when it is being stored in foreign servers and the U.S. has the “right” to tap into that data? The NSA leaks mark a significant point in our history, not only because they are resulting in corporations seeking data request transparency, but also because they are unveiling a major global issue: surveillance is a fact and can no longer can be denied. The massive, indiscriminate collection of Indians´ data, without their prior knowledge or consent, and without the provision of guarantees in regards to how such data is being handled, poses major threats to their right to privacy and other human rights. The potential for abuse is real, especially since the larger the database, the larger the probability for error. Mining more data does not necessarily increase security; on the contrary, it increases the potential for abuse, especially since technology is not infallible and data trails are not always accurate.

What does this mean? Well, probably the best case scenario is that an individual is targeted. The worst case scenario is that an individual is imprisoned (or maybe even murdered - remember the drones?) because his or her data “says” that he or she is guilty. Is that the type of world we want to live in?

What can we do now?

Let´s start from the basics. India needs privacy legislation. India needs privacy legislation now. India needs privacy legislation now, more than ever.

Privacy legislation would regulate the collection, access to, sharing of, retention and disclosure of all personal data within India. Such legislation could also regulate surveillance and the interception of communications, in compliance with the right to privacy and other human rights. A Privacy Commissioner would also be established through privacy legislation, and this expert authority would be responsible for overseeing the enforcement of the Privacy Act and addressing data breaches. But clearly, privacy legislation is not enough. The various privacy laws of European countries have not prevented the NSA from tapping into the servers of some of the biggest Internet companies in the world and from gaining access to the data of millions of citizens around the world. Yet, privacy legislation in India should be a basic prerequisite to ensure that data is not breached within India and by those who may potentially gain access to Indian national databases.

As a next- but immediate- step, the Indian government should demand answers from the NSA to the following questions:

What type of data is collected from India and which parties have access to it?
How long is such data retained for? Can the retention period be renewed and if so, for how long?
Is data collected on Indian internet users shared with third parties? If so, which third parties can gain access to this data and under what conditions? Is a judicial warrant required?

In addition to the above questions, the Indian government should also request all other information relating to Indians´ data collected through the PRISM programme, as well as proceed with a dialogue on the matter. Governments are obliged to protect their citizens from the abuse of their human rights, especially in cases when such abuse may occur from foreign agencies. Thus, the Indian government should ensure that the future secret collection of Indians´ data is prevented and that Internet companies are transparent and accountable in regards to who has access to their servers.

On an individual level, Indians can protect their data by using encryption, such as GPG encryption for their emails and OTR encryption for instant messaging. Tor is free software and an open network which enables online anonymity by bouncing communications around a distributed network of relays run by volunteers all around the world. Tor is originally short for “The Onion Router” and “onion routing” refers to the layers of encryption used. In particular, data is encrypted and re-encrypted multiple times and is sent to randomly selected Tor relays. Each relay decrypts a “layer” of encryption to reveal it only to the next relay in the circuit and the final relay decrypts the last “layer” of encryption. Essentially, Tor reduces the possibility of original data being understood in transit and conceals the routing of it.

To avoid surveillance, the use of HTTPS-Everywhere in the Tor Browser is recommended, as well as the use of combinations of additional software, such as TorBirdy and Enigmail, OTR and Diaspora. Tor hidden services are communication endpoints that are resistant to both metadata analysis and surveillance, which is why they are highly recommended in light of the NSA´s surveillance. An XMPP client that ships with an XMPP server and a Tor hidden service is a good example of how to avoid surveillance.

Protecting our data is more important now than ever. Why? Because global, indiscriminate, mass data collection is no longer a hypothesis: it´s a fact. And why is it vital to protect our data? Because if we don´t, we are ultimately sleepwalking into our control and oppression where basic human rights, such as freedom, would be a myth of the past.

The principles formulated by the Electronic Frontier Foundation and Privacy International on communication surveillance should be taken into consideration by governments and law enforcement agencies around the world. In short, these principles are:

Legality: Limitations to the right to privacy must be prescribed by law
Legitimate purpose: Access to communications or communications metadata should be restricted to authorised public authorities for investigative purposes and in pursuit of a legitimate purpose
Necessity: Access to communications or communications metadata by authorised public authorities should be restricted to strictly and demonstrably necessary cases
Adequacy: Public authorities should be restricted from adopting or implementing measures that allow access to communications or communications metadata that is not appropriate for fulfillment of the legitimate purpose
Competent authority: Authorities must be competent when making determinations relating to communications or communications metadata
Proportionality: Public authorities should only order the preservation and access to specifically identified, targeted communications or communications metadata on a case-by-case basis, under a specified legal basis
Due process: Governments must respect and guarantee an individual's human rights, that may interference with such rights must be authorised in law, and that the lawful procedure that governs how the government can interfere with those rights is properly enumerated and available to the public
User notification: Service providers should notify a user that a public authority has requested his or her communications or communications metadata with enough time and information about the request so that a user may challenge the request
Transparency about use of government surveillance: The access capabilities of public authorities and the process for access should be prescribed by law and should be transparent to the public
Oversight: An independent oversight mechanism should be established to ensure transparency of lawful access requests
Integrity of communications and systems: Service providers are responsible for the secure transmission and retention of communications data or communications metadata
Safeguards for international cooperation: Mutual legal assistance processes between countries and how they are used should be clearly documented and open to the public
Safeguards against illegitimate access: Governments should ensure that authorities and organisations who initiate, or are complicit in, unnecessary, disproportionate or extra-legal interception or access are subject to sufficient and significant dissuasive penalties, including protection and rewards for whistleblowers, and that individuals affected by such activities are able to access avenues for redress
Cost of surveillance: The financial cost of providing access to user data should be borne by the public authority undertaking the investigation

Applying these above principles is a prerequisite, but may not be enough. Now is the time to resist unlawful and non-transparent surveillance. Now is the time for everyone to fight for their right to be free.

Is a world without freedom worth living in?

For more details visit https://cis-india.org/internet-governance/blog/india-subject-to-nsa-dragnet-surveillance

Govt mulls advisory on privacy issues related to Google, Facebook

praskrishna — 2013-07-02T14:31:48Z

The Government is set to harden its stand against foreign Internet firms in asking them to comply with Indian laws.

The article by Thomas K Thomas was published in the Hindu Business Line on June 10, 2013. Sunil Abraham is quoted.

According to a top Government source, an advisory may be issued in the interest of general public to make them aware of the privacy issued while using services offered by foreign Internet companies such as Google and Facebook.

This follows an international media expose on how US agencies were getting access to user data from Internet companies such as Google and Facebook.

Final Strategy Soon

Top official in the Ministry of Telecom and IT told Business Line that the National Security Advisor, under the Prime Minister’s Officer, is discussing the issue and will outline the final strategy on Wednesday.

The key concern is that the US security agencies may have collected data from key Indian accounts using services from any of the Internet companies. A number of Government officials also use email service from Google and MS Outlook, which may have been accessed by the US agencies.

The other major concern is that Indian security agencies have also been seeking access to data from these foreign companies but so far they have not obliged on grounds that they do not come under the purview of Indian laws.

“If the US Government can get access to data from these companies, why can’t the Indian Government be given access,” posed a top functionary of the telecom ministry.

While Google and other companies have denied knowledge to how the US agencies got access to their networks, industry experts said that it’s time India starts taking concrete steps to address the issue.

B.K. Syngal, Former Chairman, Videsh Sanchar Nigam Ltd, said, “If we believed that our privacy is sacred then we would have taken effective domestic measures, years ago, to ensure that the information of our citizens remains private. To now say that multiple US companies have betrayed our trust is meaningless.”

Double Standards

Syngal said that there are double standards in the way organisations and Government is handling the issue. “As a start, lets stop giving too much time and space to the so called “Foreign Funded NGOs” teaching us on privacy. Our problem is that we are not China. We are so ill equipped that the third party interests aided and abetted by these NGOs would prevail,” said Syngal.

According to Sunil Abraham, Executive Director, Centre for Internet and Society, companies such as Google and Facebook are foes when it comes to privacy issues and friends when it comes to freedom of speech. “An Indian consumer using any of these foreign websites has no privacy rights whatsoever. The Indian Government also cannot force these companies to follow Indian laws,” said Abraham.

For more details visit https://cis-india.org/news/hindu-businessline-thomas-k-thomas-june-10-2013-govt-mulls-advisory-on-privacy-issues-related-to-google-facebook

Facebook, Google deny spying access

praskrishna — 2013-07-02T10:18:48Z

The CEOs of Facebook and Google on Saturday categorically denied that the US National Security Agency had "direct access" to their company servers for snooping on Gmail and Facebook users. But both acknowledged that the companies complied with the 'lawful' requests made by the US government and shared user data with sleuths.

The article by Javed Anwer was published in the Times of India on June 9, 2013. Pranesh Prakash is quoted.

In a post titled "What the ...?" Google's official blog, CEO Larry Page wrote, "We have not joined any program that would give the US governmentâ€”or any other governmentâ€”direct access to our servers. We had not heard of a program called PRISM until yesterday."

A few hours later, Facebook CEO Mark Zuckerberg responded. "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers... We hadn't even heard of PRISM before yesterday," he wrote on his page at the social media site.

According to a few PowerPoint slides allegedly leaked by an NSA official, nine technology companies - Google, AOL, Apple, Yahoo, Microsoft, Skype, Facebook, YouTube and PalTalk - are providing the US government easy access to user data. While all companies have denied being part anything called PRISM, Facebook and Google have been most vocal about it.

A few hours after Facebook and Google statements, the New York Times said in a report that technology companies had "opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users".

"In some cases, they (companies) changed their computer systems to do so," noted the NYT report.

The statements by the CEOs have done little to allay privacy fears. "The denials from the companies look highly coordinated, including similar phrases in all their responses. I don't think they are lying outright, though the NYT report suggests that they are telling a half-truth. They may not provide the US government 'direct access' to all their servers, but may be providing indirect access, or may just be responding to very broad FISA orders," said Pranesh Prakash, a policy director with Centre for Internet and Society in India.

On Friday US president Barack Obama had tacitly acknowledged NSA surveillance programmes aimed at non-US citizens. "You can't have a hundred per cent security and also then have a hundred per cent privacy and zero inconvenience. You know, we're going to have to make some choices as a society," he told reporters in the US.

Page and Zuckerberg also called on the governments to be more open about surveillance programmes. "The level of secrecy around the current legal procedures undermines the freedoms we all cherish," wrote Page.

Added Zuckerberg, "We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It's the only way to protect everyone's civil liberties and create the safe and free society we all want over the long term."

For more details visit https://cis-india.org/news/times-of-india-javed-anwer-june-9-2013-facebook-google-deny-spying-access

Internet firms deny existence of PRISM

praskrishna — 2013-07-02T07:47:27Z

Nothing is private anymore. According to a leak in the US, which revealed the wide reach of a mass surveillance programme by intelligence agencies, messages, posts, chats on your computer or phone are all vulnerable to interception, thanks to direct access to servers of major tech companies.

The article by Javed Anwer and Ishan Srivastava was published in the Times of India on June 8, 2013. Sunil Abraham and Pranesh Prakash are quoted.

The existence of the programme, called Prism, was first reported by the Washington Post and the Guardian newspaper after they received a tip-off from a whistleblower in National Security Agency in the US. The whistleblower claimed that NSA has direct access to all the data that flows through the servers of Google, Facebook, Microsoft, Apple, Sykpe, Youtube, AOL and Paltalk.

Later, the NSA reportedly acknowledged the existence of the programme but said that it collected data only from foreign nationals. While it may come as a relief to the US citizens, it underscores the fact that people not residing in the US, including Indians, are fair game. What is even more alarming is the fact that US authorities are using the technology companies headquartered in the country to spy on the rest of the world.

All companies named in the leaks have denied the existence of Prism. A Yahoo spokesperson said on Friday, ""Yahoo! takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network."

Privacy International, a privacy watchdog organisation, said it is possible that companies would not be aware of the government tapping into their servers. "Until we know whether this information was obtained through filters, interception, or some another method, it is difficult to know how the breadth of access the NSA has."

However, Indian users would seem to have no way to defend themselves if the US government wants to access their data. Pavan Duggal, a specialist in cyber law, said, "Indian users don't have any protection against the US authorities seeking their data from the US companies."

Technology companies said they comply with local laws while dealing with issues related to personal data of a user. In response to queries from TOI, both Google and Facebook said that they used "mutual legal assistance treaty" to handle international requests for data.

Mutual legal assistance treaty is understood to have governed by actual treaties that two nations may have between them for sharing of user data. A Facebook official said that if a US agency wanted to access the data belonging to an Indian citizen, the sleuths would have to follow the diplomatic channels and get the data only when Indian authorities have approved it.

Google too talked "mutual legal assistance treaty" but it didn't clarify how it worked. Google officials pointed out the company guidelines which noted that any non-US government agency would have to use mutual legal assistance treaty to access user data. But the company public guidelines don't make any mention of the procedure followed in the cases where a US agency requests data on non-US users.

Microsoft directed TOI to its official statement denying the existence of Prism. It refused to discuss how it handled the requests from US authorities seeking data of foreigners.

Pranesh Prakash, a policy director with Centre for Internet and Society (CIS), said that it was high time the Indian government stood up for its citizens.

"Indian government needs to come with a strong and clear law to protect the privacy of Indian users. The law has to make it clear to companies operating in India that they need to respect the privacy of Indian users, even when they are dealing with the governments outside India," he said.

However, providing direct access to servers to an agency like NSA may not necessarily be a breach of agreement between the users of websites like Google and Facebook and its owners. Sunil Abraham, executive director at CIS said, "I have not studied end-user agreements carefully, but usually they have provisions for communication interception and data access in accordance with legal procedure."

"But more importantly, this is a violation of US data access and interception law. The US government has been going around the world preaching Internet freedom to authoritarian regimes. And now it turns out that their practices are worse that many of the regimes they have been criticizing. That is why it is a complete scandal," Abraham said.

Besides, the surveillance may run contrary to a whole range of international legal instruments. For example, the ICCPR, ratified by the USA, says that "no one shall be subject to arbitrary or unlawful interference with his private life, family, home or correspondence," said Joe McNamee, executive director of European Digital Rights, a privacy watchdog based in Europe.

For more details visit https://cis-india.org/news/times-of-india-javed-anwer-ishan-srivastava-june-8-2013-internet-firms-deny-existence-of-prism

Indian Government Quietly Brings In Its 'Central Monitoring System': Total Surveillance Of All Telecommunications

praskrishna — 2013-07-02T09:12:49Z

There's a worrying trend around the world for governments to extend online surveillance capabilities to encompass all citizens -- often justified with the usual excuse of combatting terrorism and/or child pornography.

The blog post was published in tech dirt on June 8, 2013. Pranesh Prakash is quoted.

The latest to join this unhappy club is India, which has put in place what sounds like a massively intrusive system, as this article from The Times of India makes clear:

The government last month quietly began rolling out a project that gives it access to everything that happens over India's telecommunications network -- online activities, phone calls, text messages and even social media conversations. Called the Central Monitoring System, it will be the single window from where government arms such as the National Investigation Agency or the tax authorities will be able to monitor every byte of communication.

This project has been under development for two years, but in almost total secrecy:

"In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome," warned Pranesh Prakash, director of policy at the Centre for Internet and Society. "Further, this has been done with neither public nor parliamentary dialogue, making the government unaccountable to its citizens."

That combination of total surveillance and zero transparency is a dangerous one, providing the perfect tool for monitoring and controlling political and social dissent. If India wishes to maintain its claim to be "the world's largest democracy", its government would do well to introduce some safeguards against abuse of the new system, such as strong privacy laws, as well as engaging the Indian public in an open debate about what exactly such extraordinary surveillance powers might be used for.

For more details visit https://cis-india.org/news/tech-dirt-june-8-2013-indian-govt-quietly-brings-central-monitoring-system

Governance in the Age of the Internet and Free Trade Agreements

praskrishna — 2013-07-03T05:04:39Z

Sunil Abraham was a speaker at this event organized by Thai Netizen Network on June 8, 2013 at Queen Sirikit National Convention Center. The Ministry of Information and Communication and the National Science and Technology Development Agency were co-hosts for the event.

Click to read the details of the event published on Internet Society website

In the age of accelerated international trade and the promotion of free flowing cross-border data transactions, countries and regions are working towards forming a commonly agreed modus operandi and protocols. These protocols seek to facilitate the growth of e-trade, ensure a secure data flow(economic transactions) and protection of its data in the network. In the recent, there has been strong attention by consumers and businesses with the growing scope and content of these agreements addressing Intellectual Property (IP). Emerging trend studies show that there is a growing practices to incorporate mutually exclusive arrangements without involving other stakeholders which happens in closed door negotiations i.e. government to government.

For instance, the European’s Anti-Counterfeiting Trade Agreement (ACTA) proposal and the U.S. Trans-Pacific Partnership Agreement (TPP).

The bigger concern raised by other stakeholders has been the secrecy of these arrangements and the insufficient protection of consumers and citizens rights in its consideration. So far, the lack of legitimacy and proportionality of legal policy measures has created unintended consequences and collateral damages in far reaching manners whether socially, economically or technologically. Citing practices of filtering technology, deep packet inspection, and Internet cut-off, are introduced by internet service providers to meet legal requirements. Activities in question may vary from country to country, some focus on violations of intellectual property, some on the control of political voices.

Notably, list of concerns have been raised explicitly by UN Special Rapporteur to adhere to the promotion and protection of the right to freedom of opinion and expression were recommended.

This workshop is aim to create discussion on the related topics among stakeholders both in Thailand and in the region of the direct and indirect implications of various developments.

Target: Regulators, consumer rights, human rights activities, Lawyers

Expected Outcomes

Understanding the dynamics of free trade agreements (i.e. APEC, TPP, and ACTA) and its implications on Internet regulations, national sovereignty, and civil rights from various perspectives. (Big picture)
Basic understanding of how various policy and technology related measures or solutions (i.e. digital rights management technology and deep-packet inspection) are used to address Intellectual Property (IP) and how it directly impacts freedom of expression and individual privacy.
Looking Ahead: The developments and upcoming legislations/regulation challenges in both Thailand and the region i.e. new draft of Computer-related Crime Act, new draft of Copyright Act, and the Personal Data Protection Bill.

Panelists

Sunil Abraham, Executive Director, Centre for Internet and Society, Bangalore
Konstantinos Komaitis, Policy Advisor, Internet Society, Geneva
Nakorn Serirak, Policy Advisor, Thai Netizen Network, Bangkok
Sawatree Suksri, Lecturer, Faculty of Law, Thammasat University, Bangkok
Lokman Tsui, Policy Advisor, Google Asia Pacific, Hong Kong

Moderator

Mike Hayes, Chair, International MA Program in Human Rights, Mahidol University

Click the PDFs below to download the full details and the presentation:

For more details visit https://cis-india.org/news/inet-bangkok-june-8-2013-governance-in-the-age-of-internet-and-fta

Computer Related Offences

pranesh — 2013-06-07T10:47:36Z

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation
For the purposes of this section,

the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.

For more details visit https://cis-india.org/internet-governance/resources/section-66-it-act.txt

Section 43 of the Information Technology Act

pranesh — 2013-06-07T10:37:04Z

Given below is the text of section 43 of the IT Act:

43. Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource —

accesses or secures access to such computer, computer system or computer network;
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

Explanation.
For the purposes of this section:

"computer contaminant" means any set of computer instructions that are designed —
- to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
- by any means to usurp the normal operation of the computer, computer system, or computer network;
"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
"computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, daia or instruction is executed or some other event takes place in that computer resource;
"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

For more details visit https://cis-india.org/internet-governance/resources/section-43-it-act.txt

‘Hacking’ sparks row over exam evaluation

praskrishna — 2013-07-02T08:58:17Z

Over the past two days, Cornell University student Debarghya Das’ blog post on ‘Hacking the Indian Education System’ has kicked off a debate across the country over the security of data published online and the practice of moderation of marks obtained by school students in board examinations.

The article by Vasudha Venugopal and Karthik Subramanian was published in the Hindu on June 7, 2013. Pranesh Prakash is quoted.

The 20-year-old Cornell student extracted large amounts of class X and XII student results from a website that hosted the ICSE results using an automated program. Over 1,760 schools are affiliated to the ICSE and more than 1.2 lakh students took the board exams. Based on interpretation of the data sets, he raised allegations of large-scale “tampering” of marks by the authorities, ostensibly to maintain a healthy graph on the results.

Information Security experts said what the student did could not be viewed as a major security breach as much as it was exploiting a loophole. “Anyone with basic programming skills will be able to pull it off,” said Pranesh Prakash, policy director at the Bangalore-based Center for Internet and Society. “There are add-ons available on popular internet browers that allow users to read the embedded codes on a website and run programs to mine data.”

Government websites are most susceptible to loopholes because too many people use them, says Nitesh Betala, Chennai coordinator of Null, a community of programmers that meets regularly to explore these loopholes in public domain websites. “We inform the system administrators directly hoping that they would plug loopholes before others exploit them.”

Debarghya too explained on his blog (deedy.quora.com) on Thursday that what he did was not illegal. “I did not illegally access any database system. All I did was access information that was available to any person who entered a number into the website could access. I simply mined the data.”

The ICSE council, on its part, said it does not publish the examination results in an online manner on its website. Instead, hard copies of results are despatched to schools. But the results are disseminated to third parties such as media organisations.

Krupakar Manukonda, who runs a blog on education for the not-for-profit organisation Takshashila, said: “The online results of all the boards have serious privacy problems. I think the respective boards should issue a passcode along with a hall ticket or entering Date of Birth, First name and Last name should be made mandatory to access marks.”

Das deduced after much data crunching and statistical analysis that the “marks had been tampered with”. His claim is supported by graphs purporting to show that nearly 33 scores, such as 91, 92, 86 and so on, were never awarded to any student.

However, teachers deny the allegation. “The word tampering is wrong. There is moderation that happens across education boards,” explained a teacher, who has worked with ICSE schools in Hyderabad and Chennai. “After the first round of corrections, raw data is given to officials and head examiners who analyse how students have performed. They try to ensure the bell curve of the results does not look awkward. If it does, the implication is that the checking has been either too liberal or very strict.”

After the first moderation, there is a final moderation which is often done by a different set of teachers. “There are some instructions given to us earlier, and some changes made later, depending on analysis by the board,” said a teacher. Teachers are not told about moderation methods in both CBSE and ICSE boards.

The ICSE council says that it does follow the practice of moderation. “In keeping with the practice followed by examination conducting bodies, a process of standardisation is applied to the results, so as to take into account the variations in difficulty level of questions over the years (which may occur despite applying various norms and yardsticks), as well as the marginal variations in evaluation of answer scripts by hundreds of examiners (inter-examiner variability), for each subject.”

Some teachers are however puzzled by the findings. “It is understandable that there are many 35s because a student on the verge of passing, is often pushed to the mark. But I don’t understand why there are no 85, 87, 89, 91 and 93. And, with cut throat competition for every single mark in colleges, teachers are very careful, especially with top scoring papers,” said another senior teacher.

For more details visit https://cis-india.org/news/the-hindu-june-7-2013-vasudha-venugopal-karthik-subramanian-hacking-sparks-row-over-exam-evaluation

Indian student in Cornell University hacks into ICSE, ISC database

praskrishna — 2013-07-02T07:39:45Z

A 20-year-old Indian student from Cornell University hacked into the database of ICSE (Class X) and ISC (Class XII) school exam results, exposed glaring anomalies in the marking system and went on to merrily write about his exploits in an online post.

The article by Kim Arora was published in the Times of India on June 6, 2013. Pranesh Prakash is quoted.

Kolkata-born Debarghya Das, majoring in computer science, says that all he had to do was run a simple program that entered all roll numbers after defining a range to get access to all the results. "It is shocking they haven't implemented a more secure system," Das told TOI on phone from New York.

After the result's data was crunched, analysed and plotted in graphs, Das discovered an interesting incongruity in the marking system: there are 33 different scores unattained between the passing mark of 35 and the maximum of 100 by the nearly 1,50,000 who appeared for the ICSE (Class X) exam. According to Das' findings, not a single student got the following marks: 36, 37, 39, 41, 43, 45, 47, 49, 51, 53, 55, 56, 57, 59, 61, 63, 65, 67, 68, 70, 71, 73, 75, 77, 79, 81, 82, 84, 85, 87, 89, 91, 93. Similarly, in the case of ISC (Class XII exam) a set of 24 marks between 40 and 100 were found to be unattained.

When contacted, chairperson of the CI SCE (Council for the Indian School Certificate Examinations) Gerry Arathoon, refused to comment on both data security and the unattained marks. "I can't say anything until I have had a look at things myself," he said.

Das says that the missing marks indicate that perhaps they were tampered with. He offers mathematical and statistical arguments to defend his position in his online post. He says that the ISC anomaly appears to be a case of awarding "grace marks" and writes -- "Everything from 35 onwards, and most things from 23 onward seem blindly promoted to a pass mark."

	Pranesh Prakash, policy director at the Center for Internet and Society, says one needn't even be a techie to execute such a hack. "You don't need real technical skills to do this. You just need to figure out the ranges and feed them in. It is an interesting revelation that the website does nothing to obfuscate the javascript for security, but one can still retrieve data without that information. Once you have the data, it requires two minutes of programming to get it in a spreadsheet," says Prakash. In his post, titled "Hacking into the Indian Education System", Das wrote that he was doing this to "demonstrate how few measures our education board takes to hide such sensitive information".

Pranesh Prakash, policy director at the Center for Internet and Society, says one needn't even be a techie to execute such a hack. "You don't need real technical skills to do this. You just need to figure out the ranges and feed them in. It is an interesting revelation that the website does nothing to obfuscate the javascript for security, but one can still retrieve data without that information. Once you have the data, it requires two minutes of programming to get it in a spreadsheet," says Prakash. In his post, titled "Hacking into the Indian Education System", Das wrote that he was doing this to "demonstrate how few measures our education board takes to hide such sensitive information".

The student also told the TOI that it wasn't possible to change any values in marks and upload fudged data again, and that he made any significant progress in this direction only about 3-4 days after the results were announced. His online post says he also has the data for CBSE class XII. Though he hasn't yet made it public, he does admit it was harder to crack than CISCE, though not altogether difficult.

Schooled in Kolkata, Das is curren tly interning at Google, working on YouTube's captioning system. He is also working on a tongue-controlled game and has earlier been active in game and applet design. The idea to hack the results came to him fo llowing a desire to help two close friends who had recently taken the exams.

Das, nicknamed Deedy, told ToI that he worked on the ICSE and ISC results off and on for a week, but it essentially took about 4-5 hours to get all the data."It took me more time to write the blog post," says Das, referring to his 19-page post with all the graphs, data and explanations that is currently online.

For Das, there was only one other takeaway from the whole exercise. "Regardless of any tampering, it would be nice to see a transparent exam scheme. SAT (Scholastic Assessment Test) publishes everything related to the exam results every year. It is inconceivable that a national level exam board doesn't do that," he says.

For more details visit https://cis-india.org/news/the-times-of-india-kim-arora-june-6-2013-indian-student-in-cornell-university-hacks-icse-isc-databas

The Geopolitics of Information Controls: A Presentation by Masashi Crete-Nishihata

praskrishna — 2013-06-26T09:56:01Z

Masashi Crete-Nishihata will give a talk on Citizen Lab's activities and present its approach to the study of information controls through recent research and case studies. The talk will be held on June 19, 2013 at TERI Auditorium in Bangalore, 5 p.m. to 7.30 p.m.

The Citizen Lab

The Citizen Lab is an interdisciplinary research group based at the University of Toronto. It explores the intersection of
information technology, global security, and human rights through technical, policy, and legal research.

A central focus of Citizen Lab's research analyzes the prevalence, operation, and impact of information controls. Information controls can be conceptualized as actions conducted in and through the Internet and other information and communication technologies. Such controls seek to deny (as with Internet filtering), disrupt (as in denial-of-service
attacks), or monitor (such as passive or targeted surveillance) information for political ends.

Masashi Crete-Nishihata

Masashi is the research manager of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He has published work on information controls during the 2008 Russia-Georgia conflict, cyber security research ethics, cyber attacks against Burmese media groups, and the psychosocial impacts of lifelogging technologies. His research interests include technology policy, information controls, and human computer interaction.

Relevant Links

http://citizenlab.org

http://citizenlab.org/publications/

https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/

Please RSVP as seats are limited.
RSVP: Purba Sarkar (purba@cis-india.org)

Video

For more details visit https://cis-india.org/internet-governance/events/geo-politics-of-information-controls

May 2013 Bulletin

praskrishna — 2013-08-13T11:51:46Z

The Centre for Internet & Society (CIS) welcomes you to the fifth issue of its newsletter for 2013. We bring you an overview of our research, report of events held by us and announcement of upcoming ones, events we participated in, and recent media coverage.

Celebrating 5 Years of CIS
CIS is now 5 years old and we just celebrated this by holding an open exhibition in our offices in Bangalore and Delhi from May 20 to 23, showcasing our work and accomplishments over the period. We had about 170 visitors from the general public coming in to our office. Renowned artists like Tara Kelton, Kiran Subbaiah, Navin Thomas, Abhishek Hazra and Sharath Chandra Ram exhibited their work. The four day event attracted press coverage: Bangalore Mirror (May 18, 2013), DNA (May 19, 2013), Hindu (May 22, 2013), Prajavani (May 23, 2013), Udayavani (May 25, 2013) and Bangalore Mirror (May 31, 2013). Download all posters that were part of the exhibition here.

Google Policy Fellowship
CIS is inviting applications for the Google Policy Fellowship programme. Google is providing a USD 7,500 stipend to the India fellow who will be selected by July 1, 2013. The Fellowship focus areas include Access to Knowledge, Openness in India, Freedom of Expression, Privacy, and Telecom. Send in your applications for the position by June 15, 2013.

Jobs
CIS invites applications for the posts of Developer (NVDA Screen Reader Project), and Programme Officer (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org.

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another for developing a screen reader and text-to- speech synthesizer for Indian languages. CIS is also working with the World Blind Union and other similar organisations to develop a Treaty for the Visually Impaired helped by the WIPO:

National Resource Kit for Persons with Disabilities
Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapters on Sikkim and Odisha:

The Sikkim Chapter (by Manojna Yeluri, May 30, 2013).
The Odisha Chapter (by Anandhi Viswanathan, May 31, 2013).

Note: All of these are early drafts and will be reviewed and updated.

Banking Accessibility

Survey on Banking Accessibility (by Vrinda Maheshwari, May 30, 2013). G3ict is a survey on accessibility of financial services in banks for persons with disabilities around the world. The survey is available here.

Event Organised

Global Accessibility Awareness Day (May 9, 2013, TERI, Southern Regional Centre, Domlur, Bangalore).

Access to Knowledge and Openness

The Wikimedia Foundation awarded CIS a two year grant of INR 26,000,000 to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Access to Knowledge (Wikipedia)
Beginning from September 1, 2012, Wikimedia Foundation awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of three members based in Bangalore: T. Vishnu Vardhan, Dr. U.B. Pavanaja and Subhashish Panigrahi and one team member Nitika Tandon who is working from Delhi office. Noopur Raval, Programme Officer has left the organisation. April 24, 2013 was her last working day.

Announcements

Access to Knowledge Work Plan (April 2013 - June 2014): CIS has announced its detailed plan detailed plan with projection of outcomes and expected impact of the A2K programme activities. The document has been made in consultation with various stakeholders and keeping in mind the objectives, opportunities and challenges faced by each of the Indian language Wikimedia projects. Feel free to share any feedback.
WMF-A2K Revised Budget (draft) and Utilization (Sept 2012 - Feb 2013): In our effort to increase transparency with the working of CIS-A2K programme, we are sharing with you the A2K Programme Budget along with the Utilization for the period Sept. 2012 to February 2013. The proposed revisions to the budget along with some notes are here.
WMF-A2K Grant Budget and Utilization (Sept 2012 – February 2013): CIS has given an open disclosure of the Access to Knowledge budget to Wikimedia India and the global community.
CIS Signs MOU with TISS, Mumbai: has signed a MoU with TISS as part of which we will collaboratively work towards building Digital Knowledge Partnerships with select higher education institutions.
India Access to Knowledge IRC can be accessed here: May 13, 2013 (All Language Discussion) and May 26, 2013 (Odia Language Discussion).

Blog Entries

Odia Wikipedia: Needs Assessment (by Subhashish Panigrahi, May 11, 2013).
Access to Knowledge Work Plan: Synopsis of Feedback by Wikipedians (by Nitika Tandon, May 20, 2013).
Wikipedia Introductory Session organized for Data and India portal consultants (by Subhashish Panigrahi, May 30, 2013).

Event Organised

Kannada Wikipedia Workshop (April 29, 2013, Govinda Pai Research Centre, MGM College Udupi). Dr. U.B. Pavanaja led the workshop and gave a talk on Kannada Wikipedia

Event Participated In

Kannada IRC Meet (organised by the Wikipedia Community, May 7, 2013). Dr. U.B. Pavanaja participated in this.

Upcoming Event

Digital Humanities for Indian Higher Education (co-organised in collaboration with HEIRA-CSCS, Tumkur University, CILHE-TISS and CCS (IISc), Indian Institute of Science, Bangalore, July 13, 2013).

Press Coverage

CIS Celebrates 5 Years: A Report in Prajavani (Prajavani, May 23, 2013). Prajavani published a report of Dr. U.B. Pavanja’s talk “From Palm Leaf to Tablet – Journey of Kannada”.
CIS Celebrates 5 Years: A Report in Udayavani (Udayavani, May 25, 2013). Udayavani published a report of the evening programme hosted as part of the Centre for Internet and Society's 5 year celebrations in its Bangalore edition.

Access to Knowledge (Previously IP Reforms)
Blog Entry

On the Unfortunate Rise of the Indian SLAPP Suit (by Ujwala Uppaluri, May 27, 2013).

Openness
Research Papers

Use of Open Access Journals by Indian Researchers (by Subbiah Gunasekharan and Prof. Subbiah Arunachalam, May 27, 2013).
Use made of Open Access Journals by Indian Researchers to Publish their Findings (by Madhan Muthu and Prof. Subbiah Arunachalam, May 28, 2013).

Comments

Draft ICAR Open Access Policy (by Nehaa Chaudhari, May 28, 2013). The comments were submitted to the Indian Council for Agricultural Research.

Event Hosted

RHoK Global Event (Centre for Internet and Society, Bangalore, June 1 – 2, 2013). A report of the event would be published soon.

Internet Governance

The Internet Governance programme conducts research around the various social, technical, and political underpinnings of global and national Internet governance, and includes online privacy, freedom of speech, and Internet governance mechanisms and processes. We began two new projects earlier this year. The first one, with Privacy International, London to facilitate research and events around surveillance, and freedom of speech and expression and the second one with Citizen Lab, Munk School of Global Affairs, University of Toronto on mapping of cyber security actors in South Asia and South East Asia:

Cyber Stewards Project
Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project.

Video Interview

An Interview with Christopher Soghoian (May 28, 2013).

Upcoming Event

The Geopolitics of Information Controls: A Presentation by Masashi Crete-Nishihata (TERI, Bangalore, June 19, 2013).

Privacy

Comparative Analysis of DNA Profiling Legislations from Across the World (by Srinivas Atreya, May 23, 2013).

Events Co-organised

3rd Privacy Round Table meeting (co-organised with the Federation of Indian Chambers of Commerce and Industry and the Data Security Council of India, Chennai, May 18, 2013). Maria Xynou participated in this event and gives an overview of the discussions and recommendations.
Consilience – 2013 (co-organised with the Law and Technology Committee of National Law School of India University, Bangalore, May 25, 2013).

Events Participated In

ICT, Law and Innovation: Recent Developments, Challenges and Lessons Learned (organised by Bilgi University, Istanbul, May 2013). Chinmayi Arun was a speaker on the Internet Governance panel at Towards a Global Network of Internet and Society Centres.
India’s Politics of Free Expression (co-sponsored by the Asian Studies Centre, Free Speech Debate, the Oxford India Society and Ideas for India Oxbridge Exchange, May 31, 2013 at Nissan Lecture Theatre, St. Antony’s College, Oxford). Chinmayi Arun was a speaker at the Bapsybanoo Marchioness of Winchester Lectures on 'India's Politics of Free Expression'.

Upcoming Event

Privacy Round Table, Mumbai (Mayfair Banquets, Mumbai, June 15, 2013).

Blog Entry

The Surveillance Industry in India: At Least 76 Companies Aiding Our Watchers! (by Maria Xynou, May 2, 2013).

Media Coverage

Sex on-the-go (by Anand Holla, Mumbai Mirror, May 4, 2013). Pranesh Prakash is quoted.
CIS anniversary (Hindu Business Line, May 5, 2013).
Central Monitoring System to make government privy to phone calls, text messages and social media conversations (by Indu Nandakumar, May 7, 2013). Pranesh Prakash is quoted.
Messaging apps find another foe in India’s market regulator (Quartz, May 8, 2013). Elonnai Hickok is quoted.
India's Rs 400-crore Central Monitoring System to snoop on all communication (Tech 2, May 9, 2013). Pranesh Prakash is quoted.
Is India's government becoming Big Brother? (by Talia Ralph and Jason Overdorf, May 9, 2013). Pranesh Prakash is quoted.
Worldwide Playground (Telegraph, May 15, 2013). Pranesh Prakash is quoted.
NGO invites public to peruse its accounts (by Vandana Kamath, May 18, 2013). Sunil Abraham is quoted.
Online privacy should not come at the cost of security: Sunil Abraham (by Anirban Sen, May 19, 2013). Sunil Abraham is quoted.
A lifetime of five years on the internet (by Subir Ghosh, DNA, May 19, 2013). Sunil Abraham is quoted.
CIS highlights changes ushered in by the Internet (Hindu, May 22, 2013).
Burma to host first Internet freedom forum (by Chan Myae Khine, Asian Correspondent, May 22, 2013).
INET Bangkok to Explore Internet’s Impact on Thailand’s Economy and Society (BusinessWire, May 30, 2013). Sunil Abraham is participating in this conference.
Shooting cyber cafes before they die (by Bangalore Mirror, May 31, 2013). CIS’s film on Cyber Cafes is mentioned in this article.

Knowledge Repository on Internet Access
CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access and will touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation policies related to internet access. The blog posts and modules will be published in a new website: www.internet-institute.in.

Ongoing Event

Institute on Internet and Society (supported by Ford Foundation, Golden Palms Resort, Bangalore, June 8 – 14, 2013). The agenda for the event has been finalised.

The following unit was published recently:

Network Connections and Modes of Access (by Srividya Vaidyanathan, May 30, 2013).

Telecom

CIS is involved in promoting access and accessibility of telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Configuring a 'Non-Toothless' Regulator (TRAI) (by Shyam Ponappa, Business Standard, May 9, 2013 and Organizing India Blogspot, May 10, 2013).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.
Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/may-2013-bulletin

Shooting cyber cafes before they die

praskrishna — 2013-05-31T06:32:38Z

Working for an NGO, Christy Raj cans the history of city internet parlours through the eyes of a transgender.

Vandana Kamath's article was published in the Bangalore Mirror on May 31, 2013. The Centre for Internet and Society's film on Cyber Cafes is mentioned in this article.

At the turn of the century, when dotcoms were booming, cyber cafes were ubiquitous. But just as video killed the radio star, smartphones have been the slow death of cyber cafes. They may soon be history, but before internet parlours are wiped off the face of the city, Christy Raj, 26, a transgender, has ‘captured’ them for posterity.

Raj (female to male transgender) has single-handedly shot a film on cyber cafes, viewed from the eyes of a transgender. The film is part of a project by Video Volunteers,an NGO that promotes community media. Raj is a correspondent for the NGO.

“I wanted to capture what happens in a cyber café, especially from the point of view of a transgender,” Raj said. “I’ve captured why a transgender would go to a cyber café. It could be for various reasons like applying for a job. The film captures the difficulties a transgender faces etc. It’s a short film, but conveys a lot, especially for a viewer who sees it after cyber cafes have gone extinct in the city!”

Raj admits that he had a tough time while shooting the movie. “We (actor and I) went to several cyber cafes to shoot the film,” Raj said. “Since my actor and I are both transgender, many gave us suspicious looks. Most refused to allow us to even enter the place, forget about shooting the film. We had to show our identity cards at several places and finally we got the opportunity to shoot in a cyber cafe.”

The film, a joint venture of Centre for Internet and Society (CIS) and Video Volunteers, was completed in two weeks and the raw footage was sent to Video Volunteers based in Goa. The film was screened at their fifth anniversary celebrations recently. Raj, who has basic knowledge of camera handling, has been with the NGO since 2010 and has shot various short films on subjects like sexual minorities, the recent eviction of people in Ejipura and human rights.

“Being a correspondent with Video Volunteers has given me an opportunity to work on mainstream issues and work with people from the mainstream. Prior to joining Video Volunteers, I was associated with NGOs like Samara and Sangama. We were given training in camera handling. They give us an opportunity to work on several issues based on the community.”

Raj was born and brought up in Bangalore. His parents abandoned him after they learnt of his transsexual tendencies and he had to drop out of school in the ninth standard. He lives with his partner in Sanjay Nagar.When he left his home, Raj decided he had to make a name in the community.“Today,Icanhandleacamera with confidence and conceptualise and make the films on issues pertaining not only to sexual minorities but also on several other issues,” says Raj.

For more details visit https://cis-india.org/news/bangalore-mirror-vandana-kamath-may-31-2013-shooting-cyber-cafes-before-they-die

The Bapsybanoo Marchioness of Winchester Lectures

praskrishna — 2013-06-09T03:35:38Z

Chinmayi Arun was a speaker at the Bapsybanoo Marchioness of Winchester Lectures on 'India's Politics of Free Expression' in the University of Oxford on May 31 2013, in the session on 'media and security'.

The Asian Studies Centre, Free Speech Debate, the Oxford India Society and Ideas for India Oxbridge Exchange were the co-sponsors for this event.

Theme: India's Politics of Free Expression
Date: May 31, 2013
Time: 10.00 a.m. to 6.15 p.m.
Venue: Nissan Lecture Theatre, St. Antony's College, Oxford

More details can be found here.

For more details visit https://cis-india.org/news/sant-ox-ac-uk-may-31-2013-bapsybanoo-marchioness-winchester-lectures

Online privacy should not come at the cost of security: Sunil Abraham

praskrishna — 2014-11-02T02:27:12Z

Sunil Abraham, Centre for Internet and Society’s executive director, on privacy laws and Internet penetration.

Anirban Sen's article was published in LiveMint on May 19, 2013. Sunil Abraham is quoted.

The Centre for Internet and Society (CIS), a research thinktank that primarily focuses on issues of Internet governance, is pushing to revise the provisions of the Information Technology (IT) Act and make a stronger case for privacy laws and free speech in India, an issue that has caused widespread concern after the government tried to restrict access to more than a 100 websites last year with little justification.

“We want to revise the IT Act...that’s the toughest one and that’s not going to happen very soon because the government is treating it like an ego battle now. They no longer listen to the others,” said Sunil Abraham, executive director of CIS.

The IT Act has been at the centre of debate, with some of its provisions such as Section 66A, which criminalizes “causing annoyance or inconvenience” online or electronically, coming under criticism from rights advocates for being too vague and subject to interpretation.

CIS, which will complete five years on Monday and is organizing a four-day event focusing on issues such as cyber security, surveillance in India and privacy, said it also was working towards creating a privacy law for India within the next 3-4 years. India, which is estimated to have Internet penetration of just 10%, is the third-largest Internet market in the world.

“We’re getting closer and closer to that (privacy law),” said Abraham, adding that privacy should not come at the cost of security.

Over the past five years, Bangalore-based CIS has also been part of some government committees such as the Justice AP Shah Committee, which focused on privacy laws in India, and is also currently working on the country’s telecom policy. The non-government organization, which receives grants from international bodies such as the Wikimedia Foundation, has also worked on policies for the government of Iraq and is currently also doing policy work for the government of Burma.

“Five years ago we were making noise from outside the room, we were not inside any policy making space. That has also changed. From an organization that was mostly outside the room, we’re increasingly being trusted by our own government,” said Abraham, who was one of the most vocal critics of the government’s unique identification (UID) project when it was first launched. Abraham had raised concerns over its overtly broad scope and issues over privacy in the project.

For CIS, one of the biggest achievements over the past five years was being part of the policy framework for the government of India’s draft national policy on open standards for e-governance, said Abraham, adding that the organization was working towards increasing Internet penetration in the country, especially in rural areas.

“We’re hoping that every single mobile phone user in the country will become an Internet user. We’re planning for that future,” he said.

The CIS event starting on Monday will include speakers such as legal researcher and advocate Lawrence Liang and Vibodh Parthasarathi, an associate professor at the Centre for Culture, Media and Governance at the Jamia Millia Islamia university. Both Liang and Parthasarathi are members of the board at CIS.

For more details visit https://cis-india.org/news/livemint-anirban-sen-may-19-2013-online-privacy-should-not-come-at-the-cost-of-security