We are anonymous, we are legion

Cartonama Conference

praskrishna — 2012-09-17T13:59:05Z

HasGeek is organising a Cartonama Conference on September 22, 2012 at the TERI Complex in Bangalore, from 9.30 a.m. to 6.00 p.m.

Cartonama conference is centered around geospatial data, mapping and location based services. It deals with two primary themes: infrastructure for managing geospatial data including mapping software, cartographic techniques and tools; and application of geospatial data, primarily location-based services. Cartonama is open to entrepreneurs, developers, individuals and institutions working with GIS and cartographic techniques, advocacy groups, among others.

We will also host four workshops which will provide hands-on training about tools for managing geospatial data and how to build location-based services. Workshops will be held between September 23 to 25, 2012. Tickets for the Cartonama conference can be bought at http://cartonama.doattend.com

About HasGeek

HasGeek is a Bangalore-based organisation. We put together events for developers with the intention of creating discussion spaces about technologies that are new today, and could become mainstream tomorrow. HasGeek is supported by CIS.

For more details visit https://cis-india.org/internet-governance/cartonama-conference

Card transactions with Aadhaar validation need more time: experts

praskrishna — 2013-12-26T06:25:04Z

Cost and supply implications are seen by experts as the main hurdles in implementing the RBI directive.

The article by Kirti V. Rao and Moulishree Srivastava was published in Livemint on December 5, 2013. Sunil Abraham is quoted.

The Reserve Bank of India’s (RBI’s) move to introduce a new card payment infrastructure able to authenticate transactions using Aadhaar unique identity number-linked biometrics may take some time to implement as it has cost and supply implications.

“All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance,” RBI said in a notification on 26 November.

Europay MasterCard Visa, or EMV, chip and PIN authentication involves card information stored in a chip that is accessible through a PIN or personal identification number, which replaces a cardholder’s signature.

Currently, all card infrastructure in India such as automated teller machines (ATMs) and point-of-sales (PoS) machines are moving towards full compliance with the global EMV standard that requires reading integrated circuit cards to authenticate credit and debit card transactions.

Although all transactions through debit cards are now required to be authenticated by PIN, validating financial transactions by using the biometric Aadhaar identity number database is yet to gain traction. Such a service is expected to begin in May.

Not all experts are in favour of the central bank’s move to use biometrics data to authenticate transactions.

“This is a terrible idea. Biometrics should never be used as authentication factor since it cannot be revoked when it is compromised,” said Sunil Abraham, executive director of Bangalore-based think-tank Centre for Internet and Society. “Digital signatures and its variations like the EMV chip are the right way to proceed.”

A banker did not fully agree with Abraham.

Pulak Sinha, general manager (payment solutions) at State Bank of India, said: “In our experience, there is a need for biometric authentication in certain geographical segments in the country. Our bank has used biometric authentication for financial inclusion initiatives and has found it very useful. Having said that, each bank is the best judge as to which technology is more relevant for their customers.”

Sinha added, “Also changing new infrastructure to accept all types of technologies has its own challenges as well as financial implications. Again, business cases need to be built and when people get additional services they may have to pay.”

There are cost implications if the RBI directive is to be implemented, according to Rajiv Kaul, chief executive of CMS Info Systems Pvt. Ltd, which runs two cash management companies and has recently received an order from SBI to deploy 8,000 cash machines across the country.

“Some of the ATM infrastructure currently installed have some of the capabilities for EMV chip cards, but even as they are hardware-equipped, software will need to be upgraded,” Kaul said. “For biometric compliance, both hardware and software will need to be installed, which will result in extra cost. So, for the short term, from the biometric perspective, the cost will go up.”
Some experts hold that the notification provides a chance to assess the as-yet-untested Aadhaar-linked biometrics model where the EMV model may be hard to implement.

“RBI has been pragmatic in mandating it incrementally as it is giving Aadhaar a runway to evolve in terms of operations, use cases, risk, technology standards, dispute resolution and get these things in order,” Uttam Nayak, group country manager, India and South Asia at Visa Consolidated Support Services (India) Pvt. Ltd, told Mint on 26 November. “Because Aadhaar is tokenless and doesn’t need a card, it has great potential for inclusion.”

Biometrics-enabled cash and PoS machines will require additional expenditure as they need high-speed Internet connectivity to transmit biometrics data, Rajeev Chandrasekhar, member of the upper house of Parliament, said in a letter to RBI governor Raghuram Rajan.

“The hardware and software cost of upgrading a single unit with biometrics hardware is not very much but changing the entire ecosystem would have costs,” acknowledged SBI’s Sinha. “When people get additional services they will have to pay.”

“A high percentage of the population is still unbanked. The opportunity (to reach people through biometric validation and Aadhaar) is too tempting for the acquirers (banks and others using PoS devices) to not take this up,” said Robin Roy, associate director of financial services at consultancy firm PricewaterhouseCoopers Pvt. Ltd.

Whether there would be enough suppliers of machines to implement the directive is also a concern, some experts said.

For more details visit https://cis-india.org/news/livemint-december-5-2013-kirthi-v-rao-moulishree-srivastava-card-transactions-with-aadhar-validation-need-more-time

Capturing Gender and Class Inequities: The CCTVisation of Delhi

Aayush Rathi and Ambika Tandon — 2019-09-27T15:24:10Z

Ambika Tandon and Aayush Rathi generated empirical evidence about the CCTV programme well underway in Delhi. The case study was published by Centre for Development Informatics, Global Development Institute, SEED, in the Development Informatics working paper series housed at the University of Manchester.

Abstract

Cityscapes across the global South, following historical trends in the North, are increasingly being littered by closed-circuit television (CCTV) cameras. In this paper, we study the wholesale implementation of CCTV in New Delhi, a city notorious for incredibly high rates of crime against women. The push for CCTV, then, became one of many approaches explored by the state in making the city safer for women.

In this paper, we deconstruct this narrative of greater surveillance equating to greater safety by using empirical evidence to understand the subjective experience of surveilling and being surveilled. By focussing on gender and utilising work from feminist thought, we find that the experience of surveillance is intersectionally mediated along the axes of class and gender.The gaze of CCTV is cast upon those already marginalised to arrive at normative encumbrances placed by private, neoliberal interests on the urban public space. The politicisation of CCTV has happened in this context, and continues unabated in the absence of any concerted policy apparatus regulating it. We frame our findings utilising an analytical data justice framework put forth by Heeks and Shekhar (2019). This comprehensively sets out a social justice agenda that situates CCTV within the socio-political contexts that are intertwined in the development and implementation of the technology itself.

Click to download the full research paper

For more details visit https://cis-india.org/internet-governance/blog/development-informatics-paper-number-81-aayush-rathi-and-ambika-tandon-capturing-gender-and-class-inequities

Can Uber, Ola apps be blocked? Govt fighting cyber odds

praskrishna — 2015-06-14T09:52:28Z

The Delhi government is trying to block taxi hailing apps like Uber and Ola Cabs, but is it really possible?

The article by Siladitya Ray published in the Hindustan Times on June 4, 2015 quotes Sunil Abraham.

Taxi aggregators are in the firing line over passenger safety again after a 21-year-old Delhi woman alleged she was molested by a driver in an Uber cab near Gurgaon on Saturday morning.

The allegation came just six months after a 25-year-old financial analyst was allegedly raped in an Uber cab in Delhi, over which the victim took the cab aggregator's parent company to court in the US.

Following an order from the Delhi government, the Department of Telecommunication had issued an order to Internet Service Providers to block the websites and apps of taxi hailing aggregators like Uber, TaxiForSure and Ola Cabs.

But Internet Service Providers (ISP) have apparently expressed inability to block Uber, Ola as the web services feature strong end-to-end encryption.

How ISPs block sites

Often when an ISP blocks a website it severs your connection with the domain name. For example if ISPs want to block Google they simply block your access to www.google.com (i.e. Google's domain name), pretty simple. But if you are using an app like Google Now there is no domain name involved here the app talks directly to the server through using some form of encryption.

If we were to use an analogy, think of the ISP as a bridge that connects you to the web. The sites can be thought of as cars and their domain names as license plates. If the ISP wants to block a car with a certain license plate from going through it can do so with ease. But if a car's number plates are obscured (encryption) then ISP cannot block the car from passing through.

Uber and Ola

Most users book cabs from Ola or Uber using the company's apps, which use strong encryption effectively making their data virtually undetectable to ISPs.

"It's possible to block apps but it's much more difficult than before. Earlier you had to deal with a finite set of IP addresses but now these services are hosted on multiple cloud servers," said Sunil Abraham, the executive director of Bangalore based research organisation, the Centre for Internet and Society. "The ISPs themselves don't want to go through the pain of blocking these apps so they are asking the government to give them a solution," he added.

The government and the Department of Telecommunication are fighting near improbable odds in their endeavor to block these services on the web.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-siladitya-ray-june-4-can-uber-ola-apps-be-blocked

Can this curb your addiction?

Admin — 2018-10-03T14:15:33Z

Facebook and Instagram also set to roll out tools to tell you how hooked you are to social media browsing.

The article by Surupasree Sarmmah was published in Deccan Herald on September 5, 2018. Swaraj Paul Barooah was quoted.

YouTube has rolled out a new feature that helps you manage the time you spend on it. The feature, it says, is an attempt to allow users to take charge of their digital life.

You can now go to your YouTube profile and get details of time spent on the app today, yesterday and the past week. You also get a daily average under the tab ‘Time Watched’.

YouTube now offers tools that remind you to ‘take a break’ from notifications. You can also disable sound for a specific period.

Kala Balasubramanian, counselling psychologist and psychotherapist at Inner Dawn Counselling and Training services LLP, categorises social media users into three types: people who use it extensively with awareness, people who use it extensively without awareness, and people addicted to it.

“If you fall into the second category, this feature will make no or very less impact on your social media usage. However, if you know you are spending too much time and want to get out of it, keeping a tab on the usage can be beneficial,” says Kala.

The addicts need help, she advises. Such well-being tools being introduced by social media giants like Google can be seen as a recognition of the extent of damage excessive social media usage can cause, she says.

Social media should not be used to the point of damage to ourselves and our relationships, but users must be ready to help themselves, she urges.

“This message necessarily needs to be learned at a social level in our families, schools and colleges and workplaces too. The tool can only attempt to help us, we need to help ourselves,” she says.

Not just YouTube, but Facebook and Instagram have also announced they would soon add controls to help people measure how much time they are spending on these sites.

Swaraj Barooah, policy director, Centre for Internet and Society, Bengaluru, says the feature is a “weak step.”

“I have tried out the feature and it is more like the snooze button of an alarm: one can dismiss it immediately or change the settings. Even to get to the settings takes an active effort. People by default will go with default settings,” he says.

He sees the feature as an ‘eyewash’: social media giants can now claim they have done something to curb addiction without actually doing anything effective.

“The algorithm feeds on people’s vulnerability. It would be better to see these platforms offering more transparency in how algorithms are viewing people so that people can choose what they want to see and not what the algorithms are determining for them,” he says.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-september-5-2018-surupasree-sarmmah-can-this-curb-your-addiction

Can the mouse be a tool of revolution in India?

praskrishna — 2011-04-01T16:26:49Z

Do you consider yourself a ‘slacktivist’?” Vikram Sengupta considers the question for a couple of seconds, and then excuses himself. “I’ll call you back. I’m in the middle of something right now,” he says, and hangs up. Being called a ‘slacktivist’ is probably not very flattering, first thing in the morning or at any other time of the day. But this writer has been at the receiving end of endless mails from him, mails which sought to impose a burning moral imperative to sign up instantly and save the grand Canadian Musk Ox or the Mexican Dumpy Frog. The question, therefore, is not unjustified.

Activists vs slacktivists

The slick application of the word ‘slacktivist’ is the work of eminent scholar and author of The Net Delusion, Evgeny Morozov. Rather stinging in its import, it refers to people who, while campaigning for social causes, limit their action to the click of a mouse. In an earlier interview with DNA Sunday, Morozov was quick to clarify that he had nothing against online activism (activism through social-networking sites, websites, blogs and online petitions), “but I’d rather see the people signing (petitions) also join some offline political movements and campaign for change in the real world as much as they do in the virtual world,” he had said.

Sengupta does call back. And when the question is put to him again, he says, “People can call me a ‘slacktivist’ if they want. Look, I don’t have a lot of time to devote to activism and I don’t even know if signing petitions actually works. But when I see that a simple click of mine might possibly help save a rainforest or rid the world of its nuclear arsenal, I can’t just cynically turn away. I don’t know… I feel uncomfortable doing it.”

The phenomenon of ‘slacktivism’ elicits quite strong responses from the Indian activist community. People who grapple with the hard-knock realities of activism are not amused by the casual, momentary concern of the ‘slacktivist’.

Ashley Tellis is a freelance journalist, academic and gay rights activist. “The central limitation here is that one-click activism [slacktivism] becomes a substitute for sustained campaigns and engagement with persistent inequalities. The Indian middle-class, notorious for its apolitical and consumerist selfishness, can now feel smug and assuage its rotten conscience by thinking it has taken action on the net,” says Tellis, with some emotion.

While Tellis castigates, in no uncertain terms, the seeming apathy of the middle-class, he also acknowledges its prodigious influence on the Indian socio-political mind space. “The middle-class is an important segment. It has power, it has English, and it has the ability to be heard,” he admits.

Middle class audience

While this helps when it is mobilised for a good cause, many find it problematic that so much influence is concentrated in the hands of a single segment of society. In fact, if you take online activism, the number of people who can be reached through the internet is staggeringly low.

In a country of approximately 120 crore people, only about 5 crore [as per Indiastats.com] have access to the internet. Compare this to Tunisia, where the figure is an impressive 27%, or Egypt, where internet penetration is 16% [World Bank figures]. Given this lack of net access, more than 95% of Indians are taken out of consideration, in one fell swoop, when it comes to internet-specific activism strategies.

Anja Kovacs, a fellow at the Centre for Internet and Society says, “Most of these online campaigns are aligned to the profile of its audience.” She argues, in her essay ‘Inquilab 2.0?’ that if the audience is mostly urban and middle-class, it stands to reason that a majority of online campaigns would deal with issues that are relevant to this particular segment.

Kamayani Bali Mahabal, a lawyer and human rights activist, disagrees with this assessment. “Okay, the audience may be middle class, but the issues aren’t all middle class at all,” she counters indignantly. “Look at the ‘Say No to UID’ campaign — there is no debate or dialogue that has been initiated by Nandan Nilekani, the chairperson of UIDAI [Unique ID Authority of India], and this online campaign has created a platform where people’s issues and concerns can be clarified. Many believe that the UID will have a negative impact on the poor and the migrants; this campaign has gotten people to come together to discuss, debate and strategise as well,” she says.

But Kovacs insists, “The fact remains that it is people from the middle-class who represent the voices of a largely silent majority. I find this model of activism questionable.” The accuracy of how the voiceless are being represented is a cause of concern for her, as is the very idea of a platform that denies a large section of a vibrant social democracy the chance to express themselves directly.

The whole situation, Kovacs seems to indicate, is like Chinese whispers, where information might get altered in the retelling. “There are some innovative enterprises like CGNet Swara that tackle this problem. It’s a citizen journalism service, where ordinary citizens can both call in to record news as well as listen to the recorded messages. And they do put some selected messages online, but such enterprises are few and far between.” she says ruefully.

An aid to offline activism

So as things stand, the internet is an indispensable tool to reach out to the influential Indian middle-class. Yet, given India’s socio-economic reality, it’s also a problematic and, in some cases, ineffective medium. Bali Mahabal, when asked how she reconciles these contradictions, says, “I am an offline as well as an online activist. These are not mutually exclusive roles. I straddle both worlds and I can multi-task!”

In fact, this is a strategy that a lot of offline activists are warming up to now. In 2010, Himanshu Kumar put up a video in which he said,

“To the people in the cities, I want to say that… you write something on the internet, it doesn’t make any difference to the government. Neither do people read the internet, nor does the government.” Coming from one of the leading advocates of tribal rights in the Chhattisgarh area, this video was a scathing indictment of online activists.

Kumar, however, seems to have softened his stance on the issue since then. He still maintains that online activism by itself is not sufficient to bring about substantial change, but he speaks of how the internet helped him in his campaign in Dantewada.

“When we were in Dantewada, it was almost like a different planet. We had no connection to the outside world except through the internet. It annoyed the police quite a bit because they knew that if they tried anything untoward, we could get the word out. So the internet is definitely a value addition to on-the-ground activism, but by itself, it has its limitations.”

It is clear that the internet as a platform for social activism is here to stay. As access to the net increases among Indians, so will its effectiveness. Kovacs, in her essay writes of a person who says, rather movingly, “I believe that… ordinary people can use this medium [internet] to actually make a difference, you know…to change the world.”

But if activists want to live up to this unnamed person’s lofty expectations, they also need to be fully conscious of the limitations of the internet as a medium for social change.

Read the original in DNA here

For more details visit https://cis-india.org/news/mouse-a-tool-of-revolution

Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?

Pooja Saxena — 2016-04-24T14:15:06Z

In this infographic, we highlight the matters dealt with in the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, and consider if these can be objects of a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Sumandro Chattapadhyay and Amber Sinha.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-matters-dealt-with-in-aadhaar-act-be-objects-of-money-bill

Can the Judiciary Upturn the Lok Sabha Speaker’s Decision on Aadhaar?

amber — 2017-02-27T15:44:56Z

When ruling on the petition filed by Jairam Ramesh challenging passing the Aadhaar Act as a money Bill, the court has differing precedents to look at.

The article was published in the Wire on February 21, 2017.

In an earlier article, I had argued that the characterisation of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, as a money Bill by Sumitra Mahajan, speaker of the Lok Sabha, was erroneous. Specifically, I had argued that upon perusal of Article 110 (1) of the constitution, the Aadhaar Act does not satisfy the conditions required of a money Bill. For a legislation to be classified as a money Bill, it must comprise of ‘only’ provisions dealing with the following matters: (a) imposition, regulation and abolition of any tax, (b) borrowing or other financial obligations of the government of India, (c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, (d) appropriation of money out of CFI, (e) expenditure charged on the CFI or (f) receipt or custody or audit of money into CFI or public account of India; or (g) any matter incidental to any of the matters specified in sub-clauses (a) to (f).

Article 110 is modelled on Section 1(2) of the UK’s Parliament Act, 1911, which also defines money Bills as those only dealing with certain enumerated matters. The use of the word ‘only’ was brought up by Ghanshyam Singh Gupta during the constituent assembly debates. He pointed out that the use of the word ‘only’ limits the scope money Bills to only those legislations which did not deal with other matters. His amendment to delete the word ‘only’ was rejected, clearly establishing the intent of the framers of the constitution to keep the ambit of money Bills extremely narrow. G.V. Mavalankar, the first speaker of Lok Sabha, had stated that the word ‘only’ must not be construed so as to give an overly restrictive meaning. For instance, a Bill which deals with taxation could have provisions which deal with the administration of the tax. The finance minister, Arun Jaitley, referred to these words by Mavalankar, justifying the classification of the Aadhaar Act as a money Bill.

While the Aadhaar Bill does makes references to benefits, subsidies and services funded by the CFI, even a cursory reading of the Bill reveals its main objectives as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. Any reasonable reading of the legislation would be hard pressed to view all provisions in the Aadhaar Act, aside from the one creating a charge on the CFI, as merely administrative provisions incidental to the creation such charge. The mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money Bill. The Bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May’s seminal textbook, Parliamentary Practice, is instructive in this respect and makes it clear that a legislation which simply makes a charge on the consolidated fund does not becomes a money Bill if otherwise its character is not that of one. Further, the subordinate regulations notified under the Aadhaar Act deal almost entirely with matters to do with enrolment, updation, authentication of the Aadhaar number and related matters such as data security regulations and sharing of information collected, rather than the provision of benefits or subsidies or disbursal of funds otherwise from the CFI.

However, in the context of the petition filed by former Union minister Jairam Ramesh challenging the passage of the law on Aadhaar as a money Bill, the more important question is whether the judiciary has a right to question the speaker’s decision in such a matter. If not, any other questions about whether the legislation is a money Bill will remain merely academic in nature.

Irregularity vs illegality

Article 110 (3) clearly states that with regard to the question whether a legislation is a money Bill or not, the decision of the speaker is final and binding. The question is whether such a clause completely excludes any judicial review. Further, Article 122 prohibits the courts from questioning the validity of any proceedings in parliament on the ground of any alleged irregularity of procedure.

During the arguments in the court, the attorney general questioned the locus standi of Ramesh. The petition has been made under Article 32 of the constitution and the government argued that no fundamental rights of Ramesh were violated. However, the court has asked Ramesh to make his submission and adjourned the hearing to July. The petition by Ramesh would hinge largely on the powers of the judiciary to question the decision of the speaker of the Lok Sabha.

The powers of privilege that parliamentarians enjoy are integral to the principle of separation of powers. The rationale behind parliamentary privilege is to prevent interference in the lawmakers’ powers to perform essential functions. The ability to speak and vote inside the legislature without the fear of punishment is certainly essential to the role of a lawmaker. However, the extent of this protection lies at the centre of this discussion. During the constituent assembly debates, H.V. Kamath and others had argued for a schedule to exhaustively codify the existing privileges. However, B.R. Ambedkar pointed to the difficulty of doing so and parliamentary privilege on the lines of the British parliamentary practice was retained in the constitution. In the last few decades, a judicial position has emerged that courts could exercise a limited degree of scrutiny over privileges, as they are primarily responsible for interpreting the constitution.

In the matter of Raja Ram Pal vs The Hon’ble Speaker, Lok Sabha, it had been clarified that proceedings of the legislature were immune from questioning by courts in the case of procedural irregularity but not in the case of illegality. In this case, the Supreme Court while dealing with Article 122 stated that it does not oust review by the judiciary in cases of “gross illegality, irrationality, violation of constitutional mandate, mala fides, non-compliance with rules of natural justice and perversity.”

In 1968, the speaker of the Punjab legislative assembly adjourned the proceedings for a period of two months following rowdy behaviour. Subsequently, an ordinance preventing such a suspension was promulgated and the legislature was summoned by the governor to consider some expedient financial matters. The speaker disagreed with the decision and after some confusion, the deputy speaker passed a few Bills as money Bills. While looking into the question of what was protected from judicial review, the court stated that the protection did not extend to breaches of mandatory provisions of the constitution, only to directory provisions. By that logic, if Article 110 (1) is seen as a mandatory provision, a breach of its provisions could lead to an interpretation that the Supreme Court may well question an erroneous decision by the speaker of the Lok Sabha to certify a legislation as a money Bill. The use of the word “shall” in Article 110 (1), the nature and design of the provision, its overriding impact on the other constitutional provisions granting the Rajya Sabha powers are ample evidence of its mandatory nature. Based on the above, Anup Surendranath has argued that the passage of the Aadhaar Act as a money Bill when it does not satisfy the constitutional conditions for it does amount to a gross illegality.

The judicial precedent in Mohd. Saeed Siddiqui vs State of Uttar Pradesh where the matter of the court’s power to question the decision of a speaker was considered, though, leans in the other direction. In 2012, the Uttar Pradesh Lokayukta and Up-Lokayuktas (Amendment) Act, 2012 was passed as money Bill by the Uttar Pradesh state legislature. Subsequently, a writ petition was filed challenging its constitutional validity. A three-judge bench of the Supreme Court looked into the application of Article 212. It is the provision corresponding to Article 122, dealing with the power of the courts to inquire into the proceedings of the state legislature. The court held that Article 212 makes “it clear that the finality of the decision of the Speaker and the proceedings of the State Legislature being important privilege of the State Legislature, viz., freedom of speech, debate and proceedings are not to be inquired by the Courts.” Importantly, ‘proceedings of the legislature’ were deemed to include within its scope everything done in transacting parliamentary business, including the passage of the Bill. While the court did acknowledge the limitations of parliamentary privilege as established in the Raja Ram Pal case, it did not adequately take into account the reasoning in it.

The Aadhaar Act is a legislation which makes it mandatory of all residents to enrol for a biometric identification system in order to avail certain subsidies, benefits and services. It has huge potential risks for individual privacy and national security and has been the subject of an extremely high profile Public Interest Litigation. Its passage as a money Bill, without any oversight from the Rajya Sabha and an opportunity for substantial debate and discussion, is a fraud on the Constitution. Whether or not the court chooses to see it that way remains to be seen.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-february-21-2017-can-the-judiciary-upturn-the-lok-sabha-speakers-decision-on-aadhaar

Can the Aadhaar Act 2016 be Classified as a Money Bill?

Pooja Saxena — 2016-04-25T13:48:41Z

In this infographic, we show if the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, can be classified as a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Amber Sinha and Sumandro Chattapadhyay.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-the-aadhaar-act-2016-be-classified-as-a-money-bill

Can India Trust Its Government on Privacy?

pranesh — 2013-07-15T10:35:33Z

In response to criticisms of the Centralized Monitoring System, India’s new surveillance program, the government could contend that merely having the capability to engage in mass surveillance won’t mean that it will. Officials will argue that they will still abide by the law and will ensure that each instance of interception will be authorized.

Pranesh Prakash's article was published in the New York Times on July 11, 2013.

In fact, they will argue that the program, known as C.M.S., will better safeguard citizens’ privacy: it will cut out the telecommunications companies, which can be sources of privacy leaks; it will ensure that each interception request is tracked and the recorded content duly destroyed within six months as is required under the law; and it will enable quicker interception, which will save more lives. But there are a host of reasons why the citizens of India should be skeptical of those official claims.

Cutting out telecoms will not help protect citizens from electronic snooping since these companies still have the requisite infrastructure to conduct surveillance. As long as the infrastructure exists, telecom employees will misuse it. In a 2010 report, the journalist M.A. Arun noted that “alarmingly, this correspondent also came across several instances of service providers’ employees accessing personal communication of subscribers without authorization.” Some years back, K.K. Paul, a top Delhi Police officer and now the Governor of Meghalaya, drafted a memo in which he noted mobile operators’ complaints that private individuals were misusing police contacts to tap phone calls of “opponents in trade or estranged spouses.”

India does not need to have centralized interception facilities to have centralized tracking of interception requests. To prevent unauthorized access to communications content that has been intercepted, at all points of time, the files should be encrypted using public key infrastructure. Mechanisms also exist to securely allow a chain of custody to be tracked, and to ensure the timely destruction of intercepted material after six months, as required by the law. Such technological means need to be made mandatory to prevent unauthorized access, rather than centralizing all interception capabilities.

At the moment, interception orders are given by the federal Home Secretary of India and by state home secretaries without adequate consideration. Every month at the federal level 7,000 to 9,000 phone taps are authorized or re-authorized. Even if it took just three minutes to evaluate each case, it would take 15 hours each day (without any weekends or holidays) to go through 9,000 requests. The numbers in Indian states could be worse, but one can’t be certain as statistics on surveillance across India are not available. It indicates bureaucratic callousness and indifference toward following the procedure laid down in the Telegraph Act.

In a 1975 case, the Supreme Court held that an “economic emergency” may not amount to a “public emergency.” Yet we find that of the nine central government agencies empowered to conduct interception in India, according to press reports — Central Board of Direct Taxes, Intelligence Bureau, Central Bureau of Investigation, Narcotics Control Bureau, Directorate of Revenue Intelligence, Enforcement Directorate, Research & Analysis Wing, National Investigation Agency and the Defense Intelligence Agency — three are exclusively dedicated to economic offenses.

Suspicion of tax evasion cannot legally justify a wiretap, which is why the government said it had believed that Nira Radia, a corporate lobbyist, was a spy when it defended putting a wiretap on her phone in 2008 and 2009. A 2011 report by the cabinet secretary pointed out that economic offenses might not be counted as “public emergencies,” and that the Central Board of Direct Taxes should not be empowered to intercept communications. Yet the tax department continues to be on the list of agencies empowered to conduct interceptions.

India has arrived at a scary juncture, where the multiple departments of the Indian government don’t even trust each other. India’s Department of Information Technology recently complained to the National Security Advisor that the National Technical Research Organization had hacked into National Informatics Center infrastructure and extracted sensitive data connected to various ministries. The National Technical Research Organization denied it had hacked into the servers but said hundreds of e-mail accounts of top government officials were compromised in 2012, including those of “the home secretary, the naval attaché to Tehran, several Indian missions abroad, top investigators of the Central Bureau of Investigation and the armed forces,” The Mint newspaper reported. Such incidents aggravate the fear that the Indian government might not be willing and able to protect the enormous amounts of information it is about to collect through the C.M.S.

Simply put, government entities have engaged in unofficial and illegal surveillance, and the C.M.S. is not likely to change this. In a 2010 article in Outlook, the journalist Saikat Datta described how various central and state intelligence organizations across India are illegally using off-the-air interception devices. “These systems are frequently deployed in Muslim-dominated areas of cities like Delhi, Lucknow and Hyderabad,” Mr. Datta wrote. “The systems, mounted inside cars, are sent on ‘fishing expeditions,’ randomly tuning into conversations of citizens in a bid to track down terrorists.”

The National Technical Research Organization, which is not even on the list of entities authorized to conduct interception, is one of the largest surveillance organizations in India. The Mint reported last year that the organization’s surveillance devices, “contrary to norms, were deployed more often in the national capital than in border areas” and that under new standard operating procedures issued in early 2012, the organization can only intercept signals at the international borders. The organization runs multiple facilities in Mumbai, Bangalore, Delhi, Hyderabad, Lucknow and Kolkata, in which monumental amounts of Internet traffic are captured. In Mumbai, all the traffic passing through the undersea cables there is captured, Mr. Datta found.

In the western state of Gujarat, a recent investigation by Amitabh Pathak, the director general of police, revealed that in a period of less than six months, more than 90,000 requests were made for call detail records, including for the phones of senior police and civil service officers. This high a number could not possibly have been generated from criminal investigations alone. Again, these do not seem to have led to any criminal charges against any of the people whose records were obtained. The information seems to have been collected for purposes other than national security.

India is struggling to keep track of the location of its proliferating interception devices. More than 73,000 devices to intercept mobile phone calls have been imported into India since 2005. In 2011, the federal government asked various state governments, private corporations, the army and intelligence agencies to surrender these to the government, noting that usage of any such equipment for surveillance was illegal. We don’t know how many devices were actually turned in.

These kinds of violations of privacy can have very dangerous consequences. According to the former Intelligence Bureau head in the western state of Gujarat, R.B. Sreekumar, the call records of a mobile number used by Haren Pandya, the former Gujarat home minister, were used to confirm that it was he who had provided secret testimony to the Citizens’ Tribunal, which was conducting an independent investigation of the 2002 sectarian riots in the state. Mr. Pandya was murdered in 2003.

The limited efforts to make India’s intelligence agencies more accountable have gone nowhere. In 2012, the Planning Commission of India formed a group of experts under Justice A.P. Shah, a retired Chief Justice of the Delhi High Court, to look into existing projects of the government and to suggest principles to guide a privacy law in light of international experience. (Centre for Internet and Society, where I work was part of the group). However, the government has yet to introduce a bill to protect citizens’ privacy, even though the governmental and private sector violations of Indian citizens’ privacy is growing at an alarming rate.

In February, after frequent calls by privacy activists and lawyers for greater accountability and parliamentary oversight of intelligence agencies, the Centre for Public Interest Litigation filed a case in the Supreme Court. This would, one hopes, lead to reform.

Citizens must also demand that a strong Privacy Act be enacted. In 1991, the leak of a Central Bureau of Investigation report titled “Tapping of Politicians’ Phones” prompted the rights groups, People’s Union of Civil Liberties to file a writ petition, which eventually led to a Supreme Court of India ruling that recognized the right to privacy of communications for all citizens as part of the fundamental rights of freedom of speech and of life and personal liberty. However, through the 2008 amendments to the Information Technology Act, the IT Rules framed in 2011 and the telecom licenses, the government has greatly weakened the right to privacy as recognized by the Supreme Court. The damage must be undone through a strong privacy law that safeguards the privacy of Indian citizens against both the state and corporations. The law should not only provide legal procedures, but also ensure that the government should not employ technologies that erode legal procedures.

A strong privacy law should provide strong grounds on which to hold the National Security Advisor’s mass surveillance of Indians (over 12.1 billion pieces of intelligence in one month) as unlawful. The law should ensure that Parliament, and Indian citizens, are regularly provided information on the scale of surveillance across India, and the convictions resulting from that surveillance. Individuals whose communications metadata or content is monitored or intercepted should be told about it after the passage of a reasonable amount of time. After all, the data should only be gathered if it is to charge a person of committing a crime. If such charges are not being brought, the person should be told of the incursion into his or her privacy.

The privacy law should ensure that all surveillance follows the following principles: legitimacy (is the surveillance for a legitimate, democratic purpose?), necessity (is this necessary to further that purpose? does a less invasive means exist?), proportionality and harm minimization (is this the minimum level of intrusion into privacy?), specificity (is this surveillance order limited to a specific case?) transparency (is this intrusion into privacy recorded and also eventually revealed to the data subject?), purpose limitation (is the data collected only used for the stated purpose?), and independent oversight (is the surveillance reported to a legislative committee or a privacy commissioner, and are statistics kept on surveillance conducted and criminal prosecution filings?). Constitutional courts such as the Supreme Court of India or the High Courts in the Indian states should make such determinations. Citizens should have a right to civil and criminal remedies for violations of surveillance laws.

Indian citizens should also take greater care of their own privacy and safeguard the security of their communications. The solution is to minimize usage of mobile phones and to use anonymizing technologies and end-to-end encryption while communicating on the Internet. Free and open-source software like OpenPGP can make e-mails secure. Technologies like off-the-record messaging used in apps like ChatSecure and Pidgin chat conversations, TextSecure for text messages, HTTPS Everywhere and Virtual Private Networks can prevent Internet service providers from being able to snoop, and make Internet communications anonymous.

Indian government, and especially our intelligence agencies, violate Indian citizens’ privacy without legal authority on a routine basis. It is time India stops itself from sleepwalking into a surveillance state.

For more details visit https://cis-india.org/internet-governance/blog/new-york-times-july-11-2013-can-india-trust-its-government-on-piracy

Campaign against curbs on websites gathers steam

praskrishna — 2012-04-25T11:19:29Z

For political cartoonist Aseem Trivedi and his blogger-cum-journalist friend Alok Dixit, who both ran a website against corruption, a tryst with the blind side of law triggered their mission against “gagging” of the new-age Indian Internet user.

The blog post by Arpan Daniel Varghese was published by IBN Live on April 23, 2012.

It all started when they were in Mumbai, taking part in the first public protest seeking a strong Lokpal led by social activist Anna Hazare. “During the course of the protest, we got word that our website had been taken off,” recalls Alok.

The Mumbai Police had banned the website without any prior notice, apparently after a complaint was filed by a Congress leader that some content on the site, CartoonsAgainstCorruption, was objectionable, he says.

“We then contacted Bigrocks, the domain provider, but they did not divulge the exact procedure to restore our website,” he adds.

Kerala High Court lawyer P Jacob, who has a masters in cyber law and is a researcher in the field, clarifies. “Let’s say that you are a website, blog or domain owner... As per the intermediary rules incorporated into the IT laws, introduced through an amendment in 2011, if a third person sends a complaint, be it a frivolous one, to you (the intermediary ) about some objectionable content, you will have to take off the said content within 36 hours.”

This could happen to any one and could be quite dangerous, points out Sunil Abraham, the executive director of The Centre for Internet and Society (CIS-India).� “If a company wants to target your organization’s social media network, they can keep sending fraudulent emails to you and you will have to keep deleting it unless you are ready to face litigation or government action. And then there is no penalty for abusing the provision. There is no transparency, the people who comment will not be told,” says Sunil.

It was this realization that drove Alok, who then quit his job as a reporter, and Aseem Trivedi to start a movement against such blind curbs. ‘Save Your Voice’ was thus born.

A research conducted by the CIS gave further credence to their fears that it was very “easy to ban any website in India.”

“We call it a policy sting operation,” details Sunil. “We sent out fraudulent take- down notices (or complaints) to seven of the largest intermediaries in India. They gladly over-complied and promptly took off the material in question. You can try this. You could look at a legitimate comment and complain that this is blasphemous, offensive or plain annoying. And without questioning your locus standi, the intermediary sites will have to take it off.”

For more details visit https://cis-india.org/news/campaign-against-curbs-on-websites

Cambridge Analytica scandal: How India can save democracy from Facebook

sunil — 2018-03-28T15:44:00Z

Hegemonic incumbents like Google and Facebook need to be tackled with regulation; govt should use procurement power to fund open source alternatives.

The article was published in the Business Standard on March 28, 2018

The Cambridge Analytica scandal came to light when whistleblower Wylie accused Cambridge Analytica of gathering details of 50 million Facebook users. Cambridge Analytica used this data to psychologically profile these users and manipulated their opinion in favour of Donald Trump. BJP and Congress have accused each other of using the services of Cambridge Analytica in India as well. How can India safeguard the democratic process against such intervention? The author tries to answer this question in this Business Standard Special.

Those that celebrate the big data/artificial intelligence moment claim that traditional approaches to data protection are no longer relevant and therefore must be abandoned. The Cambridge Analytica episode, if anything, demonstrates how wrong they are. The principles of data protection need to be reinvented and weaponized, not discarded. In this article I shall discuss the reinvention of three such data protection principles. Apart from this I shall also briefly explore competition law solutions.

Collect data only if mandated by regulation

One, data minimization is the principle that requires the data controller to collect data only if mandated to do so by regulation or because it is a prerequisite for providing a functionality. For example, Facebook’s messenger app on Android harvests call records and meta-data, without any consumer facing feature on the app that justifies such collection. Therefore, this is a clear violation of the data minimization principle. One of the ways to reinvent this principle is by borrowing from the best practices around warnings and labels on packaging introduced by the global anti-tobacco campaign. A permanent bar could be required in all apps, stating ‘Facebook holds W number of records across X databases over the time period Y, which totals Z Gb’. Each of these alphabets could be a hyperlink, allowing the user to easily drill down to the individual data record.

Consent must be explicit, informed and voluntary

Two, the principle of consent requires that the data controller secure explicit, informed and voluntary consent from the data subject unless there are exceptional circumstances. Unfortunately, consent has been reduced to a mockery today through obfuscation by lawyers in verbose “privacy notices” and “terms of services”. To reinvent consent we need to bring ‘Do Not Dial’ registries into the era of big data. A website maintained by the future Indian data protection regulator could allow individuals to check against their unique identifiers (email, phone number, Aadhaar). The website would provide a list of all data controllers that are holding personal information against a particular unique identifier. The data subject should then be able to revoke consent with one-click. Once consent is revoked, the data controller would have to delete all personal information that they hold, unless retention of such information is required under law (for example, in banking law). One-click revocation of consent will make data controllers like Facebook treat data subjects with greater respect.

There must be a right to explanation

Three, the right to explanation, most commonly associated with the General Data Protection Directive from the EU, is a principle that requires the data controller to make transparent the automated decision-making process when personal information is implicated. So far it has been seen as a reactive measure for user empowerment. In other words, the explanation is provided only when there is a demand for it.

The Facebook feeds that were used for manipulation through micro-targeting of content is an example of such automated decision making. Regulation in India should require a user empowerment panel accessible through a prominent icon that appears repeatedly in the feed. On clicking the icon the user will be able to modify the objectives that the algorithm is maximizing for. She can then choose to see content that targets a bisexual rather than a heterosexual, a Muslim rather than a Hindu, a conservative rather a liberal, etc. At the moment, Facebook only allows the user to stop being targeted for advertisements based on certain categories. However, to be less susceptible to psychological manipulation, the user should be allowed to define these categories, for both content and advertisements.

How to fix the business model?

From a competition perspective, Google and Facebook have destroyed the business model for real news, and replaced it with a business model for fake news, by monopolizing digital advertising revenues. Their algorithms are designed to maximize the amount of time that users spend on their platforms, and therefore, don’t have any incentive to distinguish between truth and falsehood. This contemporary crisis requires three types of interventions: one, appropriate taxation and transparency to the public, so that the revenue streams for fake news factories can be ended; two, the construction of a common infrastructure that can be shared by all traditional and new media companies in order to recapture digital advertising revenues; and three, immediate action by the competition regulator to protect competition between advertising networks operating in India.

The Google challenge

With Google, the situation is even worse, since Google has dominance in both the ad network market and in the operating system market. During the birth of competition law, policy-makers and decision-makers acted to protect competition per se. This is because they saw competition as an essential component of democracy, open society, innovation, and a functioning market. When the economists from the Chicago school began to influence competition policy in the USA, they advocated for a singular focus on the maximization of consumer interest. The adoption of this ideology has resulted in competition regulators standing powerlessly by while internet giants wreck our economy and polity. We need to return to the foundational principles of competition law, which might even mean breaking Google into two companies. The operating system should be divorced from other services and products to prevent them from taking advantage of vertical integration. We as a nation need to start discussing the possible end stages of such a breakup.

In conclusion, all the fixes that have been listed above require either the enactment of a data protection law, or the amendment of our existing competition law. This, as we all know, can take many years. However, there is an opportunity for the government to act immediately if it wishes to. By utilizing procurement power, the central and state governments of India could support free and open source software alternatives to Google’s products especially in the education sector. The government could also stop using Facebook, Google and Twitter for e-governance, and thereby stop providing free advertising for these companies for print and broadcast media. This will make it easier for emerging firms to dislodge hegemonic incumbents.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook

Cambridge Analytica row: Facebook data breach hit 560K Indian users

Admin — 2018-04-07T16:01:10Z

Facebook said that data and information of 87 million users globally were compromised.

The article by Vidhi Choudhury and Yashwant Raj was published in the Hindustan Times on April 5, 2018.

User data of more than 560,000 Indians may have been harvested from Facebook Inc. by British researcher Cambridge Analytica, at the centre of a recent storm over data breaches and potential privacy violations on the social media network.

Only 335 users in India installed the thisisyourdigitallife app developed by academic Aleksandr Kogan and his company Global Science Research Ltd that may have been possibly at the centre of the data breaches, according to Facebook.. The 335 people make up just 0.1% of the app’s total worldwide installs.

Users agreed to take a personality test and have their data collected by the app, which then went on to also access information about the test-takers’ Facebook friends, leading to the accumulation of a much larger data pool. “ We further understand that 562,120 additional people in India were potentially affected, as friends of people who installed the App. This yields a total of 562,455 potentially affected people in India, which is 0.6% of the global number of potentially affected people,” a Facebook spokesperson said.

This week, Facebook said data on as many as 87 million people, most of them in the US, may have been improperly shared with Cambridge Analytica, increasing the figure from a previously estimated 50 million.

“Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook. Cambridge Analytica’s acquisition of Facebook data through the app developed by Dr. Aleksandr Kogan and his company Global Science Research Limited (“GSR”) happened without our authorization and was an explicit violation of our Platform policies. At no time did Facebook agree to Cambridge Analytica’s use of any Facebook user data that may have been collected by this app, including with respect to users located in India,” the company spokesperson said n an emailed response.

This app first became active on Facebook in November 2013. Facebook removed the app in 2015 when it learnt of violations of its platform policies.

India is a key market for Facebook with 217 million people using the platform every month.

Details of the number of users in India whose data was compromised was shared by Facebook as part of its response to the government of India. On 28 March, the Ministry of Electronics and Information Technology sent a letter to Facebook asking if data of Indian voters and users had been compromised by Cambridge Analytica or any other affiliate. The government also asked what proactive measures were being taken to ensure the safety, security and privacy of such large user data and to prevent its misuse by any third party. Facebook was asked to respond to the questions by April 7.

Facebook’s chief technology officer Mike Schroepfer said in a blog that ran under his byline on the company’s website that the number of subscribes whose data was shared with the controversial firm was much higher at 87 million than the 50 million it had conceded earlier, “mostly” in the United States.

Subscribers in the Philippines, Indonesia, UK, Mexico and Canada were ahead of Indians, and behind American, in the list of Facebook’s new revelations about compromised information.

These details came ahead of a conference call with reporters in which Facebook CEO Mark Zuckerberg said he had made a “huge mistake” personally by not focussing on data privacy. Zuckerberg also faced questions for the first time about his suitability to run the company he founded as a college student — dropped out of Harvard. He answered in the affirmative, but questions are beginning to be raised.

Sunil Abraham, founder of the think tank Centre for Internet and Society, said the thisisyourdigitallife app was one of the many apps that access Facebook’s application programming interface. “What Facebook isn’t telling us yet is what are the other apps , (whether they) had the same modus operandi and how much data did they manage to scrape,” he added. The company said on April 4 that it would display a link on the top of users’ News Feed so they can see what apps they use and the information they have shared with those apps. Facebook will also tell people if their information may have been improperly shared with Cambridge Analytica.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-vidhi-choudhary-and-yashwant-raj-facebook-data-breach-hit-over-5-6-lakh-users-in-india

Calls for law change after Indians left in dark over data leaks

Admin — 2017-07-20T14:38:51Z

Fears Indian telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for India to adopt more robust laws to protect consumers.

The blog post by Rahul Bhatia and Sankalp Phartiyal was published by Reuters on July 14, 2017.

Jio has repeatedly denied any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called "Magicapk" appeared to be "unauthentic." The website was later shut down.

The company, part of conglomerate Reliance Industries Ltd, said on Monday that its subscriber data was safe and protected by the highest levels of security.

However, Jio filed a complaint the same day alleging unlawful access to its systems, police have told Reuters.

Jio did not respond to requests for comment.

In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said.

"It raises questions of security and accountability," said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organization.

People complained on Twitter about personal information of Jio users being available on the Magicapk site. Several local news outlets said their checks had led them to believe a leak had occurred.

"A rule to report breaches exists, but it is unenforceable," says Prakash. "It says you're not liable if you're following reasonable security practices. What 'reasonable' means is not defined."

Advocates of stronger laws in India say a data breach in countries with more stringent cyber laws, such as Britain or the United States, would prompt an inquiry by regulators.

After reports of a data leak at Verizon earlier this week, for example, the U.S. telecoms firm quickly responded with an explanation of what had occurred, how it had happened and the extent of the problem.

"India is at a nascent stage. For good norms in Asia, look to Singapore. It's been praised for not having cyber security issues by the UN," Srinivas Kodali, an independent security researcher, said.

Not a Priority

"We don't have full-menu data protection laws," said Apar Gupta, a Supreme Court lawyer working on data privacy issues. "We don't even have an institutional framework or expert body to implement the limited data protection regulations that do exist. It's so limited it's more accurate to say no law exists."

In May alone, there were two data security incidents in India.

The records of 17 million customers of Zomato, a popular food-delivery app, were put on sale online. Zomato initially advised customers that their passwords were secure, but later advised users to change them.

Separately, a CIS report said the Aadhaar numbers of as many as 135 million Indians had leaked from government databases and could be found online. (bit.ly/2tOseSV)

The number, similar to a U.S. social security number, is unique to each Indian citizen and the Aadhaar database also stores a user's biometric data. The government is pushing for Aadhaar numbers to be used in everything from opening bank accounts to filing tax returns.

For India, data privacy is not a priority, said Amry Junaideen, a risk advisor at audit firm Deloitte.

"From an organizational perspective there's really no incentive other than being a good corporate citizen, to report a breach," he said, noting that in the European Union and United States the regulatory framework is basically for the good of the consumer, but that this is not the case in India.

India, home to the back offices of many large multinationals and outsourcing companies, has also unsuccessfully sought "data-secure" status from the European Union since 2012.

The status is vital for information sharing between entities in the EU and India, because it means the EU is satisfied that data protection rules in a country meet its standards, so data of EU citizens can be sent to that jurisdiction.

Raman Chima, policy director at Access Now, which advocates stronger digital rights, says weak data privacy laws are likely the main stumbling block to "data-secure" status.

In 2010, a European Union study of data protection in India noted there were "no aspects of India's data protection which would unequivocally be regarded as 'adequate' by European Union standards as yet".

Reporting by Rahul Bhatia and Sankalp Phartiyal; Editing by Euan Rocha and Neil Fullick

For more details visit https://cis-india.org/internet-governance/news/reuters-july-14-2017-rahul-bhatia-and-sankalp-phartiyal-calls-for-law-change-after-indians-left-in-dark-over-data-leaks

Call, text, email complaint against rogue auto driver

praskrishna — 2011-04-02T10:45:39Z

Harassed by an auto driver? Helplines give you no relief? Here's the people's way to help you out. Just report your issue online, call or even SMS sitting in a noisy restaurant, and be heard.

Right from drivers with no proper identity cards, to those refusing to ply or those who attempt sexual assault enroute, you can report them all to a team of volunteers who manage a complaint book 24x7. There is also a map online, where you can pinpoint the exact place, time and even upload videos or photographs taken on the spot.

This complaint management system, recently launched by Kiirti (part of the Centre for Internet and Society) is an attempt to help tackle the cases of auto menace in the city. "It's quite like the Fix My Street initiative of the West. This is for the people and maintained by the people. What makes it different from the existing helpline mechanism in Bangalore is that there is better transparency and more options given to people on how they can file their complaint 24x7,'' explains Sudha Nair, project community manager for Kiirti in India.

All the complaints received will be scrutinised and verified by a backend support team of volunteers and then sent across to the department concerned for action. Besides, the complainant will be able to check the status of the complaint.

"Recently, in The Times of India, we read about the sad state of the official helplines provided by the transport department. There is no transparency in it nor is it available all the time, so we decided to launch this system. We are only working as a catalyst. The portal can also be effectively used by various RWAs to help check the problem in their area,'' Sudha added. Various NGOs like Janaagraha, Environment Support Group, Public Affairs Centre and Children's Movement for Civic Action have also come forward to support this initiative.

Read the original in the Times of India

For more details visit https://cis-india.org/news/complaint-against-rogue-auto-driver