We are anonymous, we are legion

CIS Comments and Recommendations on the Data Protection Bill, 2021

Pallavi Bedi and Shweta Mohandas — 2022-02-14T16:07:44Z

This document is a revised version of the comments we provided on the 2019 Bill on 20 February 2020, with updates based on the amendments in the 2021 Bill.

After nearly two years of deliberations and a few changes in its composition, the Joint Parliamentary Committee (JPC), on 17 December 2021, submitted its report on the Personal Data Protection Bill, 2019 (2019 Bill). The report also contains a new version of the law titled the Data Protection Bill, 2021 (2021 Bill). Although there were no major revisions from the previous version other than the inclusion of all data under the ambit of the bill, some provisions were amended.

This document is a revised version of the comments we provided on the 2019 Bill on 20 February 2020, with updates based on the amendments in the 2021 Bill. Through this document we aim to shed light on the issues that we highlighted in our previous comments that have not yet been addressed, along with additional comments on sections that have become more relevant since the pandemic began. In several instances our previous comments have either not been addressed or only partially been addressed; in such instances, we reiterate them.

These general comments should be read in conjunction with our previous recommendations for the reader to get a comprehensive overview of what has changed from the previous version and what has remained the same. This document can also be read while referencing the new Data Protection Bill 2021 and the JPC’s report to understand some of the significant provisions of the bill.

Read on to access the comments | Review and editing by Arindrajit Basu. Copy editing: The Clean Copy; Shared under Creative Commons Attribution 4.0 International license

For more details visit https://cis-india.org/internet-governance/blog/pallavi-bedi-and-shweta-mohandas-cis-comments-on-data-protection-bill

CIS Comment on ICANN's Draft FY20 Operating Plan and Budget

akriti — 2019-02-12T23:44:46Z

At the Centre for Internet and Society, we are grateful for the opportunity to provide our comments on the proposed draft of ICANN’s FY20 Operating Plan and Budget along with their Five-Year Operating Plan Update. As part of the public comment process, ICANN provided a list of documents which can be found here that included their highlights of the budget, the total draft budget for FY20, an operating plan segregated by portfolios, amongst others.

The following are our comments on relevant aspects from the different documents:

There are several significant undertakings which have not found adequate support in this budget, chief among them being the implementation of the ICANN Workstream 2 recommendations on Accountability. The budget accounts for any expenses that arise from WS2 as emanating from its contingency fund which is a mere 4%. Totalling more than 100 recommendations across 8 sub groups, execution of these would require significant expenditure. Ideally, this should have been budgeted for in the FY20 budget considering the final report was submitted in June, 2018 and conversations about its implementation have been carried out ever since. It is wondered if this is because the second Workstream does not have the effectuation of its recommendations in its mandate and hence it is easier for ICANN to be slow on it.^[1] As a member of the community deeply interested in integrating human rights better in ICANN’s various processes, it is concerning to note the glacial pace of the approval of the aforementioned recommendations especially coupled with the lack of funds allocated to it. Further, there is 1 one person assigned to work on the WS2 implementation work which seems insufficient for the magnitude of work involved.^[2]

A topical issue with ICANN currently is its tussle with the implementation of the General Data Protection Regulation (GDPR) and despite the prominence and extent of the legal burden involved, resources to complying with it have not been allocated. Again, it is within the umbrella of the contingency budget.

The Cross Community Working Group on New gTLD Auction Proceeds is also, presently, developing recommendations on how to distribute the proceeds. It is unclear where these will be funded from since their work is funded by the core ICANN budget yet it is assumed that the recommendations will be funded by the auction proceeds. Almost 7 years after the new gTLD round was open, it is alarming that ICANN has not formulated a plan for the proceeds and are still debating the merits of the entity which would resolve this question, as recently as the last ICANN meeting in October, 2018.

Another important policy development process being undertaken right now is the Working Group who is reviewing the current new gTLD policies to improve the process by proposing changes or new policies. There are no resources in the FY20 budget to implement the changes that will arise from this but only those to support the Working Group activities.

Lastly, the budgets lack information on how much each individual RIR contributes.

Staff costs

ICANN’s internal costs on their personnel have been rising for years and slated to account for more than half their annual budget with an estimated 56% or $76.3 million in the next financial year. The community has been consistent in calling upon them to revise their staff costs with many questioning if the growth in staff is justified.^{^[3]} There was criticism from all quarters such as the GNSO Council who stated that it is “not convinced that the proposed budget funds the policy work it needs to do over the coming year”.^{^[4]} The excessive use of professional service consultants has come under fire too.

As pointed out in a mailing list, in comments on the FY19 budget, every single constituency and stakeholder group remarked that personnel costs presented too high a burden on the budget. One of the suggestions presented by the NCSG was to relocate positions from from the LA headquarters to less expensive countries such as those in Asia. This can be seen from the high increase this budget of $200,000 in operational costs though no clear breakdown of that entails was given.

The view seems to be that ICANN repeatedly chooses to retain higher salaries while reducing funding for the community. This is even more of an issue since there employment remuneration scheme is opaque. In a DIDP I filed enquiring about the average salary across designations, gender, regions and the frequency of bonuses, the response was either to refer to their earlier documents which do not have concrete information or that the relevant documents were not in their possession.^{^[5]}

ICANN Fellowship

The budget of the fellowship has been reduced which is an important initiative to involve individuals in ICANN who cannot afford the cost of flying to the global ICANN meetings. The focus should be not only be on arriving at a suitable figure for the funding but also to ensure that people who either actively contribute or are likely to are supported as opposed to individuals who are already known in this circle.

Again, our attempts at understanding the Fellowship selection were met with resistance from ICANN. In a DIDP filed regarding it with questions such as if anyone had received it more than the maximum limit of thrice and details on the selection criteria, no clarity was provided.^{^[6]}

Lobbying and Sponsorship

At ICANN 63 in Barcelona, I enquired about ICANN’s sponsorship strategies and how the decision making is done with respect to which all events in each region to sponsor and for a comprehensive list of all sponsorship ICANN undertakes and receives. I was told such a document would be published soon but in the 4 months since then, none can be found. It is difficult to comment on the budget for such a team where there is not much information on the work it specifically carries out and the impact of such sponsoring activities. When questioned to someone on their team, I was told that it depends on the needs of each region and events that are significant in such regions. However without public accountability and transparency about these, sponsorship can be seen as a vague heading which could be better spent on community initiatives.

Talking of Transparency, it has also been pointed out that the Information Transparency Initiative has 3 million dollars set aside for its activities in this budget. It sounds positive yet with no deliverables to show in the past 2 years, it is difficult to ascertain the value of the investment in this initiative.

Lobbying activities do not find any mention in the budget and neither do the nature of sponsorship from other entities in terms of whether it is travel and accommodation of personnel or any other kind of institutional sponsorship.

^{^[1]} https://cis-india.org/internet-governance/blog/icann-work-stream-2-recommendations-on-accountability

^{^[2]} https://www.icann.org/en/system/files/files/proposed-opplan-fy20-17dec18-en.pdf

^{^[3]} http://domainincite.com/22680-community-calls-on-icann-to-cut-staff-spending

^{^[4]} Ibid

^{^[5]}https://cis-india.org/internet-governance/blog/didp-request-30-enquiry-about-the-employee-pay-structure-at-icann

^{^[6]} https://cis-india.org/internet-governance/blog/didp-31-on-icanns-fellowship-program

For more details visit https://cis-india.org/internet-governance/blog/akriti-bopanna-february-8-2019-comment-on-icann-draft-fy-20-operating-plan-and-budget

CIS anniversary

praskrishna — 2013-05-06T07:28:07Z

The Centre for Internet and Society will celebrate five years of its existence with an exhibition showcasing its works and accomplishments.

This was published in Hindu Business Line on May 5, 2013

The exhibition will be held concurrently at both Bangalore and Delhi offices from May 20 to 24, 2013, said a press release.

“To promote transparency, we're getting the general public to be our auditors by throwing open our account books and contracts which show how we have spent the Rs 8.3 crore received from our donors.”

The exhibition will also see artists like Kiran Subbaiah, Tara Kelton, Navin Thomas, Abhishek Hazra, among others exhibiting their works, as well as lectures.

For more details visit https://cis-india.org/news/the-hindu-business-line-may-5-2013-cis-anniversary

CIS and International Coalition Calls upon Governments to Protect Privacy

elonnai — 2013-09-25T07:21:09Z

The Centre for Internet and Society (CIS) along with the International Coalition has called upon governments across the globe to protect privacy.

On September 20 in Geneva, CIS joined a huge international coalition in calling upon countries across the globe, including India to assess whether national surveillance laws and activities are in line with their international human rights obligations.

The Centre for Internet and Society has endorsed a set of international principles against unchecked surveillance. The 13 Principles set out for the first time an evaluative framework for assessing surveillance practices in the context of international human rights obligations.

A group of civil society organizations officially presented the 13 Principles this past Friday in Geneva at a side event attended by Navi Pillay, the United Nations High Commissioner for Human Rights and the United Nations Special Rapporteur on Freedom of Expression and Opinion, Frank LaRue, during the 24th session of the Human Rights Council. The side event was hosted by the Permanent Missions of Austria, Germany, Liechtenstein, Norway, Switzerland and Hungary.

Elonnai Hickok, Programme Manager at the Centre for Internet and Society has noted that "the 13 Principles are an important first step towards informing governments, corporates, and individuals across jurisdictions, including India, about needed safeguards for surveillance practices and related policies to ensure that they are necessary and proportionate."

Navi Pillay, the United Nations High Commissioner for Human Rights, speaking at the Human Rights Council stated in her opening statement on September 9:

"Laws and policies must be adopted to address the potential for dramatic intrusion on individuals’ privacy which have been made possible by modern communications technology."

Navi Pillay, the United Nations High Commissioner for Human Rights, speaking at the event, said that:

"technological advancements have been powerful tools for democracy by giving access to all to participate in society, but increasing use of data mining by intelligence agencies blurs lines between legitimate surveillance and arbitrary mass surveillance."

Frank La Rue, the United Nations Special Rapporteur on Freedom of Expression and Opinion made clear the case for a direct relationship between state surveillance, privacy and freedom of expression in this latest report to the Human Rights Council:

"The right to privacy is often understood as an essential requirement for the realization of the right to freedom of expression. Undue interference with individuals’ privacy can both directly and indirectly limit the free development and exchange of ideas. … An infringement upon one right can be both the cause and consequence of an infringement upon the other."

Speaking at the event, the UN Special Rapporteur remarked that:

"previously surveillance was carried out on targeted basis but the Internet has changed the context by providing the possibility for carrying out mass surveillance. This is the danger."

Representatives of the Centre for Internet and Society, Privacy International, the Electronic Frontier Foundation,Access,Human Rights Watch,Reporters Without Borders, Association for Progressive Communications, and theCenter for Democracy and Technology all are taking part in the event.

Find out more about the Principles at https://NecessaryandProportionate.org

Contacts

NGOs currently in Geneva for the 24^th Human Rights Council:

Access
Fabiola Carrion: fabiola@accessnow.org

Association for Progressive Communication
Shawna Finnegan: shawna@apc.org

Center for Democracy and Technology
Matthew Shears: mshears@cdt.org

Electronic Frontier Foundation
Katitza Rodriguez: katitza@eff.org - @txitua

Human Rights Watch
Cynthia Wong: wongc@hrw.org

Privacy International
Carly Nyst: carly@privacy.org

Reporters Without Borders
Lucie Morillon: lucie.morillon@rsf.org
Hélène Sackstein: helsack@gmail.com

Signatories

Argentina
Ramiro Alvarez: rugarte@adc.org.ar
Asociación por los Derechos Civiles

Argentina
Beatriz Busaniche: bea@vialibre.org.ar
Fundación Via Libre

Colombia
Carolina Botero: carobotero@gmail.com
Fundación Karisma

Egypt
Ahmed Ezzat: ahmed.ezzat@afteegypt.org
Afteegypt

Honduras
Hedme Sierra-Castro: hedme.sc@gmail.com
ACI-Participa

India
Elonnai Hickok: elonnai@cis-india.org
Center for Internet and Society

Korea
Prof. Park: kyungsinpark@korea.ac.kr
Open Net Korea

Macedonia
Bardhyl Jashari: info@metamorphosis.org.mk
Metamorphosis Foundation for Internet and Society

Mauritania, Senegal, Tanzania
Abadacar Diop: jonction_jonction@yahoo.fr
Jonction

Portugal
Andreia Martins: andreia@coolpolitics.pt
ASSOCIAÇÃO COOLPOLITICS

Peru
Miguel Morachimo: morachimo@gmail.com
Hiperderecho

Russia
Andrei Soldatov: soldatov@agentura.ru
Agentura.ru

Serbia
Djordje Krivokapic: krivokapic@gmail.com
SHARE Foundation

Western Balkans
Valentina Pellizer: valentina.pellizzer@oneworldsee.org
Oneworldsee

Brasil
Marcelo Saldanha: instituto@bemestarbrasil.org.br
IBEBrasil

For more details visit https://cis-india.org/internet-governance/blog/cis-and-international-coalition-calls-upon-governments-to-protect-privacy

CII Digital India Summit

praskrishna — 2015-05-02T03:56:58Z

The Digital India Summit was organized at the Taj Mahal Hotel and Pragati Maidan in New Delhi on April 21 and 24, 2015. Pranesh Prakash participated in it.

Day 1 - 21 April 2015: Taj Mahal Hotel, New Delhi

Programme

0900 - 1000 hrs	Registration
1000 - 1030 hrs	Inaugural Session
1000 - 1015 hrs	Opening Remarks	Mr Kiran Karnik Chairman CII National Mission on Digital India
1015 - 1030 hrs	Setting the Context, Goals	Mr Bhaskar Pramanik Chairman CII National Committee on IT & ITes & Chairman Microsoft India Private Limited
1030 - 1100 hrs	Tea Break
1100 - 1315 hrs	Breakout Sessions
Group 1 1100 - 1315 hrs	Tackling Structural Issues and Developing Business Models for Digital India
Moderated by	Mr Sanjeev Gupta, Joint Secretary - IT, Department of Agriculture & Cooperation, Ministry of Agriculture Mr Kiran Karnik, Chairman, CII National Mission on Digital India
According to a DeitY estimate INR 100,000 cr. is needed just for funding the existing schemes. The achievement of the vision will need finance, expertise & intent from the private as well as the government. Given the different credo & objective for each sector, the need will be to build effective, collaborative & sustainable business models which provide a return on their investment while harnessing their strengths. Some of the key questions which will need to be answered are : · What is the role of public-private partnerships towards overcoming each of these five challenges? · How can we coordinate multi-stakeholder discussions and stimulate a collaborative approach towards shared goals of Digital India? · What are the sustainable business models that guarantee significant commercial (business feasibility) and social returns (such as inclusive growth, rural skill-building and employment generation)?
Group 2 1100 - 1315 hrs	Overcoming India's Last Mile Challenge-Creating Access through Network Reach, Innovative Business Models and Affordable Data-Enabled Devices/Internet plans
Moderated by	Ms Aruna Sundararajan, Additional Secretary & Administrator (USOF) and Chairman-cum- Managing Director, BBNL
Given India's size & demographics providing digital reach to the people at the right price is one of the most piquant issues that we face. Bringing every citizen on the digital backbone will increase empowerment & inclusion. Reaching out to the 2.5 lakh villages as envisaged in the plan will require intent, innovation & investment. Some of the questions that we need to discuss are: · What are the roadblocks in increasing internet penetration in India? · What are the alternate technologies that may be used to offer cost-effective internet in rural areas? · What are the regulatory changes that need to be in place? · What are the prerequisites for creating practical business models? · How do we stimulate internet usage through affordable service delivery in rural India? · What can the government do to encourage such business models?
Group 3 1100 - 1315 hrs	Developing a Digital Workforce - Empowering the Current and Future Workforce through Digital Literacy
Moderated by	Mr Pramod Bhasin, Non-Executive Vice Chairman and former President and CEO, Genpact Mr Atul Bhatnagar , Chief Operating officer, National Skill Development Corporation*
India's success in the technology sector has been based on our strength in skilled workforce. There are significant challenges in creating similar program to help build out the Made in India campaign in the manufacturing sector. The key questions are: · How should we define Digital Literacy? What does this mean and how much is still left to be done. What should we target to achieve over the next 3, 5 and 10 years? · What are the most effective measures Govt can take to enhance digital literacy and what kind of PPPs can we build to really take this to a completely different level? What are the biggest roadblocks to achieving digital literacy and how do we overcome these? · What is the role schools, colleges and vocational institutions, skills training providers can play in this area? How can that role be made much more effective and impact many more people? · How can digital literacy empower the unorganised sectors and entrepreneurship across India--in areas that are not touched by it normally--agriculture, farmers, construction, etc? How can this help bring a real revolution to these sectors which represent the majority of the work force? · How can digital literacy help create employability and access to jobs? How can it empower women and the hard to reach communities across India and bring them into the mainframe? · How can we use Digital literacy to substantially improve Governance and Transparency specially in public services and delivery of these across the population? · How can we use digital literacy to solve substantive problems such as Healthcare, Swatch Bharat, Build Smart Cities, increase Employability.
Group 4 1100 - 1315 hrs	Delivering Critical Services through a Universal, Verifiable Digital Identity
Moderated by	Mr Rajesh Bansal , Assistant Director General, UIDAI Mr Bhaskar Pramanik, Chairman, CII National Committee on IT and ITes and Chairman, Microsoft
The UID is already the largest program of its kind in the world. The real benefits will accrue when we build on this program to create add on programs which will harness what has been created and co-ordinate with financial, telecom & regulatory entities to create a collaborative model around direct benefit transfer and universal banking. Some of the key points that need to be discussed are: · What are the top 3 high-impact applications that would leverage the UID platform to offer critical services? · How can the govt. foster public and private sector innovation, and entrepreneurial creativity to foster UID-linked application to access services? · What is the potential for cross-sector collaboration and new business opportunities? For example, leveraging UID for enabling direct subsidies would require an effective partnership between financial services and energy sectors. What other avenues are worth exploring? · What is the action plan for different stakeholders and enablers? o Government and regulators o Corporates and institutions o Financial ecosystem partners o Telecom and IT companies o Individuals
1315 - 1415 hrs	Networking Lunch
1415 - 1435 hrs	Report back by Group 1
1435 - 1455 hrs	Report back by Group 2
1455 - 1515 hrs	Report back by Group 3
1515 - 1535 hrs	Report back by Group 4
1535 - 1550 hrs	Tea/ Coffee Break
1550 - 1700 hrs	Summing up and finalization of recommendation of each group by Mr Kiran Karnik

Day 2 - 24 April 2015: Hall No. 14, Pragati Maidan, New Delhi

1100 hrs	Inauguration of Digital Pavilion by Mr Ravi Shankar Prasad, Minister for Communications & Information Technology.
1130 - 1300 hrs	Panel Discussion on "Accelerating the Digital transition"
The Panel Discussion will focus on the imperatives required to ensure digitization across the value chain and what stakeholders must do to ensure that digitization supports sustainable growth. Outcomes from the discussions on Day 1 will be presented by each of the Session Chair to Hon'ble Minister
*"Release of the CII Compendium on cross company best practices / success stories on Digital India by Mr Ravi Shankar Prasad, Hon'ble Minister of Communications and Information Technology"*

For more details visit https://cis-india.org/internet-governance/news/cii-digital-india-summit

CII Conference on "ACT": Achieve Cyber Security Together"

kovey — 2013-07-26T08:17:40Z

The Confederation of Indian Industries (CII) organized a conference on facing cyber threats and challenges at Hotel Hilton in Chennai on July 13, 2013. Kovey Coles attended this conference and shares a summary of the event in this blog post.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

The conference hosted by CII in the Hotel Hilton, was well attended, and featured a range of industry experts, researches and developers, and members of the Indian armed forces.

Participants focused on the importance of Indian entities reaching new, adequate levels of cyber security. It was stated early in the event that India is one of the world's most targeted areas for cyber-attacks, and its number of domestic internet users is known to be rapidly increasing in an age which many view as a new era of international information warfare. Despite this, the speakers considered India to be too far behind other countries in its understanding of cyber security. In the opening remarks, CII Chairman Santhanam implored "We need hard core techies in this field… we are not producing them." Another speaker, Savitha Kesav Jagadeesan, a practicing lawyer in Chennai, asked if India would wait until the "9/11 of cyberspace" occurrence before we establish the same level of precautionary measures online as it exists now in transportation security.

With the presence of both the government’s executive forces and the private industries, the aura circulating the conference room was that of a collective Indian defense, a secure nation only achieved through both secure governmental and industrial aspects. Similar to the previous day’s DSCI cyber security conference, many speakers discussed security issues pertinent to the financial and banking industries, and other cyber crimes which had pecuniary goals. For people seeking to avoid the array of scams and frauds online, some talks shared some of the most basic advice, like safe password practices. "Passwords are like toothbrushes," said A.S. Murthy of the CDAC, "use them often, never share them with anyone, change them often." Other talks went into the intricacies of various hacking schemes, including tab-nabbing and Designated Denial of Service (DDoS) attacks, describing their tactics and how to moderate them.

In the end, the conference had certainly informed the attendees of the goals, and the challenges, that India will face in the coming months and years. The speakers (all of them) showed how the world of cyber security was quickly evolving, and demonstrated the imperative in government and industry entities evolving their own practices and defenses in stride. The ambitions of several presentations matched the well-publicized "5 lakh cyber professionals in 5 years" plan, placing a strong emphasis in the current and future training of young students in cyber security. Ultimately, I think, the conference helped convince that cyber security is neither a futile, nor completely infallible concept. As CISCO Vice President Col. K.P.M. Das said towards the end of the evening, the most ideal form of cyber security is truly "all about trust, the ability to recover, and transparency/visibility."

For more details visit https://cis-india.org/internet-governance/blog/cii-conference-on-act

Chinese state media says U.S. should take some blame for cyber attack

praskrishna — 2017-06-07T01:12:27Z

"WannaCry is far and away the most severe malware attack so far in 2017, and the spread of this troubling ransomware is far from over". Since the global attack was launched on Friday, several thousand more computers were discovered to be infected, particularly in Asia as the work day began on Monday. "We've seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released".

The article by Ellis Neal was published in the Villages Suntimes on May 21, 2017.

Microsoft called the incident a "wake-up" call for governments and customers to take security seriously, but in a letter to the Times Sir David Omand, GCHQ director from 1996 to 1997, pins the blame squarely on the technology firm for failing to maintain support for its ageing Windows XP platform. If they wanted their files decrypted, the program said all they had to do was pay $300 worth of Bitcoin to the specified address.

However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised.

When Microsoft sells its operating system software it does so through a licence agreement that states the company is not liable for any security breaches, thus shielding it from any legal complaints, points out Michael Scott, a professor at Southwestern Law School.

Microsoft has blamed the U.S. government for creating the software code that was used by hackers to launch the cyber-attacks. USA and European officials did not rule out North Korea as a possible suspect in the cyberattack.

In a blog post, Microsoft admonished governments around the world for keeping software vulnerabilities to themselves, instead of reporting them to the developers. EternalBlue and DoublePulsar, two tools the NSA used to infiltrate computer networks, were stolen from the agency and leaked online in April as part of a massive data dump by the Shadow Brokers hacker group. An investigation is on-going regarding how the codes got out.

The cyber experts have warned of a huge risk in near future as most institutions and individuals in Bangladesh use pirated software. We can not expect criminal hackers to be held accountable for their actions, but we should hold our government agencies accountable.

Since China and Russian Federation are two of the countries where a major share of computers are running pirated Windows, these are also the countries with the biggest rate of WannaCry infections, as stated by F-Secure.

Malware cases have been spreading in recent years as the malicious software trend has been gaining ground, with new forms of ransomware hitting the scene.

For more details visit https://cis-india.org/internet-governance/news/villages-suntimes-may-21-2017-ellis-neal-chinese-state-media-says-us-should-take-some-blame-for-cyber-attack

Chinese hackers baiting Indian govt, corporate employees: report

praskrishna — 2013-09-05T10:31:53Z

Hackers using fake subject headings to get users to open virus-laden email attachments.

This article by Moulishree Srivastava and Anirban Sen was published in Livemint on August 9, 2013. Sunil Abraham is quoted.

Using faked subject headings as diverse as Gujarat chief minister Narendra Modi and the Jallianwala Bagh Massacre, Chinese hackers have been baiting Indian government officials and corporate employees to open virus-laden emailed attachments and expose themselves to the risk of cyber attacks, a new report says.

The report on “advanced persistent cyber attacks” is based on an investigation conducted by security research firm Research Bundle in collaboration with CERT-ISAC. ISAC is a certification body for information technology (IT) security professionals that handles India’s National Security Database (NSD). CERT (Computer Emergency Response Team)-ISAC deals with mobile and electronic security.

“Some time back, there were a couple of high-profile cyber attacks that came to our notice when we were approached by corporates as well as government entities to look into them,” said Rajshekhar Murthy, director at CERT-ISAC, NSD, at the report’s release on Friday.

“First we thought it might be just these few incidents, but as we went deeper into it, it came to light that these threats were far more (widely) spread than we had initially perceived. During the course of our research, we got proof that the threats originated from China,” he said.

NSD, managed by ISAC and the government, is a programme that provides certification to IT professionals who have capability to protect critical infrastructure and the economy.

“Chinese hackers have been persistent in their attacks. According to our analysis, they have also made a separate wing for these operations,” Murthy said.

The report says, “It’s also a known fact the Indian government and other important sectors from India were heavily targeted during this campaign...focused on stealing confidential documents and sensitive information.”

The threat came in the form of emails with attached documents targeting government and corporate entities. “These documents exploited previously known vulnerabilities to drop ‘Travnet’ malware on to the systems,” said the report, prepared by 20 Internet security professionals over a period of six months.

“These emails showed that China has been gathering information about India and keeping up with current issues, and using those to entice people to open the attachments,” Murthy said.

Some of the attachments had names such as Army Cyber Security Policy 2013.doc, Jallianwala bagh massacre - a deeply shameful act.doc, Report - Asia Defense Spending Boom.doc, His Holiness the Dalai Lama’s visit to Switzerland day 3.doc, and BJP won’t dump Modi for Nitish NDA headed for split.doc.

The malware Travnet was specifically designed to search for “doc, docx, xls, xlsx, txt, rtf and pdf” files on the hacked computer.

“This provides enough hints that this malware was designed to steal confidential information, unlike the usual botnet variants that focus primarily on providing remote access to the system,” the report said. “The malware initially collects system information, a list of files on the victim machine among others, then sends this data to the remote Command & Control server...”

According to industry estimates, losses due to cyber theft from reported attacks alone amount to $8-10 billion (Rs.48,800-61,000 crore). But experts say the figure could be much higher as many threats go unreported.

Worryingly, the security infrastructure of Indian government websites has reportedly failed to keep pace with cyber attackers, who are becoming more focused on stealing information.

“Many of the servers that host ‘gov.in’ sites are running outdated software versions, with poorly managed Web servers that do not follow even the most basic Web application security guidelines,” said the report. “Even important government sites, access to which can lead to much deeper intrusion, seem to be managed with little care. While defacements are usually carried out by hackers just for fun or fame, serious hackers can cause much more damage and remain unnoticed for a very long time...”

“Slowly but steadily, serious APT (advanced, persistent attacks) campaigns are on the rise,” the report added. “It’s very important for the nation to start upgrading its IT infrastructure to keep up with the latest security guidelines and practices.”

“Cyber security has become one of the crucial areas for us and we are focusing on putting capacity and capability in place to strengthen the cyber security infrastructure,” said Alok Vijayant, director of the National Technical Research Organisation. “We want to bring IT security professionals under one entity to enhance our existing capability instead of just focusing on putting in additional security infrastructure.”

“India has one of the largest talent pools of IT professionals, but our biggest concern remains the young talent in IT, as most professionals prefer to go abroad to work,” he added.

Additionally, the use of proprietary rather than open-source software increases the vulnerability of Indian entities, according to Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society. “There’s a lack of use of Linux and other kinds of free software at both the desktop level and also the front end... They’re using Microsoft both at the server end and on the client end. Most of these attacks take advantage of that operating system dependency. If one were to look at it at a macro level, we’re vulnerable across the board—vulnerable to the US, we’re vulnerable to attackers from Europe, Pakistan, etc.,” Abraham said.

For more details visit https://cis-india.org/news/livemint-august-9-2013-moulishree-srivastava-anirban-sen-chinese-hackers-baiting-indian-govt-corporate-employees

China outranks India in world’s first ever web index

praskrishna — 2012-09-07T09:08:37Z

India has been ranked 33rd on a list of 61 countries in a brand new web index that seeks to measure how effectively countries are using the Internet to improve people’s lives. And Indian Internet activists say that given the increasing level of control the government seeks to exercise over the net, that is no great surprise.

The article was published in FirstPost on September 6, 2012. Nishant Shah is quoted.

The index, which has been compiled by Tim Berners-Lee, the inventor of the World wide web, measures the economic, social and political impact of the internet, on criteria ranging from the proportion of people online to the amount of useful content available.

Sweden has topped the list ahead of the US and UK, while amongst Asian countries, the Republic of Korea came in at 13th. Interestingly, China ranked 20, 13 places ahead of India.

Speaking to Firstpost about the index and India’s ranking, Nishant Shah of the Centre for Internet and Society said that given the increasingly disturbing nature of the government’s response to the Internet in India, it was no surprise that the country had not fared well on the index.

“The Internet today doesn’t work according to the idealistic principles of openness, and democracy of information that Berners-Lee envisioned for it, and in India in particular, although the Internet has helped us rethink what the government can do, the attitude is that that Internet can only be used in ways that the government sees fit”, said Shah

The methodology of the ranking has rated countries on the basis of three parameters:

Web Readiness: The quality and extent of Communications Infrastructure (facilitating connectivity to the Web) and Institutional Infrastructure (policies regulating Web access and skill and educational levels enabling the full benefit of the Web).

Web Use: The Index looks both at Web usage within countries (such as the percentage of individuals who use the Internet) and the content available to these Web users.

The Impact of the Web: The Index uses social, economic and political indicators to evaluate the impact of the Web on these dimensions. This includes measures of social networks, business internet use and e-participation.

For more details visit https://cis-india.org/news/www-firstpost-com-sep-6-2012-china-outranks-india-in-worlds-first-ever-web-index

Chilling Effects and Frozen Words

Lawrence Liang — 2012-04-30T07:32:17Z

What if the real danger is not that we lose our freedom of speech and expression but our sense of humour as a nation? Lawrence Liang's op-ed was published in the Hindu on April 30, 2012.

While freedom of speech and expression is an individual right, its actualisation often relies on a vast infrastructure of intermediaries.

In the offline world, this includes newspapers, television channels, public auditoriums, etc. It is often assumed that the internet has created a more robust public sphere of speech by doing away with many structural barriers to free speech. But the fact of the matter is that even if the internet enables a shift from a ‘few to many' to a ‘many to many' model of communication, intermediaries continue to remain important players in facilitating free speech. Can one imagine free speech on the internet being the same without Twitter, social networks or Youtube?

One way of thinking of the infrastructure of communication is in terms of ecology, and in the ecology of speech — as in the environment — an adverse impact on any component threatens the well-being of all. The idea of cyberspace as a commons is a much cherished myth and in the early days of the internet we were perhaps given a glimpse into its utopian possibility. But we would be deluding ourselves if we believed that the problems that plague free speech in the offline world (including ownership of the avenues of speech) are absent in cyberspace. Recall in recent times that one of the most effective ways in which various governments retaliated to the leaking of official secrets on WikiLeaks was by freezing Julian Assange's PayPal account.

Direct & Indirect Controls

It may be useful to distinguish between direct controls on free speech and indirect or structural controls on free speech. India has had a long history of battling direct and indirect controls on free speech and with a few exceptions the interests of the press have often coincided with the interests of a robust public sphere of debate and criticism.

In the late 1950s and early 1960s, a number of large media houses battled restrictions imposed on the press by way of control of the number of pages of a newspaper, regulation of the size of advertisements and the price of imported newsprint. On the face of it, some of these restrictions may have seemed like commercial disputes but the Supreme Court rightly recognised that indirect controls could adversely impact the individual's right to express himself or herself as well as to receive information freely.

In the online context, there has also been a similar recognition of the role of intermediaries in providing platforms of speech and it is with this view in mind that a number of countries have incorporated safe harbour provisions in their information technology laws.

Section 79 of the Information Technology Act is one such safe harbour provision in India which provides that intermediaries shall not be liable for any third party action if they are able to prove that the offence or contravention was committed without their knowledge or that they had exercised due diligence to prevent the commission of such offence or contravention. But this safe harbour has effectively been undone with the passing of the Information Technology (Intermediaries guidelines) Rules, 2011.

The rules clarify what standard of due diligence has to be met by intermediaries and Sec. 3(2) of the rules obliges intermediaries to have rules and conditions of usage which ensure that users do not host, display, upload, modify, publish, transmit, update or share any information that is in contravention of the Section. This includes the all too familiar ones (defamatory, obscene, pornographic content) but also a whole host of new categories which could be invoked to restrict speech (“grossly harmful,” “blasphemous,” “harassing,” “hateful”).

As is well known, any restriction on speech in India has to comply with both the test of reasonableness under Article 19(2) of the Constitution, as well as ensuring that the grounds of censorship are located within 19(2). Even though there are laws regulating hate speech in India, blasphemy is not a category under Art. 19(2) and has hitherto not been a part of Indian law. Some of the other categories such as “grossly harmful” suggest the people who drafted the rules seem to have taken a constitutional nap at the drafting board.

Sec. 3(4) of the rules provides that any intermediary who receives a notice by an aggrieved person about any violation of sub rule (2) will have to act within 36 hours and where applicable will ensure that the information is disabled. In the event that it fails to act or to respond, the intermediary cannot claim exemption for liability under Sec. 70 of the IT Act. It is worth noting that most intermediaries receive from hundreds to thousands of requests from individuals on a daily basis asking for the removal of objectionable material. The Centre for Internet and Society conducted a “sting operation” to determine whether the criteria, procedure and safeguards for administration of the takedowns as prescribed by the Rules lead to a chilling effect on free expression.

In the course of the study, frivolous takedown notices were sent to seven intermediaries and their response to the notices was documented. Different policy factors were permuted in the takedown notices in order to understand at what points in the process of takedown, free expression is being chilled. The takedown notices which were sent by the researcher were intentionally defective as they did not establish how they were interested parties, did not specifically identify and discuss any individual URL on the websites, or present any cause of action, or suggest any legal injury. Of the seven intermediaries to which takedown notices were sent, six over-complied with the notices, despite the apparent flaws in them.

Caution

Even in cases where the intermediaries challenged the validity of the takedowns, they erred on the side of caution and took down the material. While a number of intermediaries would see themselves as allies in the fight against censorship, more often than not intermediaries are also large commercial organisations whose primary concern is the protection of their business interests. In the face of any potential legal threat, especially from the government, they prefer to err on the side of caution. The people whose content was removed were not told, nor was the general public informed that the content was removed.

The procedural flaws (subjective determination, absence of the right to be heard, the short response time) coupled with the vague grounds on which such takedowns can be claimed, clearly point to a highly flawed situation in which we will see many more trigger happy demands for offending materials to be taken down.

We have already slipped into a state of being a republic of over sensitivity where any politician, religious group or individual can claim their sentiments have been hurt or they have been portrayed disparagingly, as evidenced by the recent attack and subsequent arrest of Professor Ambikesh Mahapatra of Jadavpur University for posting cartoons lampooning Mamata Banerjee.

Nervous State

In the era of global outsourcing it was inevitable that the state censorship machinery would also learn a lesson or two from the global trends and what better way of ensuring censorship than outsourcing it to individuals and to corporations. The renowned anthropologist, Michael Taussig, once compared the state to a nervous system and it seems that the Intermediary rules live up to the expectations of a nervous state ever ready to respond to criticism and disparaging cartoons.

What if the real danger is not even that we lose our freedom of speech and expression but we lose our sense of humour as a nation?

The evident flaws of the rules have been acknowledged even by lawmakers, with P. Rajeeve, the CPI(M) M.P., introducing a motion for the annulment of the rules. The annulment motion is going to be debated in the coming weeks and one hopes that the parliamentarians will seriously reconsider the rules in their current form.

When faced with conundrums of the present it is always useful to turn to history and there is reason to believe that while censorship has a very respectable genealogy in Indian thought, it has also been accompanied in equal measure by a tradition of the right to offend.

In his delightful reading of the Arthashastra, Sibaji Bandyopadhay alerts us to the myriad restrictions that existed to control Kusilavas (the term for entertainers which included actors, dancers, singers, storytellers, minstrels and clowns). These regulations ranged from the regulation of their movement during monsoon to prohibitions placed on them, ensuring that they shall not “praise anyone excessively nor receive excessive presents”. While some of the regulations appear harsh and unwarranted, Bandyopadhay says that in contrast to Plato's Republic, which banished poets altogether from the ideal republic, the Arthashastra goes so far as to grant to Kusilavas what we could now call the right to offend. Verse 4.1.61 of the Arthashastra says, “In their performances, [the entertainers] may, if they so wish, make fun of the customs of regions, castes or families and the practices or love affairs (of individuals)”. One hopes that our lawmakers, even if they are averse to reading the Indian Constitution, will be slightly more open to the poetic licence granted by Kautilya.

Click for the original published in the Hindu on April 30, 2012. Lawrence Liang is a lawyer and researcher based at Alternative Law Forum, Bangalore. He can be contacted at lawrence@altlawforum.org

For more details visit https://cis-india.org/internet-governance/chilling-effects-frozen-words

Child-lifting rumours caused 69 mob attacks, 33 deaths in last 18 months

Admin — 2018-07-13T14:53:57Z

45 persons were killed in 40 cases of mob lynching across nine states between 2014 and 3 March 2018 according to data.

The article was published in the Business Standard on July 9, 2018. Swaraj Paul Barooah was quoted.

Two incidents of mob violence reported from Dima Hasao in Assam and Mangaluru in Karnataka on July 6, 2018, take to 61 the number of mob attacks sparked by rumours of child-lifting circulated on social media since beginning of the year.

So far this year, 24 persons have been killed in such mob attacks, an IndiaSpend analysis of news reports from across India shows. This is more than 4.5 times rise in attacks and two-fold rise in deaths of this kind over 2017, when 11 persons were killed in eight separate attacks.

Between January 1, 2017, and July 5, 2018, 33 persons have been killed and at least 99 injured in 69 reported cases. In the first six days of July alone, there have been nine cases of mob violence over child lifting rumours and five deaths, which amounts to more than one attack recorded every day.

In all cases, the victims were assaulted on mere suspicion and no evidence of child lifting was found later. So far, police across states have arrested at least 181 persons in connection with 21 cases, according to information from the news reports.

On July 5, 2018, the central home ministry had directed all states and union territories to contain mob-lynchings fuelled by rumours of child-lifting on social media. Nevertheless, two attacks were reported on July 6, 2018–a father travelling with his own son in Karnataka, and three sadhus or ‘holy men’ travelling in Assam.

Prior to 2017, one mob lynching was recorded in August 2012, in which a driver was killed in Patna, Bihar, on suspicion of kidnapping a minor, according to our database.

The spike in these lynchings over the past year follows a rise in bovine-related hate violence, as recorded in IndiaSpend’s database on cow-related hate crime. Incidents of mob attacks on persons suspected of killing cows have become deadlier during this period, with more deaths reported in attacks.

Social and political commentators have blamed this violence on a rise in socio-political and religious cleavages, a rise of vigilantism and an apparent atmosphere of impunity for attackers.

“The violence started with cow-related vigilantism but it is now building up more violent behaviour–from small to big reasons anything could be the trigger,” psychologist Upneet Lalli, deputy director of the Institute of Correctional Administration in Chandigarh, told IndiaSpend.

Videos of people tied and beaten, begging mobs to spare their lives, have been circulating on WhatsApp groups and other social media, affecting people everywhere, she said, adding, “Once set off for any reason, mob hysteria is extremely difficult to control.”

Social media is aiding and abetting the process, criminologist Vijay Raghavan, dean of the social protection office at the Tata Institute of Social Sciences, told IndiaSpend, adding that the growing violence is “clearly being orchestrated by vested interests”.

“A rumour starts in one part of the country and travels to other parts like wildfire–first it was beef, now it is child lifting,” he said. In most cases, the victims and the attackers belong to communities historically pitted against each other, he said, “This changing narrative has a clear pattern of violence that is basically preying on traditional insider-outsider perceptions.”

Our analysis

To analyse instances of mob violence related to child-lifting rumours, our team collected, studied and cross-verified print and online news reports in the English media, which tend to have the widest nationwide coverage, since 2010. All reported incidents were cross-referenced to eliminate discrepancies.

The dataset thus created includes the number of mob attacks, the severity of each attack and details of the victims. Most entries include the names of districts, towns and villages.

Since each observation is based on a newspaper report of the crime, availability of details such as the severity of crime, the number of victims and their identities and ethnicities varies.

Before 2017, only one incident was reported in 2012.

Jharkhand, Maharashtra deadliest

Among all states and union territories, Jharkhand and Maharashtra, with seven and five deaths, respectively, reported the highest death toll. The chances of death in such attacks in these states stood at 350% and 167%, respectively, meaning every reported incident led to more than one death.

Odisha, under the Biju Janata Dal government, reported the most number of attacks, 15, which resulted in one death. Tamil Nadu, run by the All India Anna Dravida Munnetra Kazhagam (AIADMK), followed with nine cases and four deaths.

One-third or 30% of attacks were reported from states ruled by the Bharatiya Janata Party, which also runs the central government.

In the 19 months since January 2017, 10 districts across 16 states have reported more than one case of mob violence. Jeypore, Mayurbhanjh and Rayagada in Odisha and Visakhapatnam in Andhra Pradesh have reported three separate incidents each.

More than half or 56% of the attacked victims were men, 22% women, 3% transgender, and for the remaining 18%, the gender was not mentioned in the news reports.

Among those killed, 14 were Hindus, 3 Muslims, and in 16 cases the religious/ethnic identity was not reported.

No correlation between rise in reported child kidnappings and spread of mob violence

Except in Maharashtra, these incidents of violence do not reflect an increase in child kidnapping cases recorded in National Crime Records Bureau (NCRB) data from 2014 to 2016.

In the two years from 2014, India recorded a 41% rise in kidnapping and abduction of children–from 38,555 in 2014 to 54,328 in 2016–primarily in Uttar Pradesh (9,678), Maharashtra (8,260) and Delhi (6,254), NCRB data show.

As of 2016, Maharashtra, the second-most populous state in India, reported the second-highest number of child abductions. It has also reported the second-highest toll from mob lynchings over child-lifting rumours.

However, there was no such correlation in Uttar Pradesh and Delhi, which the NCRB ranked first and third for the number of reported child abductions and kidnappings (which are defined differently in law but basically involve seizing by force and against the victim’s will).

Jharkhand, which reported the highest death toll from mob lynchings, ranked 19 across India for reported child abductions in 2016, as per NCRB data. Tripura, where five people were killed, ranked 24.

This may suggest that fears of child lifting are unfounded and exaggerated. “There is no correlation because the instigators of this violence are not prompted by a genuine fear of kidnapping,” Raghavan said.

However, the data do not account for cases that go unreported–families are hesitant to approach the police, who are seen to be unsympathetic and intimidating–or cases lost in communication between states and NCRB.

The violence is also indicative of how people have lost faith in law enforcement and criminal justice systems to act decisively against child lifting, Lalli said, adding, “Losing faith in the law of the land is a serious threat to society.”

Mob psyche is different from individual psyche, she said, “When an individual acts, there is a sense of responsibility, but in a mob, there is a dispersion of responsibility and guilt.” The mob justifies its act as heroism to save the community, their identity, their children, themselves.

Of the children kidnapped or abducted in 2016, 73% were female and 27% male, NCRB data show. Of the total child victims, 31% (16,938) were kidnapped or abducted for the purpose of marriage, of which only one victim was male; 3% (1,562 female and 26 male) for illicit intercourse; and 1% each for other unlawful activity and adoption. No purpose was mentioned in fully 62% of cases.

77% attacks attributed to fake news

Of the 69 mob violence cases related to rumours of child lifting that have been reported, 77% were eventually attributed to fake news spread through social media. Mobile messenger application Whatsapp, in particular, featured as the rumour source in 28% or 19 of the cases.

The ministry of electronics and information technology on July 2, 2018, issued a warning to Whatsapp, observing that “instances of lynching of innocent people because of large number of irresponsible and explosive messages filled with rumours and provocation are being circulated on WhatsApp”.

“Such a platform cannot evade accountability and responsibility especially when good technological inventions are abused by some miscreants who resort to provocative messages which lead to spread of violence,” the ministry said subsequently in a press release on July 3, 2018, stating clearly that “WhatsApp must take immediate action to end this menace and ensure that their platform is not used for such malafide activities”.

About 13% or 200 million of WhatsApp’s 1.5 billion users are Indian, The Financial Express reported on February 1, 2018. This is 42% of India’s 481 million internet users recorded as of December 2017.

In a letter to the ministry shared with IndiaSpend, the WhatsApp management said it was “horrified by these terrible acts of violence” and listed out the steps it has taken to curb the spread of fake news but emphasised that the challenge “requires government, civil society and technology companies to work together”.

It maintained, however, that messages would continue to have end-to-end encryption to protect users’ privacy and security, encryption being key to WhatsApp’s messaging service. It added that no more than a quarter of WhatsApp users are part of groups; that the majority of groups are small (with fewer than 10 members); and nine in 10 messages are sent from just one person to another.

Cyber privacy experts caution against overreacting against WhatsApp and other social media platforms, arguing in favour of free speech and privacy.

In June, after two cases of mob lynching in Tripura, the government tried to control the situation by shutting down the internet in the area, reports included in our database said.

This is “a slippery slope to quell dissent”, Swaraj Barooah, director at the Centre for Internet and Society, a Bengaluru-based not-for-profit, said, adding, “There are indications that marginalised groups tend to be affected more strongly than others when there are internet shutdowns.”

Lynchings point to a much larger issue than the ubiquitous presence of social media, experts said. “Everyone is focusing on these being rumours–and of course the platform’s ability to exponentially magnify the speed and reach of a message being sent is very relevant–but when and why did we normalise vigilante justice in the first place?” said Barooah. “For instance, would this type of action be okay if these were not rumours, but had actually been true?”

“The root problem is those exploiting historical animosities between communities. We need to properly investigate on a national-level who are the instigators and what are they after–merely arresting people after an incident is not enough,” professor Raghavan said.

Barooah also warned against attempts to force WhatsApp to provide security agencies with decrypted data, as the government had forced the Canadian smartphone maker Blackberry to do in 2013.

“Given that it is already unsure of the extent to which WhatsApp shares metadata with governments, it is important to ensure that its end-to-end encryption facility is not weakened,” Barooah said. “There are certain delicate trade-offs that can be made, but if they are, they should not be made as a knee-jerk reaction to ongoing events but after careful consideration of all the pitfalls. This is especially important in India, given the lack of a privacy law as well as concerns of chilling effects on free speech that are present.”

Some solutions he suggested include making it mandatory that WhatsApp forwards and memes contain originator details, and that a “fact check this” option be inserted at the user end to allow a message to be decrypted. He also suggested that a database of ‘reported hashes’ be created, which all users could download, and which would automatically rate messages on ‘trust’.

It is also important to help people identify fake news and question the information they receive, experts say, pointing out that while India has low literacy and education levels, even highly literate people are not free from confirmation bias.

“We really need to educate people–people naively believe everything they read as true. We’re not doing anything about critical thinking and critical inquiry–we’ve stopped being questioning and that’s a very important part of countering fake news,” Lalli said, adding, “We don’t even respond to information, we’re only reacting.”

How recent attacks tie in with bovine-related vigilantism and violence

IndiaSpend has been maintaining a database of bovine-related violence since 2010, which shows a spurt in violence since the BJP and Prime Minister Narendra Modi assumed power in May 2014.

A preponderant majority of bovine-related hate crimes–98% of the 85 incidents–have occurred since May 2014, our database shows. Only one incident each was reported in 2012 and 2013.

Around 56% of the persons attacked by these groups were Muslim, who accounted for 88% of those killed in this violence. In 2018, 100% of victims attacked in these hate crimes were Muslim.

“There is a clear increase in aggression by one group against the other and a growing inability to empathise and understand those different from ourselves,” Lalli said, “This has essentially made us revert to behaving like tribalistic societies with animalistic instincts–where, when for survival, when you perceive an animal to be a threat, you attack it to kill it.”

In more than a third–28 of 85 incidents–mobs or groups of people were spurred into violence on the mere suspicion of cow slaughter.

Our database also shows that the attacks have become deadlier–the percentage chance of such mob-violence resulting in death has more than doubled from 30% in 2017–regarded as the deadliest year since 2010 (11 deaths in 37 cases)–to 66% in 2018 (four deaths in six cases).

“Society has an innate capacity for violence and it’s very easy to encourage this. Right from Twitter trolling–which is basically extreme verbal aggression–we are unleashing and encouraging violence in different ways and contexts,” Lalli said.

What the government says

Many commentators have remarked that the absence of a strict and prompt response from the government has encouraged such violence. “What action is taken when such cases occur has an important bearing on the continuation of such violence,” Raghavan said, “By not taking strong action, the state is complicit in its orchestration.”

“While we hear about more incidents of violence, we are yet to hear full recognition or condemnation of these acts from the important leaders–in a way it sends out a message that does not discourage the mob,” Lalli agreed, “When you don’t speak out about it and come down on it strongly, it sends out a signal to society that it’s alright to resort to violence for these reasons since nobody gets punished.”

The NCRB “does not maintain specific data with respect to mob lynching incidents (involving minorities) in the country”, the home ministry told Parliament on March 13, 2018.

The ministry did furnish some data on mob lynchings recorded by states from 2014 to 2017, but did not provide information on the motive–whether cow vigilantism, communal or caste hatred, or rumours of child-lifting, etc. The data also did not disclose the identity of the victims.

These data said 45 persons were killed in 40 cases of mob lynching across nine states between 2014 and March 3, 2018. At least 217 persons have been arrested.

In contrast, IndiaSpend’s two databases on mob violence–due to child-lifting rumours and bovine-related hate violence–record 80 cases and 41 deaths during the same period. This is without counting other instances of mob violence related to caste, moral policing and so on.

For more details visit https://cis-india.org/internet-governance/news/business-standard-july-9-2018-69-mob-attacks-on-child-lifting-rumours-since-jan-17-only-one-before-that

Chidambaram to Talk Budget on Google+ Hangout

praskrishna — 2013-03-11T04:14:29Z

Indian politicians are slowly warming up to social media.

This article by Dhanya Ann Thoppil was published in the Wall Street Journal on March 4, 2013. Sunil Abraham is quoted.

In a first for a cabinet minister, Indian Finance Minister P. Chidambaram tonight is hosting a Google+ Hangout, a Web video chat, to answer citizens’ questions on the budget he presented last week.

At 8 p.m. on Monday India time, Mr. Chidambaram will be joined by a group of experts to discuss the state of India’s economy, which looks set to grow at its weakest pace in a decade this financial year.

On the panel are also Amit Singhal, senior vice president at Google Inc., Anand Mahindra, chairman and managing director of Mahindra & Mahindra Ltd., Jahangir Aziz, chief economist for India at J.P. Morgan and Manish Chokhani, chief executive officer at Axis capital.

The online chat, which the Ministry of Finance in a statement described as “a powerful communication platform,” is an attempt to engage India’s tech-savvy, middle-class youth in the political process.

“It is an attempt by the government to reach out to gen-next,” ahead of the general elections scheduled in 2014, said S. Chandrasekharan, the director of South Asia Analysis Group, a Delhi-based think tank.

Improving opportunities for the country’s younger generations was a major focus of Mr. Chidambaram’s budget speech to lawmakers Thursday. “My budget has before it one overarching goal: to create opportunities for our youth to acquire education and skills that will get them decent jobs or self-employment,” he said, adding, “Their concern are my concerns, too.”

But Mr. Chidambaram won’t be interacting with citizens directly. He will answer questions submitted by citizens in advance through video uploads on this YouTube channel or on this Google + page. The session will be streamed live on both websites.

Social media is only beginning to emerge as a tool Indian politicians use to reach out to the country’s citizens.

Prime Minister Manmohan Singh, often criticized for not being accessible to the media, set up a Twitter profile about a year ago. But the account is managed by his office staff, not by Mr. Singh himself, and it’s mostly used to share links to pictures or speeches of the Prime Minister.

Narendra Modi, chief minister of the state of Gujarat and possible prime ministerial candidate for the opposition Bhartiya Janata Party, has embraced digital media more than other politicians. In August he hosted a Google + Hangout session to answer questions from citizens and in December had a holographic image of himself projected live at rallies in four different locations to communicate with his supporters during his election campaign.

The government last year also came up with a series of guidelines for its various arms on the effective use of social media to reach out to people and to ensure public participation in policy framing.

Still, the government often views social media with suspicion, and has taken steps to regulate user-generated content on websites more tightly.

There are 14 million broadband connections in India, meaning that only a small portion of the country’s 1.2 billion population has reliable Internet access, says Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society.

“So, unlike in the U.S., where you can fault the government for not being online, in India you can’t really fault the government,” says Mr. Abraham.

For more details visit https://cis-india.org/news/wsj-march-4-2013-dhanya-ann-thoppil-chidambaram-to-talk-budget-on-google-hangout

Chennai: Learn to Protect your Online Activities!

bernadette — 2013-08-01T12:16:52Z

The Centre for Internet and Society cordially invites you to a Crypto Party at Asian College of Journalism Second main Road (Behind M.S. Swaminathan Research Foundation) Taramani in Chennai on August 7, 2013, 4.30 p.m. to 6.30 p.m.

"Governments around the world, are greatly increasing their surveillance of the Internet. Alongside a loss of the private sphere, this also represents a clear danger to basic civil liberties. The good news is that we already have the solution: encrypting communications makes it very hard, if not entirely impossible, for others to eavesdrop on our conversations. The bad news is that crypto is largely ignored by the general public, partly because they don't know about it, and partly because even if they do, it seems too much trouble to implement." (Source)

So lets go and have a party, and teach each other how to crypto!

Everyone is invited! Especially do not hesitate to join if you are not using any crypto at all (yet!)

Here is a Flyer / Printout for you to spread the message!

For more details visit https://cis-india.org/internet-governance/cryptoparty-chennai

Chennai residents rue fuzzy CCTV surveillance

Vivek Narayanan and R. Srinivasan — 2019-09-19T14:35:51Z

Poor quality of footage, lack of maintenance and inadequate back-up reduce the gadgets’ deterrent value.

The article by Vivek Narayanan and R. Srinivasan was published in the Hindu on September 18, 2019. Pranav M.B. was quoted.

Last month, Sandeep (name changed), a cyclist, was hit by an ambulance on GST Road near the Madras Export Processing Zone (MEPZ) signal. He was rushed to hospital in the same ambulance. His hopes of finding out who hit him, via CCTV cameras, came crashing after he saw the poor quality of footage that was obtained to identify the vehicle.

“The police officers in Tambaram themselves told me that the quality of the CCTV cameras was poor and they were unable to trace the number,” said Mr. Sandeep.

While the police have been claiming a reduction in crime rates due to CCTV cameras in the city, residents and experts doubt if the equipment is indeed a deterrent, and want the police to install better quality cameras with the capacity to retain footage for a longer period, and to maintain the devices, too.

Extensive Coverage

Several high profile cases such as the 2016 Swathi murder case drove law enforcers to increase CCTV coverage of the city. Now, there are over 2 lakh cameras covering all of Chennai, its alleys and its fringes.

Cameras have also been installed at every major junction and at street corners. In many cases, they are linked to the control room of the nearest police station.

According to the police, there is one CCTV camera for every 50 m. They are meant to help the police crack cases and nab the accused. “Some DVRs (digital video recorders) are also in the house or premises of the sponsors. This is for safety purposes,” said a police officer.

The unique nature of the Traffic Police’s ‘third eye campaign’ is the involvement of the public, too. Apart from the police, MPs and MLAs, many resident welfare associations have also donated resources for the installation of CCTV cameras.

Residents, however, expressed concern. S. Kumara Raja, vice president, Annai Indira Nagar Residents Welfare Association said: “Though many CCTVs cameras are found on the street, it isn’t clear if they are working or not. We also don’t know if anyone is maintaining the cameras.”

P. Saravanakumar, founder of the South Madipakkam Residents’ Welfare Association, said that the equipment is not connected with the police control room and the data remains with those who have installed the CCTV system.

V. N. Subramaniyan, president, Mylapore Residents Welfare Association, felt that cameras installed on private properties were working properly.

“Cameras are obtained from private persons as a charitable activity, so the quality can be challenged. The police should give the maintenance of CCTV cameras to private companies. There should be proper back-up and monitoring,” he pointed out.

While the equipment is considered important for gathering evidence, policemen themselves complain that the quality of the footage from many cameras is poor.

“We cannot zoom into the footage obtained from every camera involved. Most of them are 1 or 2 megapixel cameras and the image is often blurred. Only in a few places do we find powerful cameras,” said a policeman.

'Not a deterrent'

Pranav M. B., researcher, Centre for Internet and Society, said that as according to global studies, CCTV cameras are not useful as deterrents. “But they come in handy for providing evidence after a crime,” said Mr. Pranav.

Though advanced cameras can provide footage with more clarity, it’s cost intensive to maintain them. “For deterrence, one need not invest in high-end cameras — quality street lights are sufficient. We cannot expect the perpetrator of a crime to make a decision over whether to commit a crime or not after looking at the camera,” he added.

However, there is a 30% higher chance of identifying an accused when a camera is deployed, than without. “Nevertheless, like any other technology or method, it is not entirely foolproof,” Mr. Pranav said.

Police officers disagree on the subject of CCTV systems not serving as deterrents. “From January to June 2018, a total of 258 chain snatching incidents were reported, but during the same period this year, the number plummeted to 137 — a fall of nearly 50%,” said a senior police officer.

'Needs improvement'

Similarly, the police claim that, this year, public nuisance cases have gone down by 41%, and burglary cases by 17%, compared with last year. Police officers agreed that the quality of some cameras needs to be improved.

“Initially, we did not know the type of quality [of cameras] needed. So, we fixed 1 and 2 megapixel cameras. Now, we are installing 4 megapixel cameras and have better clarity. Besides, we are now categorising the number and type of cameras available in different parts of the city, and will change the older ones,” said a senior police officer.

For more details visit https://cis-india.org/internet-governance/news/vivek-narayanan-and-r-sivaraman-the-hindu-september-18-2019-chennai-residents-rue-fuzzy-cctv-surveillance

Checks and balances needed for mass surveillance of citizens, say experts

Admin — 2017-12-16T14:32:23Z

A number of measures are required to protect law-abiding citizens from mass surveillance and misuse of their personal data, according to top technology and legal experts.

The article by Peerzada Abrar was published in the Hindu on December 9, 2017

The measures include issuing of tokens by the Unique Identification Authority of India (UIDAI) instead of Aadhaar numbers and having an official in the judiciary give permission to vigilance.

The experts were participating in a panel discussion on ‘Navigating Big Data Challenges’ at Carnegie India’s Global Technology Summit here. They also said there was a need to implement ‘de-identification of data’ or preventing a person’s identity from being connected with information.

The moderator of the discussion was Justice B.N. Srikrishna, a former Supreme Court judge, who was also heading a government-appointed committee of experts to identify “key data protection issues” and recommend methods to address them. Justice Srikrishna told the panellists that Aadhaar or the unique identification number had empowered the people. But in situations where the State wants all the information about citizens from different service providers because of its suspicions related to terrorism or criminal activity, he asked, what is the method to create a balance?

“Surveillance is like salt in cooking which is essential in tiny quantities, but counterproductive even if slightly in excess,” responded Sunil Abraham, executive director of Bengaluru-based think tank, Centre for Internet and Society. He said there was a need to make a surveillance system which had privacy by design built into it.

Mr. Abraham said that his organisation had proposed to the UIDAI that it used ‘tokenisation,’ which meant that whenever there was a ‘know your customer’ requirement, the Aadhaar number was not accessed by organisations like telecom firms or the banks. Instead, when the citizens used various services via smart cards or pins, a token got generated, which was controlled by the UIDAI. Organisations like banks and telecom firms can store those token numbers in their database. He said this would make it harder for unauthorised parties to combine databases. But at the same time would enable law enforcement agencies to combine database using the appropriate authorizations and infrastructure.

“UIDAI is considering this, they call it the dummy Aadhaar numbers. We need technical as well as institutional checks and balances,” said Mr. Abraham.

Countries like the U.S also have processes like Foreign Intelligence Surveillance Court (FISA court) which entertains applications made by the U.S Government for approval of electronic surveillance, physical search, and certain other forms of investigative actions for foreign intelligence purposes.

“My concern is that in the current system, surveillance can be done by the State machinery. I don’t necessarily suggest FISA court.... but some kind of mechanism where (one can’t) be held at the mercy of incestuous State machinery,” said Rahul Matthan, a partner at law firm Trilegal. “But have some second person who is outside the influence of this system (and) who actually says ‘yes this is a terrorist which requires us to do mass surveillance,” he said.

Artificial Intelligence

A large amount of information or Big data ranging from financial, health to political insights of people is being collected by different organisations and service providers which is sitting in different silos. All of this is likely going to be linked through Aadhaar. Mr. Srikrishna asked what if a situation arises where all of this data is aggregated and using artificial intelligence and machine learning, one is able to analyse it and profile individuals. He said “would that be not a terrifying scenario” where the State can act super-monitor for citizens. He asked how can citizens be guarded against it?

Mr.Srikrishna was referring to the ‘Social Credit System’ proposed by the Chinese government for creating a national reputation system to rate the trustworthiness of its citizens including their economic and social status. It works as a mass surveillance tool and uses big data analysis technology.

“It is a possibility. What stands in the way of it becoming a reality (in India) is a robust law,” said Mr.Matthan. “Technology is so powerful that it could equally be used for good as well as bad.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-peerzada-abrar-december-9-2017-checks-and-balances-needed-to-mass-surveillance-of-citizens-say-experts