We are anonymous, we are legion

The year social media came of age in India

praskrishna — 2012-12-31T03:33:19Z

Sambhavi Saxena, 19, was at Jantar Mantar on December 25 protesting against Nirbhaya's brutal rape when Delhi Police swooped down, rounded her up along with other agitators and took them to the Parliament Street police station. Sambhavi fired tweet after tweet even as she was bundled into a van.

The article by Javed Anwer and Rukmini Shrinivasan was published in the Times of India on December 31, 2012. Sunil Abraham is quoted.

She went on broadcasting to the world all that was happening around her. "Illegally being held here at Parliament St Police Station Delhi w/ 15 other women. Terrified, pls RT," she tweeted. It worked. In a flash, more than 1,700 people retweeted her SOS. Social media analytics firm Favstar later said the message reached over two lakh people.

Police later contested many of Sambhavi's claims. Yet, there was no denying it was her voice that was heard. Her tweets triggered a social media frenzy. The media reacted swiftly. Lawyers volunteered, activists landed up at the police station. Celebrities condemned the action. The police stood no chance.

For the government and keepers of law, it was a PR disaster. They had lost a battle they were accustomed to winning hands down. Now, there was a pesky entity — the public — seeking to change the rules of the game. A teenager armed with a smartphone had used the magic platform called social media to devastating effect, catching the agents of the state flatfooted.

India might have tasted the power of the smartphone first in 2011 when Anna Hazare's stinging anti-corruption message rode the social media wave. But this year saw social media creating a new phenomenon — the rise of the virtually connected Indian youth — which is likely to redraw the terms of engagement between the state and its urban population.

The networking tool that's now a weapon

Finance minister P Chidambaram recently tried to sum up the phenomenon by likening social media-driven snap protests to a flash-mob phenomenon. "Flash mob is a new phenomenon... sometimes they gather to dance and sing. But sometimes they gather to protest... I don't think we are fully prepared to deal with it." Going by the last fortnight, when the government fumbled in dealing with widespread protests over Nirbhaya, the minister's admission was an understatement. Let alone being "fully prepared", they didn't have a clue.

The unbridling of the power of the social media was undoubtedly a top, if not no. 1, trend of 2012 in India. In many cases, it set the agenda of public discourse. As in Palghar, where young Shaheen Dhada's Facebook comment on the shutdown of Mumbai after Bal Thackeray's death kicked off a storm, the virtual world triggered several real-world controversies.

In fits and starts, politicians and the government realized the folly of not joining the fast-unfolding revolution, the exceptions being the Twitter-savvy Shashi Tharoor and Omar Abdullah. The @PMOIndia Twitter handle was born, and today 3.5 lakh people follow it. A host of politicians soon hopped on, realizing the freedom the platform offered for comment on issues, which TV studios didn't.

For Bollywood celebs and cricketers, it became a great way to keep in touch with fans. But the real power of this irreverent and often insolent medium lay with the young aam admi who used social media fearlessly. They voiced their opinion and unsparingly ridiculed leaders with hashtags like #theekhai, making powerful headlines out of what otherwise would have been just whistling in the air.

What's the USP of the social media? On this platform, free speech is unhindered. It's a virtual megaphone with a global reach, as the numbers show. Whether it's Twitter or Facebook, India is a huge presence. Facebook has more than 65 million active users here, putting the country among the top five worldwide in terms of users. Twitter, which has 200 million active users globally, doesn't provide country-specific numbers. But SemioCast, a Paris-based research firm, said in a report in July that India had around 18 million Twitter accounts, placing it sixth among the biggest Twitter nations.

A lot of this social media boom happened in 2012. Research firm SocialBakers estimated in November that the number of Indian Facebook users swelled by 14 million in the past six months. While internet penetration in India is just 11% — three times lower than the global average — around 137million users make the country third biggest in terms of web-connected citizens. Most of these users are urban and young. A Comscore report says 75% of web users here are under-35.

Unlike youngsters in many other countries, Indians are politically active on the web. A Pew Research study this December established that nearly 45% of Indian web users, most of them from urban areas, connect on social media to discuss politics. Only Arab countries scored higher than India on this account. The numbers are backed by GlobalWebIndex, which noted in a September report that India is the third most socially active country with around 78 points.

But this unfettered, unfiltered flow of information and messages showed its ugly side as well. The mischievous rumour-mongering in the wake of the Assam riots was a case in point, as MMSs and incendiary text messages triggered an exodus of people belonging to the northeast from Bangalore, Pune, Chennai and Hyderabad.

Facebook and Twitter started off as friendship and networking tools. But, they have evolved into potent weapons of social mobilization. In a way, India Against Corruption can be credited with starting it in mid-2010. "If you have a worthy cause, social media provides you an unbiased, unfiltered avenue," says Shivendra Chauhan, social media manager for the outfit. "Without it, we wouldn't have got the kind of overwhelming support we received from the youth."

But Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, cautions against being overly technologically deterministic. "Technology doesn't have agency; human beings do. Transferring energy from social media on to the streets isn't something that'll happen every time. It depends on whether the message resonates," he says.

While the anti-corruption movement ran on a sophisticated social media strategy and campaign, the ongoing anti-rape protests have no single organizer or banner, just a message that resonates, says Abraham. On the other hand, when Anonymous India called for boots on the ground at its protests against internet censorship, the turnout was poor, far lower than the number of hashtags on Twitter would have indicated, he adds.

Abraham points out there are close linkages between internet, text messages, social media and mainstream media. "These channels leak into each other and the causal connection becomes unclear," he says. Madhuresh Kumar, national coordinator of the National Alliance of People's Movements (NAPM), an umbrella organization of grassroots movements of the marginalized, agrees. "We use social media, not so much to mobilize people to come to our protests, but to mobilize the mainstream media."

The message determines the power of the medium. If it's something that connects viscerally, like the Nirbhaya protests, its power and reach can be beyond imagination. If it is a more niche message, like an SOS for a dwindling fish species, it will reach a smaller, targeted audience such as environmentalists. But it will reach — unhindered in the palm of your hand.

Look at it any which way, it is here to stay. So, it's time for the state to learn to deal with the new power of the ordinary citizen.

For more details visit https://cis-india.org/news/times-of-india-december-31-2012-javed-anwer-and-rukmini-shrinivasan-the-year-social-media-came-of-age-in-india

The Worldwide Web of Concerns

pranesh — 2012-12-10T05:10:47Z

The threat of a ‘UN takeover’ of the Internet through the WCIT is non-existent. However, that does not mean that activists have been crying themselves hoarse in vain.

Pranesh Prakash's column was published in the Asian Age on December 10, 2012.

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the International Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence. Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

While there are welcome proposals (consumer protection relating to billing of international roaming), there have also been contentious issues that Internet activists have raised: a) process-related problems with the ITU; b) scope of the ITRs, and of ITU’s authority; c) content-related proposals and “evil governments” clamping down on free speech; d) IP traffic routing and distribution of revenues.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

ITU’s relationship with Internet governance has been complicated. In 1997, it was happy to take a hands-off approach, cooperating with Internet Society and others, only to seek a larger role in Internet governance soon after. In part this has been because the United States cocked a snook at the ITU and the world community in 1998 through the way it established Internet Corporation for Assigned Names and Numbers (ICANN) as a body to look after the Internet’s domain name system. While the fact that the US has oversight over ICANN needs to change (with de-nationalisation being the best option), Russia wants to supersede ICANN and that too through current revisions of the ITRs. Russia’s proposal is a dreadful idea, and must not just be discarded lightly but thrown away with great force. The ITU should remain but one among multiple equal stakeholders concerned with Internet governance.

One important, but relatively unnoticed, proposed change to ITU’s authority is that of making the standards that ITU’s technical wing churns out mandatory. This is a terrible idea (especially in view of the ITU’s track record at such standards) that only a stuffy bureaucrat without any real-world insight into standards adoption could have dreamt up.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs. Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent so-called “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The threat of a “UN takeover” of the Internet through the WCIT is non-existent. Since the ITU’s secretary-general is insisting on consensus (as is tradition) rather than voting, the possibility of bad proposals (of which there are many) going through is slim. However, that doesn’t mean that activists have been crying themselves hoarse in vain. That people around the world are a bit more aware about the linkage between the technical features of the Internet and its potential as a vehicle for free speech, commerce and development, is worth having to hear some shriller voices out there.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/asian-age-column-december-10-2012-pranesh-prakash-the-worldwide-web-of-concerns

The Worldwide Web of Concerns

pranesh — 2012-12-27T04:31:39Z

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the Inter-national Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Pranesh Prakash's column was published in the Deccan Chronicle on December 10, 2012.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence.

Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

w Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs.

Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent socalled “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-pranesh-prakash-december-10-2012-the-worldwide-web-of-concerns

The world is your oyster, by invitation only

praskrishna — 2011-05-01T01:40:59Z

Recent trends show the world of social networking actually reflects the social divides and groupings in the real world. This article by Shreya Ray was published in the Livemint on April 26, 2011.

Looking for love and thinking it’s a shame someone as gorgeous as you is single? Worry not, for Beautifulpeople.com is here. The UK-based site guarantees beautiful singletons a chance to find “beautiful relationships” through their network. The homepage gives you a little snapshot into what they are all about. A cluster of model-like people, different ethnicities and yet, ironically, strikingly similar in their Anglo-Saxon good looks: high cheekbones and sharp noses. Membership is open for all with one caveat: The photo you submit must first be rated by your peer group (that is, the people already deemed “beautiful” by the website), only then do you get admission.

Based on a similar principle of peer-group approval is Facebook’s Compare People application, where you rate friends based on their smile, eyes, sex appeal, profile picture (and other school-report card qualities such as “helpfulness”). And then, of course, there are quizzes such as “How Beautiful Are You”, in which too your final score is based on where you stand vis-à-vis other people in the network.

To be fair, this isn’t just a fetish of the beautiful and those who want to officially belong to “beautiful-only” groups. Because, in just the same way, the social networking world is just as populated by people wanting to either be part of “rich-only” (Affluence.org) or “smart only” (Epernicus.com, for researchers) groups, and most recently, the India-based Vagad Visible (Vagadvisible.com, for the Vagads, a small clan within Kutchi Jains), among others. The world of social networking is about everyone wanting to be something “only” and in that sense, to quote Chicago-based social networking expert David Armano, it is “less about being social”.

Exclusivity: The invite-only system allows social networks and other Web platforms to control and stagger the growing load on their infrastructure. Raajan/Mint

Unsocial networking

One of the latest improvements on Facebook towards the end of 2010 was the option that allows you to edit friends with hyperactive user activity (people who are forever cluttering your page with Farmville updates or quizzes) and “hide” such user activity from your feed. “On Facebook, groups are smaller gatherings, individuals which are invite-only. On Twitter, users create lists to help them filter out signal from noise. Lists on Twitter are not really about exclusivity, but they do say something about how people desire to extract more value from a network,” says Armano, in an email interview.

Sunil Abraham, executive director of the research institute Centre for Internet and Society, Bangalore, says the “hierarchy on the online attention economy often reflects the class and social divides in the real world”.The term attention economy was first used by Michael Goldhaber in December 1997 to describe a new arrangement in which the “flow of attention” metaphorically replaced money as the currency of the Internet.

Quantitative research in the Philippines has shown that rich people are less likely to respond to messages that say “will you be my friend”, he adds, citing the work of researcher Raul Pertierra. “On Facebook, the act of friending someone may appear symmetric. But privacy settings on content, groups and feed configurations may be used to fine-tune the exact power dynamics of the relationship. In platforms such as Twitter, the asymmetry is explicit: For example, Twitter, where I can follow you but you need not follow me,” he says.

Technology has aided this aspect of exclusivity. “There are now beta releases of social software which typically get released to a smaller group of influential and digital savvy individuals. There are now services such as Klout that partner with brands to reward individuals who have the largest social graphs,” adds Armano. Klout measures your overall online influence using over 35 variables on Facebook and Twitter and rates you as True Reach, Amplification Probability, and Network Score.

The other way of practising exclusivity—unlike Facebook, Twitter and other “open” networks—is to just come out and say it: invite only. Beautifulpeople.com will only admit you on the basis of your looks; asmallworld (Asmallworld.net), becoming increasingly popular among the First World swish set, can only be accessed by invitation; and Affluence.org very categorically states it is a place for wealthy individuals to “connect” (membership is free but requires a verifiable minimum household net worth of $1 million, or Rs. 4.5 crore) and “engage in meaningful conversations”. There are others that are slightly work oriented: The Behance network (Behance.net) is a place for creative professionals and you have to seek a membership invitation by describing your creative work. Sermo (Sermo.com) is a place for physicians to “share medical insights”.

Vahad Visible is completely restricted to the Vahad community (a user’s credentials are authenticated by a phone interview and other records), and is social networking meets matrimonial meets classified ads.

The why

There are many reasons for this exclusivity. First, technical. “The invite-only system allows social networks and other Web platforms to control and stagger the growing load on their infrastructure,” says Abraham.

There is also a marketing and commercial aspect to it. Affluence.org, for instance, provides a forum for “exclusive, high quality content and advice from experts on subjects such as art, technology and travel”. Similarly, asmallworld has advertisements for accommodation (it also doubles up as a couch-surfing site of sorts, only these are all rich people living in the First World), among others. Both the technical and the commercial aspects, however, are tied to the larger, that is, sociological aspect of exclusivity. For instance, the “invite-only” system also creates a sense of exclusivity and then drives registrations, says Abraham.

Sociologically, the recipient of this exclusivity, according to Armano, “feels special and rewarded for their social status”. “Those who deal in exclusivity are looking to create smaller “higher quality” networks of individuals who they deem are connected in a way which benefits them,” he says. The way we configure our social network and allow access to our feeds on Twitter or the Facebook page are based on our individual priorities and objectives. “Exclusive social networks are meant for those with overlapping priorities and objectives. The generic social networking websites are meant for finding long-lost classmates and friends and weak ties in general. Exclusive social networks are for accumulating new contacts and building strong ties,” says Abraham.

The dichotomy about social networks, adds Armano, is that “in theory, they flatten social norms” and also make certain things more accessible—like personal publishing. “However, networks do not guarantee that you will find yourself in the desirable social circles. You still have to do that the old-fashioned way—networking,” he adds.

Read the original article published by Livemint here

For more details visit https://cis-india.org/news/world-is-your-oyster

The Wolf in Sheep's Clothing: Demanding your Data

Rekha Jain — 2020-11-10T17:44:13Z

This piece was originally published in The Economic Times Telecom, on 8 September, 2020.

The increasing digitalization of the economy and ubiquity of the Internet, coupled with developments in Artificial Intelligence (AI) and Machine Learning (ML) has given rise to transformational business models across several sectors. These developments have changed the very structure of existing sectors, with a few dominant firms straddling across many sectors. The position of these firms is entrenched due to the large amounts of data they have, and usage of sophisticated algorithms that deliver very targeted service/content and their global nature.

Such data based network businesses are generally multi-sided platforms subject to network effects and winner takes all phenomena, often, making traditional competition regulation inappropriate. In addition, there has been concern that such companies hurt competition as they are owners of large amounts of data collected globally, the very basis on which new services are predicated. Also since users have an inertia to share their data on multiple platforms, new companies find it very challenging to emerge. Several of the large companies are of US origin. Several regions/countries such as EU, UK, India are concerned that while these companies benefit from the data of their citizens or their devices, SMEs and other companies in their own countries find it increasingly difficult to remain viable or achieve scale. With the objective of supporting enterprises, including SMEs in their own countries, Europe, UK India are in different stages of data regulation initiatives.

In India, the Personal Data Protection (PDP) Bill, 2019 deals with the framework for collecting, managing and transferring of Personal Data of Indian citizens, including mandating sharing of anonymized data of individuals and non-personal data for better targeting of services or policy making. In addition, the Report by the Committee of Experts (CoE) on Non Personal Data (NPD) came up with a Framework for Regulating NPD. Since the NPD Report is a more recent phenomenon, this articles analyzes some aspects of it.

According to CoE, non-personal data could be of two types. First, data or information which was never about an individual (e.g. weather data). Second, data or information that once was related to an individual (e.g. mobile number) but has now ceased to be identifiable due to the removal of certain identifiers through the process of ‘anonymisation’. However, it may be possible to recover the personal data from such anonymized data and therefore, the distinction between personal and non-personal is not clean. In any case, the PDP bill 2019 deals with personal data. If the CoE felt that some aspect of personal data (including anonymized data) were not adequately dealt with, it should work to strengthen it. The current approach of the CoE is bound to create confusion and overlapping jurisdiction. Since anonymized data is required to be shared, there are disincentives to anonymization, causing greater risk to individual privacy.

A new class of business based on a “horizontal classification cutting across different industry sectors” is defined. This refers to any business that derives “new or additional economic value from data, by collecting, storing, processing, and managing data” based on a certain threshold of data collected/processed that will be defined by the regulatory authority that is outlined in the report. The CoE also recommends that “Data Businesses will provide, within India, open access to meta-data and regulated access to the underlying data” without any remuneration. Further, “By looking at the meta-data, potential users may identify opportunities for combining data from multiple Data Businesses and/or governments to develop innovative solutions, products and services. Subsequently, data requests may be made for the detailed underlying data”.

With increasing digitalization, today almost every business is a data business. The problem in such categorization will be with the definition of thresholds. It is likely that even a small video sharing app or an AR/VR app would store/collect/process/transmit more data than say a mid-sized bank in terms of data volumes. Further, with increasing embedding of IoT in various aspects of our lives and businesses (smart manufacturing, logistics, banking etc), the amount of data that is captured by even small entities can be huge.

The private sector, driven by profitability, identifies innovative business models, risks capital and finds unique ways of capturing and melding different data sets. In order to sustain economic growth, such innovation is necessary. The private sector would also like legal protection over these aspects of its businesses, including the unique IPR that may be embedded in the processing of data or its business processes. But mandating such onerous requirements on sharing by the CoE is going to kill any private initiative. Any regulatory regime must balance between the need to provide a secure environment for protecting data of incumbents and making it available to SMEs/businesses.

Meta data provides insights to the company’s databases and processes. These are source of competitive advantage for any company. Meta data is not without a context. The basis of demanding such disclosure is mandated with the proposed NPD Regulator who would evaluate such a purpose. In practice, purposes are open to interpretation and the structure of appeal mechanism etc is going to stall any such sharing. Would such mandates of sharing not interfere with the existing Intellectual Property Rights? Or the freedom to contract? Any innovation could easily be made available to a competitor that front-ends itself with a start-up. To mandate making such data available would not be fair. Further, how would the NPD regulator even ensure that such data is used for the purpose (which the proposed regulator is supposed to evaluate) that it is sought for? In Europe, where such data sharing mandates are being considered, the focus is on public data. For private entities, the sharing is largely based on voluntary contributions. Compulsory sharing is mandated only under restricted situations where market failure situations are not addressed through Competition Act and provided legitimate interest of the data holder and existing legal provisions are taken into account.

Further, the compliance requirements for such Data Businesses is very onerous and makes a mockery of “minimum government” framework of the government. The CoE recommends that all Data Businesses, whether government NGO, or private “to disclose data elements collected, stored and processed, and data-based services offered”. As if this was not enough, the CoE further recommends that “Every Data Business must declare what they do and what data they collect, process and use, in which manner, and for what purposes (like disclosure of data elements collected, where data is stored, standards adopted to store and secure data, nature of data processing and data services provided). This is similar to disclosures required by pharma industry and in food products”. Such disclosures are necessary in these industries as the companies in this sector deal with critical aspects of human life. But are such requirements necessary for all activities and businesses? As long as organizations collect and process data, in a legal manner, within the sectoral regulation, why should such information have to be “reported”? Further, such bureaucratic processes and reporting requirements are only going to be a burden to existing legitimate businesses and give rise to a thriving regulatory license raj.

Further questions that arise are: How is any compliance agency going to make sure that all the underlying metadata is made available in a timely manner? As companies respond to a dynamic environment, their analysis and analytical tools change and so does the metadata. This inherent aspect of businesses raises the question: At what point in time should companies make their meta-data available? How will the compliance be monitored?

Conclusion: The CoE needs to create an enabling and facilitating an environment for data sharing. The incentives for different types of entities to participate and contribute must be recognized. Adequate provisions for risks and liabilities arising out data sharing need to be thought through. National initiatives on data sharing should not create an onerous reporting regime, as envisaged by the CoE, even if digital.

DISCLAIMER: The views expressed are solely of the author and ETTelecom.com does not necessarily subscribe to it. ETTelecom.com shall not be responsible for any damage caused to any person/organisation directly or indirectly.

For more details visit https://cis-india.org/internet-governance/blog/the-wolf-in-sheeps-clothing-demanding-your-data

The Web of Our Strife

pranesh — 2012-06-04T05:45:34Z

At the 66th session of the UN General Assembly, India proposed the formation of a Committee on Internet-Related Policies (CIRP) to address what it sees as a policy vacuum in internet governance.

Pranesh Prakash's article was published in the Times of India on June 2, 2012.

This CIRP will, in the view of India's government, address the US domination of internet policymaking, and make it more democratic and 'multistakeholder'. As an example of this domination, our government cites the oversight role that the US government exercises over ICANN, the non-profit corporation that controls the net's domain name system, as well as the control it exerts over DNS root servers (with all changes needing to go through the US Department of Commerce).

But many civil society organisations, technology companies, and even a few Indian politicians (notably Rajeev Chandrashekar and P Rajeeve), oppose the CIRP as being a proposal for the UN takeover of internet governance. The role of nation-states in governing the internet has been minimal so far. Many attribute the success of the internet to this lack of interference from governments. They ask why we need to fix something that is not broken? In effect, why regulate something that clearly works without such regulation?

It is clear that this status quo will not suffice for many governments. Various countries - like the US, with its Stop Online Piracy and Cyber Intelligence Sharing and Protection acts, and India, with our Information Technology Act and recent Intermediary Guidelines Rules - look to actively regulate the net. ICANN, supposedly a purely technical organisation, has got embroiled in policy issues too. This was seen in the. xxx top-level domain name debacle, where governments tried to intervene, but ultimately failed. Many such purely domestic regulations, like SOPA, have international implications. Even India's Intermediary Guidelines Rules, for instance, require compliance from internet companies across the world. The US government has seized domain names of Spanish file-sharing websites that are hosted in Spain, even though they have been held to be legal there.

So while international forums exist for internetrelated policy discussions, including the Internet Governance Forum (IGF), they are limited by a lack of actual power to even so much as recommend policy positions. Hence there are forums for discussions, but none for resolving problems. The proposed CIRP seeks to be such a body, "with a view to ensuring coordination and coherence in crosscutting internet-related global issues".

Besides, apart from domestic legislation starting to encroach upon the international nature of the internet, there's another issue: that of countries like Russia and China pushing for a less 'multistakeholder' approach to internet governance. So the status quo is unsatisfactory, the alternatives are worrisome, and attempts at 'enhanced cooperation' within existing frameworks (for instance, through India's proposal for IGF reforms) have failed to find enough backers. Given this, a CIRP-like mechanism might well be the preferred option. Importantly, a singular body within the UN system for internet policy could help ensure that other UN agencies which are even less 'multistakeholder' don't overstep their mandates and start making regulations all by themselves.

However, the current CIRP proposal lacks many safeguards that would allay the fears expressed by those who oppose it as 'government control of the internet'. First, while the Indian government has, in its proposal, laid out the CIRP's mandate, it has not laid out the limits of its powers in carrying out that mandate. Second, the CIRP is currently a government body that is merely 'advised' by various stakeholders, with nothing to indicate that this advice will be heeded. This is unsatisfactory, given the internet policy transgressions that are committed by various national governments, as seen, say, in Iran or China. Arguments that the UN system is nation-state-centric do not suffice, since processes that aren't nation-state-centric, such as the Internet Governance Forum, are also being spearheaded by the UN.

If such criticism is addressed, then the CIRP should indeed be welcomed. But we should also be realistic. Governments are effectively being asked to cede certain aspects of sovereignty by being told that the internet is a phenomenon that traditional approaches to policymaking just cannot address. They will not do so easily.

Further, the reality of international realpolitik must be acknowledged - about governments actually following the CIRP. The US, for instance, regularly ignores rulings by the ICJ and the WTO with impunity.

More importantly, and as some cyberlibertarians like Milton Mueller and Adam Thierer remind us, 'multistakeholderism' is only a process (involving multiple stakeholders), and does not provide substantive principles for internet governance (when may websites be blocked, for instance;or who should control the domain name system). Such sobering realpolitik, Mueller believes, is reason enough to be sceptical of the CIRP proposal as it currently stands. He may well be right.

But given the current trend of states individually wielding excessive powers over various aspects of how their citizens access and use the internet, a CIRP-like body may well be what is needed to safeguard democratic principles and innovation on the internet.

For more details visit https://cis-india.org/internet-governance/the-web-of-our-strife

The War for India's Internet

praskrishna — 2012-06-14T09:12:34Z

Why is the world's biggest democracy cracking down on Facebook and Google? Rebecca Mackinnon's article was published in Foreign Policy on June 6, 2012.

"65 years since your independence," a new battle for freedom is under way in India -- according to a YouTube video uploaded by an Indian member of Anonymous, the global "hacktivist" movement. With popular websites like Vimeo.com blocked across India by court order, the video calls for action: "Fight for your rights. Fight for India." Over the past several weeks, the group has launched distributed denial-of-service attacks against websites belonging to Internet service providers, government departments, India's Supreme Court, and two political parties.

Street protests are being planned for this coming Saturday, June 9, in as many as 18 cities to protest laws and other government actions that a growing number of Indian Internet users believe have violated their right to free expression and privacy online. A lively national Internet freedom movement has grown rapidly across India since the beginning of this year. The most colorful highlight so far was a seven-day Gandhian hunger strike, otherwise known as a "freedom fast," held in early May on a New Delhi sidewalk by political cartoonist Aseem Trivedi and activist-journalist Alok Dixit. Trivedi's website was shut down this year in response to a police complaint by a Mumbai-based advocate who alleged that some of Trivedi's works "ridicule the Indian Parliament, the national emblem, and the national flag."

Escalating political and legal battles over Internet regulation in India are the latest front in a global struggle for online freedom -- not only in countries like China and Iran where the Internet is heavily censored and monitored by autocratic regimes, but also in democracies where the political motivations for control are much more complicated. Democratically elected governments all over the world are failing to find the right balance between demands from constituents to fight crime, control hate speech, keep children safe, and protect intellectual property, and their duty to ensure and respect all citizens' rights to free expression and privacy. Popular online movements -- many of them globally interconnected -- are arising in response to these failures.

Only about 10 percent of India's population uses the web, making it unlikely that Internet freedom will be a decisive ballot-box issue anytime soon. Yet activists are determined to punish New Delhi's "humorless babus," as one columnist recently called India's censorious politicians and bureaucrats, in the country's media. Grassroots organizers are bringing a new generation of white-collar protesters to the streets to defend the right to use a technology that remains alien to the majority of India's people.

The trouble started with the 2008 passage of the Information Technology (Amendment) Act, whose Section 69 empowers the government to direct any Internet service to block, intercept, monitor, or decrypt any information through any computer resource. Company officials who fail to comply with government requests can face fines and up to seven years in jail. Then, in April 2011, the Ministry of Communications and Information Technology issued new rules under which Internet companies are expected to remove within 36 hours any content that regulators designate as "grossly harmful," "harassing," or "ethnically objectionable" -- designations that are open to a wide variety of interpretations and that free speech advocates argue have opened the door to abuse. It is thanks to these rules that the website of the hunger-striking cartoonist, Trivedi, was taken offline. Also thanks to the 2011 rules, Facebook and Google are facing trial for having failed to remove objectionable content. If found guilty, the companies could face fines, and executives could be sentenced to jail time.

Saturday's protesters are calling for annulment of the 2011 rules and the repeal of part of the 2008 act. They are also calling for Internet service companies to reverse the wholesale blocking of hundreds of websites, including the file-sharing services isoHunt and The Pirate Bay, as well as the video-sharing site Vimeo and Pastebin, which is primarily used for the sharing of text and links. Internet service providers were responding to a court order from the Madras High Court demanding the blockage, which is aimed at preventing the online distribution of pirated versions of one particular film. The Internet companies, fearing that they would not be able to catch every individual instance on every possible site they host, instead chose to block entire services along with all of their content -- which had nothing to do with the film in question.

Such "John Doe" orders, named because they are directed against unknown potential offenders in the present and future, are characterized "by their overly broad and sweeping nature," argue lawyer Lawrence Liang and researcher Achal Prabhala, which extends "to a range of non-infringing activities as well, thus catching a whole range of legal acts in their net." More broadly, as Delhi-based journalist Shivam Vij wrote in a recent essay: "The current mechanisms of internet censorship in India -- blocking, direct removal requests to websites, intermediary rules -- are draconian and unconstitutional. They need to be replaced with a new set of rules that are fair, transparent and accessible for public scrutiny. They should not be amenable to misuse by the powers-that-be for their own private interests."

Not only are the rules abused, but researchers find that they are causing extralegal censorship by companies that overcompensate in order to err on the side of caution. Last year, the Bangalore-based Centre for Internet and Society performed an experiment in which it sent "legally flawed" takedown demands to seven companies that provide a range of online services, including search, online shopping, and news with user-generated comments. The legal flaws in the notices were such that the companies could have rejected them without being in breach of the law. Yet "of the 7 intermediaries to which takedown notices were sent, 6 intermediaries over-complied with the notices, despite the apparent flaws in them," reads the Centre for Internet and Society report.

Despite the growing public opposition, a motion to annul the 2011 rules was defeated by voice vote in the upper house of Parliament last month. Yet the criticism was sufficiently sharp that Communications Minister Kapil Sibal announced that he will hold consultations with all members of Parliament, representatives of industry, and other "stakeholders" to discuss the law's problems and how it might be revised. Many of the law's critics, however, are skeptical that this will eliminate the law's deep flaws and loopholes for abuse, especially given the government's failure to listen so far. Comments on the 2011 rules submitted last year by the Centre for Internet and Society were not even acknowledged as having been received by the Ministry of Communications and Information Technology. "Sibal uses the excuse of national security and hate speech," says the center's director, Sunil Abraham, "but that is not what is happening."

Abraham worries that what is really happening is a government effort at Internet "behavior modification" through a process akin to an experiment involving caged monkeys, bananas, and ice water. Put four monkeys in a cage and hang a bunch of bananas on the ceiling. Every time one of them climbs up to reach the bananas, you drench all of them with ice water. Soon enough, the monkeys will start policing themselves -- attacking anybody who tries to reach the bananas, making it unnecessary for their masters to deploy the ice water. "This is why the government is being so aggressive so early on, with only 10 percent of India's population online," says Abraham. "If you start the drenching early on, by the time you get to 50 percent [Internet penetration], every one will be well-behaved monkeys." Companies will act as private Internet police for fear of legal punishment before the government is called upon to step in and enforce the law. If it works, Indian politicians could have fewer reasons to worry about online critiques or mockery, because companies fearing prosecution will proactively delete speech that could potentially be designated "harassing" or "grossly harmful."

India is not China or Iran, however. Its politicians may be corrupt, and most of its voters may not understand why Internet freedom matters because they've never used the Internet. But it still has an independent press and boisterous civil society that are not going to give up their critiques and protests anytime soon. India also has a strong, independent judiciary, with a record of ruling against censorship and surveillance measures when a strong case can be made that they conflict with constitutional protections of individual rights. "On free speech I have high faith in the Indian judiciary," says Abraham. "There is a good chance to launch a constitutional challenge."

If Google and Facebook lose at their impending trial -- now scheduled for July -- they will most certainly appeal, which activists hope could provide just such an opportunity to prevent the sort of "behavior modification" process that Abraham warns against. Now India's burgeoning Internet freedom movement needs its own reverse "behavior modification" strategy -- imposing consistent and regular doses of political and legal ice water upon India's bureaucrats, politicians, and companies whenever they do things that threaten to corrode the rights of India's Internet users. Saturday's protest is just the beginning.

Sunil Abraham is quoted in this article. Read the original here

For more details visit https://cis-india.org/news/war-of-india-internet

The Uncertain Future of India's Plan to Biometrically Identify Everyone

praskrishna — 2014-09-08T05:31:28Z

Last Sunday an 11-year-old boy in Andhra Pradesh, a state in southeast India, hung himself from a ceiling fan as his family slept.

Jessica Mckenzie's blog post was published in Techpresident on August 28, 2014. Sunil Abraham gave his inputs.

He was allegedly driven to this act after being denied an Aadhaar card—formally known as Unique Identification (UID)—which he was told he needed to attend school. The card is one arm of India's sprawling scheme to collect the biometric data, including fingerprints and iris scans, of its 1.2 billion citizens and residents, and is quickly becoming practically, if not legally, mandatory, for nearly every aspect of life, from getting married to buying cooking gas to opening a bank account. More than 630 million residents have already enrolled and received their unique 12-digit identification number.

Since its launch in 2010, people have raised a number of questions and concerns about Aadhaar, citing its effects on privacy rights, potential security flaws, and failures in functionality. India's poor, who were supposed to be the biggest beneficiaries of the program, are actually most at risk of being excluded from UID, and there is no evidence that biometric identification has curtailed corruption. The newly-elected Prime Minister Narendra Modi lambasted the UID program as a candidate but in July did an about-face, calling for the enrollment process to be expedited and supporting a UID-linked social assistance program. In all likelihood, the world's largest experiment in biometric identification will continue.

There are still a number of unanswered questions about the future of the program. Although created in large part as a way of more efficiently and less corruptly dispersing government subsidies, last year the Supreme Court ruled that the Aadhaar card could not be made mandatory to receive government assistance. The Unique Identification Authority of India (UIDAI) operates in a kind of legal limbo. Modi is said to have instructed his Finance Minister Arun Jaitley to resolve these legal problems.

Sorting out the legal issues is imperative if UID numbers are going to be linked to Modi's proposed financial inclusion program that aims to bring 75 million additional households into the country's banking system by 2018.

There is also the possibility that UID will be merged, absorbed or superseded by the National Population Register (NPR), yet another biometric identification system. The NPR, unlike Aadhaar, is mandatory for all residents. In addition to fingerprints and iris scans, NPR collects information on familial relationships, nationality, occupation and education level. There is a great deal of overlap between the two programs, which has been a source of conflict between government agencies in the past. The home ministry, for example, argues that government subsidies should be disbursed through NPR, not UID.

There is also speculation that UID could be picked up as part of Digital India, Modi's ambitious plan to modernize India by building national broadband infrastructure, ensuring universal mobile service access, creating e-government services, and establishing a “cradle-to-grave digital identity for every citizen of the country—unique, lifelong, online and authenticable [sic].”

In spite of UID's tenuous position and uncertain future, it has become “essential” in nearly every facet of life. The Delhi government is rolling out a suite of e-government services, starting with marriage registration, that will require a UID. Fishermen in Gujarat have been told they cannot go out to sea without biometric identification.

Then there is Kora Balakrishna, the 11-year-old who committed suicide after being denied an Aadhaar card because he has webbed fingers. His school headmaster had instructed him to get one as a prerequisite for study and, per one news outlet, a mid-day meal. An investigation into the incident has been ordered. Pravin Kumar, a local administrative official, said webbed fingers are not a legitimate reason for rejection from the program.

For more details visit https://cis-india.org/internet-governance/news/tech-president-jessica-mckenzie-august-28-2014-the-uncertain-future-of-indias-plan-to-biometrically-identify-everyone

The UK DNA Database and the European Court of Human Rights

praskrishna — 2012-10-10T10:19:35Z

A presentation by Dr. Helen Wallace, Director, GeneWatch, UK

For more details visit https://cis-india.org/internet-governance/blog/uk-dna-database-and-european-court-of-human-rights.ppt

The trouble with trolls

praskrishna — 2014-07-28T05:42:36Z

Social networking sites give trolls the ability to hide their real identity and cause grief to others. Here is what you need to do if you face an online attack.

The article by Vishal Mathur was published in Livemint on July 22, 2014. Sunil Abraham gave his inputs.

Social networking sites give trolls the ability to hide their real identity and cause grief to others. Here is what you need to do if you face an online attack.

Though social networks were not designed with the intention of letting someone anonymously abuse another online, the reality is that people utilize the ability to hide behind online identities to threaten other users. These could be veiled attacks, direct abuse, or even threats to “cause bodily harm”. What can you do if you’re trolled and threatened on any social network? Follow our five-step guide. Avoid conversation if you can The responses could come in relation to something you may have just posted online. Or perhaps it could be just a random trolling attempt, to get a response from you. It is important to understand and identify such intentions. And as difficult as it may be, do not respond. Getting into a direct interaction with a bully only makes things worse. Report to the social network You should report any instance of cyber bullying or harassment to the host social network—the website or forum on which the interaction happened. There are various methods of getting in touch with the moderators—customer support email, contact submission forms or even via phone, in certain locations. Describe the problem in detail, and persist till the offending account is blocked from the platform. “Most social networks have systems that allow you to report abusive content and users. However, there is great variance in the speed with which they respond across different platforms, jurisdictions, etc.,” says Sunil Abraham, executive director at the Bangalore-based non-profit research organization Centre for Internet and Society. New Delhi-based Anja Kovacs, project director, at civil society organization Internet Democracy Project, adds: “Blocking and reporting an account can be two ways to stop harassment on some social networks, but on other platforms, such as Twitter, it is possible for the person to immediately make a new account under a different username, meaning that these measures do not necessarily stop the harassment.” Ankhi Das, director, public policy, India and South Asia at social network Facebook, says: “Every reported piece of content is reviewed. Serial offenders are notified for non-compliance.” Facebook’s Community Standards, that prevent harassment and offensive posts, have an 11-point categorization for reported content—violence and threats, hate speech, graphic content, bullying and harassment, to name some. Raheel Khursheed, head of news, politics and government at Twitter India, did not respond to our mail about how Twitter handles trolls at the time of going to press. On blogs and forums, it may be a bit easier to deal with trolling and abuse. If it is your own blog, you can delete comments and block users. If it is a forum, the administrator can do it for you. But, with social networks having millions of users, it is not possible to have one administrator managing it all. And it is not just Facebook and Twitter, all social networks have a method by which you can register your complaint. LinkedIn, for example, automatically blocks a user who gets multiple “I don’t know” responses to invitations to connect. There is a strong monitoring policy where any reported content (recommendations or direct messages) is examined and immediate warnings are sent out to offending parties. Keep a copy of the offensive posts Be it a post, or a series of posts, direct message or even an offending photograph, always save it for future reference. Never assume that the matter will end soon, and always prepare for the worst. Don’t ignore privacy settings Most people start using Facebook, Twitter and other social networks without paying much attention to the privacy settings—what content people can see on your page, and who can directly contact you. Be conservative in sharing information—the less you share, the lower the chances of someone picking on you. “Avoid friending or linking to people whom you don’t know in real life unless you are certain of the chain of trust that exists between you and the unknown person,” says Abraham. New Delhi-based cyber lawyer Apar Gupta, adds: “The privacy settings on most social networking platforms allow users to prevent (restrict) the audience for their posts as well as strangers from contacting them. This will prevent most cases of online harassment.” Get help from the law In case social networks are not able to effectively block a user, or are in some way unwilling to do so, take help from the law-enforcement authorities. File an FIR in the nearest police station. Unfortunately, the progress may not be very smooth. The reality is that not every law-enforcement officer may know about social networking sites. “You could try and go to the police, but without support from the social network platform, they are often at a loss to do much themselves,” warns Kovacs. The police may look for hints of threat to cause bodily harm or worse still, to life. In such cases, they may recommend the case to the Cyber Crime Cell of the Central Bureau of Investigation. “Generally, while the substantive offences do exist under law, the process for having them enforced is deficient. These are deeper structural problems of delay, investigation and conviction which are prevalent across criminal justice or civil litigation,” clarifies Gupta. Officials at the Cyber Crime Cell say they take up cases after reference from the local police, who file the report first and do a preliminary level of investigation. But it is important to realize that only the police and the law-enforcement agencies have the right to demand further details about the perpetrator from the social networks, starting with profile details and Internet Protocol (IP) addresses, which will help track the person down. Das clarifies: “Facebook has a point-of-contact system through which the law-enforcement agencies tell us what the actual case is, depending on severity. The police may ask us to take down particular content, or even ask for user information like IP info, to prevent real crime.” According to Facebook’s Government Requests Report for July-December 2013, the network restricted access to 4,765 pieces of content after requests from the Indian government and law-enforcement agencies.

Though social networks were not designed with the intention of letting someone anonymously abuse another online, the reality is that people utilize the ability to hide behind online identities to threaten other users. These could be veiled attacks, direct abuse, or even threats to “cause bodily harm”. What can you do if you’re trolled and threatened on any social network? Follow our five-step guide.

Avoid conversation if you can
The responses could come in relation to something you may have just posted online. Or perhaps it could be just a random trolling attempt, to get a response from you. It is important to understand and identify such intentions. And as difficult as it may be, do not respond. Getting into a direct interaction with a bully only makes things worse.

Report to the social network
You should report any instance of cyber bullying or harassment to the host social network—the website or forum on which the interaction happened. There are various methods of getting in touch with the moderators—customer support email, contact submission forms or even via phone, in certain locations. Describe the problem in detail, and persist till the offending account is blocked from the platform. “Most social networks have systems that allow you to report abusive content and users. However, there is great variance in the speed with which they respond across different platforms, jurisdictions, etc.,” says Sunil Abraham, executive director at the Bangalore-based non-profit research organization Centre for Internet and Society. New Delhi-based Anja Kovacs, project director, at civil society organization Internet Democracy Project, adds: “Blocking and reporting an account can be two ways to stop harassment on some social networks, but on other platforms, such as Twitter, it is possible for the person to immediately make a new account under a different username, meaning that these measures do not necessarily stop the harassment.” Ankhi Das, director, public policy, India and South Asia at social network Facebook, says: “Every reported piece of content is reviewed. Serial offenders are notified for non-compliance.” Facebook’s Community Standards, that prevent harassment and offensive posts, have an 11-point categorization for reported content—violence and threats, hate speech, graphic content, bullying and harassment, to name some. Raheel Khursheed, head of news, politics and government at Twitter India, did not respond to our mail about how Twitter handles trolls at the time of going to press. On blogs and forums, it may be a bit easier to deal with trolling and abuse. If it is your own blog, you can delete comments and block users. If it is a forum, the administrator can do it for you. But, with social networks having millions of users, it is not possible to have one administrator managing it all. And it is not just Facebook and Twitter, all social networks have a method by which you can register your complaint. LinkedIn, for example, automatically blocks a user who gets multiple “I don’t know” responses to invitations to connect. There is a strong monitoring policy where any reported content (recommendations or direct messages) is examined and immediate warnings are sent out to offending parties.

Keep a copy of the offensive posts
Be it a post, or a series of posts, direct message or even an offending photograph, always save it for future reference. Never assume that the matter will end soon, and always prepare for the worst.

Don’t ignore privacy settings
Most people start using Facebook, Twitter and other social networks without paying much attention to the privacy settings—what content people can see on your page, and who can directly contact you. Be conservative in sharing information—the less you share, the lower the chances of someone picking on you. “Avoid friending or linking to people whom you don’t know in real life unless you are certain of the chain of trust that exists between you and the unknown person,” says Abraham. New Delhi-based cyber lawyer Apar Gupta, adds: “The privacy settings on most social networking platforms allow users to prevent (restrict) the audience for their posts as well as strangers from contacting them. This will prevent most cases of online harassment.”

Get help from the law
In case social networks are not able to effectively block a user, or are in some way unwilling to do so, take help from the law-enforcement authorities. File an FIR in the nearest police station. Unfortunately, the progress may not be very smooth. The reality is that not every law-enforcement officer may know about social networking sites. “You could try and go to the police, but without support from the social network platform, they are often at a loss to do much themselves,” warns Kovacs. The police may look for hints of threat to cause bodily harm or worse still, to life. In such cases, they may recommend the case to the Cyber Crime Cell of the Central Bureau of Investigation. “Generally, while the substantive offences do exist under law, the process for having them enforced is deficient. These are deeper structural problems of delay, investigation and conviction which are prevalent across criminal justice or civil litigation,” clarifies Gupta. Officials at the Cyber Crime Cell say they take up cases after reference from the local police, who file the report first and do a preliminary level of investigation. But it is important to realize that only the police and the law-enforcement agencies have the right to demand further details about the perpetrator from the social networks, starting with profile details and Internet Protocol (IP) addresses, which will help track the person down. Das clarifies: “Facebook has a point-of-contact system through which the law-enforcement agencies tell us what the actual case is, depending on severity. The police may ask us to take down particular content, or even ask for user information like IP info, to prevent real crime.” According to Facebook’s Government Requests Report for July-December 2013, the network restricted access to 4,765 pieces of content after requests from the Indian government and law-enforcement agencies.

For more details visit https://cis-india.org/news/livemint-july-22-2014-vishal-mathur-the-trouble-with-trolls

The Trouble with Hurried Solutions

chinmayi — 2012-12-20T04:23:08Z

The World Conference on International Telecommunication showed that countries are not yet ready to arrive at a consensus on regulation and control of the Internet

Chinmayi Arun's Op-ed was published in the Hindu on December 15, 2012.

The World Conference on International Telecommunication (WCIT) that concluded on December 14 saw much heated debate. Some countries wanted to use the International Telecommunication Union (ITU) to gain intergovernmental control of the World Wide Web. Some saw it as an opportunity to democratise the Internet, by replacing U.S. and corporate domination of Internet policy, with a more intergovernmental process. Others insisted that the Internet must be left alone.

The result is that after many days’ deliberations, there was no consensus. The amended International Telecommunication Regulations (ITRs) document has not yet been signed by over 50 countries, of which some like the United States have refused to sign altogether, while others have said that they will need to consult with their national governments before signing.

This article discusses the broader issue under question, which is, whether ITU is the best forum to solve the cross-border problems that arise in relation to the Internet.

WCIT, ITU and ITRs

The ITU has been creating international policy from the days in which the telegraph was prevalent. Although it is now a United Nations agency, its existence predates the U.N. As technology evolved, forcing the telegraph to give way to the telephone, the ITU created new standards for telephony. It even rechristened itself from ‘International Telegraph Union’ to ‘International Telecommunications Union’.

The ITU performs an essential role in ensuring that multiple states with their varying technology, standards and legal systems, are able to interconnect and co-ordinate. Its harmonising rules and standards make co-ordination easier and cheaper than having each state come to an agreement with every other state. The ITRs within the ITU framework facilitate co-ordination by creating binding rules for member states.

Some countries’ proposals for the amendment of the ITRs would have affected content on the Internet substantially. However, after prolonged negotiation, the final draft that was under consideration contained an explicit statement excluding such content from the ITRs’ purview. This draft also came with a resolution that made reference to states’ elaborating their Internet related public policy positions in ITU fora, which was a source of controversy.

Some of the initial suggestions like Russia’s controversial proposal would have given the ITU greater sway over the Internet, permitting it to lay down global standards. These standards may have encouraged countries to inspect data transmitted across the Internet to check whether it is undesirable content raising serious privacy and freedom of speech concerns, especially in countries that do not protect these rights.

The global standards created by the ITU would have permeated to the companies that create the web-based applications that we use, and the resulting law and technological choices would have affected individual users.

Internet governance

The ITU makes its decisions using a traditional model that only seeks consensus between governments, and this is far removed from the way in which the Internet has been governed thus far. Therefore, although expanding the ITU’s mandate to the Internet may seem natural to those who have followed its evolution mirroring the evolution of information technology, the ITU’s manner of functioning is viewed by many as being at odds with the more multi-stakeholder and ad hoc system used to build Internet policy.

In the 1990s, John Perry Barlow proclaimed that cyberspace was outside national borders, and questioned the authority and legitimacy of a national government’s attempts to govern it. Over the years, it has become clear that national governments can exert jurisdiction in cyberspace: filtering content, launching surveillance of users, and creating law that impacts citizens’ behaviour online directly and indirectly.

However, governments’ exertion of will on Internet users is tempered greatly by the other forces that have a strong influence on the Internet. User-behaviour and content often depend on the policies of major service providers like Google, Yahoo, Twitter and Facebook.

Key standards and functions like the allocation of domain names and developing of Internet standards are managed by organisations like ICANN and IETF, which are not governmental organisations. Features like user anonymity are based on technological choices on the World Wide Web. Therefore, governments face significant obstacles and counterbalancing power when they attempt to impose their will on citizens online.

The ITU can weigh this power balance in favour of governments. Many fear that more government power will lead to more censorship, surveillance and stifling of the innovation that is integral to the evolution of Internet. But others support ITU intervention, in the belief that an international inter-governmental regulatory body would be more accountable, and would prevent corporate abuse of power.

Several of the aforementioned corporations, as well as regulatory bodies under question, are headquartered in the United States. There are those who see this as excessive U.S. influence on the Internet, eroding the sovereignty of other states, which have relatively limited influence over what their citizens can transmit and access online. These people see the ITU as a forum that can democratise Internet Governance, giving states shared influence over the web. However, this shared influence is resisted by those who find that the U.S. influence offers them more leverage and protection for their freedom of speech, than increased influence of countries that threaten this internationally accepted human right.

Powerful arguments in favour of increased ITU involvement include highlighting the dangers of abandoning the Internet to the free market. It is true that markets need some regulation to guard against malfunction and abuse of power by stronger players. However, the significant question is not whether these markets should be regulated, but how they should be regulated. Unfortunately, many of the arguments that supported expansion of the ITU’s mandate failed to establish why the ITU is the best solution to the problems plaguing the Internet, rather than being the most readily available reaction.

Any regulatory intervention must have very clear objectives, and some estimate of its likely impact. The intervention must not be considered in isolation but in contrast with other ways to achieve the same goals. Although some of the serious transnational issues plaguing the Internet need international solutions, the ITU, at least in its current avatar, is not necessarily the best remedy. It also remains unclear exactly what effect ITU intervention would have on the Internet — whether it would really offer solutions as intended, or whether it would prove more detrimental than useful, condoning of human rights violations and slowing the blistering innovation that is characteristic of the Internet.

Lack of consensus

Therefore, some of the initial concerns expressed by the countries that refused to sign the ITRs were legitimate. However, the final ITRs document addressed many of these concerns. The dissent emerged over the insertion of text in the preamble that recognised member states’ rights to access international telecommunication networks. These rights, being expressed only in the preamble, are not enforceable, even if they express intentions that are unacceptable to some.

The debates at the WCIT made it clear that the world is not yet ready to come to a unified position on this subject. Perhaps the ITU’s continuation in its path towards increasing, and making effective, multi-stakeholder participation will be the unifying factor some day, if it evolves into a forum which everyone sees as sufficiently democratic, transparent and accountable for Internet policy.

(The writer is Assistant Professor of Law at National Law University, Delhi, and a Fellow of the Centre for Internet and Society, Bangalore. She attended the WCIT from December 3-14)

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-opinion-lead-december-15-2012-chinmayi-arun-the-trouble-with-hurried-solutions

The Transformative Power of Online Activism

praskrishna — 2015-06-18T16:00:52Z

Rohini Lakshané was a panelist at this event organized by Hertie School of Governance on May 4, 2015.

Panelists

Alissa Wahid, National coordinator of the GUSDURian Network Indonesia
Renata Avila, Member of Creative Commons Board of Directors and a member of the Web Index Science Council, Guatemala
Rohini Lakshané, Researcher at the Centre for Internet and Society, India
Georgia Popplewell, Writer and media producer from Trinidad and Tobago

Moderation: Dilek Kurban J.D., Marie Curie Fellow, Hertie School of Governance

The lightning spread of communication technologies has enabled the dissemination of information and ideas that mainstream media have been unwilling or unable to publish. While the Internet empowers individuals to engage in advocating, mobilizing and reacting on behalf of the disempowered, it also raises significant issues of privacy and hate speech when used by the wrong people for the wrong reasons.

Are we at a stage where we can argue that online activism challenges the balance of power between governments and citizens, giving rise to a new form of deliberative and participatory democracy? Or is the transformative power of virtual civil disobedience blown out of proportion? To what extent is the Internet a level playing field where gender, ethnicity or class do not matter? What kinds of legal and political instruments are available to governments and corporations in their efforts to control the Internet? This panel discussion will bring together four female jury members of The BOBS Award 2015 who will seek answers to these and other questions regarding Internet activism, citizen journalism and grassroots mobilization.

re:thinking tomorrow is a discussion series hosted by Deutsche Welle and the Hertie School of Governance.

For more information see here.

For more details visit https://cis-india.org/internet-governance/news/the-transformative-power-of-online-activism

The thrill of saving India from cybercrime

praskrishna — 2016-11-21T02:42:48Z

Geeks seize the chance to help the government, defence forces and banks draw up fences against tech crimes.

The article by Peerzada Abrar was published in the Hindu on November 20, 2016.

Saket Modi loves long flights. The 26-year-old hacker likes to do most of his reasoning while criss-crossing the world. It was on one such flight from the United States to India that the co-founder of cybersecurity start-up Lucideus Tech read about India's largest data security breaches. While surfing the in-flight Internet he came to know that the security of about 3.2 million debit cards had been compromised.

“I was not surprised but I started thinking about how it would have happened. What was the ‘exploit’ used, how long was it there,” said Mr. Modi. Soon after reaching New Delhi, he received multiple requests from several banks and organisations to protect them from the hacking incident, which is just one of the thousands of cybercrimes that the country is facing.

In India, there has been a surge of approximately 350 per cent of cybercrime cases registered under the Information Technology (IT) Act, 2000 from the year of 2011 to 2014, according to a joint study by The Associated Chambers of Commerce and Industry of India and consulting firm PricewaterhouseCoopers. The Indian Computer Emergency Response Team (CERT-In) has also reported a surge in the number of incidents handled by it, with close to 50,000 security incidents in 2015, noted the Assocham-PwC joint study.

Ethical hackers

Mr. Modi is among a new breed of ethical hackers-turned-entrepreneurs who are betting big on this opportunity. An ethical hacker is a computer expert who hacks into a computer network on the behalf of its owner in order to test or evaluate its security, rather than with malicious or criminal intent.

“You cannot live in a world where you think that you can't be hacked. It doesn’t matter who you are,” said Mr. Modi who cofounded Lucideus four years ago. The company clocked revenues of Rs.4 crore in the last fiscal. This compares with the Rs.2.5 lakh revenues in the first year. The New Delhi-based firm now counts Reserve Bank of India, Ministry of Defence and Standard Chartered among its top clients.

Mr. Modi, who is also a pianist, discovered his skills for hacking into secure computer systems while preparing for his board exams. He hacked into his school computer and stole the chemistry question paper, after realising that he would not be able to clear the test conducted by his school. However, a guilty conscience compelled him to confess to his teacher who permitted him to still take the test. The incident transformed him to use his skills to protect and not misuse them. This year, Lucideus was hired by National Payments Corporation of India (NPCI) along with other information security specialists to protect its most ambitious project, the Unified Payment Interface (UPI) platform, from cyber attacks. UPI aims to bring digital banking to 1.2 billion people in the country. Lucideus has a team of 70 people mostly fresh college graduates who do hacking with authorisation.

“The reason behind choosing Lucideus was their young, energetic and knowledgeable team," said Bhavesh Lakhani, chief technology officer of DSP BlackRock, one of the premier asset management companies. Mr. Lakhani said that India is currently the epicentre of financial and technological advancements which make it a probable target of cyber-attacks.

Hacking lifeline

Indeed, a new breed of cyber criminals has emerged, whose main aim is not just financial gains but also cause disruption and chaos to businesses in particular and the nation at large, according to the Assocham-PwC study. Attackers can gain control of vital systems such as nuclear plants, railways, transportation and hospitals. This can subsequently lead to dire consequences such as power failures, water pollution or floods, disruption of transportation systems and loss of life, noted the study.

“The hacker doesn’t care whether he is attacking an Indian or a U.S. company. It is bread and butter for him and he wants to eat it wherever he gets it from,” said Trishneet Arora, a 22-year-old ethical hacker. In an office tucked away in Mohali, a commercial hub lying adjacent to the city of Chandigarh in Punjab, Mr.Arora fights these cyberattacks on a daily basis to protect his clients. His start-up TAC Security provides an emergency service to customers who have been hacked or are anticipating a cyberattack. It alerted a hospital in the U.S. after detecting vulnerabilities in their computer network.

Mr.Arora said that the hackers could have easily shut down the intensive care unit which was connected to it and remotely killed the patients. TAC said the data server of a bank in the UAE containing critical information got hacked recently. The bank also lost access to the server. TAC said that it not only helped the organisation to get back access to the server but also traced the hacker’s identity.

A school drop out, Mr.Arora founded TAC three years ago. But he initially found it tough to convince enterprises about his special skills. “I was a backbencher in the classroom and not good in studies, but I loved playing video games and hacking,” he said. He conducted workshops on hacking and provided his expertise to law enforcement agencies such as the Central Bureau of Investigation and various State police departments. His firm now provides its services to customers such as Reliance Industries, dairy brand Amul and tractor manufacturer Sonalika.

“We were surprised by their expertise,” said R.S. Sodhi, managing director of Amul. “We wanted to be sure that the company’s vital IT infrastructure is in the right hands – the big question was, ‘Who can that be?’ In TAC, we found that team.”

TAC expects to cross revenues of $5 million (Rs.33 crore) and employ about 100 ethical hackers by next year.

Budget woes

Security watchers such as Sunil Abraham, executive director of Bengaluru-based think tank Centre for Internet and Society said that India’s cybersecurity budget is woefully inadequate when compared to the spending by other countries. In 2014-15, the government doubled its cybersecurity budget by earmarking Rs.116 crore. “We require a budget of $1 billion per annum or every two years to build the cybersecurity infrastructure. The current cyber security policy has no such budget,” said Mr. Abraham.

According to Data Security Council of India (DSCI), India's cybersecurity market is expected to grow nine-fold to $35 billion by 2025, from about $4 billion. This would mainly be driven by an ecosystem to promote the growth of indigenous security product and services start-up companies.

The Cyber Security Task Force (CSTF) set up by DSCI and industry body Nasscom expects to create a trained base of one million certified and skilled cybersecurity professionals. It also aims to build more than 100 successful security product companies from India. Investors who normally focus on e-commerce ventures or public markets are now taking note of this opportunity and are betting on such ventures. Amit Choudhary, director, MotilalOswal Private Equity and an investor in Lucideus, said he saw tremendous opportunity in the cybersecurity market as hackers are shifting their focus from developed countries to emerging countries like India.

“There is a huge opportunity. The recent security breaches of a few Indian banks are an example,” said Vijay Kedia an ace stock picker and an investor in TAC Security. He said that organisations are still unaware of the widespread damage that can be caused by hackers. “The next war will be a ‘cyberwar’,” he said.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-peerzada-abrar-november-20-2016-the-thrill-of-saving-india-from-cybercrime

The Technology behind Big Data

Geethanjali Jujjavarapu and Udbhav Tiwari — 2016-12-04T09:53:43Z

The authors undertakes a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes.

Download the Paper (PDF, 277 kb)

Introduction

Defining big data is a disputed area in the field of computer science^{^[1]}, there is some consensus on a basic structure to its definition^{^[2]}. Big data is data that is collected in the form of datasets that has three main criteria: size, variety & velocity, all of which operate at an immense scale^{^[3]}. It is ‘big’ in size, often running into petabytes of information, has vast variety within its components, and is created, captured and analysed at an incredibly rapid velocity. All of this also makes big data difficult to handle using traditional technological tools and techniques.

This paper will attempt to perform a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes. The big data life cycle consists of four components, which will also be the key structural points of the paper, namely: Data Acquisition, Data Awareness, Data Analytics & Data Governance.⁴ The paper will focus on the aspects that the author believes are relevant for analysing the technological impact of big data on both technology itself and society at large.

Scope: The scope of the paper is to study the technology used in big data using the "Life Cycle of Big Data" as model structure to categorise & study the vast range of technologies that are involved in big data. However, the paper will be limited to the study of technology related directly to the big data life cycle. It shall specifically exclude the use/utilisation of big data from its scope since big data is most often being fed into other, unrelated technologies for consumption leading to rather limitless possibilities.

Goal: Goal of the paper is twofold: a.) to use the available literature on the technological aspects of big data, to perform a brief overview of the technology in the field and b.) to frame the relevant research questions for studying the technology of big data and its possible impact on society.

Data Acquisition

Acquiring big data has two main sub components to it, the first being sensing the existence of the data’ itself and the second, the stage of collecting and storing this data. Both of these subcomponents are incredibly diverse fields, with lots of rapid change occurring in the technology utilised to carry out these tasks. The section will provide a brief overview of the subcomponents and then discuss the technology used to fulfil the tasks.

Data Sensing

Data does not exist in a vacuum and is always created as a part of a larger process, especially in the aspect of modern technology. Therefore, the source of the data itself plays a vital role in determining how it can be captured and analysed in the larger scheme of things. Entities constantly emit information into the environment that can be utilised for the purposes of big data, leading to two main kinds of data: data that is “born digital” or “born analogue.”^{^[4]}

Born Digital Data

Information that is “born digital,” is created, by a user or by a digital system, specifically for use by a computer or data‐processing system. This is a vast range of information and newer fields are being added to this category on a daily basis. It includes, as a short, indicative list: email and text messaging, any form of digital input, including keyboards, mouse interactions and touch screens, GPS location data, data from daily home appliances (Internet of Things), etc. All of this data can be tracked and tagged to users as well as be aggregated to form a larger picture, massively increasing the scope of what may constitute the ‘data’ in big data.

Some indicative uses of how such born digital data is catalogued by technological solutions on the user side, prior to being sent for collection/storage are:

a.) Cookies - There are small, often just text, files that are left on user devices by websites in order to that visit, task or action (for example, logging into an email account) with a subsequent event.^{^[5]} (for example, revisiting the website)

b.) Website Analytics^{^[6]} - Various services, such as Google Analytics, Piwik, etc., can use JavaScript and other web development languages to record a very detailed, intimate track of a user's actions on a website, including how long a user hovers above a link, the time spent on the website/application and in some cases, even the time spent specific aspects of the page.

c.) GPS^{^[7]} - With the almost pervasive usage of smartphones with basic location capabilities, GPS sensors on these devices are used to provide regular, minute driven updates to applications, operating systems and even third parties about the user's location. Modern variations such as A-GPS can be used to provide basic positioning information even without satellite coverage, vastly expanding the indoor capabilities of location collection.

All of these instances of sensing born digital data are common terms, used in daily parlance by billions of people from all over the world, which is a symbolic of just how deeply they have pervaded into our daily lifestyle. Apart from privacy & security concerns this in turn also leads to an exponential increase in the data available to collect for any interested party.

Sensor Data

Information is said to be “analogue” when it contains characteristics of the physical world, such as images, video, heartbeats, etc. Such information becomes electronic when processed by a “sensor,” a device that can record physical phenomena and convert it into digital information. Some examples to better illustrate information that is born analogue but collected via digital means are:

a.) Voice and/or video content on devices - Apart from phone calls and other forms communication, video and voice based interactions have started to regularly be captured to provide enhanced services. These include Google Now^{^[8]}, Cortana^{^[9]} and other digital assistants as well as voice guided navigation systems in cars, etc.

b.) Personal health data such as heartbeats, blood pressure, respiration, velocity, etc. - This personal, potentially very powerful information is collected by dedicated sensors on devices such as Fitbit^{^[10]}, Mi Band^{^[11]}, etc. as well as by increasingly sophisticated smartphone applications such as Google Fit that can do so without any special device.

c.) Camera on Home Appliances - Cameras and sensors on devices such as video game consoles (Kinect^{^[12]} being a relevant example) can record detailed human interactions, which can be mined for vast amounts of information apart from carrying out the basic interactions with the devices itself.

While not as vast a category as born digital data, the increasingly lower costs of technology and ubiquitous usage of digital, networked devices is leading to information that was traditionally analogue in nature to be captured for use at a rapidly increasing rate.

Data Collection & Storage

Traditional data was normally processed using the Extract, Transform, Load (ETL) methodology, which was used to collect the data from outside sources, modify the data to fit needs, and then upload the data into the data storage system for future use.^{^[13]} Technology such as spreadsheets, RDBMS databases, Structured Query Languages (SQL), etc. were all initially used to carry out these tasks, more often than not manually. ^{^[14]}

However, for big data, the methodology traditionally followed is both inefficient and insufficient to meet the demands of modern use. Therefore, the Magnetic, Agile, Deep (MAD) process is used to collect and store data^{^[15]}^{^[16]}. The needs and benefits of such a system are: attracting all the data sources regardless of their quality (magnetic), logical and physical contents of storage systems adapting to the rapid data evolution in big data (agile) and complex algorithmic statistical analysis required of big data on a very short notice^{^[17]}. (deep)

The technology used to perform data storage using the MAD process requires vast amount of processing power, which is very difficult to create in a single, physical space/unit for nonstate or research entities, who cannot afford supercomputers. Therefore, most solutions used in big data rely on two major components to store data: distributed systems and Massive Parallel Processing^{^[18]} (MPP) that run on non-relational (in-memory) database systems. Database performance and reliability is traditionally gauged using pure performance metrics (FLOPS per second, etc.) as well as the Atomicity, consistency, isolation, durability (ACID) criteria.^{^[19]} The most commonly used database systems for big data applications are given below. The specific operational qualities and performance of each of these databases is beyond the scope of this review but the common criteria that makes them well suited for big data storage have been delineated below.

Non-relational databases

Databases traditionally used to be structured entities that operated solely on the ability to correlate information stored in them using explicitly defined relationships. Even prior to the advent of big data, this outlook was turning out to be a limiting factor in how large amounts of stored information could be leveraged, this led to the evolution of non relational database systems. Before going into them in detail, a basic primer on their data transfer protocols will be helpful in understanding their operation.

A protocol is a model that structures instructions in a particular manner so that it can be reproduced from one system to another^{^[20]}^{^[21]}. The protocols which govern technology in the case of big data have gone through many stages of evolution, starting off with simple HTML based systems^{^[22]}, which then evolved to XML driven SOAP systems^{^[23]}, which led to JavaScript Object Notation, or JSON^{^[24]}, the currently used form for in most big database systems. JSON is an open format used to transfer data objects, using human-readable text and is the basis for most of the commonly used non-relational database management systems. Examples of Non-relational databases also known as NoSQL databases, include MongoDB^{^[25]}, Couchbase^{^[26]}, etc. They were developed for both managing as well as storing unstructured data. They aim for scaling, flexibility, and simplified development. Such databases rather focus on the high-performance scalable data storage, and allow tasks to be written in the application layer instead of databases specific languages, allowing for greater interoperability.^{^[27]}

In-Memory Databases

In order to overcome performance limitation of traditional database systems, some modern databases now use in-memory databases. These systems manage the data in the RAM memory of the server, thus eliminating storage disk input/output. This allows for almost realtime responses from the database, in comparisons to minutes or hours required on traditional database systems. This improvement in the performance is so massive that, entirely new applications are being developed for using IMDB systems.^{^[28]} These IMDB systems are also being used for advanced analytics on big data, especially to increase the access speed to data and increase the scoring rate of analytic models for analysis.^{^[29]} Examples of IMDB include VoltDB^{^[30]}, NuoDB^{^[31]}, SolidDB^{^[32]} and Apache Spark^{^[33]}.

Hybrid Systems

These are the two major systems used to store data prior to it being processed or analysed in a big data application. However, the divide between data storage and data management is a slim one and most database systems also contain various unique attributes that cater them to specific kinds of analysis. (as can be seen from the IMDB example above) One example of a very commonly used Hybrid system that deals with storage as well as awareness of the data is Apache Hadoop³³, which is detailed below.

Apache Hadoop

Hadoop consists of two main components: the HDFS for the big data storage, and MapReduce for big data analytics, each of which will be detailed in their respective section.

The HDFS^{^[34]}^{^[35]} storage function in Hadoop provides a reliable distributed file system, stored across multiple systems for processing & redundancy reasons. The file system is optimized for large files, as single files are split into blocks and spread across systems known as cluster nodes.^{^[36]} Additionally, the data is protected among the nodes by a replication mechanism, which ensures availability even if any node fails. Further, there are two types of nodes: Data Nodes and Name Nodes.^{^[37]} Data is stored in the form of file blocks across the multiple Data Nodes while the Name Node acts as an intermediary between the client and the Data Node, where it directs the requesting client to the particular Data Node which contains the requested data.

This operating structure for storing data also has various variations within Hadoop such as HBase for key/value pair type queries (a NoSQL based system), Hive for relational type queries, etc. Hadoop’s redundancy, speed, ability to run on commodity hardware, industry support and rapid pace of development have led to it being almost co-equivalently associated with big data.^{^[38]}

Data Awareness

Data Awareness, in the context of big data, is the task of creating a scheme of relationships within a set of data, to allow different users of the data to determine a fluid yet valid context and utilise it for their desired tasks.^{^[39]} It is a relatively new field, in which most of the work is currently being done on semantic structures to allow data to gain context in an interoperable format, in contrast to the current system where data is given context using unique, model specific constructs.^{^[40]} (such as XML Schemes, etc.)

Some of the original work on this field was carried out in the form of utilising the Resource Description Framework (RDF), which was built primarily to allow describing of data in a portable manner, especially being agnostic towards platforms and systems for Semantic Web at the W3C. SPARQL is the language used to implement RDF based designs but both largely remain underutilised in both the public domain as well as big data. Authors such as Kurt

Cagle^{^[41]} and Bob DuCharme^{^[42]} predict its explosion in the next couple of years. Companies have also started realising the value of interoperable context, with Oracle Spatial^{^[43]} and IBM’s DB2^{^[44]} already including RDF and SPARQL support in the past 3 years.

While underutilised, the rapid developments taking place in the field will make the impact that data awareness may have on big data as big as Hadoop and maybe even SQL. Some aspects of it are already beginning to be used in Artificial Intelligence, Natural Language Processing, etc. with tremendous scope for development.^{^[45]}

Data Processing & Analytics

Data Processing largely has three primary goals: a. determines if the data collected is internally consistent; b. make the data meaningful to other systems or users using either metaphors or analogy they can understand; and (what many consider most importantly) provide predictions about future events and behaviours based upon past data and trends.^{^[46]}

Being a very vast field with rapidly changing technologies governing its operation, this section will largely concentrate on the most commonly used technologies in data analytics.

Data analytics requires four primary conditions to be met in order to carry out effective processing: fast, data loading, fast query processing, efficient utilisation of storage and adaptivity to dynamic workload patterns. The analytical model most commonly associated with meeting this criteria and with big data in general is MapReduce, detailed below. There are other, more niche models and algorithms (such as Project Voldemort^{^[47]} used by LinkedIn), which are used in big data but they are beyond the scope of the review, and more information about them can be read at article linked in the previous citation. (Reference architecture and classification of technologies, products and services for big data system)

MapReduce

MapReduce is a generic parallel programming concept, derived from the “Map” and “Reduce” of functional programming languages, which makes it particularly suited for big data operations. It is at the core of Hadoop^{^[48]}, and performs the data processing and analytics functions in other big data systems as well.^{^[49]} The fundamental premise of MapReduce is scaling out rather than scaling up, i.e., (adding more numerical resources, rather than increasing the power of a single system)^{^[50]}

MapReduce operates by breaking a task down into steps and executing the steps in parallel, across many systems. This comes with two advantages, a reduction in the time needed to finish the task and also a decrease in the amount of resources one has to expend to perform the task, in both power and energy. This model makes it ideally suited for the large data sets and quick response times required of big data operations generally.

The first step of a MapReduce job is to correlate the input values to a set of keys/value pairs as output. The “Map” function then partitions the processing tasks into smaller tasks, and assigns them to the appropriate key/value pairs.^{^[51]} This allows unstructured data, such as plain text, to be mapped to a structured key/value pair. As an example, the key could be the punctuation in a sentence and the value of the pair could be the number of occurrences of the punctuation overall. This output of the Map function is then passed on “Reduce” function.^{^[52]} Reduce then collects and combines this output, using identical key/value pairs, to provide the final result of the task.^{^[53]} These steps are carried using the Job Tracker & Task Tracker in Hadoop but different systems have different methodologies to carry out similar tasks.

Data Governance

Data Governance is the act of managing raw big data as well as the processed information that arises from big data in order to meet legal, regulatory and business imposed requirements. While there is no standardized format for data governance, there have been increasing call with various sectors (especially healthcare) to create such a format to ensure reliable, secure and consistent big data utilisation across the board. The following tactics and techniques have been utilised or suggested for data governance, with varying degrees of success:

Zero-knowledge systems: This technological proposal maintains secrecy with respect to the low-level data while allowing encrypted data to be examined for certain higherlevel abstractions.^{^[54]} For the system to be zero-knowledge, the client’s system will have to encrypt the data and send it to the storage provider. Due to this, the provider stores the data in the encrypted format and cannot decipher the same unless he/she is in possession of the key which will decrypt the data into plaintext. This allows the individual to store his data with a storage provider while also maintaining anonymity of the details contained in such information. However, these are currently just beginning to be used in simple situations. As of now, they are not expandable to unstructured and complex cases and have to be developed marginally before they can be used for research and data mining purposes.
Homomorphic encryption: Homomorphic encryption is a privacy preserving technique which performs searches and other computations over data that is encrypted while also protecting the individual’s privacy.^{^[55]} This technique has however been considered to be impractical and is deemed to be an unlikely policy alternative for near future purposes in the context of preserving privacy in the age of big data.^{^[56]}
Multi-party computation: In this technique, computation is done on encrypted distributed data stores.^{^[57]} This mechanism is closely related to homomorphic encryption where individual data is kept private using encryption algorithms called “collusion-robust” while the same is used to calculate statistics.^{^[58]} The parties involved are aware of some private data and each of them use a protocol which produces results based on the information they are aware of and the information they are not aware of, without revealing the data they are not already aware of.^{^[59]} Multi-party computations thus help in generating useful data for statistical and research purposes without compromising the privacy of the individuals.

Differential Privacy: Although this technological development is related to encryption, it follows a different technique. Differential privacy aims at maximizing the precision of computations and database queries while reducing the identifiability of the data owners who have records in the database, usually through obfuscation of query results.^{^[60]} This is widely applied today in the existence of big data in order to ensure preservation of privacy while trying to reap the benefits of large scale data collection.^{^[61]}
Searchable encryption: Through this mechanism, the data subject can make certain data searchable while minimizing exposure and maximizing privacy.^{^[62]} The data owner can make his information available through search engines by providing the data in an encrypted format but by adding tags consisting of certain keywords which can be deciphered by the search engine. This encrypted data shows up in the search results when searched with these particular keywords but can only be read when the person is in possession of the key which is required for decrypting the information.

This technique of encryption provides maximum security to the individual’s data and preserves privacy to the greatest possible extent.

K-anonymity: The property of k-anonymity is being applied in the present day in order to preserve privacy and avoid re-identification.^{^[63]} A certain data set is said to possess the property of k-anonymity if individual specific data can be released and used for various purposes without re-identification. The analysis of the data should be carried out without attributing the data to the individual to whom it belongs and should give scientific guarantees for the same.
Identity Management Systems: These systems enable the individuals to establish and safeguard their identities, explain those identities with the help of attributes, follow the activity of their identities and also delete their identities if they wish to.^{^[64]} It uses cryptographic schemes and protocols to make anonymous or pseudonymous the identities and credentials of the individuals before analysing the data.
Privacy Preserving Data Publishing: This is a method in which the analysts are provided with the individual’s personal information with the ability to decipher particular information from the database while preventing the inference of certain other information which might lead to a breach of privacy.^{^[65]} Data which is essential for the analysis will be provided for processing while sensitive data will not be disclosed. This tool primarily focuses on microdata.
Privacy Preserving Data Mining: This mechanism uses perturbation methods and randomization along with cryptography in order to permit data mining on a filtered version of the data which does not contain any form of sensitive information. PPDM focuses on data mining results unlike PPDP.^{^[66]}

Conclusion

Studying the technology surrounding big data has led to two major observations: the rapid pace of development in the industry and the stark lack of industry standards or government regulations directed towards big data technologies. These observations have been the primary motivating factor for framing further research in the field. Understanding how to deal with big data technologically, rather than just the potential regulation of possible harms after the technological processes have been performed might be critical for the human rights dialogue as these processes become even more extensive, opaque and technologically complicated.

[1] EMC: Data Science and Big Data Analytics. In: EMC Education Services, pp. 1–508 (2012)

[2] Bakshi, K.: Considerations for Big Data: Architecture and Approaches. In: Proceedings of the IEEE Aerospace Conference, pp. 1–7 (2012)

[3] Adams, M.N.: Perspectives on Data Mining. International Journal of Market Research 52(1), 11–19 (2010) ⁴ Elgendy, N.: Big Data Analytics in Support of the Decision Making Process. MSc Thesis, German University in Cairo, p. 164 (2013)

[4] Big Data and Privacy: A Technological Perspective - President’s Council of Advisors on Science and

Technology (May 2014)

[5] Chen, Hsinchun, Roger HL Chiang, and Veda C. Storey. "Business Intelligence and Analytics: From Big Data to Big Impact." MIS quarterly 36.4 (2012): 1165-1188.

[6] Chandramouli, Badrish, Jonathan Goldstein, and Songyun Duan. "Temporal analytics on big data for web advertising." 2012 IEEE 28th international conference on data engineering. IEEE, 2012.

[7] Laurila, Juha K., et al. "The mobile data challenge: Big data for mobile computing research." Pervasive Computing. No. EPFL-CONF-192489. 2012.

[8] Lazer, David, et al. "The parable of Google flu: traps in big data analysis." Science 343.6176 (2014): 12031205.

[9] ibid

[10] Banaee, Hadi, Mobyen Uddin Ahmed, and Amy Loutfi. "Data mining for wearable sensors in health monitoring systems: a review of recent trends and challenges." Sensors 13.12 (2013): 17472-17500.

[11] ibid

[12] Chung, Eric S., John D. Davis, and Jaewon Lee. "Linqits: Big data on little clients." ACM SIGARCH Computer Architecture News. Vol. 41. No. 3. ACM, 2013.

[13] Kornelson, Kevin Paul, et al. "Method and system for developing extract transform load systems for data warehouses." U.S. Patent No. 7,139,779. 21 Nov. 2006.

[14] Henry, Scott, et al. "Engineering trade study: extract, transform, load tools for data migration." 2005 IEEE Design Symposium, Systems and Information Engineering. IEEE, 2005.

[15] Cohen, Jeffrey, et al. "MAD skills: new analysis practices for big data." Proceedings of the VLDB Endowment

[16] .2 (2009): 1481-1492.

[17] Elgendy, Nada, and Ahmed Elragal. "Big data analytics: a literature review paper." Industrial Conference on Data Mining. Springer International Publishing, 2014.

[18] Wu, Xindong, et al. "Data mining with big data." IEEE transactions on knowledge and data engineering 26.1 (2014): 97-107.

[19] Supra Note 17

[20] Hu, Han, et al. "Toward scalable systems for big data analytics: A technology tutorial." IEEE Access 2 (2014):

[21] -687.

[22] Kurt Cagle, Understanding the Big Data Lifecycle - LinkedIn Pulse (2015)

[23] Coyle, Frank P. XML, Web services, and the data revolution. Addison-Wesley Longman Publishing Co., Inc., 2002.

[24] Pautasso, Cesare, Olaf Zimmermann, and Frank Leymann. "Restful web services vs. big'web services: making the right architectural decision." Proceedings of the 17th international conference on World Wide Web. ACM, 2008.

[25] Banker, Kyle. MongoDB in action. Manning Publications Co., 2011

[26] McCreary, Dan, and Ann Kelly. "Making sense of NoSQL." Shelter Island: Manning (2014): 19-20.

[27] ibid

[28] Zhang, Hao, et al. "In-memory big data management and processing: A survey." IEEE Transactions on Knowledge and Data Engineering 27.7 (2015): 1920-1948.

[29] ibid

[30] ibid

[31] Supra Note 20

[32] Ballard, Chuck, et al. IBM solidDB: Delivering Data with Extreme Speed. IBM Redbooks, 2011.

[33] Shanahan, James G., and Laing Dai. "Large scale distributed data science using apache spark." Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2015. ³³ Shvachko, Konstantin, et al. "The hadoop distributed file system." 2010 IEEE 26th symposium on mass storage systems and technologies (MSST). IEEE, 2010.

[34] Borthakur, Dhruba. "The hadoop distributed file system: Architecture and design." Hadoop Project Website

[35] .2007 (2007): 21.

[36] ibid

[37] ibid

[38] Zikopoulos, Paul, and Chris Eaton. Understanding big data: Analytics for enterprise class hadoop and streaming data. McGraw-Hill Osborne Media, 2011.

[39] Bizer, Christian, et al. "The meaningful use of big data: four perspectives--four challenges." ACM SIGMOD Record 40.4 (2012): 56-60.

[40] Kaisler, Stephen, et al. "Big data: issues and challenges moving forward." System Sciences (HICSS), 2013 46th Hawaii International Conference on. IEEE, 2013.

[41] Supra Note 21

[42] DuCharme, Bob. "What Do RDF and SPARQL bring to Big Data Projects?." Big Data 1.1 (2013): 38-41.

[43] Zhong, Yunqin, et al. "Towards parallel spatial query processing for big spatial data." Parallel and

Distributed Processing Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th International. IEEE, 2012.

[44] Ma, Li, et al. "Effective and efficient semantic web data management over DB2." Proceedings of the 2008 ACM SIGMOD international conference on Management of data. ACM, 2008.

[45] Lohr, Steve. "The age of big data." New York Times 11 (2012).

[46] Pääkkönen, Pekka, and Daniel Pakkala. "Reference architecture and classification of technologies, products and services for big data systems." Big Data Research 2.4 (2015): 166-186.

[47] Sumbaly, Roshan, et al. "Serving large-scale batch computed data with project voldemort." Proceedings of the 10th USENIX conference on File and Storage Technologies. USENIX Association, 2012.

[48] Bar-Sinai, Michael. "Big Data Technology Literature Review." arXiv preprint arXiv:1506.08978 (2015).

[49] ibid

[50] Condie, Tyson, et al. "MapReduce Online." Nsdi. Vol. 10. No. 4. 2010.

[51] Supra Note 47

[52] Dean, Jeffrey, and Sanjay Ghemawat. "MapReduce: a flexible data processing tool." Communications of the ACM 53.1 (2010): 72-77.

[53] ibid

[54] Big Data and Privacy: A Technological Perspective, White House,

https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014

[55] Tene, Omer, and Jules Polonetsky. "Big data for all: Privacy and user control in the age of analytics." Nw. J. Tech. & Intell. Prop. 11 (2012): xxvii.

[56] Big Data and Privacy: A Technological Perspective, White House,

https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014

[57] Privacy by design in big data, ENISA

[58] Big Data and Privacy: A Technological Perspective, White House,

https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014

[59] Id

[60] Id

[61] Tene, Omer, and Jules Polonetsky. "Privacy in the age of big data: a time for big decisions." Stanford Law Review Online 64 (2012): 63.

[62] Lane, Julia, et al., eds. Privacy, big data, and the public good: Frameworks for engagement. Cambridge University Press, 2014.

[63] Crawford, Kate, and Jason Schultz. "Big data and due process: Toward a framework to redress predictive privacy harms." BCL Rev. 55 (2014): 93.

[64] http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf

[65] Seda Gurses and George Danezis, A critical review of 10 years of privacy technology, August 12th 2010, http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf

[66] Id

For more details visit https://cis-india.org/internet-governance/blog/technology-behind-big-data

The Take Down of Free Speech Online

praskrishna — 2014-04-06T05:19:50Z

As part of a study to access rate of compliance, in 2011, the Centre for Internet and Society Bangalore sent frivolous “take down” requests to seven prominent intermediaries. The study showed exactly how easy it is to take down online content.

This was published in Newslaundry on April 1, 2014. CIS research on Intermediary Liabilities is quoted.

CIS found that six out of the seven intermediaries “over complied” with the notices. Facts such as these about intermediary liability were discussed in a panel discussion “Intermediary Liability & Freedom of Expression in India” in Delhi on March 27, 2014 organised by Centre for Communication Governance at National Law University in collaboration with the Global Network Initiative.

The panel also included Professor Ranbir Singh, Vice Chancellor of NLU, Jermyn Brooks (Independent Chair – Global Network Initiative, Washington DC), Shyam Divan (Senior Advocate, Supreme Court of India) and SiddharthVaradarajan (Journalist). They discussed proxy censorship by government through private players and how e-business’ lose out on opportunities because of the current legal framework in the country within which intermediaries have to function.

According to Section 2(1)(w) of The Information Technology Act, 2000, “intermediary”- with respect to any particular electronic message -signifies any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message.According to Rishab Dara, recipient of the Google policy Fellowship 2011, in an article titled, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet, “intermediaries are widely recognised as essential cogs in the wheel of exercising the right to freedom of expression on the Internet. Most major jurisdictions around the world have introduced legislations for limiting intermediary liability in order to ensure that this wheel does not stop spinning”.

The “safe harbor”or what is also known asIntermediary Liability Laws according to Section 79 of the Information Technology Act are given below:

Intermediaries not to be Liable in Certain Cases

(1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.

(2) The provisions of sub-section (1) shall apply if—

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or

(b) the intermediary does not—

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

(3) The provisions of sub-section (1) shall not apply if—

(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or othorise in the commission of the unlawful act;

(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

Under the Act, the intermediary needs to act on a complaint within 36 hours of a take down notice -failing which they will be liable to legal action if the case is taken to the court.

Shyam Divan spoke about the absurdity of the 36-hour turnaround time that an intermediary has between receiving a complaint and taking down the content. According to him, without any kind of legal option to fall back on, intermediaries decide to comply with such take down notices fearing “serious penalties and possibility of prosecution” which results in “indirect censorship”. He also said, “Domestic constitution in itself is not going to be sufficient”. “Meta-constitutions” which are transnational and have uniform laws across countries could be a possible solution to the current confusion as the internet is a global phenomenon and it would ensure that “the extent of our online rights would not be limited to the constitution of the country”.

Giving the example of hate speech, Siddharth Varadarajan, mentioned the Indian executive’s different approaches towards different mediums. Referring to hate speeches made during the 1993 Bombay riots by Shiv Sena leaders and those made during the 2002 Gujarat riots, he said, “Hate speech never gets prosecuted when made amid a physical crowd in a volatile situation.I can understand why politicians won’t be prosecuted but why so much sensitivity on online content. This paradox is worth reflecting on.Despite its limited reach, the executive reacts in such a hyper-sensitive manner”.He adds that as the editor of a news website one faces daily problems in taking decisions on online content especially on comment moderation and whether the website would be responsible for a certain comment made by a reader. Echoing Shyam Divan’s views,he said that in India more than the punishment, when a case is filed, the legal process itself becomes a punishment, which forces Internet Service Providers to comply with requests of blocking online content.

The Global Network Initiative is a Washington-based organisation that provides a framework for companies to deal with governments requesting censorship or surveillance of online content, “rooted in international standards legal framework also interesting people”. According to a report released by it, “provided that the existing safe harbour regime is improved, intermediaries can become a significant part of the economy and their GDP contribution may increase to more than 1.3 per cent by 2015. The potential corresponds to $41 billion by 2015”.Jermyn Brooks,Independent Chair of GNI,argued that instead of focusing all efforts on ensuring that the Information Technology (Intermediaries Guidelines) Rules, 2011 gets struck down by Courts for its unconstitutionality, there should also be a movement to effect policy changes through the amendment of the law. According to him, such a proposition would be more lucrative for a government looking for “re-invigoration of economic growth in India”.

The discussion was significant in the light that a number of cases related to the IT Act and freedom of online speech will be heard in the Supreme Court in the coming months. A petition by Mouthshut.com challenges the Information Technology (Intermediaries Guidelines) Rules 2011 “which effectively creates a notice and takedown regime for content hosted by intermediaries”. Another important case up for hearing is a petition by Member of Parliament Rajeev Chandrashekhar,“which also challenges these rules on grounds that they are ambiguous, require private parties to subjectively assess objectionable content, and that they undermine the safe harbour exemptions from liability granted to intermediaries by section 79 of the IT Act”. The People’s Union for Civil Liberties (PUCL) has challenged the Intermediaries Guidelines rules as well as the Procedure and Safeguards for Blocking for Access of Information by the Public Rules 2009. “This petition has pointed to the lack of transparency in the blocking procedure, which does not currently offer the public any notice or reasons for the blocking.”

“The cases pending before the Supreme Court will have a significant impact on the freedom of expression. We should never take our rights for granted – the interpretation of these rights needs to be consistent with their spirit”, said Professor Ranbir Singh.

Citing the recent example of the Wendy Doniger episode, Varadarajan says, “If Penguin chooses to pack up at the District court level, you know how Internet Service Providers would react to take down notices…Specific targeting of online speech would ultimately have a negative impact on the traditional media”. And that is the crux of the matter. In the absence of intermediate liability not being limited, online censorship and the curtailment of the freedom of speech will become far easier and will only worsen.

For more details visit https://cis-india.org/news/newslaundry-april-1-2014-somi-das-the-take-down-of-free-speech-online