We are anonymous, we are legion

Braitenberg Cybernetic Vehicles: Workshop, Film Screening & Discussion

praskrishna — 2012-07-30T13:13:31Z

The Metaculture Media Lab at the Centre for Internet & Society, Bangalore is organizing a fun event, next Saturday, April 14, 2012. The event will begin at 2.30 p.m. and will end at 6.00 p.m.

A tentative schedule of the event in three parts:

A short presentation about Braitenberg Vehicles :
It is based on a thought experiment by Italian cyberneticist, in his book : ''Vehicles: Experiments in Synthetic Psychology'' where 'vehicles' with simple sensorimotor capabilites display interesting life-like behaviour WITHOUT the need for internal memory, representation of the environment, or inference. (Basically none of the task based hyper robotic coding/processing) Read more about it here on the wiki page : http://en.wikipedia.org/wiki/Braitenberg_vehicle
This will be followed by a quick Hands-on-proactive-workshop, where we will build some simple Braitenberg Vehicles, using common motors, wheels, and light sensors, and watch them interact and play with each other.
- The Technically inclined might ( Well If you don't know electronics, the block digram will be self explanatory anyway) have fun teaching eachother how to couple motors with light sensors. Designers can also contribute to the interaction paradigm/visuals. While others may chill in the shady part of the lawn with juice, until the vehicle action starts)
Finally, a film screening followed by a short discussion about it , revisiting our ideas about robots, autonomous vehicles, transport, society and policy, possibly moderated by volunteers/students/citizen researchers in this field, in a dialogue with the rest of the audience.

Additionally , if anyone want to build their own vehicles to take home, please email yelena@cis-india.org (by April 10) for instructions on what to pick up from SP Road.

For more details visit https://cis-india.org/internet-governance/cybernetic-vehicles

[···]

kaeru — 2026-03-14T04:30:47Z

For more details visit https://cis-india.org/internet-governance/blog/

Bowing to public pressure, govt withdraws draft encryption policy

praskrishna — 2015-10-01T02:15:17Z

Bowing to pressure from the public, the government on Tuesday withdrew a draft policy that sought to control secured online communication, including through mass-use social media and web applications such as WhatsApp and Twitter.

The article was published by the Hindustan Times on September 22, 2015. Pranesh Prakash was quoted.

Communications and information technology minister Ravi Shankar Prasad announced the government’s decision at a news conference, saying the draft National Encryption Policy will be reviewed before it is again presented to the public for their suggestions.

“I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded,” Prasad said. He said the draft would be re-released, but did not say when it would be made public.

“Experts had framed a draft policy...This draft policy is not the government’s final view,” he added. “There were concerns in some quarters. There were some words (in the draft policy) that caused concern.”

The draft will be reviewed and experts will be asked to specify to whom the policy will be applicable, Prasad said. He did not say when the new draft will be made public.

Those using social media platforms and web applications fell outside the scope of an encryption policy, Prasad said.

Several countries have felt the need for an encryption policy because of the boom in e-commerce and e-governance, he remarked. “Cyber space interactions are on the rise. There are concerns about security. We need a sound encryption policy,” he said.

Before Prasad announced the withdrawal of the draft policy, the government had issued an addendum early on Tuesday to keep social media and web applications like WhatsApp, Twitter and Facebook out of its purview.

Secure banking transactions and password protected e-commerce businesses too will be kept out of the ambit of the proposed policy, the addendum said.

The climb down by the government came following a storm of protests from users who objected to any stringent state controls on the use of email, social media accounts and apps.

According to the original draft, users of apps such as WhatsApp and Snapchat would be required to save all messages for up to 90 days and be able to produce them if asked by authorities.

Experts told Hindustan Times the draft policy, if implemented in its current form, could compromise the privacy of users and hamper the functioning of several multi-national service providers in India.

Nikhil Pahwa, editor of the MediaNama website that tracks cyber issues and tech news, said there were several problems even with the addendum to the draft policy.

“The usage of the phrase ‘currently in use’ renders the policy vague: Firstly, when is ‘currently’?” he questioned in a post on his website.

“Will a new service that uses a different kind of encryption to protect its users, still be covered? Why should users be ‘restricted to encryption currently in use’? Why should services like Whatsapp, Facebook and Twitter define our security standards?” said Pahwa, who also volunteers for savetheinternet.in.

Pranesh Prakash, policy director for The Centre for Internet and Society, tweeted that even the addendum “does not clarify anything, but further muddles the encryption policy”.

Social media users called the draft “draconian” and “delusional”, and Congress leader Manish Tewari too attacked the Union government.

“The encryption policy (draft) is a snooping and spying orgy. After net chats, the government may want you to keep a video record of what you do in your bedroom for 90 days,” the Congress spokesperson told reporters.

The draft policy had been posted online last week to seek suggestions from the public.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-september-22-2015-bowing-to-public-pressure-govt-withdraws-draft-encryption-policy

Bouquets & brickbats for Google's new privacy policy

praskrishna — 2013-10-25T05:40:56Z

Google's recent privacy policy change that allows the internet search company to use names, photographs and endorsements by its users in online advertisements is getting mixed reviews in India - advertisers love it, and activists love to hate it.

This article by Indu Nandakumar was published in the Economic Times on October 18, 2013. Sunil Abraham is quoted.

Internet rights activists called it another incursion into individual privacy by the California-based company that uses 'Don't be evil' as an informal corporate motto. Brand advisers and marketers praised the ingenuity of personalisation that can make advertising much more effective.

"From a user perspective, there is a higher chance of them buying a product if it is endorsed by a friend," said Kunal Jeswani, chief digital officer at Ogilvy & Mather India. To his mind, the argument about user privacy is "naive" because when a user enters a social network, he/she should know his/her personal information, such as profile photographs and names, is already on the web.

Google announced its policy change regarding user information will be effective on November 11, giving the company the right to use profile names, photos and comments alongside advertisements by clients who use its online advertising network of over 2 million websites.

For instance, if a user has endorsed a product by giving it a "+1" or rated a product on the Google Play app store, his/her image will appear next to the ad when it is displayed to people who are part of his/her social circle on the social networking service Google Plus. The move is seen as Google's attempt to catch up with rival Facebook, which first introduced the concept of 'social ads' that let corporations use the power of influence of people within a person's social network to sell products.

Internet rights activists said such practices raise privacy concerns as they do not take prior consent of users.

"We are not comfortable with user information being used without their permission, especially since Google's privacy standards are not very high," said Uday Mehta, associate director at Consumer Unity and Trust Society (CUTS International).

Last year, the agency complained to Competition Commission of India to investigate Google's alleged anti-competitive practices here. An investigation is ongoing.

In an emailed response, Google said it is notifying users about the change in policy, so that if a user does not like it, he/she can turn it off.

"Since we're updating an existing setting, we will continue to respect the choice you made about the old setting. That means if you already told us that you didn't want your +1s to appear in ads, none of your other shared endorsements will appear in ads," a Google spokesman said.

For example, Google said, if a user reviewed a restaurant, people who aren't in his/her Google Plus Circles of friends would not see that review in an ad that the restaurant might run through Google.

The latest ad strategy comes at a time when companies such as Google and Facebook have been attempting to increase their ad revenues by personalising advertisements to attract user attention. Over 90% of Google's $46-billion revenue in 2012 came from advertisements.

Sunil Abraham, executive director of the Center for Internet and Society said the issue highlights the need for a stronger internet privacy statute in India. The absence of clear privacy laws makes it impossible for government officials to understand the harm caused to personal rights because of the default settings of Google, he observed.

For more details visit https://cis-india.org/news/economic-times-october-18-2013-indu-nandakumar-bouquets-brickbats-google-new-privacy-policy

Book Review: Apocalypse Now Redux

nishant — 2016-08-06T04:16:07Z

My review for Arundhati Roy and John Cusack's new book that captures their encounter with Edward Snowden, 'Things that can and cannot be said' is now out. It's an engaging, if somewhat freewheeling, political critique of the times we live in.

The review was published in the Indian Express on August 6, 2016.

Book: Things That Can and Cannot Be Said
Authors: Arundhati Roy & John Cusack
Publication: Juggernaut
Pages: 132
Price: Rs 250

The title of the book — Things That Can and Cannot be Said — demands an imperative. It is as if Arundhati Roy and John Cusack, aware of their internal turmoil in dealing with a world that is rapidly becoming unintelligible, though not incomprehensible, are demanding an order where none exists. Hence, they are advocating for certainty and assurance, only to undermine it, ironically, through their own freely associative writing that mimics linear time and causative narrative. This deep-seated irony of needing to say something, but knowing that saying it is not going to shine a divining light on the sordid realities of the world that is being managed through the production of grand structures like valorous nation states, virtuous civil societies, the obsequious NGO-isation of radical action, and the persistent neutering of justice through the benign vocabulary of human rights, defines the oeuvre, the politics and the poetics of the book. Written like a scrap book, filled with excerpts from long conversations scattered over time and space, annotated by reminiscences of books read long ago that have seared their imprints on the mind, and events that are simultaneously platitudinous for their status as global landmarks and fiercely personal for the scars that they have left on the minds of the authors, the book remains an engaging, if a somewhat freewheeling, ride into a political critique that makes itself all the more palatable and disconcerting for the levity, irreverence and the dark sense of humour that accompanies it.

Composed in alternating chapters, the first half of the book is about Cusack and Roy laying themselves bare. They spare no words, square no edges, and put their personal, political and collective wounds on display with humble pride and proud humility. Cusack’s experience as a screenplay writer comes in handy — he rescues what could have been a long tirade, into a series of conversations. The familiar narratives are rehistoricised and de-territorialised, put into new contexts while eschewing the older ones, thus providing a large landscape that refers to state-sponsored genocide, structural reorganisation of nation states, the dying edge of political action, the overwhelming but invisible presence of capital, and the dithering state of social justice that treats human beings like things. Cusack, identifying the poetic genius of Roy, gives her centre stage, making her the voice in command.

Roy, for her part, seems to have enjoyed this moment in the soapbox — something that she has been doing quite effectively and provocatively to a national and global audience — and gives it her all. There are moments when the text feels indulgent, when the voice feels a little relentless, when the almost schizophrenic global and historical references become a litany of mixed-up events that might have required further nuance and deeper interpretation. However, the whimsical style of Roy’s narrative, with her sense of what is right, and her demeanour that remains friendly, curious and disarming, saves the text from being heavy handed, even when it does dissolve into cloying poignancy and makes you pause, just so that you can breathe.

Surprisingly, it is the second part of the book, where the two encounter Edward Snowden along with Daniel Ellsberg, the “Snowden of the 1960s” who had leaked the Pentagon papers, that falters. Snowden had jocularly mentioned that Roy was there to “radicalise him”. She does that, but in a way that doesn’t give us anything more than what we already know. While Cusack and Roy were committed to getting to know Snowden beyond his systems-man image, there wasn’t much that they could uncover, either in dialogue or in discourse, that could have told us more, endeared us further to possibly the most over-exposed person in recent times. However, one realises that the genius of the narrative is actually in reminding us how transparent Edward Snowden has become to us. We know all kinds of things about this young man — from his girlfriends past to his actions future, from his values and convictions to his opinion on the NSA watching people’s naked pictures — and yet, what has been missing in the Snowden files, has been the larger arc of global politics, social reordering, and perhaps, a glimpse of the post-nation future that Snowden might have seen in his act of whistleblowing that is going to remain the landmark moment that defines the rest of this century.

Once you have gotten over the fact that this is not a book about Snowden, the expectations are better tailored for what is to come, and suddenly, the long prelude to the meeting falls into place. Snowden matches Roy and Cusack in whimsy, irony, political conviction, and the sacred faith in human values that make you want to give them all a fierce hug of hesitant reassurance. What Snowden says, what Roy and Cusack make of it, and how they leave us, almost abruptly at the end, breathless, unnerved, and severely conflicted about some of the 20th century structures like society, activism, nation states, governance, communication, technologies, sharing and caring is what the book has to be read for. The tight screen-writing skills of Cusack meet the perfect timing of Roy’s prose, and all of it becomes surreal, futuristic and indelibly real when it gets anchored on the physical presence of Snowden, who, in exile, talks achingly of the home that has thrown him out and the home that he can never really call his own.

And while there are lapses — fragments, translations and evocations which might have needed more explanations to have their pedagogic intent shine through — there is no denying that, in all its flaws, much like the narrators, the book manages to first immerse you in the cold shock of a sobering reality, clearly positioning the apocalypse as the now, and then drags you out and wraps you up in a warm blanket, opening up forms of critique, formats of intervention, and functions of political commitment towards saying things that have and have not been said. The book should have, perhaps, been titled what could, would, should have been said, but can’t, won’t, shan’t be said — not because of anything else, but because it seems futile.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-august-6-2016-book-review-apocalypse-now-redux

Bolstering right to remain private

praskrishna — 2012-10-29T09:00:13Z

The Justice AP Shah panel has done to well to lay down an enforceable roadmap that can strengthen privacy laws in the country. It’s now for the legislature to take the issue to a logical conclusion.

Apar Gupta's column was published in the Pioneer on October 29, 2012.

A haveli courtyard is an apt metaphor for the complexity which is involved in drafting a law on privacy. Though the courtyard gives an appearance of openness, it is limited by the walls, doors and windows which surround it. The architecture represents a mediated understanding of the options which are available to the resident in sharing and limiting information to family and strangers. A somewhat similar project is in the works with the Union Government taking steps towards the enactment of a privacy law.

Privacy law as it is understood at present is usually limited to the odd writ petition filed against the Government by a private individual seeking enforcement of a fundamental right to privacy. Recently, such adjudication has been limited to high-profile individuals, and where there is wide voyeuristic interest. For instance, two recent petitioners include industrialist Ratan Tata and former Samajwadi Party leader Amar Singh. Here, it is important to stress that with the state gathering more and more data about individuals through the Unique Identification Authority of India scheme, there is a need to democratise the right by making legal provisions for its enforcement. In making such provisions a balance has to be maintained, where information which serves public interest or gathered through informed consent is not encumbered in the name of protecting individual privacy.

To find this balance, the Government late last year tasked a Committee of Experts chaired by Justice AP Shah to prepare a report on the Privacy Bill. Readers would recall that Justice Shah had authored a judgement which read down Section 377 of the Indian Penal Code, decriminalising homosexual activity. A closer reading of the judgement shows the reliance placed by the court on the privacy right and to reach its determination. With such credentials, the Justice Shah Committee has exceeded the high expectations placed on it, presenting a fair and balanced approach towards a privacy law in India.

At the very outset the report clearly marks its objectives, from which it then commences to study judicial precedent on privacy as well as the experience of foreign jurisdictions. On the basis of this study, it has evolved nine privacy principles which encompass within it distinct aspects of individual privacy. Such a nuanced approach to privacy is certainly welcome given that privacy as a right is often subjective, varying drastically in its appreciation as per civil society, private industry and even Government itself.

Beyond the specific aspects of the privacy right, the report extends the right both to Government as well as private industry. This is a sign of the times, best put by Pranesh Prakash, policy director, Centre for Internet and Society, when he says that citizens reveal more data about themselves to social networking websites than they would to the Government under torture!

Another significant aspect is the proposed co-regulatory regime which the report suggests. And, experience has taught us that a right without an effective remedy to enforce it counts for a little more than a black letter on paper. In this respect, the report proposes a sectoral regulator which has supervision over State level privacy commissioners. In addition to this, the report also proposes a system of self-regulation where industry-specific standards may be proposed and then sanctioned by the privacy commissioners. However, contrary to the present approach of tribunalisation, the report suggests that recourse to civil courts for aggrieved persons should always be kept open.

Though the origins of the privacy rights may be antiquated, widespread consensus suggests that the modern practice and substance of privacy law owes its beginning to an article published in the fourth volume of the Harvard Law Review. The article, authored by Louis Brandeis and Samuel Warren drawing a physical justification for what seemed like a novelty back then, stated that the law regarded a man’s house as his castle.

Sadly, the right has not seen a proper development in India, mainly due to the absence of an overarching legislation as well as a lack of understanding of its proper contours. At least in this respect, the report marks a significant development in the drafting of a comprehensive privacy legislation in India. A haveli, a house or a castle — the Justice Shah panel has provided a useful blueprint to the legislature to build an effective and balanced statute to safeguard individual privacy.

(The writer is a partner in a Delhi-based law firm and visiting faculty at the National Law University, Delhi)

For more details visit https://cis-india.org/news/daily-pioneer-columnists-oct-29-2012-apar-gupta-bolstering-right-to-remain-private

Bloggers' Rights Subordinated to Rights of Expression: Cyber Law Expert

elonnai — 2012-03-21T09:35:06Z

Vijayashankar, an eminent cyber law expert answers Elonnai Hickok’s questions on bloggers' rights, freedom of expression and privacy in this e-mail interview conducted on May 19, 2011.

A set of rules relating to regulation of the Internet (mentioned in section 79 of the ITAA, 2008) was released in April 2011. In light of the rules framed under the IT Act, and as part of our research on privacy and Internet users, we have been looking into questions surrounding bloggers’ rights, freedom of expression, and privacy.

The new rules require among other things that intermediaries take down any content that could be considered disparaging. In practice, these rules will act to limit the ability of individuals to express their opinions on the Internet — especially for the bloggers. Though these requirements seem to only impact the freedom of expression of bloggers, a blogger’s privacy rights, especially in relation to the protection of their identity, are also pulled into question. Other issues surrounding bloggers’ rights and privacy include: if bloggers are identified as journalists, then whether they should be afforded the same protections and privileges, e.g., should bloggers have the right to free political speech and should intermediaries have freedom from liability for hosting speech or others’ comments? Are bloggers allowed to publish material that is under copyright on their website?

On May 19, 2011, through e-mail, I had the opportunity to interview Vijayashankar, an expert in cyber law, on issues regarding the rights of bloggers freedom of expression, and privacy. Vijayashankar has authored multiple books on cyber law, taught in many universities, and is an active leader of the Netizen movement in India. Below is a summary of the questions I posed to Vijayashankar and his responses.

I began the interview by trying to understand bloggers’ rights and how they are defined. Often the term 'bloggers' rights is used casually, but it is important to understand the different roles that a blogger plays in order to understand what his/her rights are, how they could be violated, and how they could be protected. Vijayashankar explained that a blog is comprised of two parties: a blogger and an intermediary – which is the application host. Bloggers have many different roles: authors, editors, or publishers of content, and thus, a blogger’s rights should be defined within these contexts. As authors, bloggers write their own article/blog or adds comments to others’ blogs. As such, they should have the freedom to express their thoughts and opinions and determine a level of privacy with which to maintain them, without regulation or censorship from a third party. Though the freedom of expression and privacy should be basic rights for blog authors, bloggers must also be held accountable and responsible for the content that they choose to make public by posting on accessible web pages.

The need for a blogger to be held responsible and accountable is similar to the limitation on speech that informs defamation law, and it means that a blogger cannot be entirely anonymous – at least not once a blog is public and is challenged. Thus, accountability must limit the right to be entirely private and anonymous. Though a blogger should be held accountable, the international implications give rise to thorny issues of jurisdiction and accountability under unforeseen laws: all of which raises the question whether, instead of local jurisdictions seeking to enforce their laws against potentially out-of-the-jurisdiction bloggers, an international third party should be entrusted with the responsibility of holding bloggers accountable and responsible – whether that takes the form of an organization like the WTO or WIPO or looks more like specially trained international arbitrators.

This challenge arises because bloggers live in different jurisdictions where different rules apply, but their opinions cross multiple borders and boundaries. This raises questions such as: Which jurisdictional law should the blogger be accountable to? Should a blogger be held responsible for actions that are considered violations in a jurisdiction in which a blog is read, even if those actions are not violations in the jurisdiction in which it is written? And if a blogger is to be held responsible, who should hold him responsible – the country where the action is considered a violation or his own country – and where does a private party have a cause of action? According to Vijayashankar, blogger’s rights’ are always subordinated to the rights of expression guaranteed to the blogger in his country where he is a citizen.

Furthermore, the rights of a blogger have to be seen in the context of who has the "cause of action" against blog writing, i.e., which party involved has the right to complain. If an individual is a victim of a blog, and that individual is a citizen of another country and is guaranteed certain rights, the blogger's rights cannot override the rights of the victim in his own country. Hence, the victim has the right to invoke law enforcement in his country, and the law enforcement agencies do have a right to seek information from the blogger. If, however, a citizen brings a private civil action against a blogger, the discovery limitations are much more severe across boundaries, and the blogger’s national policy on responding to discovery from other countries will determine the extent to which information from the blogger will be made available. To the extent that the impact of a blogger’s expression reaches across boundaries, his actions should be considered similar to a situation where a citizen of one country does certain things which affect the rights enjoyed by a citizen of another country. It does not seem right that a blogger can say something offensive in one jurisdiction and be held liable, but a different blogger can say the same thing from another jurisdiction and be protected. On the one hand, since the Internet as a medium broadcasts across geographical boundaries, it is the responsibility of the individual countries to erect their "cyber boundaries" if they do not want the broadcast to reach their citizens. On the other, individuals should be able to invoke international laws to seek consistent application of standards about what is actionable and what information is discoverable in support of an action. This suggests that an international tribunal might be the best solution.

Other questions to think about when exploring the idea of a trusted third party holding online bloggers accountable include: who would form the third party, what legal authority/power would they have, would this group also be in charge of reviewing a country’s "cyber boundaries" in addition to holding online bloggers accountable? and how would it avoid being influenced by any one government or by other stakeholders?

Next I asked him for examples of common privacy violations that happen to online users. A few he said included identity theft in the form of phishing, which leads to financial frauds, and is one of the most dangerous consequences of privacy breach. Other examples included manipulation of online profiles in social networking sites to cause annoyance, defamation, and coercion; cyber squatting with content which can be misleading; posting of obscene pictures with or without morphing of victim’s photographs to other obscene photographs/pictures; and SPAM – particularly through mobile phones – are all serious forms of privacy violations.

My third question focused on privacy violations and bloggers. How could a blogger’s rights be compromised, especially with a focus on privacy? For bloggers, is privacy important simply to protect their identity and content, or are there other implications for privacy and bloggers? In our research we have looked into ways in which practices such as data retention by ISPs, government/law enforcements’ access to web content including private conversations, and poorly established user control over privacy settings on websites can violate online users’ privacy. According to Vijayashankar, a blogger is mainly concerned about privacy in the context of protecting his identity. It is important for bloggers to protect their identity because the content they create could be considered controversial or illegal in different regions. Thus, it is critical for bloggers to have the right to blog anonymously. An exception to this right is that if the blog is so offensive then the law enforcement agency can take action. In some countries individuals also can sue bloggers. To help protect bloggers from unreasonable and ungrounded searches, Vijayashankar suggested that a mechanism be created by which international and domestic law enforcement agencies can request 'sensitive' information. This mechanism would work to filter and evaluate requests for information without bias, and according to a country’s law own domestic law.

I then asked him what legal protections he felt bloggers needed. He said that he believes that it is important that bloggers and online users’ right to anonymity, protection of identity and freedom of expression (political and non-political) are protected from excessive regulations. An interesting point that he raised was about the protection of bloggers from international requests for information. According to –him — bloggers can be protected only to the extent to which their rights are protected in their own country. If a request for information comes to a law enforcement agency of a country of which the blogger is a citizen, information may need to be released unless an “asylum” has been granted.

An example of the situation Vijayashankar is referring to is that if a blogger in India writes content that is found to be controversial by the U.S Government; the U.S Government then has a right to request and access that information, unless the Indian Government provides protection over the citizen and the information and refuses to release it. Though right to information requests tend to be governmental, this rule changes if it is a citizen requesting information. Very rarely can a citizen of one country request information about a blogger from another country and gain access. The question of international discovery over Internet material is one that has many angles that need to be taken into consideration – a few being: what the content on the blog contained; was the content against an individual or a government; who is requesting the information — a citizen or the government, and whom are they requesting the information from? For example, in the US Supreme Court case, Calder vs. Jones 465 U.S. 783 (1984), information about a woman, Shirley Jones, was published in another state, but the court ruled that the wrongful action was directed to her where she was.

A large part of the debate over bloggers’ rights is centered on governments’ need to monitor online activity. Developments such as the new rules to the IT Act, the Indian Government’s request for blackberry’s encryption keys, and the news about the government wiretapping citizens’ phones show that the Government of India is demanding access to see and regulate content created by online users in India. When asked about bloggers’ rights and government access to content, Vijayashankar stressed that there has to be a mechanism to check the requests from government agencies, and any such mechanism should have popular representation. He went on to explain that presently an order for the blocking of a blog or for private information is made by a government agency or a court. Unfortunately, government agencies may be responsive to certain interests. Likewise, decisions of conventional courts can be inconsistent. Therefore, it is important that a mechanism that reflects the common person’s input is put in place. This could either be a stand-alone private body, such as Netizen Protection Agency, acting as one more layer of protection, or the government body itself could build in adequate public representation. Courts would need to recognize such bodies and seek their opinion as an input to any dispute. This is an innovative option, but one that is a radical departure from the view of a court as an impartial tribunal that is supposed to weigh every matter independently on its merits.

Lastly, I asked if a privacy legislation could address the issue at hand i.e., could a privacy legislation work to protect bloggers’ rights by providing them identity protection and protection of their content and in general what should be included in a comprehensive privacy legislation? Though India already addresses bloggers’ rights through the Information Technology Act, it could be possible that privacy legislation could establish a third party group to work to protect bloggers’ rights and hold both governments and bloggers’ accountable. When asked what should be included in a comprehensive privacy legislation, Vijayashankar suggested that it should recognize that privacy rights of individuals are part of the larger interests of the society, and a comprehensive legislation should work to take all the stakeholders into consideration.

For more details visit https://cis-india.org/internet-governance/blog/privacy/bloggers-rights-and-privacy

Bloggers battle India's supreme court over prosecution for internet threats

sachia — 2011-04-02T16:17:48Z

Article by Randeep Ramesh in the Guardian, 26 February 2009

India's supreme court is facing the wrath of the country's bloggers over the prosecution of a student because of anonymous comments published on a social networking group he created.

The computer science student, named as Ajith D, was arrested over allegations that death threats had been posted on his "anti-Shiv Sena" group on Google's networking site, Orkut. The 20-year-old also faces charges of criminal intimidation and hurting religious sentiments.

The Shiv Sena (Army of Shiv) is a political party that made its name in the 1990s for populist policies that were anti-Muslim and favoured locals over outsiders. Its leader, Bal Thackeray, has been quoted as admiring Hitler.

Mumbai police had been monitoring the site since the Sena staged violent protests against Orkut for carrying anti-party statements, vandalising cybercafes across Mumbai. Officers contacted federal authorities in Delhi before bringing charges.

In response, the lawyer representing the student asked the supreme court to quash the case, saying his client had published nothing provocative. However India's chief justice, KG Balakrishnan, refused the application saying: "We will not do that. Anything that is posted on the internet goes to the public. The internet is open to the world."

The case highlights how India, the world's largest democracy, deals with the thorny issue of freedom of speech on the internet. A law about to arrive on the statute books places the onus for publishing material on the web, not on hosts of the material, such as Google's Orkut service, but on individuals who create blogs and websites.

"The difficulty here is that my client did not make the threats. He simply set up a community group and left it unmoderated," Jogy Scaria, Ajith's lawyer, said. "He only created the anti-Shiv Sena site."

Orkut is one of India's most popular social networking sites and many bloggers vented their fury online. "I am not able to gather how it is possible that bloggers can be hit with libel and criminal suits on the basis of anonymous postings on their websites," wrote one on Ekawaaz-One Voice.

Lawrence Liang, India's foremost authority on freedom of speech on the internet, wrote about the case on Kafila.org.

"When organisations like the Shiv Sena start using defamation laws, it smacks of chutzpah to me … What other way can we describe the bizarre situation of the violence-prone macho men, who suddenly run around screaming about the violation of their legal rights and the slurring of their reputation?"

India's constitution guarantees freedom of expression as long as this does not extend to libel, national security, contempt and a broad category of public morality – which includes "hurting religious sentiments".

Pranesh Prakash of Bangalore's Centre for Internet and Society, a thinktank specialising in web civil rights, said the internet had allowed "everyone to become a publisher but not the awareness of what responsibilities of a publisher. The way the law is dealing with it is highly problematic."

-----

To read the article at the Guardian website, click here.

For more details visit https://cis-india.org/news/bloggers-battle-indias-supreme-court-over-prosecution-for-internet-threats

Blocking Twitter: How Internet Service Providers & telcos were caught between tweets and tall egos

praskrishna — 2012-08-25T07:36:04Z

Long derided as 'dumb pipes' to the Web, Internet service providers (ISPs) are discovering these days that insult is being increasingly followed up by injury.

Joji Thomas Philip and Harsimran Julka's article was published in the Times of India on August 25, 2012. Pranesh Prakash is quoted.

In the fight between netizens who spare no effort at lampooning the powers that be and alarmingly frequent government flashes of rage at comments that can range from the mildly disrespectful to downright defamatory, telcos and ISPs find themselves much like the grass in the age-old Swahili saying "When two elephants fight, it's the grass that suffers".

The latest reminder of the hard place they find themselves in came earlier this week when news first broke that the government had asked for some accounts on social media site Twitter to also be part of websites and Internet pages it wanted blocked by ISPs. The news triggered a wave of outrage across cyberspace, with many users venting their rage at the first entity they associate the web with - their ISP, which in many cases is also their telecom operator.

"We acted immediately to the government's orders, but ended up being targetted and criticised wrongly only because we acted first," explained one official, who sought anonymity for himself and the company to avoid offending bureaucrats.

It's a common feeling. Telcos and ISPs are increasingly finding themselves in a 'Damned if you do, Damned if you don't' predicament these days, having to walk a tightrope between government orders and a restive netizenry.

And government orders can range from the super-urgent to arbitrary to sometimes ill-conceived. Very often, its 'one ban fits all' makes little allowance for differences between social networking sites and regular websites.

Executives in telecom companies recounted the instance when the government on August 18 ordered a ban on bulk SMSes and restricted text messages to five per day as part of efforts to combat the large-scale migration of people of north-eastern origins from other states to their home provinces fearing reprisal attacks.

"Within an hour of the directive, we started getting calls seeking compliance," said a top executive with a leading telco. But as the Centre was demanding compliance reports, operators were busy trying to decipher its notification, which read: "(a) Block bulk SMS (more than 5) for the next 15 days in the entire country across all states/UTs (b) Block bulk MMS (more than 5) and all MMS with attachment more than 25 KB for the next 15 days in the entire country across all states/UTs."

Shoot first, talk later

Telecom operators were nonplussed by the notification. Did it apply only to senders of bulk text messages who use this facility for commercial purposes? Or, did it mean customers could not send SMSes to more than five people simultaneously?

"When we sought clarification, the explanation was completely different and took a new dimension. It was five text messages per day per customer," said the regulatory head of a GSM operator, requesting anonymity as he did not want to offend the government.

Mobile phone companies then approached the department of telecom explaining that they did not have any technology with which they could impose a five SMSes a day limit for postpaid users. "The home and telecom ministries had not even realised that a facility did not exist before issuing the directive," said the marketing head of a leading telco.

In this case, the government accepted the operator's arguments and relented, but still told the companies not to highlight the limitation. "This time around, our arguments were accepted. Going by past instances, some operators had feared that the government would slap a hefty penalty for non-compliance without considering what we had to say," the marketing head said.

Industry officials say the tendency of 'shoot first, talk later' among bureaucrats and ministers long used to having their orders followed, especially when it came to the world of social networking which very few of them had any idea about, meant that it was safer to obey first and correct later.

"We don't even do any application of mind to the government's notices on requests. We wholesale block them. We can't even question the government's requests. A notice is a law in effect. Violation means a potential penalty which can go up to the cancellation of my licence and thus end to my business," said the head of a Delhi-based ISP that serves business users.

Executives with several ISPs and telcos say most often, court orders, government notifications and directives are not in public domain, and these result in angry consumers assuming that their service provider is up to some mischief.

ISPs say public clarifications by the government would go a long way in addressing the issue. "There has to be transparency. The government should have proactively disclosed the names of the websites it wanted blocked. The persons and intermediaries hosting the content should have been notified and provided with 48 hours to respond as required by the IT Act," said Pranesh Prakash of the Centre for Internet and Society, a research organisation.

For more details visit https://cis-india.org/news/times-of-india-aug-25-2012-blocking-twitter

Blocked websites: Where India flawed

praskrishna — 2012-08-27T03:00:16Z

Apart from not giving 48 hours response time, the Indian government has blocked some websites which don't exist or don't have web addresses, says an analyst.

Published in CIOL on August 23, 2012. Pranesh Prakash's analysis is quoted.

India is threatening to block Twitter as the latter has allegedly failed to respond to the government's order to remove some inflammatory posts.

That has come to light as it is being widely covered in media, but there are hundreds of websites which have already been shut, apparently without due notice to the owners.

Apart from Facebook, Twitter and YouTube accounts, the blocked websites include which are sympathetic to Hindu and Muslim radical groups.

In an analysis of 309 websites blocked in the wake of exodus of North eastern people from Bangalore, Pranesh Prakash of the Centre for Internet and Society (CIS), says the government has blocked these sites under the Information Technology Act, but it failed to provide the mandatory 48 hours to respond (under Rule 8 of the Information Technology Procedure and Safeguards for Blocking for Access of Information by Public, Rules 2009).

He writes in his post: "The persons and intermediaries hosting the content should have been notified. Even if the emergency provision (Rule 9) was used, the block issued on August 18, 2012, should have been introduced before the "Committee for Examination of Request" by August 20, 2012 (within 48 hours), and that committee should have notified the persons and intermediaries hosting the content.

Internet censorship is acceptable as long as it is in the purview of the law and doesn't encroach one's freedom. In this case, some people and posts debunking rumours have been blocked, says Pranesh.

He points to some discrepancies in the way the websites are blocked:

Some of the items are not even web addresses (e.g., a few HTML img tags were included). Some of the items they have tried to block do not even exist (e.g., one of the Wikipedia URLs).
An entire domain was blocked on Sunday, and a single post on that domain was blocked on Monday.
For some YouTube videos, the 'base' URL of YouTube videos is blocked, but for other the URL with various parameters (like the "&related=" parameter) is blocked. That means that even nominally 'blocked' videos will be freely accessible.

He concludes: "All in all, it is clear that the list was not compiled with sufficient care."

For more details visit https://cis-india.org/news/www-ciol-com-aug-23-2012-blocked-websites

Blockchain: A primer for India

Anusha Madhusudhan — 2020-03-30T13:32:58Z

This report is presently being updated.

For more details visit https://cis-india.org/internet-governance/blog/blockchain-a-primer-for-india

BJP outspends Congress, others in social media advertising

Vidhi Choudhary — 2019-05-14T15:21:35Z

The data shows that so far the BJP has spent Rs 25 crore in advertisements across Facebook, Instagram, Google and YouTube.

The article by Vidhi Choudhary was published in Hindustan Times on May 3, 2019. Sunil Abraham was quoted.

The ruling Bharatiya Janata Party (BJP) is way ahead of the Congress in advertising expenditure on social media at the end of the fourth phase of the ongoing Lok Sabha elections, according to data from advertising transparency reports by Google and Facebook - but the spending across parties is being described as much lower than expected by media experts.

The data shows that so far the BJP has spent ₹25 crore in advertisements across Facebook, Instagram, Google and YouTube.

It has spent ₹11.6 crore andRs 13.43 crore on Google and Facebook respectively. The Congress, the main opposition party has spent a total of ₹1.42 crore for ads on Facebook (Rs 74 lakh) and Google (₹62 lakh).

The total spend on political ads across Facebook, Google and their affiliates stood atRs 42.3 crore between February 2019 to the end of April 2019 across 108,968 ads.

The balance political ad spend ofRs 15.9 crore have been incurred by regional parties such as the Telugu Desam Party (TDP) and individual leaders such as Odisha chief minister Naveen Patnaik of the Biju Janata Dal (BJD).

These spends are part of the Facebook and Google political ad transparency reports - a measure most social media companies took as part of a voluntary code of ethics developed to ensure free, fair and ethical usage of social media platforms to maintain the integrity of the electoral process for the general elections 2019.

According to Sunil Abraham, founder and executive director for think tank, Centre for Internet and Society, the poll expenditure on social media appears to be abysmally low.

“Over all these number look low to me. It is possible that political parties are using astroturfing strategies to avoid public scrutiny through the transparency reports published by Facebook and Google. For those unfamiliar with the term, astroturfing is the creation of fake grassroots support - named after the fake grass that is used in sports fields,” he said.

But other experts suggested these figures don’t reflect the full picture.

“These are only the media spends by major political parties. Media spends don’t reflect the total spend on social media because a lot of money is spent on both content creation and manpower to oversee online campaigns.

Major parties collectively are likely to spend a total ofRs 350- 400 crore on social media this time, especially to tap into the first time voter who are regular users of Internet in the country,” said Ashish Bhasin, chairman and chief executive (CEO) at Dentsu Aegis Network - India and Greater South, a media buying agency.

In 2014, political parties would have spent overRs 175 crore on social media, Bhasin added.

The 2019 Lok Sabha elections have being widely touted as India’s first social media election with close to 600 million Internet users in the country, more than double of 2014.

Some other digital media experts contended that the social media spends by the BJP are more conservative compared to the 2014 general elections.

“The focus is back to booth level marketing as opposed to online spends perhaps because the Election Commission has put stringent audit checks and are closely monitoring all the invoices and ads put up on social media,” said Jyothirmayee JT, founder and chief executive of HiveMinds, a Bangalore based digital marketing agency.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-vidhi-choudhary-may-3-2019-bjp-outspends-congress-others-in-social-media-advertising

Biz moving to IPv6 but lower costs, support needed

praskrishna — 2012-06-14T05:01:34Z

Organisations such as Cisco Systems, Equinix and Singapore Internet Exchange are all gearing up for migration to IPv6 in time for the World IPv6 Launch day slated on Jun. 6,which involved everything from redesigning their backend infrastructure to assessing their systems’ readiness.

Published in intellasia.net on June 8, 2012

However, one industry player noted that the costs and effort in doing so is one key reason why more companies are not making the transition.

Cisco, for one, told ZDNet Asia that is had been preparing for the migration on Wednesday since the test run was conducted last year. Joshua Soh, managing director for Cisco Singapore and Brunei, pointed out that switching IPv6 on permanently demanded a certain level of production quality and this required a lengthy preparation time.

The first step was to work on its backend IT architecture and design, Soh revealed, adding that their primary goals were to leverage network infrastructure already in place to avoid spending on parallel networks, as well as to ensure production quality and ability to maintain overall service levels.

To meet these goals, the networking giant redesigned their data centre based on the reverse proxy model, in which the proxy server retrieves resources from the server to deliver to a client before returning these resources to the original server.

It also used its Application Control Engine (ACE) load-balancing platform to configure incoming IPv6 sessions to be proxied to the IPv4 tier so that the network will be dual-stacked to include existing ISP (Internet service provider) connections, the managing director explained.

The Singapore Internet Exchange did likewise. According to Yeo See Kiat, its sales and marketing director, the organisation enabled dual-stack networks on their servers for public-facing services, which would enable it to obtain IPv6 streams and turn on the service permanently.

“Meet in the middle” saves cost

Another company making a similar transition to the new Web protocol is Equinix. Its director of network engineering & operations for the Asia-Pacific office, Raphael Ho, told ZDNet Asia that the migration would require existing networks to be upgraded and expanded to support the additional bandwidth and power.

This is especially so for facilities such as the company’s International Business Exchange (IBX) data centers where the volume of interconnection is consistently high, he added.

In order to facilitate the switch, the company used its IPv6 Exchange to simplify the process for its networks to enhance traffic within an IPv6 environment, Ho stated. The central switching capability also helped create a “unicast” peering virtual local area network (LAN).

This “meet in the middle” approach helped reduce costs as it enabled its servers to more efficiently establish IPv6 peering, he explained.

Assess systems’ readiness

Cisco’s Soh noted that after the redesigning of the data centre is complete, the company performed an assessment to determine if existing devices in its demilitarised zone (DMZ) and datacenter networks were capable of supporting the new protocol. It also enhanced its network management systems to support network, devices and application monitoring over IPv6, he added.

At this late stage, the company is conducting system-level testing and quality assurance engineers are going about the functional and performance checks, the executive pointed out. Its last test will be a practice run in which it will switch on the IPv6 service for a few hours to make sure everything works fine, including the content delivery network and ISP services, he said.

Beyond the technical preparations, it also put together a training programme to ensure employees, from the frontline to the network engineers, were equipped with knowledge of the new protocol and skills appropriate for their roles, the executive stated.

No impetus for change

The amount of time and costs reflected in these companies’ migration efforts were cited as one of the main reasons why there are not more companies considering making the switch.

According to a statement issued by Tata Communications and India-based centre for Internet and Society on Wednesday, costs and infrastructure as well as having a minimum number of service providers and users utilising the network were identified as the two main impediments for IPv6 adoption.

One the first obstacle, they said: “IPv6 platforms do not communicate easily with IPv4 networks. This idea of abandoning IPv4 and moving to a new protocol is not only redundant, it is also futile because IPv4 is already running the largest network in human history quite efficiently.”

To make the transition more palatable, they believed “translators”, or technologies able to “speak” in both protocols, are needed. However, these translators are still expensive and there is a need to divert more resources to make these technologies more affordable, the statement noted.

As for the second reason, both Tata and the centre for Internet and Society stated that as long as the deployment of IPv6 remains nascent, there will be no concentrated energy to bridge both protocol versions.

“We are going to need a systemic change among all stakeholders to make IPv6 a reality, toward a faster, safer and more robust Internet,” they said.

For more details visit https://cis-india.org/news/biz-moving-to-ip-v-6

Bitcoin & Open Source with Aaron Koenig

praskrishna — 2014-02-06T01:40:24Z

Aaron Koenig, director of bitfilm.org and a global Bitcoin entrepreneur will give a talk at the Centre for Internet and Society, Bangalore on February 7 at 6.00 p.m.

Learn more about Bitcoin and its global path as we explore concepts and ideaologies behind the technology behemoth.


Above is an image of a Bitcoin Expert giving a presentation. Image source: http://bit.ly/1keLpwi

For more details visit https://cis-india.org/events/bitcoin-and-open-source-aaron-koenig

Bit by byte protecting her privacy

Admin — 2018-07-29T01:46:38Z

The Srikrishna committee draft law on data protection is days away. Here’s a bucket list of issues that will matter

The article by Mihir Dalal and Anirban Sen was published in Livemint on July 26, 2018. Amber Sinha was quoted.

In an era dominated by “free” platforms such as Google, Facebook and Amazon, among others, data privacy had largely been considered an academic matter. However, in the past one year that notion has changed forever, bringing data privacy to the fore, as one of the defining issues of the internet, both in India and abroad.

Last August, the Supreme Court ruled that privacy was a fundamental right under the Constitution of India. Concomitantly, the debate over Aadhaar and its potential misuse picked up steam on the back of reports about data breaches in the biometric ID system though these reports were denied by the Unique Identification Authority of India, which built Aadhaar. (The apex Court will deliver its verdict on petitions that have challenged the constitutional validity of Aadhaar and its legal framework)

Globally, Facebook came under severe criticism after it was revealed that the social media giant had compromised user data in the run up to the US elections. Finally, in May, Europe introduced its landmark data privacy law, General Data Protection Regulation (GDPR), which has put users in control of their data through various measures.

The stage is now set for the much-delayed draft law on data protection, which is expected to be submitted soon by the 10-member panel headed by former Supreme Court justice B.N. Srikrishna.

The committee, which had been set up last July, has attracted criticism from some quarters. Earlier this month, more than 150 lawyers, activists and journalists, among others, wrote to the Srikrishna committee, complaining about the lack of transparency in its process, the lack of diversity in the views held by members of the committee, besides other issues. In an earlier letter in November last, activists, lawyers and others had alleged that too many members of the committee held pro-Aadhaar views. Some experts believe that the mandate of the committee was flawed to begin with. “Given that personal information is omnipresent in so many different sectors, it is better to have a light touch legislation that deals mostly with key principles of data privacy and empowers a data commissioner to frame more detailed regulations,” said Stephen Mathias, partner, Kochhar and Co.

Last week, the Telecom Regulatory Authority of India (Trai) released a set of recommendations on data privacy that favour giving users control of their data and personal information, while severely restricting the ways in which telecom and internet companies can use customer data. Here are the major issues to watch out for in the draft data protection law.

Users vs. collectors

This broad umbrella includes mandatory consent of users for data collection, data portability, the right to be forgotten and the right to erasure. Last week, Trai gave its recommendations on some of these issues in what were considered pro-privacy and progressive suggestions. Those recommendations tracked GDPR measures. The Srikrishna committee is also expected to suggest pro-privacy measures, though the details will be all-important. The committee is also expected to define what is ‘sensitive’ or ‘critical’ data. “In India, government agencies, private entities and others collect various forms of data on individuals,” said Chetan Nagendra, partner, AZB Partners. “The committee will have to clarify what category of data is allowed to be collected and whether this should this be standardized across different entities. It will also have to standardize rules on how long is it okay to store such user-collected data.”

The flip side of user rights is the role of data repositories that collect and process user data. The committee will be required to clarify what data firms and government agencies can gather on users and what will be their responsibilities toward the usage of that data. This includes the principle of privacy by design, that is, companies must ensure by default that their platforms are designed to protect rather than exploit user data and privacy.

IndusLaw partner Namita Viswanath said that in terms of data repositories, there was a need to distinguish between a data controller and a data processor. A data controller is the user-facing platform that gathers data, whereas a data processor is often a third-party firm that provides infrastructure for the platform. “Responsibilities of user personal data should be shared between a data controller and processor. The nature and extent of liability should depend on the nature of data, the party responsible for handling data and the measures adopted, but ultimately, the data controller should most responsibility,” Viswanath said.

Regulation vs. Self-control

Given that data is such a broad-ranging topic, the Srikrishna committee will be expected to recommend who should have oversight of data-related matters. Will there be a new data protection authority? If so, what will be its scope, given that regulators, such as the RBI, Sebi and Trai, will all be affected by a privacy framework in their respective areas? And what will be the punitive measures and fines for offenders on data matters?

Some experts said the government should appoint a data protection authority. As the recent travails at Facebook show, relying solely on self-regulation of internet platforms, is a disastrous policy. But it’s unlikely that the entire burden of regulation will fall on one authority.

“Logistical problems are likely, especially in the early days, with having a top-down regulatory approach,” said Kriti Trehan, partner, Panag and Babu. “The process of training, requirement of funding and access to skilled human resources will necessitate organisational and administrative inputs. With this in mind, I believe that a co-regulatory framework for data protection will be efficient. With this approach, established parameters may guide escalation in specific instances.”

Data localisation

In April, the RBI had issued norms on the storage of payments system data, which requires digital payment providers to store data in India. That has sparked another debate over the possible stance of the Srikrishna committee. Many start-ups and firms use data servers located in overseas locations because of several reasons, including economies of scale and tax planning. “Data protection should not be confused with data access,” said Kartik Maheshwari, leader, Nishith Desai Associates. “For instance, if a firm is storing user data abroad, that should be fine as long as it is secure and access in India is provided, whenever required. Storing data locally is not necessarily the best solution from the perspective of data security as better infrastructure may be available abroad. However, the government may, in exceptional cases of sensitivity, legitimately require local storage of very narrowly defined streams of data.”

Surveillance is key

The law will also need to clearly define the contours of the contentious issue of surveillance and how to ensure that India does not end up replicating the policies in place in countries such as China, which are notorious for mass surveillance practices. Surveillance that has been legally sanctioned is part of the exceptions to regular privacy practices. The committee will have to define the parameters of these exceptions. In the case of surveillance, some experts, including Amber Sinha of Centre for Internet and Society, said that while it needs to be allowed in specific instances such as issues related to national security, a judicial system needs to be in place to protect the rights of the parties that are being put under surveillance. This, in many ways, is the heart of a very important matter.

The Aadhaar factor

The most hot-button of all issues for the committee is, of course, Aadhaar. Former UIDAI chairman Nandan Nilekani told Mint this week that “if something needs to be modified in the Aadhaar law, it will be done” by the Srikrishna committee. The changes that the committee will suggest to the Aadhaar law will go a long way in determining whether its draft law is truly pro-privacy.

For more details visit https://cis-india.org/internet-governance/news/livemint-july-26-2018-mihir-dalal-and-anirban-sen-byte-by-byte-protecting-her-privacy