We are anonymous, we are legion

Why entrepreneurs are wary of the new draft e-commerce policy

Rahul Sachitanandan — 2019-03-08T00:32:43Z

Raka Chakrawarti, an entrepreneur from Mumbai, is tensed these days, not about her business, which is booming, but over the rules of the Draft National e-Commerce Policy.

The article by Rahul Sachitanand was published in Economic Times on March 3, 2019. Elonnai Hickok was quoted.

If the policy, drafted by the Department for Promotion of Industry and Internal Trade (DPIIT) and seeking stakeholder comments, gets a go-ahead as it is, Gourmetdelight, her bootstrapped online vendor of organic goods, will have to certify and add reviews of all the products her marketplace sells.

She says her platform has nearly 1,500 stock keeping units - from black garlic to trikaya baby spinach - and certifying all of these would mean a further strain on her budget and small workforce. Then there are other questions she is seeking answers to: what to do with the growing volume of user data (the policy suggests the government has overarching rights over it); what is the scope of the policy; what is the definition of ecommerce and will the policy, by appearing protectionist, keep away foreign capital, so far the life blood of the sector?

In five years, according to Venture Intelligence, investors have poured over $18 billion across 667 deals in India's ecommerce market. This money, mostly from overseas, has allowed ecommerce startups to grow fast and also offer investors a handsome exit - like in the case of Walmart buying Flipkart.

Some of this momentum may be lost, fear entrepreneurs, since the policy appears to take a protectionist approach - by empowering domestic entrepreneurs, pushing Make in India and proposing to own user data and deterring global investors from betting on the potential of India's ecommerce market.

Legal experts and executives in ecommerce companies feel the draft policy is half-baked. While it makes some progress on protecting home-grown small businesses, the proposals about data ownership and stricter quality norms may make it hard for such businesses to grow.

Ambareesh Murthy, CEO of furniture retailer Pepperfry, says this is a draft that is evolving and the intent may change over time. He is wary of the proposal to give government ownership of, and therefore control over, user data. While the government argues that data is a national resource, executives feel individuals should hold ultimate control over their personal information.

While foreign company-owned Amazon and Flipkart have built their business here, newer entrants such as Chinese upstarts will find an India foray costlier, since the policy calls for setting up of an office here to legally operate. Critics also argue that while the policy starts with the right intentions, it loses focus on the way. They say the recommendations made across more than 14,000 words are too broad, encompassing more than the e-commerce industry itself.

Putting together such an all-encompassing statement isn't right, say policy experts, since it involves not just DPIIT but also other government bodies and regulators, including the Competition Commission of India.

Elonnai Hickok of Centre for Internet and Society, a think tank, says regulators do not fully appreciate the nuances of the growing mountain of data and properly safeguarding it within the country.

"The draft policy has not comprehensively addressed what is the appropriate framework for ensuring data as a national resource," she says. "It appears to take a one-size-fits-all approach - bringing in privacy, intermediary liability, piracy, authenticity of information, etc. without considering potential exceptions and implications of such measures, including rights of individuals." Anirudh Rastogi, founder of Ikigai Law, a firm tackling tech legislation, contends that too much onus has been placed on entrepreneurs and their ventures to meet regulatory norms. "The draft proposes a host of consumer protection and anticounterfeiting measures, which is a good thing on principle," he says. "But this also means a lot of requirements for platforms and other intermediaries which dilute their intermediary status."

Not everyone agrees. For some homegrown entrepreneurs, measures that look protectionist offer a level playing field to compete with well-funded foreign company-owned behemoths.

"The govt is trying to level the playing field and take away some of the power held by well-funded giants over the Indian market," says Ashish Gurnani, cofounder of Postfold, an online bespoke apparel brand. "We can now hope to compete more on variety, curation and quality, rather than discounts alone." When contacted, a DPIIT official involved in the process of drafting the policy, said: "At present, we don't have control over our data. Companies which control our data can say no to sharing it if we want that data. Servers are outside. We're incapacitated as there is no physical or legal control. We want to create jobs through the policy."

For more details visit https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy

RFCs We Love: Transport & Apps Edition

Admin — 2019-03-08T00:17:57Z

The 2nd meetup of RFCs we love in 2019 was held at Go-Jek in Domlur on 2nd March 2019 in partnership with Bangalore Mobile performance group. Gurshabad Grover was a speaker at this event organized by India Internet Engineering Society.

Gurshabad Grover spoke about ongoing work in the Transport Layer Security (tls) working group of the Internet Engineering Task Force (IETF) on Server Name Indication (SNI) encryption in TLS. For more info click here

For more details visit https://cis-india.org/internet-governance/news/rfcs-we-love-transport-apps-edition

Seminar on “Evolution of communication: Social Media & Beyond”

Admin — 2019-03-07T14:52:09Z

Sunil Abraham will be a speaker at this event organized by TRAI on March 15 at Hotel Radisson Blu GRT, Near Airport, Chennai. Sunil will be speaking on How should Internet Giants- Social Media, Search engines and ad tech be Regulated.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/seminar-on-201cevolution-of-communication-social-media-beyond201d

Nullcon Security Conference

Admin — 2019-03-07T14:40:11Z

On March 1 and 2, 2019, Karan Saini attended the Nullcon Security Conference organized by Nullcon at Holiday Inn Resort, Mobor Beach, Cavelossim, Salcette, Goa.

The schedule of the event can be accessed here. Videos of the talks can be accessed here. The event was:attended by:

Security Practitioners (Analysts, Testers, Developers, Cryptographers, Hackers)
Security Executives (CISOs, CXOs)
Business Developers and Venture Capitalists (Presidents, Directors, VPs, Consultants)
Vendor Companies and Sponsors (Hardware, Software, Services)
Career Seekers and Recruiters (Seasoned Veterans, Students, Expanding Companies
Academia (Professors, Students)

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform which caters to the needs of IT Security industry at large in a comprehensive way.

For more details visit https://cis-india.org/internet-governance/news/nullcon-security-conference

'Website not found' pop-ups leave net activists fuming

Tushar Kaushik — 2019-04-03T15:53:04Z

Internet activists are concerned over what they term as rising instances of websites being blocked by internet service providers (ISPs) and the government without citing any reason for doing so.

The article by Tushar Kaushik was published in the Economic Times on March 6, 2019. Gurshabad Grover was quoted.

Last year, the Ministry of Electronics and Information Technology (MeitY) blocked 2,799 URLs for allegedly hosting malicious content, marking a sharp increase from 2017, when 1,385 URLs were blocked.

These numbers were disclosed by minister of state for electronics and IT SS Ahluwalia in a written reply to a question in the Lok Sabha in February.

In 2016, the number of URLs that were blocked stood at 633.

The government has also withheld information on the list of blocked websites despite several queries under the right to information (RTI) Act, internet activists told ET.

The Centre for Internet and Society (CIS), a Bengaluru-based advocacy group, is compiling a list of URLs and websites that are being blocked, and has identified over 3,200 so far. Senior policy officer at CIS Gurshabad Grover said that among the blocked URLs are proxy servers and websites of NGOs that are deemed to have criticised government policy.

As per Grover, some of the websites and URLs reported to have been blocked at some point include the sites of human rights groups such as arabhra-.org, www.protectioninternational.org and www.drugsense.org.Also blocked were a site on feminism (feminist.org), the website of an environmental organisation (wedo.org) and a blog by activist Irom Sharmila (iromsharmilachanu.wordpress.com).

“Many blockades, when brought to the notice of courts, were revoked, but the URLs still remain inaccessible. The bigger problem is that of getting the list of blocked URLs,” Grover told ET.

'Restricting the Right to Receive Information'

A MeitY official, however, said no website is blocked arbitrarily. “No government machinery can order (blocking of a URL) without valid reason and without following valid procedure. And the only procedure available to us is (Section) 69A and 79 (of the IT Act). Rest is a court order,” the senior MeitY official, who did not want to be identified, told ET.

“Valid procedure is (Section) 69A, where we can order. But in addition there is (Section) 79, where notice is issued for any illegal activity happening on any platform. This notice can be issued by the appropriate government department. And the intermediary platform is free to agree to it or disagree,” the official said, adding that every complaint received against a website is considered individually.

Section 69A of the IT Act empowers the Centre to block websites in the interest of national security. Section 79 empowers the government to issue a notice to an intermediary to remove any content that it finds illegal.

A MeitY spokesperson could not respond immediately to ET’s emailed queries on the issue.

Grover of CIS said there was no way to determine if a website was blocked by the government or an ISP, unless a government order for the blocking was available.
For instance, last month, several users of the messenger service Telegram and music sharing website SoundCloud had reported that these websites had been blocked by Reliance Jio, according to the Internet Freedom Foundation.

Reliance Jio did not respond to queries from ET.

Internet Freedom Foundation’s executive director Apar Gupta expressed concern over the lack of information regarding reasons for blocking URLs.

“This is very worrying because it’s a secretive process that prevents the public from accessing a website, which restricts the right to receive information — a part of the fundamental right to freedom of speech and information,” he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-march-6-2019-tushar-kaushik-website-not-found-pop-ups-leave-net-activists-fuming

Risk integration is key to better cybersecurity management

Dr. R. Seetharaman — 2019-03-03T06:26:44Z

Digital connectivity plays an anchor role in unlocking innovation and prosperity around the world, but increasing cyber threat is a roadblock to collective path of progress.

The article by Dr. R. Seetharaman was published in the Gulf Times on February 24, 2019.

The fourth industrial revolution, which combines advanced technologies in innovative ways, is set to dramatically reshape the way people live, work and relate to one another. As per Cybersecurity Ventures, the cybercrime will cost the world $6tn annually by 2021, this is up from $3tn in 2015.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, and theft of intellectual property, theft of personal and financial data, embezzlement, fraud, and post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

The work space is undergoing changes, robotics and artificial intelligence are going to play important roles and the customer will be more empowered in the digital environment. Data breaches in 2018 compromised the personal information of millions of people around the world.

The latest victims were Marriott hotels, which recently revealed that hackers had accessed the information of an estimated 500mn customers. Payment card information and personal data such as billing addresses, phone numbers and e-mails of British Airways were hacked. For Cathay Pacific, passenger data was accessed without authorisation. Centre for Internet and Society (CIS) also pointed out that about 130mn Aadhar numbers along with other sensitive data were available on the Internet.

The reason for the data leak was narrowed down to four government-run schemes ranging from National Social Assistance Programme by the Ministry of Rural Development, the National Rural Employment Guarantee Act (NREGA), also by the Ministry of Rural Development, Daily Online Payment Reports under NREGA by the government of Andhra Pradesh and the Chandranna Bima Scheme, also by the government of Andhra Pradesh.

The public and private partnership model should be adopted to face the challenges.

This can be done by establishing areas of common interest, supporting capacity building and resource pooling and developing benchmarks for resilience.

There are various reasons for cyber-attacks/data breach incidents – few of them are as follows. In effective vulnerability management, lack of security monitoring, human errors – accidental publishing, hacking, targeted attack, business e-mail compromise, phishing and social engineering attacks, inadequate encryption, on-adherence to strong password policy, state sponsored terrorism/attacks and corporate espionage.

The various cyber-attacks, which have left significant impact on global organisations. Institutions need to be more collaborative on security issues. Banks need to manage the change by redefining their business models to manage various stake holders such as customers, regulator and shareholders.

The involvement of the company’s board is required which should set the tone for enhancing security and determine whether the full board or a committee should have oversight responsibility.

Board of directors are starting to take note, particularly members of the audit committee, who list cyber security among their top concerns. Test effectiveness of existing security devices/ solutions and fine tune. Adopt new technologies such as artificial intelligence and machine learning to identify abnormal behaviour in networks.

Maintain IT system hygiene i.e., effective patching, hardening and baseline. Develop blue/red and purple teams to have balanced check on the vulnerability exploitation, effective threat monitoring and countermeasures. Develop cyber crisis management plan and establish breach response plan.

Qatar Central Bank has brought IT security strategy and technology risk circulars, which will provide directions for the banks to build their strategy while adopting advanced technologies.

It also took the initiative for formation of Banking CIRT (Critical incident response team), which will act as platform for sharing of security incidents and enable quick response for its members. The State of Qatar has brought cyber-crime prevention laws, data privacy law, monitoring bank websites and alert on probable cyber-attacks in the country.

“The GDPR becomes important in the light of all major banks and FIs in Qatar having their branches/offices where they are collecting personal information of EU resident customers and processing/storing such information in Qatar and EU.

The Qatar Data Privacy Law speaks about controls over the data in rest/processing/transmission and role & responsibilities of data processor/controller. “Risk integration is key towards cybersecurity management”.

For more details visit https://cis-india.org/internet-governance/news/gulf-times-february-24-2019-dr-r-seetharaman-risk-integration-is-key-to-better-cybersecurity-management

Any failure to resolve the Kashmir problem could lead the South Asia to a nuclear disaster

Admin — 2019-03-03T06:17:23Z

World Kashmir Awareness (WKA) Board in its meeting on February 23, 2019 regrets the death of 45 Indian soldiers recently killed at Pulwama, Kashmir.

The blog post was published in Kashmir Watch on February 25, 2019. Pranesh Prakash was quoted.

Further, WKA is saddened by the fast deteriorating human rights situation, particularly in the valley and Jammu. It calls up on Mr. Narendra Modi, the prime minister of India to address the human rights situation earnestly. We cannot escape the brazen disregard for the fundamental rights of Kashmiris shown by Prime Minister Modi and his most inhumane draconian apparatus in Kashmir. It is time that India joins the community of civilized nations and allows the people of Jammu and Kashmir to exercise the right of self –determination as agreed upon by both India and Pakistan, endorsed and accepted by the United Nations Security Council.

The gross human rights violations are documented by various international and impartial human rights agencies. A brief illustration of those violations are given below.

The crisis is so severe that the United Nations High Commissioner on Human Rights, for the first time in June 2018, released a report detailing atrocities committed [by the Indian occupation (uniformed) forces] in Kashmir. The report alludes to the special powers granted to the Indian occupation (security) forces allowing them total impunity. “No armed forces personnel have faced prosecution since the powers went into effect 28 years ago, and the authorities have made little effort to investigate various allegations, including reports of mass graves”, the report said. It criticized the Indian occupation forces, in particular, “for inflicting mass civilian casualties in response to escalating protests” and called for an “international investigation into these gross abuses”. The conflict “has robbed millions of their basic human rights and continues to this day to inflict untold suffering,” said the United Nations Human Rights Commissioner, while presenting the report.

Prior to this report, an Indian author Gautam Navlakha in his report “Internal War and Civil Rights: Disappearances in Jammu and Kashmir” in the Economic and Political Weekly, says that “The recent Amnesty International report examines the phenomenon of disappearances in Jammu and Kashmir. While some of the ‘missing’ may have crossed the border, by far the larger number have fallen victim to state terrorism – arrest, detention, torture and death at the hands of the security forces. Courts cannot provide much relief as court orders are ignored by bureaucrats and armed forces”.

In an interview published on August 28 2016, the South Asia Director of Human Rights Watch, Meenakshi Ganguly, while calling for the repeal of the Armed Forces Special Powers Act (AFSPA) and other draconian laws that provide Indian military and para-military immunity from prosecution, said the way “to persuade people to believe in rule of law is for the state to set an example by first and foremost, holding itself accountable.”

The interview was conducted at a time when 70 civilians had been killed, over 500 youth blinded by pellets in one or both eyes and over 5000 civilians injured by Indian rogue army in just 50 days immediately prior to the interview.

In a most despicable act, the rogue Indian Army does not even hesitate to use civilians in Kashmir as human shield. In its editorial entitled “Cruelty and Cowardice in Kashmir”, New York Times in April, 2017 wrote “Members of India’s armed forces reached a new low in the long history of alleged human rights abuses in the Indian state of Jammu and Kashmir when they beat and then tied a 24-year-old shawl weaver named Farooq Ahmad Dar to the front of a jeep on April 9, using him as a human shield against stone-throwing crowds”.

The New York Times reported that many in India expressed shock and revulsion on this report. Yet “large sections of India’s booming news media — some editors, some columnists — openly celebrated what could well be a violation of the Geneva Conventions”. India’s attorney general defended the use of human shields, praising the officer who made the decision. The army should be applauded, he said. The report went on to say that “A judge on India’s Armed Forces Tribunal, which hears court-martial appeals, tweeted that it was “an innovative idea.” Mr. Ahmad was turned into a war cry on prime-time television and on social media. Such is the status of Indian Democracy!?

During the same period, as Mr. Modi was going around the world projecting the “Greatness of India”, The Washington Post reported banning of 22 social media sites in Indian controlled Kashmir. Pranesh Prakash, policy director for the Indian advocacy group the Center for Internet and Society, called the ban a “blow to freedom of speech” and “legally unprecedented in India.”

And, where is Mr. Modi’s outrage regarding the ‘Dead Eyes’ Epidemic in Kashmir brought on by the use of lead pellets by his “courageous soldiers”, as reported by international press. In less than two months (July-August 2016), New York Times reported that “more than 570 patients have reported to Srinagar’s main government hospital with eyes ruptured by lead pellets, sometimes known as birdshot, fired by [Indian] occupation (security) forces armed with pump-action shotguns…..The patients have mutilated retinas, severed optic nerves, irises seeping out like puddles of ink”. The victim even includes recent victim an 18-month old toddler. “2016 will almost certainly be remembered as the year of dead eyes.”

Commenting on “Kashmir in Crisis”, The Editorial Board of New Times, yet again wrote that a “major cause of the uprising is the resentment among Kashmiri youths who have come of age under an Indian security apparatus that acts against civilians with impunity. Kashmir is subject to India’s Armed Forces Special Powers Act, or AFSPA, which grants the military wide powers to arrest, shoot to kill, occupy or destroy property. The result is a culture of brutal disdain for the local population.”

The Board trusts that the involvement of the international community, particularly the world powers in this matter will bring its influence to bear on both India and Pakistan to initiate a peace process with which the United Nations as well as the accredited leadership of the people of Jammu & Kashmir will be associated so as to ensure that settlement arrived at will be based on the principles of justice.

Lastly, the Board urges the Secretary General of the United Nations to bring this matter to the attention of the Security Council. Whether this could be done successfully depends on the attitudes and policies of the permanent members, but they should be left in no doubt that any failure to resolve the problem could lead the South Asian Subcontinent to a nuclear disaster, with incalculable consequences for the whole world.

For more details visit https://cis-india.org/internet-governance/news/kashmir-watch-february-25-2019-any-failure-to-resolve-the-kashmir-problem-could-lead-the-south-asia-to-a-nuclear-disaster

Participation in the meeting of BIS LITD 17

Admin — 2019-03-03T06:12:01Z

Gurshabad Grover participated in the fifteenth meeting of the Information Systems Security and Biometrics Sectional Committee (LITD 17) of the Bureau of Indian Standards (BIS), which was conducted online on February 26.

Some of the things we discussed included:

Participation of committee members at the ISO level in SC 27 'IT Security Techniques' working groups.
Update from the last SC 27 working group meetings (I updated the committee with some standards I was tracking and my participation as co-rapporteur in the 'Impact of AI on Privacy' study period).
Participation in the next SC 27 working group meetings, which will be held in April (where I will be participating in WG 1 'Information Security Management Systems' and WG 5 'Identity management and privacy technologies' meetings).

For more details visit https://cis-india.org/internet-governance/news/participation-in-the-meeting-of-bis-litd-17

Over 30 organisations, industry bodies oppose proposal to ban vape content

praskrishna — 2019-03-03T05:49:54Z

More than 30 organisations and industry bodies, including Ficci, CII and the Cellular Operators Association of India, have written to the Electronics and IT Ministry (MeitY), urging it not to ban online content related to the Electronic Nicotine Delivery Systems (ENDS).

The article by Press Trust of India was carried in the Times of India on February 28, 2019.

Other major organisations supporting this include Asia Internet Coalition, Broadband India Forum, Internet Freedom Foundation, Data Security Council of India, Heart Care Foundation of India, and The Centre for Internet and Society.

The draft amendment to the intermediary guidelines rules proposes new regulations for intermediaries (digital platforms), including a clause on banning online content that promotes ENDS.

These entities, in a statement on Thursday, said citizens have the right to access information on safer alternatives to smoking. The submissions form part of the 609-page document.

"...(These) organisations have opposed the ban on content related to ENDS citing overstepping of IT ministry's jurisdiction, violation of consumer rights, no legal backing for the action and use of vague terminology that can lead to misinterpretation and overregulation," it added.

Vape refers to electronic cigarettes or similar devices that simulate the experience of smoking a cigarette.

The statement quoted Association of Vapers India Director Samrat Chowdhery as saying that it is encouraging that many organisations concerned with public health have sought removal of the proposed ban on ENDS content.

"India is reeling under a tobacco epidemic which causes nearly a million deaths a year. We stated in our submission that denying people access to information on safer alternatives will, therefore, be highly detrimental and in violation of Article 21 of our constitution," he added.

The Data Security Council of India (DSCI), a Nasscom initiative, said the terms and expressions used are ambiguous and may be deemed unconstitutional.

Amnesty India said it "is concerned that the rules use vague and overly broad terms to identify expression that can be restricted, going well beyond both Indian and international human rights standards on freedom of expression". SR SR HRS

For more details visit https://cis-india.org/internet-governance/news/times-of-india-pti-february-28-2019-over-30-organisations-industry-bodies-oppose-proposal-to-ban-vape-content

Feminist Internet Research Network (FIRN) Convening Design

Admin — 2019-03-01T01:08:54Z

Ambika Tandon attended a workshop organized by Association for Progressive Communications for grantees of the Feminist Internet Research Network as a panelist on a session on feminist research methods.. The workshop was held from 27 February to 1 March, in Malaysia. Represented from 8 organizations attended the workshop.

Objectives of the convenining

To inaugurate a network of feminist researcher in the field of digital technology for ongoing collaboration, advice and active solidarity.
To start trust building within the network through shared values and plot how it will work and how it will expand.
To facilitate exchange of learnings and capacity building among the network members and other resource persons, in particular.
To facilitate peer-feedback, collaboration and interdisciplinary discussions on research design, methodologies and research plans of the selected projects and other resource persons.
To get feedback on overall FIRN project research methodology/design.
To explore new and innovative methods, as well as get understand key developments and challenges in more established ways of collecting and analysing data in the four areas of the research initiative.

For more information click here

For more details visit https://cis-india.org/internet-governance/news/firn-convening-design

OWASP Seasides Conference

Admin — 2019-03-07T23:53:47Z

Karan Saini attended the OWASP Seasides security conference held on February 27 and 28, 2019 at Cavelossim, Goa. The event was organized by OWASP Seasides.

For conference details click here.

For more details visit https://cis-india.org/internet-governance/news/owasp-seasides-conference

February 2019 Newsletter

Admin — 2019-03-14T16:40:12Z

Our newsletter for February month below.

The CIS newsletter aims to highlight developments in copyright and patent, free speech and expression, privacy, cyber security, telecom, etc. as well as Industry 4.0, big data, additive manufacturing and so on which are revolutionizing and moving the digital world forward. Through this newsletter we look to engage you with our research and build a strong bond by bringing you insightful articles and blog posts which will be beneficial for you and your business. Throughout the year we will send you stories and insights from our board, staff and community leaders. We welcome your feedback, suggestions or comments regarding our newsletter or any other aspect of our research.

Highlights for February 2019

Maharashtra is a state which is rich in diversity in terms of language and culture seen in its various regions such as Konkan, Marathwada, Western Maharashtra, Northern Maharashtra and Vidarbha. Awareness needs to be created to make Wikimedia movement inclusive and diverse in these geographical regions as well as in their social strata. Keeping this in view CIS-A2K conducted five workshops in different parts of the state.
Marathi language department of Goa University has initiated the process to document the culture of Goa on Marathi Wikipedia and Commons. Subodh Kulkarni reports this in a blog entry.
Khetrimayum Monish Singh and Rajiv K. Mishra co-authored a research paper which was presented at the Young Scholars International Conference on “Margins and Connections,” organised by the Special Centre for the Study of North East India, Jawaharlal Nehru University, on February 7-8, 2019.
Following consultations with data protection, civil society, industry and others, during the Cybercrime Convention Committee (T-CY) meeting from 29 November 2018 onwards, the Cybercrime Convention Committee had sought additional contributions regarding the provisional draft text for a Second Additional Protocol to the Budapest Convention on Cybercrime (“Budapest Convention”). Vipul Kharbanda submitted comments on behalf of CIS.
CIS responded to the call for submissions from the UN Special Rapporteur on Freedom of Speech and Expression. The submission was on the Surveillance Industry and Human Rights.
CIS and University of Munich, Germany are co-organizing an event 'Internet Speech: Perspectives on Regulation and Policy' at India Habitat Centre on April 5, 2019.
Akriti Bopanna on behalf of CIS provided comments on the proposed draft of ICANN’s FY20 Operating Plan and Budget along with their Five-Year Operating Plan Update.
Harsh Bajpai, Ambika Tandon, and Amber Sinha have co-authored a case study 'The Future of Work in the Automotive Sector in India'. The case study highlights the impact of technologies such as artificial intelligence, industry 4.0, internet of things, and so on at industry workplace. The case study was edited by Rakhi Sehgal. Manav Mehta provided research assistance.
In a response to the Draft of The Information Technology [Intermediary Guidelines (Amendment) Rules] 2018, CIS examined whether the draft rules meet tests of constitutionality and whether they are consistent with the parent Act. The submission also examined potential harms that may arise from the Rules as they are currently framed and make recommendations to the draft rules that may enable government to meet its objectives while remaining situated within the constitutional ambit.
A UN high-level panel on Digital Cooperation issued a call for inputs that called for responses to various questions. CIS responded to the call for inputs. The response was drafted by Aayush Rathi, Ambika Tandon, Arindrajit Basu and Elonnai Hickok.

CIS and the News

The following news pieces were authored by CIS and published on its website in January:

Data Infrastructures and Inequities: Why Does Reproductive Health Surveillance in India Need Our Urgent Attention? (Aayush Rathi and Ambika Tandon; EPW Engage , Vol. 54, Issue No. 6, February 9, 2019).
Intermediary liability law needs updating (Sunil Abraham; Business Standard; February 9, 2019).
Resurrecting the marketplace of ideas (Arindrajit Basu; Hindu Businessline; February 22, 2019).
What I learned from going offline for 48 hours (Nishant Shah; Indian Express; February 24, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Civil Liberties Groups Warn Proposed EU 'Terrorist Content' Rule a Threat to Democratic Values (Jessica Corbett; Common Dreams; February 5, 2019).
‘Willing to participate, but need more time’: Twitter on parliamentary panel hearing (Smriti Kak Ramachandran and Vidhi Choudhary; February 10, 2019).
What the government's draft IT intermediary guidelines say (Abhijit Ahaskar; Livemint; February 12, 2019).
Make our digital backyard safe (Nilanjana Bhowmick; Economic Times; February 13, 2019).
Even years later, Twitter doesn't delete your direct messages (Zack Whittaker and Natasha Lomas; Tech Crunch; February 15, 2019).
Are RSS's fears about Tik Tok true? Here's what you should know (Economic TimZack Whittaker and Natasha Lomases; February 20, 2019). Also published in Moneycontrol News on the same day.
Risk integration is key to better cybersecurity management (Dr. R. Seetharaman; Gulf Times; February 24, 2019).
Any failure to resolve the Kashmir problem could lead the South Asia to a nuclear disaster (Kashmir Watch; February 25, 2019).
Over 30 organisations, industry bodies oppose proposal to ban vape content (Times of India; February 28, 2019).
.

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Wikipdedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Marathi Wikipedia Workshop & 1lib1ref session at Goa University (Subodh Kulkarni; February 1, 2019).
Marathi Language Fortnight Workshops 2019 (Subodh Kulkarni February 26, 2019).

Media Coverage

Goa University students update ‘Goa’ Marathi articles on Wikipedia (Times of India; February 20, 2019).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Cyber Security

Submission

Comments on the Draft Second Protocol to the Convention on Cybercrime (Budapest Convention) (Vipul Kharbanda; February 25, 2019).

Privacy

Submissions

CIS Submission to UN High Level Panel on Digital Cooperation (Aayush Rathi, Ambika Tandon, Arindrajit Basu and Elonnai Hickok; February 7, 2019).
CIS Submission to the UN Special Rapporteur on Freedom of Speech and Expression: Surveillance Industry and Human Rights (Elonnai Hickok, Arindrajit Basu, Gurshabad Grover, Akriti Bopanna, Shweta Mohandas and Martyna Kalvaityte; February 20, 2019).

Participation in Event

BIS LITD 17 (Organized by the Bureau of Indian Standards; February 26, 2019). Gurshabad Grover participated in the meeting conducted online.

Gender

Workshop Organized

Unbox Festival 2019: CIS organizes two Workshops (Organized by CIS; Bangalore; February 15 - 17, 2019). CIS organized two workshops on What is your Feminist Infrastructure Wishlist? and AI for Good.

Participation in Events

Imagine a Feminist Internet: Research, Practice and Policy in South Asia (Organized by Internet Democracy Project and Point of View; Sri Lanka; February 21 - 22, 2019). Ambika Tandon was a speaker and presented a paper 'Framing Reproductive Health as a Data Problem? Unpacking ‘Dataveillance’ in India' which was co-authored by herself and Aayush Rathi.
Feminist Internet Research Network (FIRN) Convening Design (Organized by Association for Progressive Communications; Malaysia; February 27 - March 1, 2019). Ambika Tandon attended the event.

Free Speech and Expression

Submissions

Response to the Draft of The Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 (Gurshabad Grover, Elonnai Hickok, Arindrajit Basu and Akriti Bopanna; February 7, 2019).
CIS Comment on ICANN's Draft FY20 Operating Plan and Budget (Akriti Bopanna; February 12, 2019).

Upcoming Event

Internet Speech: Perspectives on Regulation and Policy (Organized by CIS and the University of Munich (LMU), Germany; India Habitat Centre, New Delhi; April 5, 2019).

Participation in Event

Webinar on counter-comments to the draft Intermediary Guidelines (Organized by CCAOI and the ISOC Delhi Chapter; February 11, 2019). Gurshabad Grover attended the event.

Artificial Intelligence

Case Study

The Future of Work in the Automotive Sector in India (Harsh Bajpai, Ambika Tandon and Amber Sinha; February 8, 2019). Case study was edited by Rakhi Sehgal.

Participation in Event

2019 International Asia Conference (Organized by ITECHLAW; Bangalore; January 31 - February 1, 2019). Sunil Abraham was a panelist in the session "Policy Making for the Emerging Tech in India".

Researchers at Work (RAW)

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Research Paper

Media Infrastructures and Digital Practices: Case Studies from the North East of India (Khetrimayum Monish Singh; February 5, 2019).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/february-2019-newsletter

Imagine a Feminist Internet: Research, Practice and Policy in South Asia

Admin — 2019-02-27T01:52:55Z

Internet Democracy Project and Point of View co-organized a two-day Imagine a Feminist Internet event in Sri Lanka on 22011 and 22 February 2019. Ambika Tandon was a speaker and presented a paper 'Framing Reproductive Health as a Data Problem? Unpacking ‘Dataveillance’ in India' which was co-authored by herself and Aayush Rathi.

The panel also had a presentation by Dr. Anja Kovacs, and was moderated by Eva Blum-Dumontet from Privacy International. Ambika also participated in a committee that drafted a declaration for policymakers based on the presentations at the conference, which is yet to be finalised. The agenda can be seen here.

For more details visit https://cis-india.org/internet-governance/news/imagine-a-feminist-internet-research-practice-and-policy-in-south-asia

Comments on the Draft Second Protocol to the Convention on Cybercrime (Budapest Convention)

vipul — 2019-02-25T16:48:18Z

Following consultations with data protection, civil society, industry and others, during the Cybercrime Convention Committee (T-CY) meeting from 29 November 2018 onwards, the Cybercrime Convention Committee has sought additional contributions regarding the provisional draft text for a Second Additional Protocol to the Budapest Convention on Cybercrime (“Budapest Convention”).

The Centre for Internet and Society, (“CIS”), is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, artificial intelligence, freedom of expression, and cyber-security. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the rights of stakeholders. CIS is thankful to the Cybercrime Convention Committee for this opportunity to provide feedback to the Draft.

The draft text addresses three issues viz. language of requests, emergency multilateral cooperation and taking statements through video conferencing. Click to download the entire submission here.

For more details visit https://cis-india.org/internet-governance/blog/vipul-kharbanda-february-25-2019-comments-on-draft-second-protocol-to-convention-on-cybercrime-budapest-convention

Resurrecting the marketplace of ideas

basu — 2019-02-22T02:18:53Z

There is no ‘silver bullet’ for regulating content on the web. It requires a mix of legal and empirical analysis.

The article by Arindrajit Basu was published in Hindu Businessline on February 19, 2019.

A century after the ‘marketplace of ideas’ first found its way into a US Supreme Court judgment through the dissenting opinion of Justice Oliver Wendell Holmes Jr (Abrams v United States, 1919), the oft-cited rationale for free speech is arguably under siege.

The increasing quantity and range of online speech hosted by internet platforms coupled with the shock waves sent by revelations of rampant abuse through the spread of misinformation has lead to a growing inclination among governments across the globe to demand more aggressive intervention by internet platforms in filtering the content they host.

Rule 3(9) of the Draft of the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December follows the interventionist regulatory footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.”

Like its global counterparts, this rule, which serves as a pre-condition for granting immunity to the intermediary from legal claims arising out of user-generated communications, might not only have an undue ‘chilling effect’ on free speech but is also a thoroughly uncooked policy intervention.

Censorship by proxy

Rule 3(9) and its global counterparts might not be in line with the guarantees enmeshed in the right to freedom of speech and expression for three reasons. First, the vague wording of the law and the abstruse guidelines for implementation do not provide clarity, accessibility and predictability — which are key requirements for any law restricting free speech .The NetzDG-the German law, aimed at combating agitation and fake news, has attracted immense criticism from civil society activists and the UN Special Rapporteur David Kaye on similar grounds.

Second, as proved by multiple empirical studies across the globe, including one conducted by CIS on the Indian context, it is likely that legal requirements mandating that private sector actors make determinations on content restrictions can lead to over-compliance as the intermediary would be incentivised to err on the side of removal to avoid expensive litigation.

Finally, by shifting the burden of determining and removing ‘unlawful’ content onto a private actor, the state is effectively engaging in ‘censorship by proxy’. As per Article 12 of the Constitution, whenever a government body performs a ‘public function’, it must comply with all the enshrined fundamental rights.

Any individual has the right to file a writ petition against the state for violation of a fundamental right, including the right to free speech.

However, judicial precedent on the horizontal application of fundamental rights, which might enable an individual to enforce a similar claim against a private actor has not yet been cemented in Indian constitutional jurisprudence.

This means that any individual whose content has been wrongfully removed by the platform may have no recourse in law — either against the state or against the platform.

Algorithmic governmentality

Using automated technologies comes with its own set of technical challenges even though they enable the monitoring of greater swathes of content. The main challenge to automated filtering is the incomplete or inaccurate training data as labelled data sets are expensive to curate and difficult to acquire, particularly for smaller players.

Further, an algorithmically driven solution is an amorphous process.

Through it is hidden layers and without clear oversight and accountability mechanisms, the machine generates an output, which corresponds to assessing the risk value of certain forms of speech, thereby reducing it to quantifiable values — sacrificing inherent facets of dignity such as the speaker’s unique singularities, personal psychological motivations and intentions.

Possible policy prescriptions

The first step towards framing an adequate policy response would be to segregate the content needing moderation based on the reason for them being problematic.

Detecting and removing information that is false might require the crafting of mechanisms that are different from those intended to tackle content that is true but unlawful, such as child pornography.

Any policy prescription needs to be adequately piloted and tested before implementation. It is also likely that the best placed prescription might be a hybrid amalgamation of the methods outlined below.

Second, it is imperative that the nature of intermediaries to which a policy applies are clearly delineated. For example, Whatsapp, which offers end-to-end encrypted services would not be able to filter content in the same way internet platforms like Twitter can.

The first option going forward is user-filtering, which as per a recent paper written by Ivar Hartmann, is a decentralised process, through which the users of an online platform collectively endeavour to regulate the flow of information.

Users collectively agree on a set of standards and general guidelines for filtering. This method combined with an oversight and grievance redressal mechanism to address any potential violation may be a plausible one.

The second model is enhancing the present model of self-regulation. Ghonim and Rashbass recommend that the platform must publish all data related to public posts and the processes followed in a certain post attaining ‘viral’ or ‘trending’ status or conversely, being removed.

This, combined with Application Programme Interfaces (APIs) or ‘Public Interest Algorithms’, which enables the user to keep track of the data-driven process that results in them being exposed to a certain post, might be workable if effective pilots for scaling are devised.

The final model that operates outside the confines of technology are community driven social mechanisms. An example of this is Telengana Police Officer Remi Rajeswari’s efforts to combat fake news in rural areas by using Janapedam — an ancient form of story-telling — to raise awareness about these issues.

Given the complex nature of the legal, social and political questions involved here, the quest for a ‘silver-bullet’ might be counter-productive.

Instead, it is essential for us to take a step back, frame the right questions to understand the intricacies in the problems involved and then, through a mix of empirical and legal analysis, calibrate a set of policy interventions that may work for India today.

For more details visit https://cis-india.org/internet-governance/blog/hindu-businessline-february-19-2019-arindrajit-basu-resurrecting-the-marketplace-of-ideas