We are anonymous, we are legion

CIS Response to ICANN's proposed renewal of .org Registry

akriti — 2019-04-28T02:16:40Z

We thank ICANN for the opportunity to comment on this issue of its proposed renewal of the .org Registry Agreement with the operator, Public Interest Registry (PIR). Supporting much of the community , we too find severe issues with the proposed agreement. These centre around the removal of price caps and imposing obligations being currently deliberated in an ongoing Policy Development Process (PDP).

Presumption of Renewal

CIS has, in the past, questioned the need for a presumption of renewal in registry contracts and it is important to emphasize this within the context of this comment as well. We had, also, asked ICANN for their rationale on having such a practice with reference to their contract with Verisign to which they responded saying:

“Absent countervailing reasons, there is little public benefit, and some significant potential for disruption, in regular changes of a registry operator. In addition, a significant chance of losing the right to operate the registry after a short period creates adverse incentives to favor short term gain over long term investment.”

This logic can presumably be applied to the .org registry, as well, yet a re-auction of ,even, legacy top-level domains can only serve to further a fair market, promote competition and ensure that existing registries do not become complacent.

These views were supported in the course of the PDP on Contractual Conditions - Existing Registries in 2006 wherein competition was seen useful for better pricing, operational performance and contributions to registry infrastructure. It was also noted that most service industries incorporate a presumption of competition as opposed to one of renewal.

Download the file to access our full response.

For more details visit https://cis-india.org/internet-governance/blog/akriti-bopanna-april-28-2019-cis-response-to-icanns-proposed-renewal-of-org-registry

Data for Development: Mapping key considerations for policy and practice in India

Admin — 2019-04-25T15:17:55Z

On 24 April 2019 Arindrajit Basu delivered a talk at an event titled at Data for Development:Mapping key considerations for policy and practice in India at Azim Premchand University.

Arindrajit presented some of CIS's work on artificial intelligence and its work on privacy and the SriKrishna Bill, some of the constitutional contours of India's data governance policies and some of the larger implications on India's foreign policy vision as an emerging economy.

For more details visit https://cis-india.org/internet-governance/news/data-for-development-mapping-key-considerations-for-policy-and-practice-in-india

TikTok craze a ticking time bomb for city

Gulam Jeelani — 2019-04-17T08:46:05Z

Unlike YouTube, where videos take a long time to upload, on TikTok it happens in a matter of seconds. Not just the youth, the trend has captured the imagination of criminals too.

The article by Gulam Jeelani with inputs from Priyanka Sharma and Ajay Kumar was published in India Today on April 17, 2019. Shweta Mohandas was quoted.

Last Saturday, 19-year-old Salman Zakir was accidentally shot dead when his friend and he were shooting a video at central Delhi's Ranjit Singh flyover - to be uploaded on the Chinese mobile application TikTok. The latest craze of filming short duration videos for this app, which uploads these within seconds, is giving headaches to the police, as well as parents.

In the last two weeks, the police have arrested at least six youth (including two of Salman's friends), who were caught posing with guns, making clips and uploading those on the app. Responding to this frenzy, the Union Ministry for Electronics and Information Technology on Tuesday asked Google and Apple to take down TikTok from their app stores.

The order came a day after the Supreme Court refused to stay a Madras High Court order asking the Centre to ban the viral app for the potential harm it could cause owing to inappropriate content being posted - pornography and violence. The ministry's order may lead to pulling down the app from the Google Play Store and Apple App Store, preventing any further downloads. The order will not, however, prevent people who have already downloaded the app from using it.

OF GUNS AND GRANDSTANDING

Salman, along with his friends Sohail and Amir, had gone out for a drive to India Gate. While returning, Sohail sitting next to Salman, who was driving the car, pulled out a country-made pistol. He aimed it at Salman while trying to make the TikTok video, but the pistol went off shooting him on his left cheek. In February this year, a daily wage worker was allegedly killed by his friend in Tiruvallur district of Tamil Nadu for uploading an abusive video targeting another community, on Tik-Tok. The video even led to tension and unrest in the village.

Unlike YouTube, where videos take a long time to upload, on TikTok it happens in a matter of seconds. Not just the youth, the trend has captured the imagination of criminals too. Two weeks before Salman's death, apparently carried away by TikTok's online popularity, two criminals landed in the police net after a video featuring them flaunting pistols surfaced on the app. Shahzada Parvez (24) and Monu (23), had been on the police's radar for long.

"They were fans of singer Honey Singh. Earlier, too, they shot a video brandishing pistols at a community function and put it on social media," deputy commissioner of Delhi Police Anto Alphonse said.

"The young and the restless have a tendency to try out new applications in order to gain quick popularity on the web," added Madhur Verma, deputy commissioner of police, New Delhi.

TikTok, known as Douyin in China, where the parent company is based, is a mobile app for filming and sharing videos set to music or a voice-over. With a reported 500 million subscribers worldwide, India is the biggest market for the app, comprising almost 40% of global downloads. According to market analysis firm Sensor Tower, India accounted for 88.6 million new users out of 188 new users in the March quarter.

QUITE A FAD

The app is the latest fad to give parents and teachers cause for concern after the popularity of dangerous online dares such as the Blue Whale Challenge and Kiki Car. "I had seen my son shooting videos at home and at times he would ask me to pose as well. But I came to know about TikTok when his teacher called me," said Vaishali Dhar, a resident of East Nizamuddin, whose son studies in class 8. "I have decided not to encourage him."

Apart from homes and schools, teenagers have been spotted shooting videos in public places such as the recently opened Signature Bridge which connects Wazirabad to East Delhi. Police have had to resort to chasing people shooting videos atop their cars on the bridge. The app is also a rage among Bollywood-crazed Indians who post videos lip-syncing to songs or reciting movie dialogues. It allows the creation of a 15-second video with the user miming to songs. The videos range from harmless to the explicit, depending upon the users one follows.

Last week, ByteDance, the company that owns TikTok, said it had removed more than six million videos that violated its guidelines. The company has appealed against the stay against the ban, claiming it would harm free speech. "We are committed to continuously enhancing our existing measures and introducing additional technical and moderation processes as part of our ongoing commitment to our users in India," it said in an emailed statement.

OVERUSE & ABUSE

But can the app itself be blamed for its misuse? Experts advocate taking the awareness and sensitisation approach than imposing a blanket ban. Faisal Kawoosa, Chief Analyst at Gurugram-based market research firm techARC, says the easy and inexpensive availability of the Internet and increased smartphone penetration has contributed to the growth of TikTok, and other apps in the country. "Banning is no solution. If you can't download it from the app store (which is authentic), you will encourage illegal downloads which are even more dangerous," adds Kawoosa.

"Even in a Google sign-up, one needs to be above 18 years of age. So it is more about ethics that we practise than an app having a problem," he said. Some experts also raised data privacy concerns which come with the application. "The issue with these apps as with other apps is that it is not clear in which way the data is being processed, stored, or shared with third parties," said Shweta Mohandas, policy officer at the Centre for Internet and Society, a Bengaluru-based research and advocacy non-profit.

"I do not think that a ban on Tik-Tok is a solution. People forget that the existing videos can still be shared on other social media platforms. A young person with TikTok on his or her phone will in all probability be active on other social media and messaging apps. A better approach is to sensitise people about the way the app functions, and the information that is public on the app," she said.

In the US, the app has been accused of collecting personal data from users under the age of 13 without parental consent. "Every other person has a mobile phone today. In the recent past, the Blue Whale challenge, Kiki car challenge and now TikTok have become an entertainment tool for the youth and schoolchildren. In order to attain instant fame and validation from peers with likes and shares, they end up making viral videos on social media," said Dr Rajeev Mehta, Vice Chairman of psychiatry department at Sir Ganga Ram Hospital.

For more details visit https://cis-india.org/internet-governance/news/india-today-april-17-2019-gulam-jeelani-tik-tok-craze-a-ticking-time-bomb-for-city

To preserve freedoms online, amend the IT Act

gurshabad — 2019-04-16T10:09:41Z

Look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

The article by Gurshabad Grover was published in the Hindustan Times on April 16, 2019.

The issue of blocking of websites and online services in India has gained much deserved traction after internet users reported that popular services like Reddit and Telegram were inaccessible on certain Internet Service Providers (ISPs). The befuddlement of users calls for a look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

Among other things, Section 69A of the Information Technology (IT) Act, which regulates takedown and blocking of online content, allows both government departments and courts to issue directions to ISPs to block websites. Since court orders are in the public domain, it is possible to know this set of blocked websites and URLs. However, the process is much more opaque when it comes to government orders.

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009, issued under the Act, detail a process entirely driven through decisions made by executive-appointed officers. Although some scrutiny of such orders is required normally, it can be waived in cases of emergencies. The process does not require judicial sanction, and does not present an opportunity of a fair hearing to the website owner. Notably, the rules also mandate ISPs to maintain all such government requests as confidential, thus making the process and complete list of blocked websites unavailable to the general public.

In the absence of transparency, we have to rely on a mix of user reports and media reports that carry leaked government documents to get a glimpse into what websites the government is blocking. Civil society efforts to get the entire list of blocked websites have repeatedly failed. In response to the Right to Information (RTI) request filed by the Software Freedom Law Centre India in August 2017, the Ministry of Electronics and IT refused to provide the entire of list of blocked websites citing national security and public order, but only revealed the number of blocked websites: 11,422.

Unsurprisingly, ISPs do not share this information because of the confidentiality provision in the rules. A 2017 study by the Centre for Internet and Society (CIS) found all five ISPs surveyed refused to share information about website blocking requests. In July 2018, the Bharat Sanchar Nagam Limited rejected the RTI request by CIS which asked for the list of blocked websites.

The lack of transparency, clear guidelines, and a monitoring mechanism means that there are various forms of arbitrary behaviour by ISPs. First and most importantly, there is no way to ascertain whether a website block has legal backing through a government order because of the aforementioned confidentiality clause. Second, the rules define no technical method for the ISPs to follow to block the website. This results in some ISPs suppressing Domain Name System queries (which translate human-parseable addresses like ‘example.com’ to their network address, ‘93.184.216.34’), or using the Hypertext Transfer Protocol (HTTP) headers to block requests. Third, as has been made clear with recent user reports, users in different regions and telecom circles, but serviced by the same ISP, may be facing a different list of blocked websites. Fourth, when blocking orders are rescinded, there is no way to make sure that ISPs have unblocked the websites. These factors mean that two Indians can have wildly different experiences with online censorship.

Organisations like the Internet Freedom Foundation have also been pointing out how, if ISPs block websites in a non-transparent way (for example, when there is no information page mentioning a government order presented to users when they attempt to access a blocked website), it constitutes a violation of the net neutrality rules that ISPs are bound to since July 2018.

While the Supreme Court upheld the legality of the rules in 2015 in Shreya Singhal vs. Union of India, recent events highlight how the opaque processes can have arbitrary and unfair outcomes for users and website owners. The right to access to information and freedom of expression are essential to a liberal democratic order. To preserve these freedoms online, there is a need to amend the rules under the IT Act to replace the current regime with a transparent and fair process that makes the government accountable for its decisions that aim to censor speech on the internet.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-april-16-2019-gurshabad-grover-to-preserve-freedoms-online-amend-it-act

Reddit, Telegram among websites blocked in India, say internet groups

Sai Sachin Ravikumar — 2019-04-15T10:32:54Z

Discussion board Reddit, messaging service Telegram and comedy site College Humor have been blocked for intermittent periods, say internet groups.

The article by Sai Sachin Ravikumar was published in Business Standard on April 3, 2019. Gurshabad Grover was quoted.

Websites like Reddit and Telegram are being blocked in India by internet service providers, throwing into question the enforcement of net neutrality rules, advocacy groups said on Wednesday.

Restrictions on "torrent sites" that offer free movie and music downloads are routine in India to prevent copyright infringement. Pornography websites are also blocked by court orders seeking to protect children.

But in recent months, websites such as the discussion board Reddit, messaging service Telegram and comedy site College Humor have been blocked for intermittent periods, often for days and only in some regions, baffling internet users.

"It's not making any sense, what's happening," said Apar Gupta, executive director at the non-profit Internet Freedom Foundation (IFF). "A lot of these blocks are also happening in such a way that no notices are displayed." Since January, there have been at least 250 reports of websites blocked on networks operated by Jio, a unit of Reliance Industries, Bharti Airtel and Hathway, the IFF said in a letter to the telecoms department.

Jio and Airtel are among India's top telecom providers.

Some internet users have posted on social media screenshots of pages displaying messages saying a website was blocked to comply with government orders.

When Reuters tried to access CollegeHumor.com on Wednesday a message read: "Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India."

An official at the telecoms department, which last year approved rules on net neutrality--the concept that all websites and data on the Internet be treated equally--declined to comment when contacted by Reuters.

Complaints by Indian internet users have covered "most forms of net neutrality violations," IFF's Gupta said.

Nearly 60 per cent of the user reports compiled by the foundation since January involved Jio networks, the IFF's data showed.

A Jio representative did not respond to an emailed request for comment. Hathway did not reply to phone and email requests for comment.

Bharti Airtel said in a statement it "supports an open internet" and does not block content unless directed by authorities. It did not say if it was currently blocking any websites.

Reddit did not respond to an emailed request for comment outside regular U.S. business hours.

Telegram, which has been blocked previously in Russia and Iran, did not immediately respond to a phone message seeking comment.

If websites are blocked based on government or court orders, or internet firms have legal grounds to restrict web pages, they might not violate net neutrality rules, said Gurshabad Grover, a researcher at the non-profit Centre for Internet and Society.

"But in this case we're not entirely sure," he said.

Other sites blocked this year include tax portal Taxscan and legal database Indian Kanoon.

After complaints from Jio's internet users, Indian Kanoon founder Sushant Sharma said he had been told by Jio the portal was blocked for one day last week due to a government order.

"By evening, apparently, that order was taken back," said Sharma, whose website has some 150,000 daily visitors.

For more details visit https://cis-india.org/internet-governance/news/business-standard-sai-sachin-ravikumar-april-3-2019-reddit-telegram-among-websites-blocked-in-india

Programme Officer - Privacy

amber — 2019-04-15T06:53:44Z

The Centre for Internet and Society (CIS) is seeking applications for the position of Programme Officer, to undertake public policy research on privacy and related themes. For this position, we will hire one full time researcher, to be based in the Delhi office of CIS, for the duration of one year.

To apply for this position please write to amber@cis-india.org along with a CV, two writing samples and contact details of two references, Interested candidates are invited to send their applications at the earliest — latest by April 30th.

Organisation Profile

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa. Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and practices around internet, technology and society in India, and elsewhere.

Privacy Research at CIS

While privacy has been a key subject of study for digital rights and development organisations in India for the last decade, recent and ongoing legal and policy developments have placed this issue at the forefront of human rights and regulatory research. CIS has conducted extensive research into the areas of privacy, data protection, data security, and was also a member of the Committee of Experts constituted under Justice A P Shah. CIS has also been cited multiple times in the Report of the Committee of Experts led by Justice Srikrishna. CIS values the fundamental principles of justice, equality, freedom and economic development and strongly advocates the right to privacy.

Over the next year, CIS intends to look at several research questions on data protection which may include the global experience with privacy enforcement, need for effective redressal mechanisms, documenting the design of business models and data flows, regulation of social media big data, how data of disadvantaged groups including children may be protected. Additionally, while we now have the Supreme Court’s unanimous and emphatic recognition of the fundamental right to privacy, there is a need for research enquiry into several issues such as a clarification of the scope of the Puttaswamy judgment, unpacking the different dimensions of privacy, how state actions interact with privacy.

The Role

Research and analysis: Literature review, policy design, detailed analysis of research topics
Knowledge management: Staying up-to-date on developments of interest to the project, and sharing/debating these with the team. Contributing to documentary and knowledge management processes
Policy outreach and stakeholder engagement: Supporting the project manager in the dissemination of research findings in innovative formats. Attending, planning and executing events
Writing op-eds, short notes, policy briefs and longer form academic writing for a range of audiences
Presentations and formal discussions: Preparing and delivering presentations to various audiences
Helping manage communications with stakeholders including international experts, regulators and policy makers
Managing interns and team: Managing work outputs with our interns; coordinating research with team members and the project manager

Qualifications and Skills

We are looking for professionals from law, regulatory theory and public policy backgrounds.

We are looking for candidates who are interested in studying the regulatory challenges of notice and consent, state capacity, how business models thwart privacy and the future of privacy post Puttaswamy.

This is a full-time position based out of Delhi. The position is for a duration of one year. Salary will be commensurate with qualifications and experience.

For more details visit https://cis-india.org/jobs/programme-officer-privacy-2019

(re) conference

Admin — 2019-05-02T02:01:48Z

From 10 to 12 April 2019, Aayush Rathi participated in a "reconference" a global conference designed to provoke conversations around the new possibilities and opportunities for feminist movements. It was held in Kathmandu, and was organised by CREA, a feminist human rights organisation based in New Delhi.

At the (re)conference, Aayush Rathi spoke on a panel as a part of the technology track curated by Point of View. The research Ambika Tandon and Aayush have undertaken on reproductive health and its datafication in India, as a part of the BD4D project, was selected to be presented on the panel. The presentation can be found here. The agenda and theme of the (re) conference can be found here.

For more details visit https://cis-india.org/internet-governance/news/crea-reconference

Data leaks could wreak havoc in India, so why aren’t they an issue this election?

Aria Thaker — 2019-04-12T01:40:58Z

India’s government leaks data like a sieve, and it’s putting people at risk.

The article by Aria Thaker was published in Quartz India on April 4, 2019. Karan Saini was quoted.

The latest instance was reported on April 01, when technology website ZDNet reported that an Indian government agency had left sensitive medical records of 12.5 million pregnant women online, in a database that wasn’t even password protected.

This is only the latest in a slew of dozens of data leaks and cybersecurity lapses that have plagued the Indian government over the past few years. These have occurred despite—or in part, because of—prime minister Narendra Modi’s aggressive push towards “Digital India.”

Sloppy digitisation efforts and a lack of capacity in cybersecurity issues have caused so many leaks that they seem almost routine by now. Even the one reported by ZDNet, large and grievous as it is, has received little coverage in the mainstream media so far.

“This issue has to be an election priority—the focus on privacy and protection of citizen data,” Raman Chima, policy director at digital-rights organisation Access Now, told Quartz. But as India’s general election approaches, the near silence from politicians on these issues is deafening.

Endangering pregnant women and children

ZDNet reported that a database of medical records from 12.5 million pregnant women was left available online by the department of medical, health and family welfare of a northern Indian state. It does not name the state since the server is still available online, though the medical records have finally been removed, almost a month after security researcher Bob Diachenko contacted the department.

The information in this database was extremely sensitive, including patients’ names, contact details, disease information, pregnancy status and complications, and procedures, such as abortions, that they have undergone.

This wasn’t the first such data leak incident involving the government—nor even the first involving pregnant women.

“This could lead to significant bodily harms to a woman in a context where abortions, especially for unmarried women, are heavily stigmatised,” said Ambika Tandon, a policy officer who researches gender and tech issues for the think tank Centre for Internet and Society (CIS). Women who seek abortions or sensitive procedures “may resort to unsafe abortions at facilities that are not registered for fear of their personal information or physical and informational privacy being compromised,” Tandon said.

Yet this wasn’t the first such incident involving the government—nor even the first involving pregnant women.

Aadhaar and beyond

Aadhaar, the 12-digit personal identification number from India’s controversial, biometrics-backed database, has often been at the centre of previous such leaks in India. Much like a the social security number in the US, it is a sensitive piece of information as it helps identify individuals and is often linked to other government and financial services one uses.

Here’s a look at just a handful of the most prominent leaks, breaches, and vulnerabilities involving Aadhaar:

May 2017: Around 130 million individuals have their Aadhaar numbers, banking details, and more leaked on four government websites
January 2018: A reporter of The Tribune newspaper pays Rs500 ($7) to access a portal with demographic data from every Aadhaar holder in the country
March 2018: State-owned gas company Indane leaks private dataof its customers and all Aadhaar holders
April 2018: Andhra Pradesh leaks medical records of over 2 million pregnant women, as well as their Aadhaar numbers and contact details
June 2018: An unsecured Aadhaar API on over 70 subdomains of a government website allows anyone to access demographic-authentication services
July 2018: Data of 250,000 students taking a government medical entrance exam is leaked and sold online
January 2019: The State Bank of India, the country’s largest bank, leaks financial data of millions customers
February 2019: Indane strikes again. Aadhaar data of nearly 6.7 million dealers and distributors of the state-owned gas company is exposed on its dealers portal

This list is far from comprehensive. Aadhaar-related leaks alone comprise at least 37 such cases, which can be found listed on Indian tech site Medianama. These include instances of many state and central departments publishing Aadhaar numbers next to banking details, or even instances of colour photocopies of Aadhaar cards being published online.

Government entities, especially the Unique Identification Authority of India (UIDAI), which administers Aadhaar, have been known to take a long time—sometimes even months—to respond to leaks. Worse, they have often hounded journalists and whistleblowers raising awareness about these incidents. For instance, the UIDAI filed a police case against The Tribune’s reporter and, weeks later, the newspaper’s editor stepped down. CIS, which published the report about 130 million Aadhaar records being exposed, received a legal notice from the UIDAI.

Why do leaks happen?

India’s government agencies are undergoing rapid digitisation.

“There’s been a particular focus over the past few years to aggregate (data) from different databases that might normally exist in one area, or one scheme, and bring them together to one master spreadsheet,” said Chima of Access Now. “As a result of this, a lot of data is being collected in a few places and (the government) is not doing enough thinking…as to how to control and think about cybersecurity.”

Besides, government departments face major personnel and training issues in matters of cybersecurity.

“Most of the officials who collect information do not know about security practices, and they don’t really understand the challenges involved,” said Srinivas Kodali, a cybersecurity researcher who has uncovered many government leaks. “They think it’s normal data—they don’t understand the privacy implications of it.”

Beyond this, a lack of resources holds government bodies back from protecting user data. “Indian government departments require an increase in skill and resources to deal with information security,” said Karan Saini, a security researcher and policy officer at CIS, who has also reported leaks and vulnerabilities.

A lack of comprehensive privacy regulation exacerbates the problem. India does not currently have a data-protection law. A draft bill was put forth by the electronics and IT ministry last year, but it has been criticised by many for being too lenient on government institutions who handle citizen data.

How leaks and lapses endanger democracy

The issue of data leaks is deeply tied to one of the core threats to democracy today—voter microtargeting, which often takes the form of parties conveying conflicting messages to different social groups, in their attempts to get elected. Such targeting has been under the global spotlight since 2016, after secretive firm Cambridge Analytica reportedly used it in Donald Trump’s presidential campaign.

In India, “there’s a lot of these datasets of sensitive data about citizens available, which may have electoral implications in terms of how it affects people’s desire to vote, and the ability of parties to influence or micro-target them,” Chima said.

Parties have already demonstrated an appetite for citizen data. Modi’s Bharatiya Janata Party has already been known to target voters based on data such as electricity bills, which are thought to reveal a voter’s socioeconomic standing.

State-held data could be abused by politicians, especially those currently in power, to target or profile voters.

Now Aadhaar has come into the picture as well, with the government attempting, in a failed project, to link the biometrics-backed ID number with citizens’ voter ID numbers. The project was discontinued in 2015, but concerns remain about the way the data was collected, with ground reports suggesting that reams of documents are still floating in government offices and private homes. It has also been suggested that the lapsed linking project resulted in the disenfranchisement of millions, due to an opaque algorithm it used.

Worries abound that existing state-held data could be abused by politicians, especially those currently in power, to target or profile voters. State resident data hubs (SRDH), which use Aadhaar to log full profiles of individuals, including the government schemes they avail, have come under the scanner for being particularly dangerous for profiling.

Reports have already suggested the occurrence of such data being used for political gain. An app used by a leading party in Andhra Pradesh has been accused of using stolen state data to profile voters based on caste, though the party denied this.

A government or political actor’s access to state repositories of data, which might be aided by data leaks, could be a truly sinister political tool that sways an election.

For more details visit https://cis-india.org/internet-governance/news/quartz-india-aria-thaker-april-4-2019-data-leaks-and-cybersecurity-should-be-an-election-issue-in-india

Policy Lab on Artificial Intelligence & Democracy

Admin — 2019-04-12T01:32:32Z

Shweta Mohandas participated in a policy lab on Artificial Intelligence & Democracy in India organised by Tandem Research, in partnership with Microsoft Research and Friedrich-Ebert-Stiftung on 2 & 3 April, 2019, in Bangalore.

For more details visit https://cis-india.org/telecom/news/policy-lab-on-artificial-intelligence-democracy

Cookies, not the monster you may think

Sweta Akundi — 2019-04-12T01:10:07Z

Follow the crumbs to a better understanding of data protection and privacy.

The article by Sweta Akundi was published in the Hindu on April 8, 2019. Pranav Manjesh Bidare was quoted.

You’re window-shopping at an electronics store, looking at headphones. The sales assistant offers some help, but you politely decline. “I’m just looking,” you respond. A month later, you come back, and the sales assistant not only remembers you, but also directs you to the latest headphones they have. Creepy? Perhaps, but it’s a regular occurrence on e-commerce websites such as Amazon.

Enter cookies: small text files placed either temporarily or permanently by websites on your hard drive, which are used to monitor your activities online. Those annoying banners that pop up while you are opening a new website, telling you that this site uses cookies? You click okay in a huff because, let’s face it, you’re a busy wo/man? Essentially, you’ve given the websites permission to place cookies on your computer.

“HTTP cookies track user activities, save passwords, and authenticate sensitive information. For example, let’s say you make a purchase with your debit card. When you enter the OTP, you are notified to not refresh the page. That happens because when you enter sensitive information, an authentication cookie is created and stored. It helps the server verifying your transaction make sure that it is just you who is logged in, and not any other person who could try to access your data,” explains Pranav Manjesh Bidare, policy officer at Bengaluru-based The Centre for Internet & Society.

These cookies can be placed by either first-party (the website you are primarily accessing) or third parties (any website that places content onto the primary website). YouTube embeds, sponsored ads, social media links all fall under the latter category. They send you independent cookies which, too, can track your activities.

How safe is it?

“Cookies are vulnerable to interception by a malicious actor. When the cookie is being transmitted to and from your computer, there is a possibility of information like your browsing history, shopping trends, and authentication data being stolen from it,” says Pranav. “However, most of it is taken care of by the HTTPS protocol, which ensures a secure connection between servers and your computer.” Once the cookies are on your device, they can be safeguarded using proper anti-virus. “However there could also be cases where someone impersonates a website and accesses your cookies. That’s something the HTTPS protocol can’t solve alone.” You could manually delete cookies, or pay more attention to what you’re agreeing to share, when you enter a website. Moreover, the constant cookie consent pop-ups do get on the nerves.

That said, the European Union is amending its privacy laws; under the new regulations, if such a draft is passed, users will be given the option of a blanket refusal of cookies, or of just third-party ones, presented in an easy-to-understand layout. However, cookies deemed to be ‘non-intrusive’ will not be subject to restrictions under the regulation.

If there’s anything we have learnt from the Facebook and Cambridge Analytica fiasco, it’s that we need to have a better understanding of what privacy and data on the Internet means.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-sweta-akundi-april-8-2019-microchips-cookies-and-the-internet-privacy-authentication

CIS Response to Call for Stakeholder Comments: Draft E-Commerce Policy

Arindrajit Basu, Vipul Kharbanda, Elonnai Hickok and Amber Sinha — 2019-04-10T12:12:43Z

CIS is grateful for the opportunity to submit to the Department of Industrial Policy and Promotion comments to the draft National e-commerce policy.

The Department of Industrial Policy and Promotion released a draft e-commerce policy in February for which stakeholder comments were sought. CIS responded to the request for comments.

The full text can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/cis-response-to-call-for-stakeholder-comments-draft-e-commerce-policy

DIDP #33 On ICANN's 2012 gTLD round auction fund

akriti — 2019-07-09T15:51:47Z

This DIDP was filed to inquire about the state of the funds ICANN received from the last gTLD auctions.

In 2012, after years of deliberation ICANN opened the application round for new top level domains and saw over 1930 applications. Since October 2013, delegation of these extensions commenced with it still going on. However, 7 years since the round was open there has been no consensus on how to utilize the funds obtained from the auctions. ICANN until its last meeting was debating on the legal mechanisms/ entities to be created who will decide on the disbursement of these funds. There is no clear information on how those funds have been maintained over the years or its treatments in terms of whether they have been set aside or invested etc. Thus, our DIDP questions ICANN on the status of these funds and can be found here.

The response to the DIDP received on 24th April, 2019 states that that even though the request asked for information, rather than documentation, our question was answered. Reiterating that the DIDP mechanism was developed to provide documentation rather than information. It stated that on 25 October 2018, Resolution 2018.10.25.23 was passed that compels the President and CEO to allocate $36 million to the Reserve Fund. The gTLD auction proceeds were allocated to separate investment accounts, and the interest accruing from the proceedings was in accordance with the new gTLD Investment Policy.

For more details visit https://cis-india.org/internet-governance/blog/akriti-bopanna-april-4-2019-didp-33-on-icann-s-2012-gtld-round-auction-fund

The Phantom Public: The Role of Social Media in Democracy

Admin — 2019-05-01T05:09:19Z

Amber Sinha delivered an open lecture at Ambedkar University, New Delhi on 3 April 2019.

India has over 500 million internet users — over a third of its total population — making it the country with the second largest number of Internet users after China. For the world’s largest democracy, the Internet should be a boon. After all, Sir Tim Berners-Lee, the inventor of the world wide web, had envisioned the Internet to as an “open platform that allows anyone to share information, access opportunities and collaborate across geographical boundaries.” The democratization of information it facilitated should have led to a more informed citizenry, but instead what we have is the complete opposite. The average digital citizen in India maintains a near perpetual information illiteracy about where they receive news and information from, whether or not it is true and how it is intended to manipulate them. This is, in large part, because social media has become the primary source of information.

The problems of the public, how it may get access to meaningful information, how it organises itself, and how public opinion is shaped are now deeply impacted by the rise of social media and messaging platforms as political tools of targeting, gathering and organising. How this new media thwarts and enables the goals of the public in India at present is the primary subject matter of this talk. We will cover a range of issues such as fake news and hate speech on social media, the use Facebook by Cambridge Analytica in elections, and how online platforms are governed, particularly with a view towards elections.

For more details visit https://cis-india.org/internet-governance/news/the-phantom-public-the-role-of-social-media-in-democracy

CIS Response to Draft E-Commerce Policy

amber — 2019-04-26T06:40:34Z

CIS is grateful for the opportunity to submit comments to the Department of Industrial Policy and Promotion on the draft national e-commerce policy. This response was authored by Amber Sinha, Arindrajit Basu, Elonnai Hickok and Vipul Kharbanda.

Access our response to the draft policy here: Download (PDF)

The E-Commerce Policy is a much needed and timely document that seeks to enable the growth of India's digital ecosystem. Crucially, it backs up India's stance at the WTO, which has been a robust pushback against digital trade policies that would benefit the developed world at the cost of emerging economies. However, in order to ensure that the benefits of the digital economy are truly shared, focus must not only be on the sellers but also on the consumers, which automatically brings in individual rights into the question. No right is absolute but there needs to be a fair trade-off between the mercantilist aspirations of a burgeoning digital economy and the civil and political rights of the individuals who are spurring the economy on. We also appreciate the recognition that the regulation of e-commerce must be an inter-disciplinary effort and the assertion of the roles of various other departments and ministries. However, we also caution against over-reach and encroaching into policy domains that fall within the mandate of existing laws.

For more details visit https://cis-india.org/internet-governance/blog/cis-response-to-draft-e-commerce-policy

Now, police use apps to catch a criminal

Ketaki Desai — 2019-03-31T15:47:00Z

Recently, Punjab police detained three suspects on a tip-off. The cops clicked their photographs, uploaded them on an app called the Punjab Artificial Intelligence System or PAIS which uses facial recognition, and immediately got the lowdown on their criminal history, which involved a contract killing and looting. Four stolen vehicles and five weapons were recovered from them.

The article by Ketaki Desai with inputs from Sanjeev Verma in Chandigarh was published in the Times of India on March 31, 2019. Arindrajit Basu was quoted.

Police forces around the country are increasingly relying on artificial intelligence as both a crime-busting and prevention tool despite concerns about the inbuilt biases of algorithms, and the worry that policing may win over privacy.

Atul Rai, founder CEO of Gurgaon-based firm Staqu Technologies, which developed the app used by Punjab police, says they collect data from various state agencies and have built a database on criminals. “An NCRB (National Crime Records Bureau) report showed that 70% of crimes are committed by repeat criminals. Our facial recognition software works even on low-resolution photos and videos.” Police departments in UP, Uttarakhand and Rajasthan are armed with similar apps. And how likely is it that this facial recognition tech makes mistakes? It has 98% accuracy, claims Rai.

Other companies are also in the fray. Chennai’s FaceTagr has built a database of 75,000 photographs, and claims its app – currently being used in Tamil Nadu, Andhra Pradesh and Puducherry – is able to identify faces with an accuracy of 99.4%.

Facial recognition doesn’t just help catch the bad guys, it can also help trafficked kids reunite with their families. Vijay Gnanadesikan, CEO of FaceTagr, says they have begun to work with the Indian Railways to facilitate this. “Often, a child is not able to tell police officers where they are from. Now if a child is reported missing in Mumbai, and found in Bengaluru, the parents can be found if both police departments upload his or her photo.”

UP’s Trinetra app, developed by Staqu Tech, was launched in December, 2018. I-G (crime) S K Bhagat says, “We didn’t have any centralised criminal database in UP before this.” The app informs the cops of the status of each person in custody, and whether they are out on bail. This means that if a chain-snatching takes place in Lucknow, they can filter suspects and also show the victim their photos for identification. “Right now we’re in the first phase of using the app; beat officers still don’t yet have direct access but their SHO does.” To prevent misuse, a centralised monitoring system has been developed.

Staqu also offers predictive analytics— they collect data from news sites and blogs, aggregate information about crime patterns across the country, and create a ‘heat map’ for law enforcement agencies. Using this, they are able to make predictions about where, how and by whom a crime might be committed.

But predictive policing is problematic, points out Vidushi Marda of human rights organisation Article 19. “Data is often imperfect, and it’s easy for a deeply unequal, biased outlook of society to be embedded in data. This means that people who have always been arrested for no reason will continue to be arrested for no reason. And because it’s an algorithm, we can’t refute it,” she says.

Uncanny Vision, a Bengaluru-based company, makes smart CCTVs that are deployed in ATMs and number plate readers that are used on national highways in Kerala to curb speeding. Co-founder Navaneethan Sundaramoorthy says, “Our ATM CCTVs don’t use facial recognition, they just look at the actions. We take the video, convert it into information and toss away the video.” He thinks that privacy concerns are important. “Is it possible for the government to use it in any big-brother scenario? Yes, but that has always been the case. With this technology, we can control who has access to the information that comes from CCTVs, and there is a clear footprint about who has accessed the information,” he says.

Apar Gupta, executive director of the Internet Freedom Foundation, points out that there are no regulatory safeguards in place. “The first thing surveillance needs is a statutory framework—what is its purpose, how is it being carried out, and what limits they cannot go beyond. These surveillance systems are being made without adequate civil society engagement. There needs to be a third-party data protection authority to audit their activities.”

Arindrajit Basu, senior policy officer at the Centre for Internet and Society, says the advantages of AI in tracking crime have to be balanced with accountability. “The government can be taken to court for violation of a fundamental right, including the recently recognised right to privacy. But, most of this tech is being rolled out in collaboration with private actors. You can’t take a private company to court for this.” The solution might lie in private companies sharing liability with the government, he says. “That will ensure that they consider the ethical consequences of their products.”

For more details visit https://cis-india.org/internet-governance/news/times-of-india-march-31-2019-ketaki-desai-now-police-use-apps-to-catch-a-criminal