We are anonymous, we are legion

Tough neighbourhood tests India's e-tolerance

praskrishna — 2011-06-15T10:51:48Z

The combination of having restrictive neighbours as well as security threats could make freedom on the web in India a casualty, writes Anahita Mukherji in this article published by the Times of India on June 12, 2011.

While Indians have enjoyed relatively free cyberspace, growing security threats have resulted in new laws that may tighten the screws on India's freedom on the web. This is one of the findings of a global report titled Freedom on the Net 2011.

There is a widespread fear that the lack of internet freedom in neighbouring countries, like China and Pakistan, may adversely impact India. "If restrictions are placed in certain countries, information links get weakened. Also, governments tend to copy moves of other countries when it comes to a restriction of freedom on the net," said Ketan Tanna, the India researcher for the report.

However, Sarah Cook, Asian research analyst and assistant editor for Freedom on the Net, said that while India may be in a tough neighborhood, it is also possible to seek out the "best practices from countries further afield, or even design its own, and not follow the 'worst practices' from the countries next door".

"It is ultimately up to the Indian government and people to decide how adversely they let being in a tough neighborhood impact internet freedom. It is true that there are objective threats that India faces. All of these can be used as justifications for why the government should be given wide authority to block certain content or monitor internet traffic. But in a democratic society, such needs must be balanced against citizens' rights to free expression and privacy. Ensuring transparency, accountability and legal specificity in any measures taken to restrict the free flow of information is an important way of balancing those factors," said Cook in an email interview with TOI.

Recent regulations have given the government more freedom to censor content. In 2008, Parliament passed amendments to the IT Act, which came into effect in 2009 and have expanded the government's monitoring capabilities. Two months ago, the government enforced another set of guidelines on internet usage. They make it mandatory for intermediaries (ISPs, websites, blogs etc) to notify users not to publish or use information that could be harmful, defamatory or cause annoyance in any way. If an intermediary is informed of such information by the government, it has to block it within 36 hours.

According to the new rules, content that "threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states or public order" is entitled to a ban.

An RTI activist from The Centre for Internet and Society managed to get a list of 11 officially banned websites in India in April 2011.

Nikhil Pahwa, the founder editor of Medianama, a digital media portal, feels the new guidelines could result in a further slide in India's rank.

Read the original published in the Times of India here

For more details visit https://cis-india.org/news/india-e-tolerance

Too Clever By Half: Strengthening India’s Smart Cities Plan with Human Rights Protection

vanya — 2016-03-22T13:49:32Z

The data involved in planning for urbanized and networked cities are currently flawed and politically-inflected. Therefore, we must ensure that basic human rights are not violated in the race to make cities “smart”.

The article was published in the Wire on March 21, 2016

As Indian cities reposition themselves to play a significant role in development due to urban transformation, the government has envisioned building 100 smart cities across the country. Due to the lack of a precise definition as to what exactly constitutes a smart city, the mutual consensus that has evolved is that modern technology will be harnessed, which will lead to smart outcomes.

Here, Big Data and analytics will play a predominant role by the way of cloud, mobile technology and other social technologies that gather data for the purpose of ascertaining and accordingly addressing concerns of people.

Role of Big Data

Leveraging city data and using geographical information systems (GIS) to collect valuable information about stakeholders are some techniques that are commonly used in smart cities to execute emergency systems, creating dynamic parking areas, naming streets, and develop monitoring. Other sources which would harness such data would be from fire alarms, in disaster management situations and energy saving mechanisms, which would sense, communicate, analyze and combine information across platforms to generate data to facilitate decision making and manage services.

According to the Department of Electronics and Information Technology, the government’s plan to develop smart cities in the country could lead to a massive expansion of an IoT (Internet of Things) ecosystem within the country. The revised draft IoT policy aims at developing IoT products in this domain by using Big Data for government decision-making processes. For example, in India a key opportunity that has been identified is with regard to traffic management and congestion. Here, collecting data during peak hours, processing information in real time and using GPS history from mobile phones can give insight into the routes taken and modes of transportation preferred by commuters to deal with traffic woes. The Bengaluru Transport Information System (BTIS) was an early adopter of big data technology which resorted to aggregating data streams from multiple sources to enable planning of travel routes by avoiding traffic congestions, car-pooling, etc.

Challenges

The idea of a data-driven urban city has drawn criticism as the initiative tends to homogenize Indian culture and change the fabric of cities by treating them alike in terms of their political economy, culture, and governance.

Despite basing the idea of a smart city on the assumption that technology-based solutions and techniques would be a viable solution for city problems in India, it is pertinent to note that the collection of personal real-time data may blur the line between personal data with the large data collected from multiple sources, leaving questions around privacy considerations, use and reuse of such data, especially by companies and businesses involved in providing services in legally and morally grey areas.

Privacy concerns cloud the dependence on big data for functioning of smart cities as it may lead to erosion of privacy in different forms, for example if it is used to carry out surveillance, identification and disclosures without consent, discriminatory inferences, etc.

Apart from right to privacy, a number of rights of an individual like the right to access and security rights would be at risk as it may enable practices of algorithmic social sorting (whether people get a loan, a tenancy, a job, etc.), and anticipatory governance using predictive profiling (wherein data precedes how a person is policed and governed). Dataveillance raises concerns around access and use of data due to increase in digital footprints (data they themselves leave behind) and data shadows (information about them generated by others). Also, the challenges and the realities of getting access to correct and standardized data, and proper communication seem to be a hurdle which still needs to be overcome.

The huge, yet untapped, amount of data available in India requires proper categorization and this makes a robust and reliable data management system prerequisite for realization of the country’s smart city vision. Cooperation between agencies in Indian cities and a holistic technology-based approach like ICT and GT (geospatial technologies) to resolve issues pertaining to wide use of technology is the need of the hour. The skills to manage, analyze and develop insights for effective policy decisions are still being developed, particularly in the public sector. Recognizing this, Nasscom in India has announced setting up a Centre of Excellence (CoE) to create quality workforce.

Though it is apparent that data will play a considerable role in smart city mission, the peril is lack of planning in terms of policies to govern the big data mechanics and use of data. This calls for development of suitable standards and policies to guide technology providers & administrators to manage and interpret data in a secured environment.

Legal hurdles

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 deals with accountability regarding data security and protection as it applies to ‘body corporates’ and digital data. It defines a ‘body corporate’ as “any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities” under the IT Act. Therefore, it can be ascertained that government bodies or individuals collecting and using Big Data for the smart cities in India would be excluded from the scope of these Rules. This highlights the lack of a suitable regulatory framework to take into account potential privacy challenges, which currently seem to be underestimated by our planners and administrators.

Regarding access to open data, though the National Data Sharing and Accessibility Policy 2012 recognizes sensitive data, the term has not been clearly defined under it. However, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 clearly define sensitive personal data or information. Therefore, the open data framework must refer to or adopt a clear definition drawing from section 43A Rules to bring clarity in this regard.

Way forward

As India moves toward a digital transformation, highlighted by flagship programmes like Smart Cities Mission, Digital India and the UID project, data regulation and recognition of use of data will change the nature of the relationship between the state and the individual. However, this seems to have been overlooked. Policies that regulate the digital environment of the country will intertwine with urban policies due to the smart cities mission. Use of ICTs in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Identification/development of open standards for IoT particularly for interoperability between cross sector data must be looked at.

To address privacy concerns due to the use of big data techniques, nuanced data legislation is required. For a conducive big data and technologically equipped environment, the governments must increase efforts to create awareness about the risks involved and provide assurance about the responsible use of data.

Additionally, a lack of skilled and educated manpower to deal with such data effectively must also be duly considered.

The concept note produced by the government reflects how it visualizes smart cities to be a product of marrying the physical form of cities and its infrastructure to a wider discourse on the use of technology and big data in city governance. This makes the role of big data quite indispensable, making it synonymous with the very notion of a smart city. However, the important issue is to understand that data analytics is only a part of the idea. What is additionally required is effective governance mechanism and political will. Collaboration and co-operation is the glue that will make this idea work. It is important to merge urban development policies with principles of democracy. The data involved in planning for urbanized and networked cities are currently flawed and politically-inflected. Therefore, collective efforts must go into minimizing pernicious effects of the same to ensure the basic human rights are not violated in the race to make cities “smart”.

Vanya Rakesh is Programme Officer, The Centre for Internet & Society (CIS), Bangalore. Elonnai Hickok, Policy Director of CIS, also provided inputs for this story.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-march-21-2016-vanya-rakesh-too-clever-by-half-strengthening-indias-smart-cities-plan-with-human-rights-protection

Tomorrow, Today

nishant — 2013-01-02T05:00:41Z

Our present is the future that our past had imagined. Around the same time last year, I remember taking stock of the technologies that we live with and wondering what 2012 would bring in.

Nishant Shah's end of the year column was published in the Indian Express on December 29, 2012.

And I find myself in a similar frame of mind, celebrating with joy the promises that were kept, reflecting sombrely on the opportunities we missed, and speculating about what the new year is going to bring in for the future of digital and internet technologies, and how they are going to change the ways in which we understand what it means to be human, to be social, and to be the political architects of our lives.

We all know that dramatic change is rare. Nothing transforms overnight, and a lot of what we can look forward to in the next year, is going to be contingent on how we have lived in this one. And yet, the rapid pace at which digital technologies change and morph, and the ways in which they produce new networked conditions of living, make it worthwhile to speculate on what are the top five things to look out for in 2013, when it comes to the internet and how it is going to affect our techno-social lives.

Head in the Cloud

If the last year was the year of the mobile, as more and more smartphones started penetrating societies, providing new conditions of portable and easy computing, making ‘app’ the word of the year, then the next year definitely promises to be the year of the cloud. As internet broadband and mobile data access become affordable, increasingly we are going to see services that no longer require personal computing power. All you will need is a screen and a Wi-Fi connection and everything else will happen in the cloud. No more hard drives, no more storage, no more disconnectivity, and data in the cloud.

More Talk

One of the biggest problems with the internet has been that it has been extremely text heavy. We often forget that the text is still a matter of privilege as questions of illiteracy and translation still hound a large section of the global population. However, with the new protocols of access, availability of 4G spectrum and the release of IPV6 as the new standard, we can expect faster voice and video-based communication at almost zero costs. It might be soon time to say goodbye to the SMS.

Big Data

You think you are suffering from information overload now? Wait for the next year as mobile and internet penetration are estimated to rise by 30 per cent around the world! This is going to be the year of Big Data — data so big that it can no longer be fathomed or understood by human beings. We will be dependent on machines to read it, process it, and show us patterns and trends because we are now at a point in our information societies where we are producing data faster than we can process it. Our governments, markets and societies are going to have to produce new ways of governing these data landscapes, leading to dramatic changes in notions of privacy, property and safety.

No Next Big Thing

If you haven’t noticed it, the pace of dramatic innovation has slowed down in the last few years and it will slow down even more. We have been riding the wave of the next big thing, in the last few years, constantly in search of new gadgets, platforms and ways of networking. However, the coming year is going to make innovation granular. It will be a year where things become better, and innovation happens behind the scene. So if you thought this was the year that Facebook will finally become obsolete and something else will take over, you might want to reconsider deleting your account, and start looking at the changes that shall happen behind the scenes, for better or for worse.

The Return of the Human

The rise of the social network has distracted us from looking at the human conditions. We have been so engaged in understanding friendship in the time of Facebook, analysing relationships, networked existences and our own performance as actors of information, that we haven’t given much thought to what it means to be human in our rapidly digitising worlds. And yet, the revolutions and the uprisings we have witnessed have been about people using these social networks to reinforce the ideas of equity, justice, inclusion, peace and rights across the world. As these processes strengthen and find new public spaces of collaboration, we will hopefully see social and political movements which reinforce, that at the end of the day, what really counts, is being human.

The future, specially in our superconnected times, is always unpredictable. But the rise of digital technologies has helped us revisit some of the problems that have been central to a lot of emerging societies — problems of inequity, injustice, violence and violation of rights. And here is hoping that the tech trends in the coming year, will be trends that help create a better version of today, tomorrow.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-december-29-2012-tomorrow-today

Token security or tokenized security?

Admin — 2018-01-17T00:17:41Z

Implementing a system of tokenization for Aadhaar verification will address the security loopholes highlighted in recent reports.

The article by Manasa Venkataraman and Ajay Patri was published in Livemint on January 9, 2018.

Those who were reassured that the Aadhaar architecture is safe and secure have faced a few rude shocks lately. First, there was the recent report in The Tribune on how one of its reporters was easily able to log in to the Aadhaar website and access any enrolled Indian’s personal information, all for a grand fee of Rs500. While the veracity of this report is still being contested by the Unique Identification Authority of India (UIDAI), it has stirred panic over the security of personal data entrusted to the government. This came close on the heels of reports last month that a telecom company was utilizing the eKYC (know your customer) data of its mobile subscribers to open payment bank accounts without their consent.

These two instances highlight scenarios where data from the Aadhaar database is vulnerable. In the first, the weaknesses in security measures and processes around the database leave information susceptible to an attack. In the second, providing third-party entities loosely regulated access to an individual’s data leaves scope for abuse.

There is a need to protect the data belonging to individuals in these situations, providing the government with two possible policy options: it can choose to either overhaul the Aadhaar architecture completely, or it can build in additional security measures to ensure that individual data is not compromised.

Uninventing Aadhaar is not a practical proposal. It would have to include repealing the statute on Aadhaar, disbanding the database already created, and figuring out alternative means of delivering the services that are now dependent on Aadhaar. A more sustainable way forward is to better secure Aadhaar. This will involve not only the secure collection and storage of personal data, but also a safe regulation of the manner in which third parties use it for authentication.

One way to protect Aadhaar-related communications is to channel them through a secure conduit. This can be achieved through a system of temporary tokens for Aadhaar-based verifications. Sunil Abraham from the Centre for Internet and Society (CIS) has recommended a system of using dummy or virtual Aadhaar numbers along with a smart card to protect information belonging to individuals.

Tokenization is the process of masking sensitive personal data with another innocuous dataset, allowing it to be shared with third parties without the risk of the personal data being exposed. So, every time a service provider asks for identification, the individual can provide a one-time-ID number generated by an Aadhaar app or on UIDAI’s website. The service provider can authenticate the one-time-ID number with the Aadhaar database, without needing to know or store the Aadhaar number. The algorithm used to generate the one-time-ID number must be constructed using hard-to-replicate information and kept a well-guarded secret. No two service providers will have the same one-time ID, making it harder for personal profiles to be constructed by mining data from multiple service providers, thus enabling a higher level of privacy protection.

Allowing such a system of tokenization for every eKYC can create a welcome layer of ambiguity around individuals’ personal data and preserve the individuals’ Aadhaar-related information with the government. This system also breaks the link between the Aadhaar database and any third party having access to an individual’s Aadhaar number. If this link is not broken, then any entity—government or private—would have access to potentially millions of Aadhaar card numbers, opening endless possibilities for data abuse.

The tokenization process allows the authority to arrest any attempts at data abuse. In fact, to make this system of tokens or one-time-ID numbers effective, the law must build in measures to penalize any attempt to recreate an individual’s Aadhaar number from the unique token number. In other words, the service provider is given a token number for authentication, but prohibited from obtaining the Aadhaar number it corresponds to.

Tokenization is an improvement over the status quo, but only in one aspect—making Aadhaar secure. It is imperative that the government pays equal attention to the manner in which all data is collected, stored and disposed of by the authority. There are two facets to be explored here: first, ensuring secure storage of the vast information database, and second, plugging security loopholes that happen at collection by limiting access to the database.

The adoption of appropriate technical safeguards is indispensable to thwart external threats to the Aadhaar database, such as ransomware attacks. Having appropriate security, and having periodic audits to test the adequacy of such security, is indispensable.

Equally, limiting access to the database is crucial for preventing leaks, such as the ones reported in The Tribune. It is important that only a select few individuals have access to the database and that these personnel are properly vetted before being vested with such responsibility.

These various facets of the Aadhaar ecosystem are likely to be further examined in the public in the weeks to come as the Supreme Court gears up to hear the petitions on Aadhaar. Regardless of the verdict, there is an urgent need to improve the safety of the Aadhaar ecosystem and the use of tokenization goes some way towards achieving this objective.

Manasa Venkataraman and Ajay Patri are researchers at the Takshashila Institution, an independent, non-partisan think tank and school of public policy.

For more details visit https://cis-india.org/internet-governance/news/livemint-january-9-2018-manasa-venkataraman-ajay-patri-token-security-or-tokenized-security

Token disclosures?

praskrishna — 2013-08-07T09:30:39Z

Snowden’s Xkeyscore expose makes a mockery of Twitter’s transparency revelations.

The article by Deepa Kurup was published in the Hindu on August 4, 2013. Sunil Abraham is quoted.

This week, roughly around the same time, two ‘revelations’ made headlines in the world of technology. The first, the U.S. National Security Agency’s top secret web surveillance programme, codenamed Xkeyscore, another expose from the house of Edward Snowden & Co.; and second, microblogging site Twitter’s third biannual Transparency Report for the first half of 2013.

The former exposed a global surveillance net, cast far and wide to freely (no formal authorisation required) access and mine emails, chats and browsing histories of millions. The content of the latter report not only pales in comparison but also raises fundamental questions on just how much goes on beyond the arguably modest claims made on Twitter’s transparency charts.

Documents published by The Guardian have the NSA claiming that the “widest-reaching” system mining intelligence from the web had, over a month in 2012, retrieved and stored no less than 41 billion records on its Xkeyscore servers. These mind-boggling numbers make a mockery of Twitter’s few hundred access request disclosures, advocates of online privacy and freedom point out. Then, it is hardly surprising that a large chunk of global requests came from the U.S. government: no less than 902 of the total 1,157 requests, accounting for 78 per cent. A far second is Japan at 8 per cent followed by the U.K.

India References

Interestingly, both Twitter’s report and the NSA’s Xkeyscore document have India references. While a map titled 'Where is Xkeyscore' in the training manual released showing India as one of 150 sites (hosting a total of 700 servers) indicates that India's very much on the global surveillance radar of the United States government; the fact that the India is a new entrant on Twitter's ‘Country Withheld Content Tool’ means that the government here is also making active interventions in microblogging content. This is very much in line with stances the Indian government has taken over the last year, swinging indecisively between asking internet firms to pre-screen content and asking service providers to take down what it finds offensive.

India, A Bit-Player

The Twitter report states that over the last six months it has seen an increase in the number of requests received (and eventual withholding of content) in five new countries: India, Brazil, Japan, Netherlands and Russia. In terms of numbers, India is still very much a bit player in the game given it falls under the ‘less than 10 category, a list where the number of requests for user information made by the government during this period is fewer than 10. It appears from the report that Twitter did not honour any of these requests, indicating that either the requests were too broad or failed to identify individual accounts.

In the same period, Twitter received two requests from India to remove content, one from the “government/law enforcement agency” and the other through a court order. In all, three tweets were removed by Twitter. No details on the nature of content removed were available.

Transparency Trends

A late entrant to transparency initiatives, Twitter's bi-annual reports have been applauded by privacy activists as an initiative that at least attempted to offer a glimpse into the otherwise opaque medium/industry. According to 'Who Has Your Back' an initiative by the Electronic Frontier Foundation, which tracks which corporate helps protect your data from the government, only a third of the 18 internet majors publish Transparency Reports – in fact, Facebook, WordPress and Tumblr all don't publish.

This article by Deepa Kurup was published in the Hindu on August 4, 2013. Sunil Abraham is quoted.

While it's definitely good that Twitter's providing data for India, post-Edward Snowden and his revealing PRISM leaks, netizens would question to what extent this data is representative of the magnitude or extent of user data tracking. Do governments like the U.S. need to approach Twitter (or other internet service providers) at all to access detailed user activity logs, content and metadata?

Secret Orders Excluded

Twitter makes it clear that its current report does not include "secret orders" or FISA disclosures. In another blog related to the Transparency Report, Jeremy Kessel, Manager, Legal Policy at Twitter Inc, writes that since 2012, Twitter's seen an uptick in requests to withhold content from two to seven countries. He writes that while Twitter wants to publish “numbers of national security requests – including FISA (Foreign Intelligence Surveillance Act) disclosures – separately from non-secret requests.” It claims it has “insisted” that the United States government allow for increased transparency into “secret orders”. “We believe it’s important to be able to publish numbers of national security requests – including FISA disclosures – separately from non-secret requests." Unfortunately, we are still not able to include such metrics, Twitter states.

'Not the Whole Truth'

In the absence of these metrics, Sunil Abraham, director of Centre for Internet and Society, feels transparency reports “may not tell us the whole truth”. The Xkeyscore revelations then may explain why the U.S. government has made only 902 information requests. “A rogramme like XKeyScore potentially allows them to capture the very same data without having to approach Twitter. This is the very same imperative behind the CMS project in India. Governments across the world want to automate private sector involvement in blanket surveillance measures so that it wont serve as a check on their unbridled appetite for data”

He warns that there's a likely “race to the bottom”, given that an unintended consequence of transparency may be that governments, rather than being shamed into respect for free speech and privacy, would be emboldened by the scale of surveillance and censorship in the so-called democracies such as the US and EU members that are on top of the global blanket surveillance game.

For more details visit https://cis-india.org/news/the-hindu-august-4-2013-deepa-kurup-token-disclosures

TOI literary festival kicks off today

praskrishna — 2015-02-05T15:37:21Z

The Times Litfest 2015, Bengaluru, kicks off on Saturday at the Jayamahal Palace Hotel. The two-day festival is among the biggest such literary enclaves in Bengaluru. It'll see some of India's foremost creative minds talk, argue, debate, discuss and engage with vital topics which touch our lives.

Over two busy days, achievers from every field will talk about reading, writing, culture, journalism, food, comedy, sport, films and much, much more. Speakers on Day 1 include historian Ramachandra Guha, NR Narayana Murthy and Snapdeal CEO Kunal Bahl, star chef Manu Chandra, and comedians Radhika Vaz and Rubi Chakravarti.

It's not all fun and games. Our serious sessions include Raghavendra Joshi talking about his father Bhimsen Joshi's legacy; Rohan Murty (founder of the Murty Classical Library), author and historian Vikram Sampath and translator Arunava Sinha on preserving our cultural heritage; and Pranesh Prakash of Centre for Internet and Society, Lawrence Liang of Alternative Law Forum, and author and journalist Vivek Kaul on internet censorship and net neutrality.

Read the full coverage on the Times of India newspaper here

For more details visit https://cis-india.org/internet-governance/news/times-of-india-january-31-2015-toi-literary-kicks-off-today

To regulate Net intermediaries or not is the question

sunil — 2012-08-26T06:12:48Z

Given the disruption to public order caused by the mass exodus of North-Eastern Indians from several cities, the government has had for the first time in many years, a legitimate case to crackdown on Internet intermediaries and their users.

Sunil's column was published in the Deccan Herald on August 26, 2012.

There was, of course, much room for improvement in the manner in which the government conducted the censorship. But the policy question that becomes most pertinent now is: do we need to regulate Internet intermediaries further? The answer is yes and no.

There are areas where these intermediaries need to be regulated in order to protect citizen and consumer interest. But to deal with rumour-mongering and hate speech, there is sufficient provisions in Indian law to deal with the current disruption in public order and any similar disruptions in the future.

It is a common misunderstanding to assume that all civil society organisations that advocate civil liberties on networked technologies are regulatory doves that wish to dismantle regulation of the private sector and allow them complete free hand for innovation and, perhaps, causing harm to public interest.

The opposite is also not necessarily true. We are not hawks, those that believe in maximal regulation of the private sector. The state should regulate the private sector in areas where the citizens are unable to protect their own interest and self-regulation is inadequate. But there are many other areas where regulation needs to be dismantled in the interests of citizen and public interest.

Dr Rohan Samarajiva, founder of a Colombo-based regional policy think tank LIRNEasia, explains this best using the ‘law of soft toys’. When his daughter was young he told her that in Sri Lanka there was a law which mandated that every time she got a new soft toy, she would have to necessarily give away another one.

The regulatory lesson here is: the mandate for regulation cannot keep endlessly expanding. As the government moves into new areas of regulation, it should also exit other older areas where regulatory rupee is providing limited returns. These decisions should be based on evidence of harm caused to citizens and consumers. The following are a list of areas where regulation is required for Internet intermediaries:

Privacy: India needs the office of the privacy commissioner established and an articulation of national privacy principles through the enactment of the long awaited Privacy Act. This privacy commissioner should be able to investigate complaints against intermediaries, proactively investigate companies, order remedial action and fine companies that violate the principles and other policies in force. Remedial action could require change in policies, features, data retention policies and services etc.

Competition: Many of these intermediaries have been taken to court on anti-trust complaints, fined and subjected to remedial action by regulators in America and Europe.

Earlier this year, BharatMatrimony.com has filed a complaint against Google at the Competition Commission of India (CCI) alleging anti-competitive practices in its Adwords program. In addition, based on a report submitted by Consumer Unity & Trust Society (CUTS), a civil society organisation, CCI has initiated an investigation into Google's search engine for anti-competitive practices. If they are found guilty of breaking competition law they could be fined up to 10 per cent of their turnover.

Speech: Article 19(2) of the Constitution permits Parliament to enact laws that place eight categories of reasonable restrictions on speech. Unfortunately, the Information Technology Act and its associated rules attempts to expand these restrictions and in addition does not comply with the principles of natural justice. Ideally, all those impacted by the censorship should be informed and should be able to seek redress and reinstatement for the censured speech.

The policy sting operation conducted by the Centre for Internet and Society (CIS) last year demonstrated that intermediaries are risk-averse and tend to over-comply with takedown notices. There is a clear chilling effect on speech online and it is important that the Act and rules be amended at the earliest.

Intellectual Property: Policies that fall under this inappropriate umbrella term for many differently configured laws make the yet unproven fundamental assumption that granting limited monopolies to rights holders, usually corporations, will result in greater innovation. However, citizen and consumer interest is protected through provisions for exceptions and limitations in laws such as copyright, patent, trademarks etc. Some examples of these safeguards that guarantee access to knowledge in Indian law include compulsory licences, patent opposition, fair-dealing etc.

There are many other areas where special treatment may be required for intermediaries. For example tax law needs to handle evasion techniques like the Double Irish and the Dutch Sandwich. Given my lengthy wish-list of regulation of Internet intermediaries, why then has CIS become an NGO member of the Global Network Initiative?

This is because I believe that technological development happen too quickly for us to purely depend on government regulation. Self-regulation has an important role to play in keeping up with these rapid changes. As self-regulatory norms mature they could be formalised into policy by the government.

Therefore, I consider it a privilege that CIS has been accepted as a member of this self-regulatory initiative and we influence GNI norms using our Indian perspective. However, when self-regulation fails to protect public interest, then the government must step in to regulate Internet intermediaries.

For more details visit https://cis-india.org/internet-governance/www-deccan-herald-aug-26-2012-to-regulate-net-intermediaries-or-not-is-the-question

To protect data, don’t opt for plastic or laminated Aadhaar card: UIDAI

Admin — 2018-02-07T01:00:00Z

Unauthorized printing of Aadhaar cards could render the QR (quick response) code dysfunctional or even expose personal data without an individual’s informed consent, UIDAI says.

The article by Komal Gupta was published by Livemint on February 7, 2017

To protect information provided by holders of Aadhaar, the Unique Identification Authority of India (UIDAI) on Tuesday cautioned people against opting for plastic or laminated “smart” cards.

Unauthorized printing of the cards could render the QR (quick response) code dysfunctional or even expose personal data without an individual’s informed consent, it said in a statement on Tuesday.

Besides, opting for plastic or laminated cards opened up the possibility of Aadhaar details (personal sensitive demographic information) being shared with devious elements without the informed consent of holders, the statement added.

According to UIDAI, the Aadhaar letter sent by it, a cutaway portion or downloaded versions of Aadhaar on ordinary paper or mAadhaar are perfectly valid.

“If a person has a paper Aadhaar card, there is absolutely no need to get his/her Aadhaar card laminated or obtain a plastic Aadhaar card or so called smart Aadhaar card by paying money. There is no concept such as smart or plastic Aadhaar card,” UIDAI chief executive officer Ajay Bhushan Pandey said in a statement.

Printing Aadhaar on a plastic/PVC sheet privately can cost anywhere between Rs50 and Rs300 or more, UIDAI said. It added that a printout of the downloaded Aadhaar card, even in black and white, is as valid as the original Aadhaar letter sent by UIDAI.

It added that in case a person loses his Aadhaar card, he can download the card free from https://eaadhaar.uidai.gov.in.

Pandey asked holders not to share Aadhaar number or personal details with unauthorized agencies for getting the card laminated, or printed on plastic.

The agency also directed unauthorized agencies not to collect Aadhaar information from people, reminding them that collecting such information or unauthorized printing of Aadhaar card is a criminal offence punishable with imprisonment.

“I feel a lot more has to be done by UIDAI. Sadly, by encouraging people to rely on printed Aadhaar ‘cards’, UIDAI is ending up with the worst of both worlds with respect to personal data protection: photocopies of so-called Aadhaar cards/letter are being circulated to facilitate identity fraud as well as the kind of dangerous personal data disclosures that centralized databases enable,” said Pranesh Prakash, policy director at think tank Centre for Internet and Society.

Last month, UIDAI put in place a two-layer security to reinforce privacy protections for Aadhaar holders—it introduced a virtual identification so that the actual number need not be shared to authenticate their identity. Simultaneously, it further regulated the storage of the Aadhaar numbers within various databases.

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-february-7-2017-to-protect-data-dont-opt-for-plastic-or-laminated-Aadhaar

To preserve freedoms online, amend the IT Act

gurshabad — 2019-04-16T10:09:41Z

Look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

The article by Gurshabad Grover was published in the Hindustan Times on April 16, 2019.

The issue of blocking of websites and online services in India has gained much deserved traction after internet users reported that popular services like Reddit and Telegram were inaccessible on certain Internet Service Providers (ISPs). The befuddlement of users calls for a look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

Among other things, Section 69A of the Information Technology (IT) Act, which regulates takedown and blocking of online content, allows both government departments and courts to issue directions to ISPs to block websites. Since court orders are in the public domain, it is possible to know this set of blocked websites and URLs. However, the process is much more opaque when it comes to government orders.

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009, issued under the Act, detail a process entirely driven through decisions made by executive-appointed officers. Although some scrutiny of such orders is required normally, it can be waived in cases of emergencies. The process does not require judicial sanction, and does not present an opportunity of a fair hearing to the website owner. Notably, the rules also mandate ISPs to maintain all such government requests as confidential, thus making the process and complete list of blocked websites unavailable to the general public.

In the absence of transparency, we have to rely on a mix of user reports and media reports that carry leaked government documents to get a glimpse into what websites the government is blocking. Civil society efforts to get the entire list of blocked websites have repeatedly failed. In response to the Right to Information (RTI) request filed by the Software Freedom Law Centre India in August 2017, the Ministry of Electronics and IT refused to provide the entire of list of blocked websites citing national security and public order, but only revealed the number of blocked websites: 11,422.

Unsurprisingly, ISPs do not share this information because of the confidentiality provision in the rules. A 2017 study by the Centre for Internet and Society (CIS) found all five ISPs surveyed refused to share information about website blocking requests. In July 2018, the Bharat Sanchar Nagam Limited rejected the RTI request by CIS which asked for the list of blocked websites.

The lack of transparency, clear guidelines, and a monitoring mechanism means that there are various forms of arbitrary behaviour by ISPs. First and most importantly, there is no way to ascertain whether a website block has legal backing through a government order because of the aforementioned confidentiality clause. Second, the rules define no technical method for the ISPs to follow to block the website. This results in some ISPs suppressing Domain Name System queries (which translate human-parseable addresses like ‘example.com’ to their network address, ‘93.184.216.34’), or using the Hypertext Transfer Protocol (HTTP) headers to block requests. Third, as has been made clear with recent user reports, users in different regions and telecom circles, but serviced by the same ISP, may be facing a different list of blocked websites. Fourth, when blocking orders are rescinded, there is no way to make sure that ISPs have unblocked the websites. These factors mean that two Indians can have wildly different experiences with online censorship.

Organisations like the Internet Freedom Foundation have also been pointing out how, if ISPs block websites in a non-transparent way (for example, when there is no information page mentioning a government order presented to users when they attempt to access a blocked website), it constitutes a violation of the net neutrality rules that ISPs are bound to since July 2018.

While the Supreme Court upheld the legality of the rules in 2015 in Shreya Singhal vs. Union of India, recent events highlight how the opaque processes can have arbitrary and unfair outcomes for users and website owners. The right to access to information and freedom of expression are essential to a liberal democratic order. To preserve these freedoms online, there is a need to amend the rules under the IT Act to replace the current regime with a transparent and fair process that makes the government accountable for its decisions that aim to censor speech on the internet.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-april-16-2019-gurshabad-grover-to-preserve-freedoms-online-amend-it-act

Time to bury e-mail?

praskrishna — 2011-04-02T07:30:10Z

Earlier this week, Mark Zuckerberg, founder of Facebook, had a simple message to the world: email is outdated since it can no longer handle the sort of digital communication that we’ve got used to. Facebook Messages, which integrates email, SMS, instant messaging and social networking, is the way forward, he claimed.

Zuckerberg isn’t the first one to point out the limitations of email. Last year Google too said that email, a technology invented in the ’60s, was not equipped to serve our current needs. “Wave is what email would look like if it were invented today,” Google proclaimed during the launch of Google Wave.

As it turned out, Wave was a great product but served an entirely different purpose — collaboration. While this made sense at the enterprise level, it didn’t offer much added value to email users engaging in one-to-one conversations. Google Wave today is defunct since users didn’t buy into Google’s argument. Will Facebook Messages suffer the same fate?

The answer depends a lot on whether users face the problem that Zuckerberg claims they do. “A lot of people are trying to solve the problem of email. But I don’t know what that problem is,” says Mahesh Murthy, CEO, Pinstorm, a digital marketing agency. According to Murthy, there are three main issues with email: storage space, spam filtering and prioritising messages. And modern email services such as Gmail have evolved to address these concerns.

Facebook obviously thinks otherwise. According to the company we need one inbox for all our digital communication, which includes emails, chats and SMS. Second, messages from your Facebook contacts will be considered more important and will go into Social Inbox. All other messages will go into a separate folder. Third, messages will be threaded according to people and not subject lines as is the case with Gmail and other email services.

According to Gaurav Mishra, head, social media practise, MS&L Group, these are compelling reasons to start using Facebook Messages. But enough to ditch your email account? Not quite, say experts.

“Integration is a marketing myth,” says Nishant Shah, director, Centre for Internet and Society, a Bangalore-based research organisation, “Many of us like to keep our information in different silos. We have heard of young people getting fired from their jobs because they were not able to keep personal information compartmentalised.”

Secondly, giving greater priority to messages from people in your contact list may be misplaced. “The nature of conversation on Facebook is casual and the criticality of a message and hence the need for an immediate response may not be that high,” points out Murthy. An email from, say, a client or a prospective recruiter who may not be on your friends list, may be more critical.

There’s no doubting that Facebook Messages could change the way we conduct our casual conversations. But email serves basic and universal needs. For example, while introducing the new service, Zuckerberg pointed out how school kids felt email was too slow. According to Shah, however, it is important to understand what the kids found email slow for. A movie plan can be made quicker through SMS, but the same kids might submit their assignments via email.

Of course, Zuckerberg has not claimed that Facebook Messages will be an email — or more specifically Gmail — killer. But Facebook’s PR machinery would have known how the media would react. By undermining the very concept of email — one of Google’s strongest products — Facebook has managed to make Google look like the hero of yesteryears.

Analysts agree that Facebook Messages is really about retaining users on its website — if Facebook can give its users a reason to spend more time on its website rather than that of an email service, it can serve more ads. “It is about economics. But Facebook is trying to turn it into a cultural argument,” says Shah.

Still, one thing is certain; Facebook Messages will not suffer the same fate as Google Wave, partly because it is simply an update (and a rather good one) to an existing feature within Facebook. But it is far from a replacement to email. As Mishra puts it, “I will not close down my existing email ids. But I will start using Facebook to message my relatives and friends. It is going to be the future of messaging, not the future of email.”

Read the original in DNA

For more details visit https://cis-india.org/news/bury-email

TikTok craze a ticking time bomb for city

Gulam Jeelani — 2019-04-17T08:46:05Z

Unlike YouTube, where videos take a long time to upload, on TikTok it happens in a matter of seconds. Not just the youth, the trend has captured the imagination of criminals too.

The article by Gulam Jeelani with inputs from Priyanka Sharma and Ajay Kumar was published in India Today on April 17, 2019. Shweta Mohandas was quoted.

Last Saturday, 19-year-old Salman Zakir was accidentally shot dead when his friend and he were shooting a video at central Delhi's Ranjit Singh flyover - to be uploaded on the Chinese mobile application TikTok. The latest craze of filming short duration videos for this app, which uploads these within seconds, is giving headaches to the police, as well as parents.

In the last two weeks, the police have arrested at least six youth (including two of Salman's friends), who were caught posing with guns, making clips and uploading those on the app. Responding to this frenzy, the Union Ministry for Electronics and Information Technology on Tuesday asked Google and Apple to take down TikTok from their app stores.

The order came a day after the Supreme Court refused to stay a Madras High Court order asking the Centre to ban the viral app for the potential harm it could cause owing to inappropriate content being posted - pornography and violence. The ministry's order may lead to pulling down the app from the Google Play Store and Apple App Store, preventing any further downloads. The order will not, however, prevent people who have already downloaded the app from using it.

OF GUNS AND GRANDSTANDING

Salman, along with his friends Sohail and Amir, had gone out for a drive to India Gate. While returning, Sohail sitting next to Salman, who was driving the car, pulled out a country-made pistol. He aimed it at Salman while trying to make the TikTok video, but the pistol went off shooting him on his left cheek. In February this year, a daily wage worker was allegedly killed by his friend in Tiruvallur district of Tamil Nadu for uploading an abusive video targeting another community, on Tik-Tok. The video even led to tension and unrest in the village.

Unlike YouTube, where videos take a long time to upload, on TikTok it happens in a matter of seconds. Not just the youth, the trend has captured the imagination of criminals too. Two weeks before Salman's death, apparently carried away by TikTok's online popularity, two criminals landed in the police net after a video featuring them flaunting pistols surfaced on the app. Shahzada Parvez (24) and Monu (23), had been on the police's radar for long.

"They were fans of singer Honey Singh. Earlier, too, they shot a video brandishing pistols at a community function and put it on social media," deputy commissioner of Delhi Police Anto Alphonse said.

"The young and the restless have a tendency to try out new applications in order to gain quick popularity on the web," added Madhur Verma, deputy commissioner of police, New Delhi.

TikTok, known as Douyin in China, where the parent company is based, is a mobile app for filming and sharing videos set to music or a voice-over. With a reported 500 million subscribers worldwide, India is the biggest market for the app, comprising almost 40% of global downloads. According to market analysis firm Sensor Tower, India accounted for 88.6 million new users out of 188 new users in the March quarter.

QUITE A FAD

The app is the latest fad to give parents and teachers cause for concern after the popularity of dangerous online dares such as the Blue Whale Challenge and Kiki Car. "I had seen my son shooting videos at home and at times he would ask me to pose as well. But I came to know about TikTok when his teacher called me," said Vaishali Dhar, a resident of East Nizamuddin, whose son studies in class 8. "I have decided not to encourage him."

Apart from homes and schools, teenagers have been spotted shooting videos in public places such as the recently opened Signature Bridge which connects Wazirabad to East Delhi. Police have had to resort to chasing people shooting videos atop their cars on the bridge. The app is also a rage among Bollywood-crazed Indians who post videos lip-syncing to songs or reciting movie dialogues. It allows the creation of a 15-second video with the user miming to songs. The videos range from harmless to the explicit, depending upon the users one follows.

Last week, ByteDance, the company that owns TikTok, said it had removed more than six million videos that violated its guidelines. The company has appealed against the stay against the ban, claiming it would harm free speech. "We are committed to continuously enhancing our existing measures and introducing additional technical and moderation processes as part of our ongoing commitment to our users in India," it said in an emailed statement.

OVERUSE & ABUSE

But can the app itself be blamed for its misuse? Experts advocate taking the awareness and sensitisation approach than imposing a blanket ban. Faisal Kawoosa, Chief Analyst at Gurugram-based market research firm techARC, says the easy and inexpensive availability of the Internet and increased smartphone penetration has contributed to the growth of TikTok, and other apps in the country. "Banning is no solution. If you can't download it from the app store (which is authentic), you will encourage illegal downloads which are even more dangerous," adds Kawoosa.

"Even in a Google sign-up, one needs to be above 18 years of age. So it is more about ethics that we practise than an app having a problem," he said. Some experts also raised data privacy concerns which come with the application. "The issue with these apps as with other apps is that it is not clear in which way the data is being processed, stored, or shared with third parties," said Shweta Mohandas, policy officer at the Centre for Internet and Society, a Bengaluru-based research and advocacy non-profit.

"I do not think that a ban on Tik-Tok is a solution. People forget that the existing videos can still be shared on other social media platforms. A young person with TikTok on his or her phone will in all probability be active on other social media and messaging apps. A better approach is to sensitise people about the way the app functions, and the information that is public on the app," she said.

In the US, the app has been accused of collecting personal data from users under the age of 13 without parental consent. "Every other person has a mobile phone today. In the recent past, the Blue Whale challenge, Kiki car challenge and now TikTok have become an entertainment tool for the youth and schoolchildren. In order to attain instant fame and validation from peers with likes and shares, they end up making viral videos on social media," said Dr Rajeev Mehta, Vice Chairman of psychiatry department at Sir Ganga Ram Hospital.

For more details visit https://cis-india.org/internet-governance/news/india-today-april-17-2019-gulam-jeelani-tik-tok-craze-a-ticking-time-bomb-for-city

Through the looking glass: Analysing transparency reports

Torsha Sarkar, Suhan S and Gurshabad Grover — 2019-11-02T05:48:59Z

An analysis of companies' transparency reports for government requests for user data and content removal

Over the past decade, a few private online intermediaries, by rapid innovation and integration, have turned into regulators of a substantial amount of online speech. Such concentrated power calls for a high level of responsibility on them to ensure that the rights of the users online, including their rights to free speech and privacy, are maintained. Such responsibility may include appealing or refusing to entertain government requests that are technically or legally flawed, or resisting gag orders on requests. For the purposes of measuring a company’s practices regarding refusing flawed requests and standing up for user rights, transparency reporting becomes useful and relevant.Making information regarding the same public also ensures that researchers can build upon such data and recommend ways to improve accountability and enables the user to understand information about when and how governments are restricting their rights.

For some time in the last decade, Google and Twitter were the only major online platforms that published half-yearly transparency reports documenting the number of content take down and user information requests they received from law enforcement agencies. In 2013 however, that changed, when the Snowden leaks revealed, amongst other things, that these companies were often excessively compliant with requests from US’ intelligence operations, and allowed them backdoor surveillance access to user information. Subsequently, all the major Silicon Valley internet companies have been attempting to publish a variance or other of transparency reports, in hopes of re-building their damaged goodwill, and displaying a measure of accountability to its users.

The number of government requests for user data and content removal has also seen a steady rise. In 2014, for instance Google noted that in the US alone, they observed a 19% rise for the second half of the year, and an overall 250% jump in numbers since Google began providing this information. As per a study done by Comparitech, India sent the maximum number of government requests for content removal and user data in the period of 2009 - 2018.8 This highlights the increasing importance of accessible transparency reporting.

Initiatives analysing the transparency reporting practices of online platforms, like The Electronic Frontier Foundation (EFF)’s Who Has Your Back? reports, for instance, have developed a considerable body of work tracing these reporting practices, but have largely focused at them in the context of the United States (US). In our research, we found that the existing methodology and metrics to assess the transparency reports of online platforms developed by organisations like the EFF are not adequate in the Indian context. We identify two reasons for developing a new methodology:

Online platforms make available vastly different information for US and India. For instance, Facebook breaks up the legal requests it receives for US into eight different classes (search warrants, subpoenas, etc.). Such a classification is not present for India. These differences are summarised in Annexure
The legal regimes and procedural safeguards under which states can compel platforms to share information or take content down also differ. For instance, in India, an order for content takedown can be issued either under section 79 and its allied rules or under section 69A and its rules, each having their own procedures and relevant authorities. A summary of such provisions for Indian agencies is given in Annexure 3.

These differences may merit differences in the methodology for research into understanding the reporting practices of these platforms, depending on each jurisdiction’s legal context.

In this report, we would be analyzing the transparency reports of online platforms with a large Indian user-base, specifically focusing on data they publish about user information and takedown requests received from Indian governments’ and courts.

First, we detail our methodology for this report, including how we selected platforms whose transparency reports we analyse, and then specific metrics relating to information available in those reports. For the latter, we collate relevant metrics from existing frameworks, and propose a standard that can be applicable for our research.

In the second part, we present company-specific reports. We identify general trends in the data published by the company, and then compare the available data to the best practices of transparency reporting that we proposed.

Download the full report. The report was edited by Elonnai Hickok. Research assistance by Keying Geng and Anjanaa Aravindan.

For more details visit https://cis-india.org/internet-governance/blog/torsha-sarkar-suhan-s-and-gurshabad-grover-october-30-2019-through-the-looking-glass

Three Years Later, IPaidABribe.com Pays Off

praskrishna — 2013-09-25T06:05:05Z

After reporting a bribe on IPaidABribe.com, one Bangalore student has had the satisfaction of seeing action taken against a corrupt public official.

This article by Jessica McKenzie was published in TechPresident on September 23, 2013. Sunil Abraham is quoted.

The student, Shubham Kahndelwal, was asked to give a bribe before getting a receipt for registering for an identity card called the AADHAAR card. He at first refused, but then gave in. In response, the official gave him a receipt for his father's registration (which he had submitted along with his own) but not his. He told I Paid A Bribe that he “never knew a simple complaint could make such a difference.”

Kahndelwal elaborated:

I was in Chennai when the incident happened and after that I was furious and was searching all over to look for a complaint mechanism, when I stumbled upon IPaidaBribe.com. It is a great day and event for me and for me to share with my friends.

IPaidABribe.com was launched in August 2010 by the Bangalore-based nonprofit Janaagraha, which focuses on civic engagement and improving governance.

When first launched, there were concerns over privacy issues and protecting the users who submit complaints. On the other hand, in an interview this May with techPresident's David Eaves, Sunil Abraham, the founder of the Center for Internet & Society, pointed out that in order to make a difference, I Paid A Bribe would somehow have to close the loop.

Abraham went on:

some of the things that go on with anonymous reporting cannot happen, and to close the loop it almost needs to become a paralegal infrastructure. It has to talk to law enforcement and people have to be arrested, prosecuted and put away.

That is apparently what happened in this case. The official in question has been blacklisted and had disciplinary action taken against him.

To put the success in perspective, however, the bribe requested was Rs 2000 (US$31.95) and the bribe ultimately given was only Rs 350 (US$5.59).

Abraham also pointed out to Eaves that the real problem in India is “high ticket bribes...at the top of the pyramid.”

So while complaints from people like Kahndelwal are what keep the feeds at IPaidABribe.com constantly refreshing, they're mere drops in the bucket when compared to the millions of dollars moving in scandals like the 2G spectrum scam.

Personal Democracy Media is grateful to the Omidyar Network and the UN Foundation for their generous support of techPresident's WeGov section.

For more details visit https://cis-india.org/news/tech-president-september-23-2013-jessica-mckenzie

Three reasons why 66A verdict is momentous

pranesh — 2015-03-29T16:22:51Z

Earlier this week, the fundamental right to freedom of expression posted a momentous victory. The nation's top court struck down the much-reviled Section 66A of the IT Act — which criminalized communications that are "grossly offensive", cause "annoyance", etc — as "unconstitutionally vague", "arbitrarily, excessively, and disproportionately" encumbering freedom of speech, and likely to have a "chilling effect" on legitimate speech.

The article was published in the Times of India on March 29, 2015.

It also struck down Sec 118(d) of the Kerala Police Act on similar grounds. This is a landmark judgment, as it's possibly the first time since 1973's Bennett Coleman case that statutory law was struck down by the Supreme Court for violating our right to free expression.

The SC also significantly 'read down' the draconian 'Intermediary Guidelines Rules' which specify when intermediaries — website hosts and search engines — may be held liable for what is said online by their users. The SC held that intermediaries should not be forced to decide whether the online speech of their users is lawful or not. While the judgment leaves unresolved many questions — phrases like "grossly offensive", which the SC ruled were vague in 66A, occur in the Rules as well — the court's insistence on requiring either a court or a government order to be able to compel an intermediary to remove speech reduces the 'invisible censorship' that results from privatized speech regulation.

The SC upheld the constitutional validity of Sec 69A and the Website Blocking Rules, noting they had several safeguards: providing a hearing to the website owner, providing written reasons for the blocking, etc. However, these safeguards are not practised by courts. Na Vijayashankar, a legal academic in Bengaluru, found a blogpost of his — ironically, on the topic of website blocking — had been blocked by a Delhi court without even informing him. He only got to find out when I published the government response to my RTI on blocked websites. Last December, Github, Vimeo and some other websites were blocked without being given a chance to contest it. As long as lower courts don't follow "principles of natural justice" and due process, we'll continue to see such absurd website blocking, especially in cases of copyright complaints, without any way of opposing or correcting them.

There are three main outcomes of this judgment. First is the legal victory: SC's analysis while striking down 66A is a masterclass of legal clarity and a significant contribution to free speech jurisprudence. This benefits not only future cases in India, but all jurisdictions whose laws are similar to ours, such as Bangladesh, Malaysia and the UK.

Second is the moral victory for free speech. Sec 66A was not merely a badly written law, it became a totem of governmental excess and hubris. Even when political parties realized they had passed 66A without a debate, they did not apologize to the public and revise it; instead, they defended it. Only a few MPs, such as P Rajeev and Baijayant Panda, challenged it. Even the NDA, which condemned the law in the UPA era, supported it in court. By striking down this totem, the SC has restored the primacy of the Constitution. For instance, while this ruling doesn't directly affect the censor board's arbitrary rules, it does morally undermine them.

Third, this verdict shows that given proper judicial reading, the Indian constitutional system of allowing for a specific list of purposes for which reasonable restrictions are permissible, might in fact be as good or even better in some cases, than the American First Amendment. The US law baldly states that Congress shall make no law abridging freedom of speech or of the press. However, the US Supreme Court has never held the opinion that freedom of speech is absolute. The limits of Congress's powers are entirely judicially constructed, and till the 1930s, the US court never struck down a law for violating freedom of speech, and has upheld laws banning obscenity, public indecency, offensive speech in public, etc. However, in India, the Constitution itself places hard limits on Parliament's powers, and also, since the first amendment to our Constitution, allows the judiciary to determine if the restrictions placed by Parliament are "reasonable". In the judgment Justice Nariman quotes Mark Antony from Julius Caesar. He could also have quoted Cassius: "The fault, dear Brutus, is not in our stars, but in ourselves." Judges like Justice Nariman show the constitutional limits to free speech can be read both narrowly and judiciously: we can no longer complain about the Constitution as the primary reason we have so many restrictions on freedom of expression.

For more details visit https://cis-india.org/internet-governance/blog/times-of-india-march-29-2015-pranesh-prakash-three-reasons-why-66a-is-momentous

Three emerging market think tanks to collaborate on Good ID recommendations with Omidyar backing

Admin — 2019-05-14T15:01:48Z

Omidyar Network has invested in a trio of organizations from different regions to support enhanced understanding of the appropriate use and limits of digital identity.

The blog post by Chris Burt was published in Biometri Update on May 8, 2019.

Organizations from Brazil, Kenya, and India will take on a collaborative and iterative research process to help develop Omidyar’s concept of Good ID, according to a blog post by Omidyar Networks Investment Principal Subhashish Bhadra.

The three organizations are the Institute for Technology & Society (ITS), the Centre for Intellectual Property and Information Technology Law (CIPIT), and the Centre for Internet and Society (CIS). The ITS is a non-profit organization based in Brazil, with a mission of ensuring that emerging markets can respond appropriately to digital technologies, and that their benefits are broadly shared. CIPIT is an academic think tank, operating from the Strathmore Law School in Nairobi, Kenya, addressing emerging issues of continent-wide impact and providing an African voice for research networks. CIS is an India-based non-profit, which conducts interdisciplinary academic research to understand how the internet and digital technologies reconfigure social processes and structures.

Bhadra notes that 110 countries have begun identification schemes in the past decade. These programs are often implemented to serve an initial use case, and their application expanded over time.

“In the absence of adequate legislative or judicial oversight, mission creep can create risks for those very individuals that an identity is supposed to empower,” Bhadra writes. “By their very nature, digital identity systems collect some data about individuals in order to provide access to certain services. This immediately raises two interrelated questions. First, how much data should the system collect? Second, what services should it be tied to?”

Determining the appropriate scope of digital identity is inherently complex, and the potential for mission creep and requirement for a growing list of services risks exclusion, privacy violations, and a power imbalance between institutions and individuals, Bhadra argues.

The three groups will conduct independent research over the next six months, and create a set of recommendations and tools for stakeholders to use when engaging with digital identity systems.
Omidyar is a supporter of the Mission Billion Challenge, among several initiatives related to UN SDG 16.9.

For more details visit https://cis-india.org/internet-governance/news/biometric-update-may-8-2019-three-emerging-market-think-tanks-to-collaborate-on-good-id-recommendations-with-omidyar-backing