We are anonymous, we are legion

BBMP faces ire for publishing pourakarmikas' Aadhaar details on website

praskrishna — 2017-06-06T14:27:27Z

The Bruhat Bengaluru Mahanagara Palike (BBMP) has published the Aadhaar details and other personal information of thousands of its pourakarmikas - civic workers who sweep streets and collect waste door-to-door.

This has angered activists who believe it could be misused. BBMP claims it was done to bring transparency in the city's solid waste management. The article by Bharat Joshi was published in the Economic Times on May 29, 2017.

The Aadhaar number, provident fund number, employee state insurance (ESIC) number and residential addresses of thousands of pourakarmikas are available ward-wise on the civic body's website. ET accessed as many as 4,215 Aadhaar numbers and 5,744 PF and ESI numbers of pourakarmikas from 58 wards. The number could be much higher across the city's 198 wards. An ESI number grants access to personal details of an employee on the esic.nic.in website, such as father's name and date of birth.

The city has over 30,000 pourakarmikas, most of them Dalit women and employed by contractors. The disclosure of their Aadhaar numbers comes at a time when the Modi administration's push for wider application of the unique identification number has triggered a nationwide debate on privacy.

"(Disclosure) happens because authorities don't read the law," Supreme Court advocate KV Dhananjay said. "There is every possibility of misuse, especially identity theft. What hackers do is they start aggregating such information because the Aadhaar is used as a platform for transfer of benefits. And with Aadhaar set to become the anchor for many things, the BBMP should immediately remove those details."

A recent report by city-based Centre for Internet and Society flagged four government agencies for publishing Aadhaar and other financial data. It blamed the Unique Identification Authority of India (UIDAI) for turning a blind eye to the lack of standards prescribed for how other agencies deal with data, such cases of massive public disclosure and "the myriad ways in which it could be used for mischief."

Earlier this month, UIDAI chief executive officer Ajay Bhushan Pandey wrote to chief secretaries of all states, reminding them that publishing an Aadhaar number is prohibited under Sections 29(2), 29(3) and 29(4) of the Aadhaar Act, 2016. "Our intention was not to cause anyone any harm," BBMP Joint Commissioner (solid waste management) Sarfaraz Khan said. The idea was to prevent contractors from taking payments against non-existent pourakarmikas. "We're also planning to make public details of which exact street a pourakarmika is working on."

He added that he would discuss the disclosure with the Commissioner, "If there is any violation, the Aadhaar numbers will be removed."

This points to the need for BBMP to have a policy on data and privacy, said Vinay K Sreenivasa of the Alternative Law Forum. "Of what use is an Aadhaar number to the BBMP? Names and photographs would have sufficed to ensure transparency."

ET Follow-up on Scare in Malleswaram
BBMP Joint Commissioner Sarfaraz Khan was unaware that publishing Aadhaar data is a punishable offence. However, the election wing of the BBMP has ordered a probe after ET reported how a certain Hanumantharaju, claiming to be a municipal official, collected Aadhaar details from residents of the Atma KT Apartment in Malleswaram.

Residents also filed a complaint with the Malleswaram police. "We called the man's mobile number but a woman picked up. Further investigation is underway and BBMP is also checking its records," a police officer said.

Residents also plan to submit a representation to Malleswaram MLA CN Ashwathnarayan. "We have taken this seriously and are awaiting a report from the Malleswaram BBMP revenue office," Assistant Commissioner (election) TR Shobha told ET.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-29-2017-bharat-joshi-bbmp-faces-ire-for-publishing-pourakarmikas-aadhaar-details-on-website

Battle for the Internet

praskrishna — 2011-04-01T15:28:19Z

In this article written by Latha Jishnu and published by Down to Earth, Issue: March 15 2011, the author reports about the events in the United States in the post WikiLeaks scenario.

As the Internet becomes the public square and the marketplace of our world, it is increasingly becoming a contested terrain. Its potential for diffusing knowledge and subverting the traditional channels of information is tremendous. So it is not surprising that governments, corporations and even seemingly innocuous social networking sites all want to control and influence the way the Internet operates. It’s easy to see why. Close to a third of humanity is linked to this system—and the dramatic growth in Internet usage over the past decade is set to explode in coming years. So is its commercial promise. Latha Jishnu looks at events in the US following the WikiLeaks exposé of its diplomatic cables, and in the hot spots of political turmoil across the world to understand the significance of the Internet in today’s interconnected world and the threats it faces. Arnab Pratim Dutta explains the technology used to block access to the Net.

An opposition supporter holds up a laptop showing images of celebrations in Cairo's Tahrir Square, after Egypt's President Hosni Mubarak resigned (Photo: Reuters)

Ideas and ideologies, images and reports of events, both minor and cataclysmic, fly on the Internet, swirling through cyberspace, gathering resonance, metamorphosing and touching millions of lives in different ways. Many of the ideas—and visuals—could be banal (as they very often are), some dangerous, others bringing promise of change. Some have the power to subvert, helping to stir and stoke the smouldering embers of political and social unrest as recent uprisings in north Africa, West Asia and Asia have shown. To many, the Internet is the rebel hero of our times, subverting conventional media and leaking news and information that governments would like to censor. Even a village in the remote reaches of Odisha’s Malkangiri district which may have no electricity is in some way linked to cyberspace through smart cell phones because mobile operators are increasingly turning Internet service providers (ISPs) and bringing the worldwide web to the conflict-ridden forests of central India.

It is about the power and reach of connection, unprecedented since people first began communicating with each other. The Internet, therefore, is turning into a conflict zone with everyone seeking control of it: governments, corporations and social networking sites, all of whom have different agendas. Social networks may seem innocuous but they are as much a hazard as the others to Internet freedom. Surveillance of “netizens” is becoming commonplace, whether in democracies or in totalitarian regimes, through a host of new laws and regulations ostensibly aimed at strengthening national security, cyber security or protecting business interests.

While most governments are seeking to filter and block specific content, in extreme cases, as in Egypt, the Net has been blacked out using what some experts say is the “kill switch” (see ‘The Egypt shutdown’). This could emerge as the biggest threat to the Internet since other regimes could be tempted to go the Egyptian way. Most governments, however, prefer not to use it, not even the censorship-obsessed Chinese and Saudi regimes because the Internet is also about business—commerce of increasing significance is being routed through its sinews. Take one small example: In January alone, Britons spent a whopping £5.1 billion online, recording a 21 per cent jump in e-commerce revenues over January 2010, according to the latest edition of the IMRG/CapGemini e-Retail Sales Index. It is the kind of figure that stops authorities from reaching for the kill switch.

In the case of China, e-commerce transactions hit 4.5 trillion yuan (US $682.16 billion) in 2010, up 22 per cent year-on-year, according to China e- Business Research Center and CNZZ Data Center. Of this, online B2B or business-to-business deals accounted for the bulk: 3.8 trillion yuan (US

Popular whistleblower website wikileaks.org was unavailable for some time in December 2010

$576.05 billion). And retail sales are expected to zoom, too, pretty soon with e-commerce websites selling directly to customers growing to more than 18,600 last year. Thanks to a dramatic spike in the rate of Net penetration and impressive growth of online business.

But the world has a long way to go before the Internet becomes ubiquitous or an all-encompassing global commons. Currently, just two billion people are linked to the system (see above: ‘Big picture’), which is less than a third of the world’s population. And the reach, as the chart shows, is rather patchy. India may be in the top five Internet user nations with a total of 81 million users but penetration is an abysmal 6.9 per cent, the worst in the list. Blame that on our pathetic education levels and poverty. China, however, is the undisputed leviathan with 420 million users in 2010—some estimates put the figure closer to 500 million now—who account for more than a fifth of the world’s Internet users. No other country’s growth in this sector matches China’s either in speed or drama.

This is one reason Washington frequently raises the issue of China’s policing of the Internet in different fora. The most recent was on February 15 when secretary of state Hillary Clinton made the second of her rousing speeches on safeguarding the Internet from all kinds of government interference. Speaking at George Washington University in Washington DC, Clinton pointed out that the attempts to control the Internet were rife across the world but singled China for repeated attacks.

“In China, the government censors content and redirects search requests to error pages. In Burma, independent news sites have been taken down with distributed denial of service (DDoS) attacks. In Cuba, the government is trying to create a national intranet, while not allowing their citizens to access the global internet. In Vietnam, bloggers who criticize the government are arrested and abused. In Iran, the authorities block opposition and media websites, target social media, and steal identifying information about their own people in order to hunt them down. These actions reflect a landscape that is complex and combustible, and sure to become more so in the coming years as billions of more people connect to the Internet.”

That seemed a fair assessment of the trends but the irony is that even as the secretary of state was speaking, the Department of Justice was seeking to enforce a court order to direct Twitter Inc, to provide the US government records of three individuals, including Birgitta Jonsdottir, a member of Iceland's Parliament who had been in touch with others about WikiLeaks and its founder Juan Assange last year when WikiLeaks released its huge cache of US diplomatic cables.

A commentary in China Daily noted with asperity: “The Assange case reveals such rhetoric is just so much hypocrisy. It is apparent that when Internet freedom conflicts with self-declared US national interests, or when Internet freedom exposes lies by the self-proclaimed open and transparent government, it immediately becomes a crime.”

The Assange case more than anything else has exposed how vulnerable the Net is to political meddling and control. In December last year, Amazon said it stopped hosting the WikiLeaks website because it “violated its terms of service” and not because the office of the Senate Homeland Security Committee chaired by Joe Lieberman had questioned Amazon about its relationship with WikiLeaks.

WikiLeaks had turned to Amazon to keep its site available after hackers tried to flood it and prevent users accessing the classified information. Few people were willing to credit Amazon’s feeble explanation for cutting off WikiLeaks and the general surmise was that Lieberman had put some kind of pressure on the webhosting platform. According to one analyst, the simple reason is that the US government is one of the company’s biggest clients. According to a press note issued by the company: “Government adoption of AWS (Amazon Web Services) grew significantly in 2010. Today we have nearly 20 government agencies leveraging AWS, and the US federal government continues to be one of our fastest growing customer segments.”

As Amazon abandoned WikiLeaks, Paypal, Visa and MasterCard had also dumped WikiLeaks. This set off a fullscale cyber war in which a fourth party made its presence felt: Hackers/ ‘hacktivists’ who unleashed operation payback for what they deemed unfair targeting of WikiLeaks and Assange. This involved a series of (DDOS) attacks on Paypal, MasterCard, Swiss Bank PostFinance and Lieberman’s website.

So while governments in many parts of the world block sites, jail or kill dissidents for expressing their views on the Net, threats to the freedom of the Internet come primarily from the paranoia that governments suffer and from badly crafted policies they implement to protect business and other interests.

US enforcement agencies shut down 84,000 sites, falsely accusing them of child pornography

The US, the ultimate symbol of liberal democracy, is no less uneasy about the power of the Internet. A slew of laws are making their way through the Senate, laws that will give the administration sweeping powers to seize domain names and shut down websites, even those outside its territory, and laws that strengthen the powers of the president in the time of a cyber emergency, including the use of a kill switch. In September, the US Senate introduced the Combating Online Infringement and Counterfeits Act, which would allow the government to create a blacklist of websites that are suspected to be infringing IP rights and to pressure or require all ISPs to block access to those sites. In these cases, no due process of law protects people before they are disconnected or their sites are blocked.

In India, in the wake of the terrorist attacks in Mumbai in November 2008, Parliament hastily passed amendments to the Information Technology Act, 2000, without any discussion in either House. The December 2008 amendments have some good points but they also allow increased online surveillance. Section 69A permits the Centre to “issue directions for blocking of public access to any information through any computer resource”, which means that the government can block any website.

Pranesh Prakash of the Bengalurubased Centre for Internet and Society notes that while necessity or expediency in terms of certain restricted interests is specified, no guidelines have been specified. “It has to be ensured that they are prescribed first, before any powers of censorship are granted to anybody,” said Prakash in an analysis of the amendments. “In India, it is clear that any law that gives unguided discretion to an administrative authority to exercise censorship is unreasonable.”

Civil rights activists say the section has broadened the scope of surveillance and that there are no legal or procedural safeguards to prevent violation of civil liberties.

As the battle for keeping the Internet is joined by netizens who are aware of the power of connection, governments, too, are ramping up command and control measures. Among the risks to an open, democratic Internet are the following:

Threat to universality

The basic design principle underlying the World Wide Web is universality, and, according to its founder Tim Berners-Lee, several threats are emerging. Among these are: cable companies that sell Internet connectivity wanting to limit their Net users to downloading only the company’s mix of entertainment and social networking sites (see ‘Hidden dangers of Facebook’).

Another is by pricing Net connectivity out of the reach of the poor and allowing differential pricing. Berners- Lee, warned at a recent London conference: “There are a lot of companies who would love to be able to limit what web pages you can see...the moment you let Net neutrality go, you lose the web as it is...You lose something essential—the fact that any innovator can dream up an idea and set up a website at some random place and let it just take off from word of mouth...”

Actions against piracy

The nub of such operations lies in the US Department of Homeland Security, whose Immigration and Customs Enforcement (ICE) and the Department of Justice (DoJ) have been seizing domains because they are suspected of hawking pirated goods. The first seizure was in November last year when 82 websites selling counterfeit goods ranging from handbags to golf clubs were taken out.

Last month, there was another raid on the Internet. According to TorrentFreak and other Internet monitoring sites, the two agencies wrongly shut down 84,000 websites that had not broken the law, falsely accusing them of child pornography crimes. After the mistake was identified, it took about three days for some of the websites to go live again. The domain provider, FreeDNS, was taken aback. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible,” it said.

Earlier, DoJ and ICE had seized the domain of the popular sports streaming and P2P download site Rojadirecta. What is shocking is that the site is based in Spain and is perfectly legal. Two courts in Spain have ruled that the site operates legally, and other than the .org domain the site has no links to the US.

Internet freedom could easily become the biggest casualty in the illconceived and poorly designed procedures adopted by developed countries— France, the UK, South Korea, Taiwan and New Zealand have similar laws—to protect intellectual property from counterfeiters and pirates, primarily at the behest of the film and music recording industries.

There are indications India may be planning to follow suit (see ‘India’s three-strikes policy’), although civil rights groups say it could amount to a form of deprivation of liberty.

Surveillance technology

The problem with the use of technology in keeping the Internet safe cuts both ways. With increasing number of cyber attacks on both official and public websites from an array of hackers and malware, governments are reaching for ever more sophisticated high-tech surveillance systems. For instance, computer systems of the US Congress and the executive branches are under attack an average of 1.8 billion times per month, according to a recent Senate report. The result: more spyware. One such is deep packet inspection technology. It is a tool that protects customers from rampant spam and virus traffic. Experts say the Internet could not survive without this technology and yet, it helps authorities to keep a close watch on what people are doing on the Net. In the US, ISPs are required to have this technology.

So what can be done? Keep close tabs on government involvement in the Internet and ensure that its intrusion in both the content and the engines of this system is kept to the minimum.

Read the original article written by Latha Jishnu in Down to Earth here

For more details visit https://cis-india.org/news/battle-internet

Banking Policy Guide

Kartik Chawla — 2015-01-22T14:54:57Z

To gain a practical perspective on the existing banking practices and policies in India in this project, an empirical study of five separate and diverse banks has been conducted. The forms, policy documents, and other relevant and available documents of these banks have been analysed in this project.

These documents were obtained from the websites of the respective banks, and wherever they were lacking, from the branches of the banks themselves. Attempts were made to obtain any information required for the project that was not available on the website or in the forms from the officers of the respective banks.

The State Banks of India (hereinafter ‘SBI’), Central Bank of India (hereinafter ‘CBI’), ICICI Bank (hereinafter ‘ICICI’), IndusInd Bank (hereinafter ‘IndusInd’) and Standard Chartered Bank (hereinafter ‘SCB’) are the banks chosen for this project. As mentioned, these banks have been chosen to ensure a diverse sample pool. SBI is an Indian public multinational bank, CBI is an Indian public bank and it is not multinational, ICICI is an Indian private and multinational bank, IndusInd is an Indian private bank which isn’t multinational, and SCB is a British bank operating in India.

The forms and other documents of each of the banks have been compared against a template of twenty nine questions created from the nine principles given in Justice A.P. Shah Group of Experts’ Report on Privacy.

The two services provided by these banks that have been analysed are Opening an Account and Taking out a Personal Loan. This comparison has been done keeping in mind the obligations of the banks under the Master Circular and the KYC Norms detailed in it, Code of Conduct, and the Rules under Section 43A of the IT Act. Attempts have been made to clarify the basis of the response as much as possible. An analysis of the obligations of the banks is present below, along with an explanation of the relevance of various parts of the two services that are analysed.

Click to download:

For more details visit https://cis-india.org/internet-governance/blog/banking-policy-guide

Banking on artificial intelligence: In hiring drive, Bots are calling the shots now

Anjali Venugopalan — 2019-07-02T05:38:26Z

Algorithms analyse expressions, tone to check for traits such as confidence, anger in video interviews.

The article by Anjali Venugopalan was published in Economic Times on June 4, 2019, Sunil Abraham was quoted. Also mirrored on ET Tech.com.

The future of hiring is already upon us. Algorithms are analysing people’s expressions and tone of voice to check for traits such as “confidence” and “happiness” during video interviews. The robotic video assessment software is then used to hire candidates — customer service operators and assistant vice presidents alike — though the process comes with its own set of problems.

Axis Bank used algorithm-based video interviews — along with aptitude tests — to hire around 2,000 customer service officers from a pool of more than 40,000 applicants this year, said Rajkamal Vempati, HR head of the private sector bank, adding it could standardise and scale up the process of hiring.

HR managers only gave offer letters, he said.

Nirmal Singh, CEO of Wheebox, a division of PeopleStrong which carried out the hiring, said it trained the face-indexing software — sourced from Microsoft — using around 50,000 candidates who had applied to Axis Bank in 2017. The software picked up emotional states such as “nervousness” and “happiness” based on eye movements, expressions and tone of voice and marked the candidates, Singh said. Scores from candidates who were shortlisted were used to come up with the “cutoff ” for these traits. Nirmal Singh, CEO of Wheebox, a division of PeopleStrong which carried out the hiring, said it trained the face-indexing software — sourced from Microsoft — using around50,000 candidates who had applied to Axis Bank in 2017. The software picked up emotional states such as “nervousness” and “happiness” based on eye movements,expressions and tone of voice and marked the candidates, Singh said. Scores from candidates who were shortlisted were used to come up with the “cutoff ” for these traits.

Insurance provider Bajaj Allianz has hired more than 1,600 people, including underwriters and assistant vice presidents, with the help of robotic video assessments that analysed behaviour, said Vikramjeet Singh, chief HR officer, adding it could help reduce human bias. Insurance provider Bajaj Allianz has hired more than 1,600 people, including underwriters and assistant vice presidents, with the help of robotic video assessments that analysedbehaviour, said Vikramjeet Singh, chief HR officer, adding it could help reduce human bias.

Concerns over Software's Biases

Talview, a Palo Alto-headquartered company with operations in Singapore and the United States, provided the assessment for the insurer.

The software, sourced from Microsoft and IBM, can analyse states such as “anger” and “happiness” from expressions, “confidence” from voice tone and traits like “ability to work ina team” and “decisiveness” from text analysis, according to Rajeev Menon, chief product officer, Talview.

Candidates may be able to beat questionnaires by giving expected answers to questions like “Can you work in a team?”, but video assessments pick up on subtleties in expression and vocabulary, and cannot be gamed, Menon said.Be that as it may, Amazon.com scrapped its artificial intelligence-based recruiting system after it found the AI system biased against women, according to an October 2018 report by Reuters.

The AI system was drawing on data from the past, where more men had made it into the company than women.“If you can fool a human, you can fool a computer,” said Sunil Abraham, executive director of Centre for Internet and Society.Recruitment algorithms could “homogenise the emotional economy” by forcing people to act a certain way, he said.

Since the software is based on expressions and tone of voice, it could disadvantage less expressive people, like those who are autistic, said Wheebox’s Singh.

Facial recognition by companies such as IBM, Microsoft and Amazon got the gender of a dark-skinned woman wrong one out of three times (20-35% error rate), a 2018 study by MIT researcher Joy Buolamwini found. For white males, the error was 0.8%.

Video Assessments

Facial recognition has nothing to do with video analytics, Wheebox’s Singh said. The two are, however, closely linked, said Animashree Anandkumar, professor of computing andmathematical science at California Institute of Technology.

She said such software was “deeply problematic”, as it could correlate wrong factors (likegender or skin colour) and show that as the cause for success. It is possible dark-skinned people would be disadvantaged, said Menon of Talview. Thecompany uses facial expression as just one input among many and gives it a low weightage, he said.The software they use is only 39% accurate, and will improve with more data, said and will improve with more data, said Ridhima Gauba, co-founder of Interview Air, a Navi Mumbai-based company that provides a similar service to companies and colleges.

Companies also say video assessments are a risky business.

Bajaj Allianz does not use video assessments for recruitments beyond middle management. It is “important to see a person physically” when hiring for senior positions, said Asha Sharma, manager (corporate HR) of Everest Industries.

The company, however, uses pre-recorded video interviews — where the computer asks questions — to hire juniors from campuses, she said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-anjali-venugopalan-june-4-2019-banking-on-artificial-intelligence

Bangalore-based NGO files RTI query asking list of websites blocked by Indian govt

praskrishna — 2011-05-23T08:39:58Z

The Centre for Internet & Society (CIS), a Bangalore-based NGO, recently filed an RTI query with the Department of Information Technology (DIT), asking for a list of websites blocked by the Indian government under the IT Act. This article by R Krishna was published in the Daily News & Analysis on May 18, 2011.

The department handed them a list of 11 websites. It was just one department’s list, but this was the first time such a list was being made public. "The information given was not comprehensive. For instance, we still don’t know who ordered these blocks," says Sunil Abraham, executive director, CIS, "We will file another RTI application to get those details out."

As of now, Indians enjoy considerably free access to information online, and the right to freedom of expression is protected by the Constitution. But you run into a veil of secrecy when trying to find out what sort of information is being blocked online, who is doing it, and for what reason. The list of 11 revealed by the DIT is only representative — no one can even guess the real number because, well, there is no way of knowing when a website gets blocked.

What is more disturbing is that the government has formulated a set of rules that can block content considered "disparaging", "harassing", or "blasphemous", besides a whole range of other labels that are vague and hence open to interpretation. The rules put the onus of removing such material on intermediaries such as ISPs (Internet service providers) and websites that host the content — within 36 hours of a complaint being filed. And just about anyone can request that the content be taken down — all they have to do is write a letter or an email with an electronic signature. There is no provision for the intermediary to challenge the complainant’s assessment of the content in question.

Users will be afraid

In other words, censorship will now be a free-for-all exercise. Protests, such as the one we saw during the Jan Lokpal agitation, can be nipped in the bud since anyone, including politicians, can claim that they are being "harassed". Information revealed by websites like WikiLeaks can be blocked because they may "threaten friendly relations with foreign states".

There is a sense of shock among the handful of netizens who are aware of these rules and the potential for their misuse. "What are we, Saudi Arabia? We don’t expect this from India. This is something very serious," Pushkar Raj, general secretary of the People’s Union for Civil Liberties, has been quoted as saying. MediaNama, a website reporting on the media industry, points out, "Who defines 'blasphemous'?... India doesn’t even have a blasphemy law, so who interprets what is blasphemous or not?" Media watchdog The Hoot’s Geeta Seshu says, "This is chilling. Websites will be wary of putting up content. How can one appeal? How can one have a free discussion on anything at all online?"

Vishal Anand, product manager at Burrp, an online startup that hosts user-generated reviews of restaurants, is worried about the impact it will have on the discussions happening on the website. "I hope the ecosystem is not impacted. Users may be more afraid to respond, and businesses will be afraid about the content they host."

Guilty until proven innocent

The fundamental issue is that the onus is on the carrier or host to prove that the content is inoffensive, if any objection is raised. "The regulation is placing the burden on the intermediary so that there is no need to go to court (to get content blocked). This is going to lead to a lot of private intervention. You will have to go to court to get the content back up online, rather than the other way around," says Delhi-based lawyer Apar Gupta.

In fact, intermediary liability is a contentious topic globally, and this is not the first time it has caused a controversy in India. Back in 2004, eBay India’s CEO Avinash Bajaj was arrested because a user tried to sell a pornographic CD on its website. This set off a furious debate on the issue, with the government finally agreeing to amend the IT Act. Gupta notes on his blog, "Even after the IT Act was amended, the government failed to make any rules… In the absence of rules, intermediaries continued to be dragged to court and to the police station. This includes a recent incident where an FIR was registered against Facebook."

Checks and balances exist

These developments lend credence to a recent report on Internet freedom released by US-based NGO Freedom House, which ranks India 14th out of the 37 countries surveyed. Stating that the Internet in India is only "partly free", the report notes, “Pressure on private intermediaries to remove certain information in compliance with administrative censorship orders has increased since late 2009, with the implementation of the amended IT Act.

The revised law grants (the government) the authority to block Internet material that is perceived to endanger public order or national security… and assigns up to seven years’ imprisonment for representatives of a wide range of private service providers… if they fail to comply with government blocking requests." What is even more troubling is that the current rules weren’t even in place when this report was being prepared.

The new rules could worsen India’s Internet freedom rankings. Responding to DNA, Sarah Cook, Asia research analyst and assistant editor, Freedom House, said, "We would have concerns over some of the rules and how they came about. This includes broad and vaguely worded censorship criteria, apparent initiation of the regulations "quietly" without significant consultation with key stakeholders, and absence of an appeals process for those who might disagree with censorship decisions."

Legal experts in India too are puzzled by the new restrictions when there are already reasonable restrictions on freedom of expression that the Constitution defines. "There are anti-defamation provisions in the law. Then why include 'disparaging' in the new rules? Why is impersonating being made illegal? For example, on online dating websites for gays, users may not feel comfortable revealing their identities straightaway. And if somebody is impersonating to commit fraud, there are laws that already exist that deal with it. Instead of incorporating existing offences, the scope of what may be considered illegal is being broadened," says CIS’s Abraham.

The new rules are so broad-based that anyone can claim they are offended and demand that content be taken down, even out of business rivalry.

For example, Zone-H.org, run by Italy-based Roberto Preatoni, was one of the 11 websites blocked by the Department of Information Technology. This was done after the Delhi High Court passed an ex-parte interim order (where the other party is not present) in the E2 Labs versus Zone-H case to block the website. "This seems unnecessary since it is some kind of private business battle between E2 Labs and Zone H. Where was the need for the Indian government to get involved?" asks Abraham.

Bangalore-based cyber law expert N Vijayashankar agrees. "Websites are being blocked using interim orders. There is no national interest involved in some of these cases. Plus, there is no need to block the entire website, just a particular page could be blocked."

In fact, one of the webpages blocked was an opinion piece Vijayashankar had written about the Zone-H case on BloggerNews.net. "I had no intimation that the webpage was being blocked," says Vijayashankar, who got to know about the blockage only after CIS published the DIT’s response.

Learn from the world

Globally, excessive regulation of online discussions, particularly those related to political and social issues, can kill the open exchange of information. "In many countries, we saw that new laws, prosecutions, or proactive government censorship contributed to greater self-censorship among users. This is particularly pernicious when it affects discussions that relate to public interest or that affect people’s well-being — such as an Indonesian housewife facing high fines for circulating critical comments about a local hospital, the Chinese authorities censoring content on torture in police custody, or the Korean government prosecuting a blogger who posted pessimistic predictions about the country’s economy," says Cook. Cook acknowledges that balancing the right to freedom of expression against security threats, hate speech or child pornography is quite difficult — even for nations that rank high in their study. But there are a few best practices that India could learn from.

"Examples of good practices would include no criminal defamation provisions (though criminal penalties for inciting violence would be appropriate), immunity for online content providers from being held liable for the information posted by their users (there is such a law in the United States), and multi-stakeholder consultations prior to the passing of regulations related to the Internet/digital media."

The new rules India has come up with fly in the face of such best practices. Authorities and netizens alike should be on the guard, lest we go the China way.

Read the original published by DNA here

For more details visit https://cis-india.org/news/rti-query-filed

Bangalore's new champions for culture

praskrishna — 2012-09-07T08:59:59Z

The hundred and ninth imprint of TimeOut Bengaluru edition is dedicated to a group of people who TimeOut believes are playing critical roles in determining the cultural contours of this city, and are the new champions for the arts and culture in Bangalore. Lawrence Liang, founder of Alternative Law Forum is one of them.

Click to read the original published by TimeOut Bengaluru on August 31, 2012.

For more details visit https://cis-india.org/news/timeout-bengaluru-bangalore-beat-bangalores-new-champions-for-culture

Bangalore CryptoParty!

praskrishna — 2013-01-06T13:47:02Z

Care about your privacy and online security? Want to fight against pervasive governmental surveillance and corporate invasions of privacy? The Centre for Internet & Society invites you to the CryptoParty tonight (Friday) at 6.00 p.m. Make sure to bring friends (and your laptop and smart phones)!

We will discuss, install and use digital security and privacy tools and practices.

Hosts

Thejesh GN
Kaustubh Srikanth
Pranesh Prakash

Details

We Will Provide

Food and drinks: Snacks - Samosas + Kachoris + Biscuits + Tea + Soft Drinks
Software: Security-in-a-box toolkits + Ubuntu Live USBs + software + internet connection
Expertise: Kaustubh Srikanth + Thejesh GN + Pranesh Prakash

You need to bring

Your own laptop (highly recommended)
Desire to learn about secure and private communications and storage (mandatory! :D)
Expertise, to share with others (if possible)

Intro

(20 mins)

Privacy vs. convenience
Importance of Free and Open Source Software and Open Standards
Basics of Passwords

Choosing secure passwords

Dropbox Register Page

Storing comes later
2FA - Google Authenticator

Securing online Identities

Show and tell

Browsing (45 mins)
(5 mins)

Firefox (multiple platforms) / offline

(15 mins):

AdBlockPlus
RequestPolicy
HTTPSEverywhere
Ghostery / DoNotTrackMe
Noscript

(5 mins)

Anti-Google Surveillance

DuckDuckGo
GoogleSharing

(10 mins)

Password management

Keepass + Password Safe
Cloud Services

LastPass
Keepass + Dropbox

Email + IM (1 hour)
(10 mins)

Thunderbird (multiple platforms) / available offline

Enigmail

(30 mins)

GPG4Win + GPGTools / offline
Seahorse (on Ubuntu Fresh Install)
Enigmail + Key Management (Kaustubh)
Key-signing party!

(15 mins)

Instant Messaging with OTR

Pidgin + Adium / offline
OTR / offline

Tell (27 mins)
(5 mins)

Tor (Pranesh)

(5 mins)

VPNs and SSH tunnel

RiseUp (Kaustubh)
SSH tunneling using AWS / RackSpace (Thej)

(12 mins)

Mobiles

APG + K9 (Pranesh)
WhisperCore (Kaustubh mentions)
Text Secure (Thej)
Gibbberbot (Pranesh)

(3 mins)

Full-disk encryption

Ubuntu (Pranesh demoes quickly)
BitLocker
TrueCrypt

(2 mins)

Virtual machines

VirtualBox (Kaustubh demoes quickly)

For more details visit https://cis-india.org/internet-governance/events/bangalore-crypto-party

Bangalore Chapter Meet of DSCI

sunil — 2015-09-09T01:40:56Z

The Centre for Internet & Society (CIS) will host the Bangalore Chapter Meeting of Data Security Council of India (DSCI) on September 26, 2015 at its Bangalore office in Domlur. The event will be held from 2.30 p.m. to 5.30 p.m.

After the Nasscom cyber security task force meeting held at Wipro in June, followed by DSCI Best Practices meet in July, we now have the next chapter meeting at CIS.

Speakers

The first speaker will be Melissa Hathaway, Commissioner, Global Commission for Internet Governance. She is an internationally distinguished cyber security expert and has worked as cyber security adviser in two US Presidential Administrations, and is the former acting Senior Director for cyberspace at the National Security Council in the US. The topic she will be speaking on is "Connected Choices".

The second speaker will be Sunil Abraham, Executive Director, CIS (Center for internet & Society). Sunil is a renowned thought leader when it comes to internet governance, cyber space & its interface with civil society and actively contributes to DSCI and other forums. He will be presenting on "Anonymity in Cyberspace" - the SIG that he led over last 8 months along with a diverse group of members from the industry in Bangalore.

Agenda

Time	Topic
2.30 p.m. - 2.45 p.m.	Recent Developments and Updates from DSCI
2.45 p.m. - 4.00 p.m.	Srinivas P. (Anchor): DSCI Bangalore Chapter
4.00 p.m. - 5.00 p.m.	Melissa Hathaway: Connected Choices
5.00 p.m. - 5.30 p.m.	Sunil Abraham: Anonymity in Cyberspace

This will be followed by High Tea & Networking.

For participation, please send your email confirmation to Rajesh of Infosys at Rajesh_K18@infosys.com

Since seats are limited, the participation will be restricted to first 50 confirmations. We had to organize it on a Saturday, due to Melissa’s availability – I’m sure many of you who know about her as expert security speaker, will not see weekend as a constraint to attend. Look forward to meeting you at CIS.

For more details visit https://cis-india.org/internet-governance/events/bangalore-chapter-meet-of-dsci-september-26-2015

Bangalore Chapter Meet - DSCI

praskrishna — 2015-11-22T12:10:16Z

The Centre for Internet & Society (CIS) is glad to host the Bangalore Chapter Meet of DSCI on Tuesday, December 1, 2015, from 2.30 p.m. to 5.30 p.m.

Pronab Mohanty, Inspector General of Police, will give a talk on Cybercrimes. Given his rich experience in handling cyber-crimes, participants are expected to immensely benefit from his talk. Sunil Abraham, Executive Director, CIS will present the outcome of his SIG, the study period for which got recently concluded after about six months of in-depth study - "Anonymity in Cyberspace" - a topic that touches our daily lives when we browse internet. The session will also include developments from the recent Jaipur International ISO Conference.

Agenda

Time	Detail
2.30 3.00	Recent developments, updates from DSCI and SIGs: P. Srinivas
3.00 4.00	Anonymity in Cyberspace: Sunil Abraham, Executive Director, CIS
4.00 5.00	Talk on Cybercrimes: Pronab Mohanty, Inspector General of Police, Karnataka
5.00 5.30	High Tea and Networking

Since seats are limited, the participation will be restricted to first 50 confirmations. Please rush your email confirmation to Rajesh_K18@infosys.com

For more details visit https://cis-india.org/internet-governance/events/bangalore-chapter-meet-dsci

Bangalore + Social Good

praskrishna — 2013-09-25T07:43:58Z

In conjunction with The Social Good Summit held in New York City on September 22 - 24, Ashoka India, IDEX + Green Lungi are partnering to host the Bangalore + Sustainability event! The Social Good Summit aims to explore creative ways that technology can be leveraged for positive social change. Green Lungi in collaboration with IDEX and Ashoka is holding the event at CIS, Bangalore on September 21.

Sharath Chandra Ram, a researcher at CIS is one of the panelists. A brief abstract of his talk is given below:

"Are digital networked technologies adopted or used in the same way globally across all communities? Were social networks and apps across Twitter or Facebook really that pivotal in the mass citizen uprisings of the recent past? In this session, we shall see how it is essential to consider cultural specificities while designing technological interventions. Furthermore, I shall discuss how an effective strategy for citizen activism is not that which relies solely on virtual networks, but one that bridges networks, across different mediums, to engage offline citizens as much as the online. There will be a few live demonstrations of solutions we developed at the Centre for Internet and Society which embrace openness in pervasive technologies that enable us to bridge this crucial trans-medial interface."

The Bangalore + Sustainability event will focus on devising creative applications of technologies to confront sustainability challenges. We believe that young people have the power to affect change, and its time that we provide them with more opportunities to solve the challenges they see around them. This event is a first step in the direction of developing these problem-solving skills in our young people. Through an innovative Make-a-thon format, participants will engage in developing creative tech-based solutions to everyday challenges like road safety, waste management, water management, improving green cover and safer spaces for women.

Event Format and Details

1:45 - 2:00 -- Registration + Welcome

2:00 - 2:45 -- Panel Discussion + Q&A

Panelists will give a brief talk (5 - 7 minutes), posing questions for participants to consider around the intersection of technology + behavioral change + sustainability + youth engagement. A panelist from each of these sectors will set the context for the Jam to follow:

Sustainability
Communications/Design
Technology
Young Changemakers

Click to download the event brochure for details on the panelists/speakers

For more details visit https://cis-india.org/internet-governance/events/bangalore-social-good

Ban on pornography temporary, says government

pranesh — 2015-09-13T08:46:24Z

The government has taken a dramatic U-turn from its stated position on internet pornography.

The article was published in Business Standard on August 4, 2015. Pranesh Prakash has been quoted.

A year after conveying to the Supreme Court that a blanket ban on internet pornography was not possible, through the department of electronics and information technology, it has asked internet providers to disable 857 websites that carry adult content. A senior official from the department of telecommunications (DoT) said the ban was a temporary measure, till the final order is announced by the apex court on August 10.

The government is looking at setting up an ombudsman to oversee cyber content, which will have representatives from NGOs, child activists and the government. The DoT official said, “There has to be some kind of regulatory oversight away from the government intervention… An ombudsman might be set up for overseeing cyber related content issues.”

The genesis of the current notification lies in the public interest litigation (PIL) filed by advocate Vijay Panjwani in April 2013. The PIL has sought curbs on these websites on the internet, especially the ones showing child pornography. The senior DoT official conveyed that the blocking of 857 websites was in compliance with the SC directive asking for measures to block porn sites, particularly those dealing with child pornography.

The July 31 notification from DoT has advised internet service licensees to disable content on 857 websites, as the content "hosted on these websites relates to morality and decency as given in Article 19(2) of the Constitution of India". The government had stated last year that it was not technologically feasible to monitor such contents as it would require physical intervention, which would impact data speeds.

In December 2014, the government had approached telecom providers and internet service providers to help identify such sites, but the service providers did not cooperate. Consequently, the government has gone ahead and identified 857 websites. However, the government has not given any detail as what was the criterion to identify such websites.

Pranesh Prakash, policy director at the Centre for Internet and Society, says DoT has used the provision of 79 (3) (b) of the IT Act, which is a convoluted Section that the intermediatory (ISPs) may lose protection from liability. This section is very convulated, the provisions for website blocking does not allow blocking porn. In section 69 (a), the entire procedure is that it allows an opportunity for the blocked website to be heard. “I can't comment on the reasons that the government for doing this. I know the order says the ban relates to morality, decency," adds Prakash.

Last year, the government took a position that said blocking these websites was not feasible, given that these sites are hosted outside India. In case of any ban, these sites can be relocated within hours to bypass it. Pavan Duggal, an advocate who specialises in cyber laws, has called the disablement 'cosmetic,' as it will not have the requisite deterrent effect. Duggal says: "This is a lost battle from the word go, as it is impossible to disable access permanently."

Watching such content in India is currently not an offence and, thus, the government is invoking “morality and decency” while seeking a curb on a fundamental right — Freedom of Speech & Expression. Under Article 19 (2) of the Constitution, the state can curb a fundamental right in order to maintain public order, decency or morality.

TO BAN OR NOT TO BAN

2013

Advocate Vijay Panjwani & Kamlesh Vaswani file PIL seeking curbs on internet pornography

Aug 2014

Supreme Court bench under Chief Justice R M Lodha agreed with the PIL and sought strict laws to curb online content

8 Jul 2015

Chief Justice of India H L Dattu upholds personal liberty and refuses to pass an interim order. Asks government to take a stand on the issue
CJI, heading a three-judge Bench, asks government to a detailed affidavit within four weeks

Jul 31

DoT sends notification seeking ban on 857 websites
Currently, there are no laws banning internet pornography in India, other than those related to children
Government’s stated position has been that it is difficult to curb online content

For more details visit https://cis-india.org/internet-governance/news/business-standard-august-4-2015-ban-on-pornography-temporary-says-government

Bali meet to discuss Internet governance issues

praskrishna — 2013-10-23T08:29:23Z

Four-day event hosted by Internet Governance Forum to also discuss Internet access and diversity, privacy, security.

This article by Moulishree Srivastava was published in Livemint on October 22, 2013. Sunil Abraham is quoted.

Representatives of governments around the world, technology executives and activists will discuss issues such as Internet access and diversity, privacy, security, inter-governmental corporation, and Internet governance at a four-day event hosted by the Internet Governance Forum (IGF) that begins on Tuesday in Bali, Indonesia.

J. Satyanarayana, secretary, ministry of communications and information technology, confirmed India’s participation in the forum and said the country would be represented by Dr Govind, a senior director and head of department, e-infrastructure and Internet governance division, department of information technology.

“We will also be taking part in a working group on Internet governance and enhanced cooperation, which will be convened by the United Nations Commission on Science and Technology for Development in November,” said Satyanarayana.

“IGF is a valuable learning forum wherein different stakeholders can discuss Internet governance policy issues without any antagonism. Other fora for Internet policy like ICANN, WIPO (World Intellectual Property Organization), ITU (International Telecommunication Union), etc., are places where international law and policy are developed, and do not allow for such learning because negotiations are always very acrimonious. Since IGF is only meant for learning, it does not directly address the global policy vacuum that exists for cyber crime, data protection and privacy,” said Sunil Abraham, executive director of Bangalore-based Centre for Internet and Society, who will be participating in the Bali event.

“Indian government, private sector, civil society, technical and academic community can become more competent and effective through such a dialogue in other multilateral and multi-stakeholder fora where international Internet standards, policies and laws are formulated. It also helps the stakeholders contribute to the development of internationally interoperable domestic policy,” he added.

In 2006, the UN secretary general established a small secretariat in Geneva to assist him in the convening of IGF. The first meeting was convened in October-November 2006 in Athens. In December 2010, IGF’s mandate was extended for five years.

In its eighth edition, IGF will have detailed discussions on issues such as free flow of information on the Internet, regulatory approaches to privacy, and protection of interests of individuals and communities in cyberspace, Internet surveillance and legal framework for cyber crime, said the forum in a statement on its website.

During the four-event, for instance, one of the workshops “will explore what core principles and strategies are needed to achieve a balanced and fair approach to data protection that is effective internationally and regionally”, according to IGF.

Some of the prominent speakers in the event include Jari Arkko, chairman, Internet Engineering Task Force, Finland; Virat Bhatia, president, South Asia, AT&T Inc.; Chris Painter, coordinator for cyber issues, US department of state; Karen Mulberry, policy adviser, Internet Society; and Matthew Shears, director of Internet policy and human rights, Center for Democracy and Technology.

According to industry estimates, over 2.5 billion Internet users interact in shared cross-border online spaces where they can post content potentially accessible worldwide.

“No clear frameworks exist yet to handle the tensions between these competing normative orders or values and enable peaceful cohabitation in cross-border cyberspace. This challenge constitutes a rare issue of common concern for all stakeholder groups,” said IGF on its website.

According to a UN estimate, nearly 40% of the world’s population will be online by the end of 2013. “The Internet has become an essential tool for the creation of jobs and the delivery of basic public services,” said the UN undersecretary-general for economic and social affairs, Wu Hungbo, in a statement, adding that it is also essential “for improving access to knowledge and education, for empowering women, for enhancing transparency, and for giving marginalized populations a voice in decision-making processes”.

For more details visit https://cis-india.org/news/livemint-moulishree-srivastava-october-22-2013-bali-meet-to-discuss-internet-governance-issues

Balancing vigilance and privacy

praskrishna — 2013-09-05T10:53:28Z

As the government steps up its surveillance capabilities, the entire social contract between the state and citizens is being reformulated, with worrying consequences.

This article by Prashant Jha was published in the Hindu on August 18, 2013. Pranesh Prakash is quoted.

The Indian state is arming itself with both technological capabilities and the institutional framework to track the lives of citizens in an unprecedented manner.

A new Centralised Monitoring System (CMS) is in the offing, which would build on the already existing mechanisms. As The Hindu reported on June 21, this would allow the government to access in real-time any mobile and fixed line conversation, SMS, fax, website visit, social media usage, Internet search and email, and will have ‘unmatched capabilities of deep search surveillance and monitoring’.

Civil society groups and citizens expressed concern about the government’s actions, plans, and intent at a discussion organised by the Foundation for Media Professionals, on Saturday.

The context

Usha Ramanathan, a widely respected legal scholar, pointed to the larger political context which had permitted this form of surveillance. It stemmed, she argued, from a misunderstanding of the notion of sovereignty. “It is not the government, but the people who are sovereign.” Laws and the Constitution are about limiting the power of the state, but while people were being subjected to these restrictions, the government itself had found ways to remain above it – either by not having laws, or having ineffective regulators. States knew the kind of power they exercised over citizens, with the result that ‘impunity had grown’.

“There is also a complete breakdown of the criminal justice system,” Ms Ramanathan said. This had resulted in a reliance on extra-judicial methods of investigation, and ‘scape-goating’ had become the norm. ‘National security’ had been emphasised, re-emphasised, and projected as the central goal. “We haven’t paused to ask what this means, and the extent to which we have been asked to give up personal security for the sake of national security.” It was in this backdrop that technology had advanced by leaps, and made extensive surveillance possible.

The implications are enormous. The data is often used for purposes it is not meant for, including political vendetta, keeping track of rivals, corporates, and digging out facts about a citizen when he may have antagonised those in power.

Pranesh Prakash, director of the Centre of Internet and Society (CIS) looked back at the killing of Haren Pandya, the senior Bharatiya Janata Party (BJP) leader in Gujarat. Mr Pandya was using the SIM card of a friend, and it was by tracking the SIM, and through it his location, that the Gujarat government got to know that Mr Pandya had deposed before a commission and indicted the administration for its role in the riots. Eventually, he was found murdered outside a park in Ahmedabad. The Gujarat Police had accessed call details of 90,000 phones.

It is also not clear whether mining this kind of data has been effective for the national security purposes, which provide the reason for doing it in the first place. Saikat Datta, resident editor of Daily News and Analysis, and an expert on India’s intelligence apparatus, said a core problem was the absence of any auditing and over sight. “There needs to be a constant review of the number of calls, emails under surveillance, with questions about whether it is yielding results. But this does not happen, probably because a majority is not for counter-terrorism. There would be trouble if you build accountability mechanisms.” When he sought information under RTI around precisely such issues, he was denied information on the grounds that it would strengthen ‘enemies of the state’.

Anja Kovacs, who works with the Internet Democracy Project, said this form of “mass surveillance” criminalised everybody since it was based on the assumption that each citizen was a “potential criminal”. She also pointed out that having “more information” did not necessarily mean it was easier to address security threats – there was intelligence preceding the Mumbai attacks, but it was not acted upon. She added, “Most incidents have been resolved by traditional intelligence. Investing in agencies, training them better could be more effective.”

Bring in the caveats

Few argue that the state is not entitled to exercise surveillance at all. In fact, a social contract underpins democratic states. Citizens agree to subject some of their rights to restrictions, and vest the state with the monopoly over instruments and use of violence. In turn, the state – acting within a set of legal principles; being accountable to citizens; and renewing its popular legitimacy through different measures, including elections – provides order and performs a range of developmental functions.

This framework, citizens and civil liberty groups worry, is under threat with governments appropriating and usurping authority to conduct unprecedented surveillance. Citizen groups, technology and privacy experts came together globally to draft the International Principles on the Application of Human Rights to Communication Surveillance.

It prescribed that any restriction to privacy through surveillance must be ‘legal’; it must be for a ‘legitimate aim’; it must be ‘strictly and demonstrably necessary’; it must be preceded by showing to an established authority that other ‘less invasive investigative techniques’ have been used; it must follow ‘due process’; decisions must be taken by a ‘competent judicial authority’; there must be ‘public oversight’ mechanisms; and ‘integrity of communications and systems’ should be maintained. (Full text available on www.necessaryandproportionate.org)Mr Prakash of CIS, which has done extensive work on surveillance and privacy issues, said, “An additional principle must be collection limitation or data minimisation.” Giving the instance of Indian Railways seeking the date of birth from a customer booking a ticket, Mr Prakash said this was not information which was necessary. But it could be used by hackers and many other agencies to access an individual’s private transactions in other areas. The UPA government is finalising a privacy Bill, but its final version is not yet public, and it is not clear how far the government would go in protecting citizen rights.

For more details visit https://cis-india.org/news/the-hindu-august-19-2013-prashant-jha-balancing-vigilance-and-privacy

Ayodhya trending on Twitter sparks censorship concerns

praskrishna — 2012-12-12T10:38:01Z

On the 20th anniversary of the Babri Masjid demolition, the ShauryaDiwas, Ayodhya and Babri Masjid hashtags were trending on Twitter all day, with almost 2,500 messages sent over 48 hours.

Surabhi Agarwal's article was published in LiveMint on December 6, 2012. Sunil Abraham is quoted.

The tag ShauryaDiwas was used by supporters of the demolition and was used in half the total number of tweets.

Experts said the public display of extreme views on a social networking platform has the potential to create social unrest, leaving the government with few options but to regulate content, in turn fuelling the Internet censorship debate further.

A senior government official said that in a situation in which there are serious national security implications, the government has no option but to "block content" in order to stop communal sentiment from flaring up.

According to social web analytics firm Social Hues, the tweets reached an audience of 456,000 followers. However, according to Vinita Ananth, chief executive of Social Hues, there were also messages that "condemned the call for ShauryaDiwas” tagging it ShameDiwas. "New platforms like Twitter are providing real-time feedback on public sentiment, which is unprecedented."

Ashis Nandy, political and social analyst, said that even though very few Indians are on platforms such as Twitter, communications over them give a hint of what a certain section of the society is thinking about.

"It is a small representation of the middle class, which is driven by ideology and some of the people with extreme opinions may also belong to this group, so perhaps it could have some security implications," he said.

Fringe groups such as those above tend to take extreme positions to get attention, said Sunil Abraham, executive director of Bangalore-based research organization, the Centre for Internet and Society.

Having learnt their lessons after the recent Assam-related panic, intelligence agencies are now keeping a close watch on the Internet, another government official said.

"If necessary, posts will be removed through legitimate ways," the official said, adding that a debate was underway about how to strike a balance between freedom of speech and the lawful requirement of agencies. "Mischief by a few people creates nuisance in society. The government is now looking for ways through which it can regionally block or remove inflammatory tweets. We don’t want to curb freedom of speech and the government doesn’t have any such intentions either," the official said.

Hate messages on social media had sparked a panic exodus of people from the north-east from cities such as Bangalore, Pune and Chennai in August.

For more details visit https://cis-india.org/news/livemint-december-6-2012-surabhi-agarwal-ayodhya-trending-on-twitter-sparks-censorship-concerns

Automated Facial Recognition Systems and the Mosaic Theory of Privacy: The Way Forward

Arindrajit Basu, Siddharth Sonkar — 2020-01-02T14:12:38Z

Arindrajit Basu and Siddharth Sonkar have co-written this blog as the third of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems?

The Mosaic Theory of Privacy

Whether the data collected by the AFRS should be treated similar to face photographs taken for the purposes of ABBA is not clear in the absence of judicial opinion. The AFRS would ordinarily collect significantly more data than facial photographs during authentication. This can be explained with the help of the mosaic theory of privacy.

The mosaic theory of privacy suggests that data collected for long durations of an individual can be qualitatively different from single instances of observation. It argues that aggregating data from different instances can create a picture of an individual which affects her reasonable expectation of privacy. This is because a mere slice of information reveals a lot less if the same is contextualised in a broad pattern — a mosaic.

The mosaic theory of privacy does not find explicit reference in Puttaswamy II. The petitioners had argued that seeding of Aadhaar data into existing databases would bridge information across silos so as to make real time surveillance possible. This is because information when integrated from different silos becomes more than the sum of its parts.

The Court, however, dismissed this argument, accepting UIDAI’s submission that the data collected remains in different silos and merging is not permitted within the Aadhaar framework. Therefore, the Court did not examine whether it is constitutionally permissible to integrate data from different silos; it simply rejected the possibility of surveillance as a result of Aadhaar authentication.

Jurisprudence in other jurisdictions is more advanced. In United States v. Jones, the United States Supreme Court had observed that the insertion of a global positioning system into Antoine Jones’ Jeep in the absence of a warrant and without his consent invaded his privacy, entitling him to Fourth Amendment Protection. In this case, the movement of Jones’ vehicle was monitored for a period of twenty-eight days. Five concurring opinions in Jones acknowledges that aggregated and extensive surveillance is capable of violating the reasonable expectation of privacy irrespective of whether or not surveillance has taken place in public.

The Court distinguished between prolonged surveillance and short term surveillance. Surveillance in the short run does not reveal what a person repeatedly does, as opposed to sustained surveillance which can reveal significantly more about a person. The Court takes the example of how a sequence of trips to a bar, a bookie, a gym or a church can tell a lot more about a person than the story of any single visit viewed in isolation.

Most recently, in Carpenter v. United States, the Supreme Court of the United States held that the collection of historical cell data by the government exposes the physical movements of an individual to potential surveillance, and an individual holds a reasonable expectation of privacy against such collection. The Court admitted that historical-cell site information allows the government to go back in time in order to retract the exact whereabouts of a person.

Judicial decisions have not addressed specifically whether facial recognition through law enforcement constitutes a search under the Fourth Amendment or a “mere visual observation”.

The common thread linking CCTV footages and cellular data is the unique ability to track the movement of an individual from one place to another, enabling extreme forms of surveillance. It is perhaps this crucial link that would make ARFS-enabled CCTVs prejudicial to individual privacy.

The mosaic theory as understood in Carpenter helps one understand the extent to which an AFRS can augment the capacities of law enforcement in India. This in turn can help in understanding whether it is constitutionally permissible to install such systems across the country.

AFRS enabled-CCTV footages from different CCTVs. if viewed in conjunction could reveal a sequence of movements of an individual, enabling long-term surveillance of a nature that is qualitatively distinct from isolated observances observed across unrelated CCTV footages.

Subsequent to Carpenter, federal district courts in the United States have declined to apply Carpenter to video surveillance cases since the judgement did not “call into question conventional surveillance techniques and tools, such as security cameras.”

The extent of processing that an AFRS-enabled CCTV exposes an individual to would be significantly greater. This is because every time an individual is in the zone of a AFRS-enabled CCTV, the facial image will be compared to a common database. Snippets from different CCTVs capturing the individual’s physical presence in two different locations may not be meaningful per se. When observed together, the AFRS will make it possible to identify the individual’s movement from one place to another.

For instance, the AFRS will be able to identify the person when they are on Street A at a particular time and when they are Street B in the immediately subsequent hour recorded by respective CCTV cameras, indicating the person’s physical movement from A to B. While a CCTV camera only records movement of an individual in video format, AFRS translates that digital information into individualised data with the help of a comparison of facial features with a pre-existing database.

Through data aggregation, which appears to be the aim of the Indian government in their tender that links three databases, it is apparent that the right to privacy is in danger. Yet, at present, there does not exist any case law or legislation that can render such efforts illegal at this juncture.

Conclusions and The Way Forward

Despite a lack of judicial recognition of the potential unconstitutionality of deploying AFRS, it is clear that the introduction of these systems pose a clear and present danger to civil rights and human dignity. Algorithmic surveillance alters a human being’s life in ways that even the subject of this surveillance cannot fully comprehend. As an individual’s data is manipulated and aggregated to derive a pattern about that individual’s world, the individual or his data no longer exists for itselfbut are massaged into various categories.

Louis Amoore terms this a ‘data-derivative’, which is an abstract conglomeration of data that continuously shapes our futures without us having a say in their framing. The branding of an individual as a criminal and then aggregating their data causes emotional distress as individuals move about in fear of the state gaze and their association with activities that are branded as potentially dangerous — thereby suppressing a right to dissent — as exemplified by their use reported use during the recent protests in Hong Kong.

Case law both in India and abroad has clearly suggested that a right to privacy is contextual and is not surrendered merely because an individual is in a public place. However, the jurisprudence protecting public photography or videography under the umbrella of privacy remains less clear globally and non-existent in India.

The mosaic theory of privacy is useful in this regard as it prevents mass ‘data-veillance’ of individual behaviour and accurately identifies the unique power that the volume, velocity and variety of Big Data provides to the state. Therefore, it is imperative that the judiciary recognise safeguards from data aggregation as an essential component of a reasonable expectation of privacy. At the same time, legislation could also provide the required safeguards.

In the US, Senators Coons and Lee recently introduced a draft Bill titled ‘The Facial Recognition Technology Warrant Act of 2019’. The Bill aims to impose reasonable restrictions on the use of facial recognition technology by law enforcement. The Bill creates safeguards against sustained tracking of physical movements of an individual in public spaces. The Bill terms such tracking ‘ongoing surveillance’ when it occurs for over a period of 72 hours in real time or through application of technology to historical records. The Bill requires that ongoing surveillance only be conducted for law enforcement purposes and in pursuance of a Court Order (unless it is impractical to do so).

While the Bill has its textual problems, it is definitely worth considering as a model going forward and ensure that AFR systems are deployed in line with a rights-respecting reading of a reasonable expectation of privacy. Parsheera suggests that the legislation should narrow tailoring of the objects and purposes for deployment of AFRS, restrictions on the person whose images may be scanned from the databases, judicial approval for its use on a case by case basis and effective mechanisms of oversight, analysis and verification.

Appropriate legal intervention is crucial. A failure to implement this effectively jeopardizes the expression of our true selves and the core tenets of our democracy.

For more details visit https://cis-india.org/internet-governance/automated-facial-recognition-systems-and-the-mosaic-theory-of-privacy-the-way-forward