We are anonymous, we are legion

The Srikrishna Committee Data Protection Bill and Artificial Intelligence in India

Amber Sinha and Elonnai Hickok — 2018-09-03T13:29:12Z

Artificial Intelligence in many ways is in direct conflict with traditional data protection principles and requirements including consent, purpose limitation, data minimization, retention and deletion, accountability, and transparency.

Privacy Considerations in AI

Other related privacy concerns in the context of AI center around re-identification and de-anonymisation, discrimination, unfairness, inaccuracies, bias, opacity, profiling, and misuse of data and imbedded power dynamics.^[1]

The need for large amounts of data to improve accuracy, the ability to process vast amounts of granular data, and the present relationship between explainability and result of AI systems^{^[2]} have raised many concerns on both sides of the fence. On one hand, there is concern that heavy handed or inappropriate regulation will result in stifling innovation. If developers can only use data for pre-defined purpose - the prospects of AI are limited. On the other hand, individuals are concerned that privacy will be significantly undermined in light of AI systems that collect and process data in realtime and at a personal level not previously possible. Chatbots, house assistants, wearable devices, robot caregivers, facial recognition technology etc. have the ability to collect data from a person at an intimate level. At the sametime, some have argued that AI can work towards protecting privacy by limiting the access that humans working at respective companies have to personal data.^{^[3]}

India is embracing AI. Two national roadmaps for AI were released in 2018 respectively by the Ministry of Commerce and Industry and Niti Aayog. Both roadmaps emphasized the importance of addressing privacy concerns in the context of AI and ensuring that a robust privacy legislation is enacted. In August 2018, the Srikrishna Committee released a draft Personal Data Protection Bill 2018 and the associated report that outlines and justifies a framework for privacy in India. As the development and use of AI in India continues to grow, it is important that India simultaneously moves forward with a privacy framework that addresses the privacy dimensions of AI.

In this article we attempt to analyse if and how the Srikrishna committee draft Bill and report has addressed AI, contrast this with developments in the EU and the passing of the GDPR, and identify solutions that are being explored towards finding a way to develop AI while upholding and safeguarding privacy.

The GDPR and Artificial Intelligence

The General Data Protection Regulation became enforceable in May 2018 and establishes a framework for the processing of personal data for individuals within the European Union. The GDPR has been described by IAAP as taking a ‘risk based’ approach to data protection that pushes data controllers to engage in risk analysis and adopt ‘risk measured responses’.^{^[4]} Though the GDPR does not explicitly address artificial intelligence, it does have a number of provisions that address automated decision making and profiling and a number of provisions that will impact companies using artificial intelligence in their business activities. These have been outlined below:

Data rights: The GDPR enables individuals with a number of data rights: the right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision making including profiling. The last right - rights related to automated decision making - seeks to address concerns arising out of automated decision making by giving the individual the right to request to not be subject to a decision based solely on automated decision making including profiling if the decision would produce legal effects or similarly significantly affects them. There are three exceptions to this right - if the automated decision making is: a. necessary for the performance of a contract, b. authorised by the Union or Member State c. is based on explicit consent.^{^[5]}
Transparency: Under Article 14, data controllers must enable the right to opt out of automated decision making by notifying individuals of the existence of automated decision making including profiling and providing meaningful information about the logic involved as well as the potential consequences of such processing.^{^[6]} Importantly, this requirement has the potential of ensuring that companies do not operate complete ‘black box’ algorithms within their business processes.
Fairness: The principle of fairness found under Article 5(1) will also apply to the processing of personal data by AI. The principle requires that personal data must be processed in a way to meet the three conditions of lawfully, fairly, and in a transparent manner in relation to the data subject. Recital 71 further clarifies that this will include implementing appropriate mathematical and statistical measures for profiling, ensuring that inaccuracies are corrected, and ensuring that processing that does not result in negative discriminatory results.^{^[7]}
Purpose Limitation: The principle of purpose limitation (Article 5(1)(b) requires that personal data must be collected for specified, explicit, and legitimate purposes and not be further processed in a manner incompatible with those purposes. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes are not considered to be incompatible with the initial purposes. It has been noted that it is unclear if research carried out through artificial intelligence would fall under this exception as the GDPR does not define ‘scientific purposes’.^{^[8]}
Privacy by Design and Default: Article 25 requires all data controllers to implement technical and organizational measures to meet the requirements of the regulation. This could include techniques like pseudonymisation. Data controllers also are required to implement appropriate technical and organizational measures for ensuring that by default only personal data which are necessary for a specific purpose are processed.^{^[9]}
Data Protection Impact Assessments: Article 35 requires data controllers to undertake impact assessments if they are undertaking processing that is likely to result in a high risk to individuals. This includes if the data controller undertakes: systematic and extensive profiling, processes special categories of criminal offence data on a large scale, systematically monitor publicly accessible places on a large scale. In implementation, some jurisdictions like the UK require impact assessments on additional conditions including if the data controller: uses new technologies, uses profiling or special category data to decide on access to services, profile individuals on a large scale, process biometric data, process genetic data, match data or combine datasets from different sources, collect personal data from a source other than the individual without providing them with a privacy notice, track individuals’ location or behaviour, profile children or target marketing or online services at them, process data that might endanger the individual’s physical health or safety in the event of a security breach.^{^[10]}
Security: Article 30 requires data controllers to ensure a level of security appropriate to the risk including employing methods like encryption and pseudonymization.

Srikrishna Committee Bill and AI

The Draft Data Protection Bill and associated report by the Srikrishna Committee was published in August 2018 and recommends a privacy framework for India. The Bill contains a number of provisions that will directly impact data fiduciaries using AI and that try and account for the unintended consequences of emerging technologies like AI. These include:

Definition of Harm: The Bill defines harm as including bodily or mental injury, loss, distortion or theft of identity, financial loss or loss of property, loss of reputation or humiliation, loss of employment, any discriminatory treatment, any subjection to blackmail or extortion, any denial or withdrawal of a service, benefit or good resulting from an evaluative decision about the data principal, any restriction placed or suffered directly or indirectly on speech, movement or any other action arising out of a fear of being observed or surveilled, any observation or surveillance that is not reasonably expected by the data principal. The Bill also allows for categories of significant harm to be further defined by the data protection authority.

Many of the above are harms that have been associated with artificial intelligence - specifically loss employment, discriminatory treatment, and denial of service. Enabling the data protection authority to further define categories of significant harm, could allow for unexpected harms arising from the use of AI to come under the ambit of the Bill.

Data Rights: Like the GDPR, the Bill creates a set of data rights for the individual including the right to confirmation and access, correction, data portability, and right to be forgotten. At the sametime the Bill is intentionally silent on the rights and obligations that have been incorporated into the GDPR that address automated decision making including: The right to object to processing,^{^[11]} the right to opt out of automated decision making^{^[12]}, and the obligation on the data controller to inform the individual about the use of automated decision making and basic information regarding the logic and impact of same.^{^[13]} As justification, in their report the Committee noted the following: The right to restrict processing may be unnecessary in India as it provides only interim remedies around issues such as inaccuracy of data and the same can be achieved by a data principal approaching the DPA or courts for a stay on processing as well as simply withdraw consent. The objective of protecting against discrimination, bias, and opaque decisions that the right to object to automated processing and receive information about the processing of data in the Indian context seeks to fulfill would be better achieved through an accountability framework requiring specific data fiduciaries that will be making evaluative decisions through automated means to set up processes that ‘weed out’ discrimination. At the same time, if discrimination has taken place, individuals can seek remedy through the courts.

By taking this approach, the Bill creates a framework to address harms arising out of AI, but does not empower the individual to decide how their data is processed and remains silent on the issue of ‘black box’ algorithms.

Data Quality: Requires data fiduciaries to ensure that personal data that is processed is complete, accurate, not misleading and updated with respect to the purposes for which it is processed. When taking steps to comply with this - data fiduciaries must take into consideration if the personal data is likely to be used to make a decision about the data principal, if it is likely to be disclosed to other individuals, if the personal data is kept in a form that distinguishes personal data based on facts from personal data based on opinions or personal assessments.^{^[14]}

This principle, while not mandating that data fiduciaries take into account considerations such as biases in datasets, could potentially be be interpreted by the data protection authority to include in its scope, means towards ensuring that data does not contain or result in bias.

Principle of Privacy by Design: Requires significant data fiduciaries to have in place a number policies and measures around several aspects of privacy. These include - (a) measures to ensure managerial, organizational, business practices and technical systems are designed in a manner to anticipate, identify, and avoid harm to the data principal (b) the obligations mentioned in Chapter II are embedded in organisational and business practices (c) technology used in the processing of personal data is in accordance with commercially accepted or certified standards (d) legitimate interests of business including any innovation is achieved without compromising privacy interests (e) privacy is protected throughout processing from the point of collection to deletion of personal data (f) processing of personal data is carried out in a transparent manner (g) the interest of the data principal is accounted for at every stage of processing of personal data.

A number of these (a, d, e, and g) require that the interest of the data principal is accounted for throughout the processing of personal data, This will be significant for systems driven by artificial intelligence as a number of the harms that have arisen from the use of AI include discrimination, denial of service, or loss of employment - have been brought under the definition of harm within the Bill. Placing the interest of the data principal first is also important in protecting against unintended consequences or harms that may arise from AI.^{^[15]} If enacted, it will be important to see what policies and measures emerge in the context of AI to comply with this principle. It will also be important to see what commercially accepted or certified standard companies rely on to comply with (c.)

Data Protection Impact Assessment: Requires data fiduciaries to undertake a data protection impact assessment when implementing new technologies or large scale profiling or use of sensitive personal data. Such assessments need to include a detailed description of the proposed processing operation, the purpose of the processing and the nature of personal data being processed, an assessment of the potential harm that may be caused to the data principals whose personal data is proposed to be processed, and measures for managing, minimising, mitigating or removing such risk of harm. If the Authority finds that the processing is likely to cause harm to the data principles, it may direct the data fiduciary to undertake processing in certain circumstances or entirely. This requirement applies to all significant data fiduciaires and all other data fiduciaries as required by the DPA.^{^[16]}

This principle will apply to companies implementing AI systems. For AI systems, it will be important to see how much information the DPA will require under the requirement of data fiduciaries providing detailed descriptions of the proposed processing operation and purpose of processing.

Classification of data fiduciaries as significant data fiduciaries: The Authority has the ability to notify certain categories of data fiduciaries as significant data fiduciaries based on 1. The volume of personal data processed, 2. The sensitivity of personal data processed, turnover of the data fiduciary, risk of harm resulting from any processing being undertaken by the fiduciary, use of new technologies for processing, and other factor relevant for causing harm to any data principal. If a data fiduciary falls under the ambit of any of these conditions they are required to register with the Authority. All significant data fiduciaries must undertake data protection impact assessments, maintain records as per the bill, under go data audits, and have in place a data protection officer.

As per this provision - companies deploying artificial intelligence would come under the definition of a significant data fiduciary and be subject to the principles of privacy by design etc. articulated in the chapter. The exception to this will be if the data fiduciary comes under the definition of ‘small entity’ found in section 48.^{^[17]}

Restrictions on cross border transfer of personal data: Requires that all data fiduciaries must store a copy of personal data on a server or data centre located in India and notified categories of critical personal data must be processed in servers located in India.

It is interesting to note that in the context of cross border sharing of data, the Bill is creating a new category of data that can be further defined beyond personal and sensitive personal data. For companies implementing artificial intelligence, this provision may prove cumbersome to comply with as many utilize cloud storage and facilities located outside of India for the processing of larger amounts of data.^{^[18]}

Powers and functions of the Authority: The Bill lays down a number of functions of the Authority one being to monitor technological developments and commercial practices that may affect protection of personal data.

By assumption, this will include monitoring of technological developments in the field of Artificial Intelligence.^{^[19]}

Fair and reasonable processing: Requires that any person processing personal data owes a duty to the data principal to process such personal data in a fair and reasonable manner that respects the privacy of the data principal. In the Srikrishna Committee report, the committee explains that the principle of the fair and reasonable is meant to address 1. Power asymmetries between data subjects and data fiduciaries - recognizing that data fiduciaires have a responsibility to act in the best interest of the data principal 2. Situations where processing may be legal but not necessary fair or in the best interest of the data principal 3. Developing trust between the data principal and the data fiduciary.^{^[20]}

This is in contrast to the GDPR which requires processing to simultaneously meet the three conditions of fairness, lawfulness, and transparency.

Purpose Limitation: Personal data can only be processed for the purposes specified or any other purpose that the data principal would reasonably expect.

As a note, the Srikrishna Committee Bill does not include ‘scientific purposes’ as an exception to the principle of purpose limitation as found in the GDPR,^{^[21]} and instead creates an exception for research, archiving, or statistical purposes.^{^[22]} The DPA has the responsibility of developing codes defining research purposes under the act.^{^[23]}

Security Safeguards: Every data fiduciary must implement appropriate security safeguards including the use of methods such as de-identification and encryption, steps to protect the integrity of personal data, and steps necessary to prevent misuse, unauthorised access to, modification, and disclosure or destruction of personal data.^{^[24]}

Unlike the GDPR which explicitly refers to the technique of pseudonymization, the Srikrishna uses Bill uses term de-identification. The Srikrishna Report clarifies that the this includes techniques like pseudonymization and masking and further clarifies that because of the risk of re-identification, de-identified personal data should still receive the same level of protection as personal data. The Bill further gives the DPA the authority to define appropriate levels of anonymization. ^{^[25]}

Technical perspectives of Privacy and AI

There is an emerging body of work that is looking at solutions to the dilemma of maintaining privacy while employing artificial intelligence and finding ways in which artificial intelligence can support and strengthen privacy. For example, there are AI driven platforms that leverage the technology to help a business to meet regulatory compliance with data protection laws^{^[26]}, as well as research into AI privacy enhancing technologies.^{^[27]} Standards setting bodies like IEEE have undertaken work on the ethical considerations in the collection and use of personal data when designing, developing, and/or deploying AI through the standard ‘Ethically Aligned Design’.^{^[28]} . In the article Artificial Intelligence and Privacy by Datatilsynet - the Norwegian Data Protection Authority^{^[29]} break such methods into three categories:

Techniques for reducing the need for large amounts of training data: Such techniques can include

Generative adversarial networks (GANs): GANs are used to create synthetic data and can address the need for large volumes of labelled data without relying on real data containing personal data. GANs could potentially be useful from a research and development perspective in sectors like healthcare where most data would quality as sensitive personal data.
Federated Learning: Federated learning allows for models to be trained and improved on data from a large pool of users without directly using user data. This is achieved by running a centralized model on a client unit and subsequently improved on local data. Changes from the improvements are shared back with the centralized server. An average of the changes from multiple individual client units becomes the basis for improving the centralized model.
Matrix Capsules: Proposed by Google researcher Geoff Hinton, Matrix Capsules improve the accuracy of existing neural networks while requiring less data.^{^[30]}

Techniques that uphold data protection without reducing the basic data set

Differential Privacy: Differential privacy intentionally adds ‘noise’ to data when accessed. This allows for personal data to be accessed with revealing identifying information.
Homomorphic Encryption: Homomorphic encryption allows for the processing of data while it is still encrypted. This addresses the need to access and use large amounts of personal data for multiple purposes
Transfer Learning: Instead of building a new model, transfer learning relies builds upon existing models that are applied to new related purposes or tasks. This has the potential to reduce the amount of training data needed.
RAIRD: Developed by Statistics Norway and the Norwegian Centre for Research Data, RAIRD is a national research infrastructure that allows for access to large amounts of statistical data for research while managing statistical confidentiality. This is achieved by allowing researchers access to metadata. The metadata is used to build analyses which are then run against detailed data without giving access to actual data.^{^[31]}

Techniques to move beyond opaque algorithms

Explainable AI (XAI): DARPA in collaboration with Oregon State University is researching how to create explainable models and explanation interface while ensuring a high level of learning performance in order to enable individuals to interact with, trust, and manage artificial intelligence.^{^[32]} DARPA identifies a number of entities working on different models and interfaces for analytics and autonomy AI.^{^[33]}
Local Interpretable Model Agnostic Explanations: Developed to enable trust between AI models and humans by generating explainers to highlight key aspects that were important to the model and its decision - thus providing insight into the rationale behind a model.^{^[34]}

Public Sector use of AI and Privacy

The role of AI in public sector decision making has been gradually growing globally across sectors such as law enforcement, education, transportation, judicial decision making and healthcare. In India too, use of automated processing in electronic governance under the Digital India mission, domestic law enforcement agencies monitoring social media content and educational schemes is being discussed and gradually implemented. Much like the potential applications of AI across sub-sectors, the nature of regulatory issues are also diverse.

Aside from the accountability framework discussed in the Srikrishna Committee report, the Puttaswamy judgment also provides a basis for governance of AI with respect to its concerns for privacy, in limited contexts. The sources of right to privacy as articulated in the Puttaswamy judgments included the terms ‘personal liberty’ under Article 21 of the Constitution. In order to fully appreciate how constitutional principles could apply to automated processing in India, we need to look closely at the origins of privacy under liberty. In the famous case of AK Gopalan there is a protracted discussion on the contents of the rights under Article 21. Amongst the majority opinions itself, the opinion was divided. While Sastri J. and Mukherjea J. took the restrictive view that limiting the protections to bodily restraint and detention, Kania J. and Das J. take a broader view for it to include the right to sleep, play etc. Through RC Cooper^{^[35]} and Maneka^{^[36]}, the Supreme Court took steps to reverse the majority opinion in Gopalan and it was established that that the freedoms and rights in Part III could be addressed by more than one provision. The expansion of ‘personal liberty’ has began in Kharak Singh where the unjustified interference with a person’s right to live in his house, was held to be violative of Article 21. The reasoning in Kharak Singh draws heavily from Munn v. Illinois^{^[37]} which held life to be “more than mere animal existence.” Curiously, after taking this position Kharak Singh fails to recognise a fundamental right to privacy (analogous to the Fourth Amendment protection in US) under Article 21. The position taken in Kharak Singh was to extrapolate the same method of wide interpretation of ‘personal liberty’ as was accorded to ‘life’. Maneka which evolved the test for enumerated rights within Part III says that the claimed right must be an integral part of or of the the same nature as the named right. It says that the claimed must be ‘in reality and substance nothing but an instance of the exercise of the named fundamental right’. The clear reading of privacy into ‘personal liberty’ in this judgment is effectively a correction of the inherent inconsistencies in the positions taken by the majority in Kharak Singh.

The other significant change in constitutional interpretation that occurred in Maneka was with respect to the phrase ‘procedure established by law’ in Article 21. In Gopalan, the majority held that the phrase ‘procedure established by law’ does not mean procedural due process or natural justice. What this meant was that, once a ‘procedure’ was ‘established by law’, Article 21 could not be said to have been infringed. This position was entirely reversed in Maneka. The ratio in Maneka said that ‘procedure established by law’ must be fair, just and reasonable, and cannot be arbitrary and fanciful. Therefore, any infringement of the right to privacy must be through a law which follows the principles of natural justice, and is not arbitrary or unfair. It follows that any instances of automated processing for public functioning by state actors or others, must meet this standard of ‘fair, just and reasonable’.

While there is a lot of focus internationally on what ethical AI must be, it is important that when we consider use of AI by the state, we pay heed to the existing constitutional principles which determine how AI must be evaluated against these standards. These principles however extend only to limited circumstances for protections under Article 21 are not horizontal in nature but only applicable against the state. Whether a party is the state or not is a question that has been considered several times by the Supreme Court and must be determined by functional tests. In our submission of the Justice Srikrishna Committee, we clearly recommended that where automated decision making is used for discharging of public functions, the data protection law must state that such actions are subject the the constitutional standards and are ‘just, fair and reasonable’ and satisfy the tests for both procedural and substantive due process. To a limited extent, the committee seems to have picked up the standards of ‘fair’ and ‘reasonable’ and made it applicable to all forms of processing, whether public or private. It is as yet unclear whether fairness and reasonableness as inserted in the bill would draw from the constitutional standard under Article 21. The report makes a reference to the twin principles of acting in a manner that upholds the best interest of the privacy of the individual, and processing within the reasonable expectations of the individual, which do not seem to cover the fullest essence of the legal standard under Article 21.

Conclusion

The Srikrishna Committee Bill attempts to create an accountability framework for the use of emerging technologies including AI that is focused on placing the responsibility on companies to prevent harm. Though not as robust as found in the GDPR, the protections have been enabled through requirements such as fair and reasonable processing, ensuring data quality, and implementing principles of privacy of design. At the sametime, the Srikrishna Bill does not include provisions that can begin to address the consumer facing ‘black box’ of AI by ensuring that individuals have information about the potential impact of decisions taken by automated means. In contrast, the GDPR has already taken important steps to tackle this by requiring companies to explain the logic and potential impact of decisions taken by automated means.

Most importantly, the Bill gives the Data Protection Authority the necessary tools to hold companies accountable for the use of AI through the requirements of data protection audits. If enacted, it will have to be seen how these audits and the principle of privacy by design are implemented and enforced in the context of companies using AI. Though the Bill creates a Data Protection Authority consisting of members that have significant experience in data protection, information technology, data management, data science, cyber and internet laws, and related subjects, these requirements can be further strengthened by having someone from a background of ethics and human rights.

One of the responsibilities of the DPA under the Srikrishna Bill will be to monitor technological developments and commercial practices that may affect protection of personal data and promote measures and undertake research for innovation in the field of protection of personal data. If enacted, we hope that AI and solutions towards enhancing privacy in the context of AI like described above will be one of these focus areas of the DPA. It will also be important to see how the DPA develops impact assessments related to AI and what tools associated with the principle of Privacy by Design emerge to address AI.

^{^[1]} https://privacyinternational.org/topics/artificial-intelligence

^{^[2]} https://www.wired.com/story/our-machines-now-have-knowledge-well-never-understand/

^{^[3]} https://iapp.org/news/a/ai-offers-opportunity-to-increase-privacy-for-users/

^{^[4]} https://iapp.org/media/pdf/resource_center/GDPR_Study_Maldoff.pdf

^{^[5]} https://gdpr-info.eu/art-22-gdpr/

^{^[6]} https://gdpr-info.eu/art-14-gdpr/

^{^[7]} https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf

^{^[8]} https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf

^{^[9]} https://gdpr-info.eu/art-25-gdpr/

^{^[10]} https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

^{^[11]} https://gdpr-info.eu/art-21-gdpr/

^{^[12]} https://gdpr-info.eu/art-22-gdpr/

^{^[13]} https://gdpr-info.eu/art-14-gdpr/

^{^[14]}Draft Data Protection Bill 2018 - Chapter II section 9

^{^[15]} Draft Data Protection Bill 2018 - Chapter VII section 29

^{^[16]} Draft Data Protection Bill 2018 - Chapter VII section 33

^{^[17]} Draft Data Protection Bill 2018 - Chapter VII section 38

^{^[18]} Draft Data Protection Bill 2018 - Chapter VIII section 40

^{^[19]} Draft Data Protection Bill 2018 - Chapter X section 60

^{^[20]} Draft Data Protection Bill 2018 - Chapter II section 4

^{^[21]} Draft Data Protection Bill 2018 - Chapter II section 5

^{^[22]} Draft Data Protection Bill 2018 - Chapter IX Section 45

^{^[23]} Draft Data Protection Bill 2018 - Chapter XIV section 97

^{^[24]} Draft Data Protection Bill 2018 - Chapter VII section 31

^{^[25]} Srikrishna Committee Report on Data Protection pg. 36 and 37. Available at: http://www.prsindia.org/uploads/media/Data%20Protection/Committee%20Report%20on%20Draft%20Personal%20Data%20Protection%20Bill,%202018.pdf

^{^[26]} https://www.ciosummits.com/Online_Assets_DocAuthority_Whitepaper_-_Guide_to_Intelligent_GDPR_Compliance.pdf

^{^[27]} https://jolt.law.harvard.edu/assets/articlePDFs/v31/31HarvJLTech217.pdf

^{^[28]} https://standards.ieee.org/content/dam/ieee-standards/standards/web/documents/other/ead_personal_data_v2.pdf

^{^[29]} https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf

^{^[30]} https://www.artificial-intelligence.blog/news/capsule-networks

^{^[31]} http://raird.no/about/factsheet.html

^{^[32]} https://www.darpa.mil/attachments/XAIProgramUpdate.pdf

^{^[33]} https://www.darpa.mil/attachments/XAIProgramUpdate.pdf

^{^[34]} https://www.oreilly.com/learning/introduction-to-local-interpretable-model-agnostic-explanations-lime

^{^[35]} R C Cooper v. Union of India, 1970 SCR (3) 530.

^{^[36]} Maneka Gandhi v. Union of India, 1978 SCR (2) 621.

^{^[37]} 94 US 113 (1877).

For more details visit https://cis-india.org/internet-governance/blog/the-srikrishna-committee-data-protection-bill-and-artificial-intelligence-in-india

The soon-to-be launched Aadhaar Pay will let you make purchases using your fingerprint

praskrishna — 2017-01-16T03:14:22Z

Paying for your groceries and other goods by using your biometrics instead of an e-wallet, debit card or cash seems to be the next phase in the Centre’s ambitious push to shift the country to a “less cash” economy, as its mandarins term it.

The article by Indulekha Aravind was published in the Economic Times on 15 January 2017. Sunil Abraham was consulted for this.

Ajay Bhushan Pandey, CEO of the Unique Identification Authority of India (UIDAI), says it will be rolling out Aadhaar-enabled payment system, or Aadhaar Pay, for merchants in the next few weeks. This will be an app for merchants that enables them to receive payments through biometric authentication of the customer, provided their bank accounts are linked to their Aadhaar number. "A pilot is under way in fair price shops in Andhra Pradesh where shopkeepers are accepting payments from PDS beneficiaries. The results are very encouraging," says Pandey.

The idea takes off from the existing Aadhaar-enabled payment system (AEPS) used by bank business correspondents (BCs) in rural areas to disburse and accept cash, using micro ATMs. "We are trying to tweak this so that a similar device can be used by a local merchant," says Pandey. Adoption will depend on two factors: merchants’ acceptance of it and whether they can use an app rather than a micro ATM. The biggest advantage through this method of payment, says Pandey, is that the customer will not need a credit or debit card, or even a smartphone.

The limits for transactions using AEPS, such as the number of daily transactions, will be left to the discretion of the banks. In the long term, the AEPS will be migrated to the BHIM (Bharat Interface for Money) platform but the rollout of Aadhaar Pay will happen before that. Post demonetisation, banking BC’s number of transactions using AEPS has leapt from 4-5 lakh to 14-15 lakh, says Pandey. According to Reserve Bank of India data on electronic payment systems, the total volume of such transactions jumped from 671 million in November 2016 to 957 million in December. USSD-based payments, which can be done using a basic feature phone, are among the biggest beneficiaries: the volume rose from just 7,000 in November to 1,02,000 in December, and value of transactions from over Rs 7,000 to over Rs 1 lakh. Prepaid payment instruments — mainly mobile wallets — rose from 59 million to 88 million in the same period (and value from Rs 1,300 crore to Rs 2,100 crore).

While Aadhaar Pay is likely to ride the demonetisation wave if it is launched soon, certain concerns remain, as the list is how secure such a payment system will be. The UIDAI CEO says it is a paramount concern for the organisation, too. "We are using the latest technology to ensure the information stays encrypted end to-end, so that information is not leaked or misused. In the months to come, we will strengthen the security."

Wary About Security
Sunil Abraham, executive director of the Centre for Internet and Society, a think tank that has been analysing the Aadhaar project for six years, outlines several reasons why Aadhaar-based biometrics is inappropriate for authentication in payments, unlike card-based payments that use cryptography.

"With biometrics, there is always an error ratio. It is imprecise matching, whereas with cryptography (smart cards), there is no false positive or negative. You either have the key (PIN) or you don’t. It is also very cheap to defeat biometric authentication — even an unlettered person can do it," says Abraham. It would be easy enough, he says, to replicate someone else’s fingerprint by pressing it against lukewarm wax and filling the mould with glue to get a dummy finger. In contrast, compromising a smart card requires more cost and effort, from tech-savviness to machines such as a skimmer that will read the card. "And once you are compromised,you are compromised forever. You can’t change it, like a debit card PIN."

Using Aadhaar for authentication had proved to be a failure during the exchange of currency notes following demonetisation, he adds, pointing to how the poor and the middle class stood in queues for money while stacks of new currency were recovered from the homes of businessmen and bureaucrats. "When you have bank officials who are corrupt, giving them your biometrics is giving them more ammunition for corruption." To catch the criminals, law enforcement agencies had to resort to CCTV footage,a relatively older technology, he says. Others point out that while it may be secure, certain factors stand in the way of making biometrics-based payment authentication a large-scale success. Amrish Rau, CEO of PayU India, a payment gateway provider, cites a list of reasons why it would inevitably take off but only in 5-10 years.

"For one, the technology is not yet good enough. There are also bandwidth and data constraints in sending biometric data," says Rau. Even in more mature markets, it has yet to find widespread acceptance, he says, pointing to the slow adoption of Apple Pay and Samsung Pay in the US. "It’s not the answer today.” This is in contrast to NITI Aayog CEO Amitabh Kant’s recent remarks that cards and PoS machines would become redundant by 2020 because Indians would be making payments using their thumb (biometrics). "... my view is that in the next two and a half years, India will make all its debit cards, credit cards, all ATM machines, all PoS machines totally irrelevant,” Kant had said at a Pravasi Bharatiya Divas session in Bengaluru.

UIDAI’s Pandey is more circumspect. “I wouldn’t say who would replace what. But from the government’s side we are encouraging all modes of digital payment. India has a diverse population and some people might prefer using a card, others a wallet. Collectively, they will contribute to a less-cash society.”

For more details visit https://cis-india.org/internet-governance/news/economic-times-indulekha-aravind-january-15-2017-the-soon-to-be-launched-aadhaar-pay-will-let-you-make-purchases-using-your-fingerprint

The Socratic debate: Whose internet is it anyway?

pranesh — 2014-12-09T13:35:45Z

In the US, President Obama recently spoke out on the seemingly arcane topic of net neutrality. What is more astounding is that the popular satire news show host John Oliver spent a 13-minute segment talking about it in June, telling Internet trolls to “focus your indiscriminate rage in a useful direction” by visiting the US Federal Communications Commission’s (FCC) website and submitting comments on its weak draft proposal on net neutrality.

The article was published in the Economic Times on November 18, 2014.

Due to the work of activists, popular media coverage, pro-net neutrality technology companies, and John Oliver, eventually the FCC received 1.1 million responses. Text analysis by the Sunlight Foundation using natural language processing found that only 1% of the responses were clearly opposed to net neutrality. So millions of people in the US are both aware and care about this issue. But the general response in India would be: what is net neutrality and why should I be concerned?

Net neutrality is commonly described as the principle of ensuring that there is no discrimination between the different ‘packets’ that an Internet service provider (ISP) carries. That means that the traffic from NDTV should be treated equally by Reliance Infocomm as the traffic from Network 18’s CNNIBN; that even if Facebook wants to pay Airtel to deliver Whatsapp’s packets faster than Viber’s, Airtel may not do so; that peer-to-peer traffic is not throttled; that Facebook will not be able to pay Airtel to keep its subscribers bound within its walled gardens; and also that Airtel can’t claim to be providing Internet access while restricting that to only Facebook or Whatsapp.

The counter to this by telecom companies the world over, which has little evidence backing it, is primarily two-fold: first, one of equity — that it is ‘unfair’ for the likes of YouTube to get a ‘free ride’ on Airtel networks, hogging up bandwidth but not paying them; and second, that of economic incentives — networks are bleeding money due to services like WhatsApp and Skype replacing SMS and voice, and not being able to charge them will lead to a decrease in profitability and network expansion. The first claim is based on a myth of the ‘free ride’, while the reality is that subscribers who download more also pay the ISP more, while contentemitting companies also have to pay their network providers as per the traffic they generate, and those network providers, in turn, have to enter into ‘transit’ or ‘peering’ agreements with the ISPs that eventually provide access to consumers. The second claim has little evidence to back it up. Efficient competition is the best driver of both profit as well as network expansion. VSNL complained about services like Net2Phone in the 1990s and even filtered all voice-over-IP (VoIP) traffic — and illegally blocked a number of VoIP websites — to preserve its monopoly over international telephony. Instead, removing VSNL’s monopoly only benefited our nation. As for network expansion, it is inability of networks to profit from sparsely populated rural areas that poses a major roadblock. Fixing those problems require smart pricing by telecom companies and intelligent regulation, including exploring policy options like shared spectrum, but they do not necessarily require the abandoning of net neutrality.

However, the fact that the reasons telecom companies often provide against net neutrality are bogus doesn’t mean that it’s easy to ensure net neutrality. The Trai has been exploring this issue by holding a seminar on OTT services. However, the main focus of the discussions were not whether and how India should ensure net neutrality: it was on whether the government should regulate services like WhatsApp and bring them under the licence Raj. Yes, the debate going around in the regulatory circles is whether India should implement rules to ensure net non-neutrality so as favour telecom companies! Net neutrality is a difficult issue in regulatory terms since there is no common understanding among academics and activists of what all should fall under its ambit: only the ‘last mile’ or interconnection as well?

The policy dialogue in India is far removed from this and from considering the nuanced positions of anti-net neutrality scholars, such as Christopher Yoo, who raise concerns about the harms to innovation and the free market that would be caused by mandating net neutrality. The situation in India is much more dire, since blatant violations of net neutrality — howsoever defined — are already happening with Airtel launching its ‘One Touch Internet’, a limited walled garden approach that lies about offering access to the ‘Internet’ while only offering access to a few services based on secretive agreements with other companies. Mark Zuckerberg, the founder of Facebook, recently toured India talking about his grand vision of providing connectivity to the bottom half of the pyramid yet did not talk about how that connectivity would not be to the Internet, but will be limited to only a few services — including Facebook.

Even if we had good laws in favour of net neutrality, without effective monitoring and forceful action by the government, they will amount to little. s. Undoubtedly the contours of the conversation that needs to happen in India over net neutrality will be different from that happening in more developed countries with higher levels of Internet penetration.

However it is a cause of grave concern that while net neutrality is being brutally battered by telecom companies in the absence of any regulation, they are also seeking to legitimize their battery through regulation. It is time the direction of the conversation changed. Perhaps we should invite John Oliver over.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-november-18-2014-pranesh-prakash-the-socratic-debate-whos-internet-is-it-anyway

The Social Role of the Communications and the Strengthening of the Freedom of Expression Panel - "Cultural Diversity and Freedom of Expression"

praskrishna — 2015-10-27T01:48:04Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. The Ministry of Culture and the Ministry of Communications of Brazil is organizing a panel on Cultural Diversity and Freedom of Expression on November 9, 2015, from 6.30 p.m. to 8.30 p.m., in the Sala de Concerto Maestro Jose Siqueria, located in the city of Jao Pessoa, Brazil. Sunil Abraham will be a panelist.

The experience of Internet as a global network has generated paradoxes in relation to the nationally established values and those practiced by companies providers of applications. In general, the challenge lies in fundamental civil rights balance such as freedom of expression and the personality's rights.

Although the 2005 UNESCO Convention on the Protection and Promotion of the Diversity of Cultural Expressions enables the countries to adopt national policies directed to the protection of their cultural diversity, terms of use and codes of conduct are globally uniform and establish common rules to users around the world, which may affect cultural diversity.

In order to address these issues the Ministry of Culture and the Ministry of Communications, Brazil are organizing this event at IGF 2015.

About IGF 2015

Internet Governance Forum (IGF) is a multistakeholder, democratic and transparent forum which facilitates discussions on public policy issues related to key elements of Internet governance. IGF provides enabling platform for discussions among all stakeholders in the Internet governance ecosystem, including all entities accredited by the World Summit on the Information Society (WSIS), as well as other institutions and individuals with proven expertise and experience in all matters related to Internet governance.

After consulting the wider Internet community and discussing the overarching theme of the 2015 IGF meeting, the Multistakeholder Advisory Group decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development”. This theme will be supported by eight sub-themes that will frame the discussions at the João Pessoa meeting

For more details visit https://cis-india.org/internet-governance/news/the-social-role-of-the-communications-and-the-strengthening-of-the-freedom-of-expression-panel-cultural-diversity-and-freedom-of-expression

The Short-lived Adventure of India’s Encryption Policy

bhairav — 2015-11-29T09:03:42Z

Written for the Berkeley Information Privacy Law Association (BIPLA).

During his recent visit to Silicon Valley, Indian Prime Minister Narendra Modi said his government was “giving the highest importance to data privacy and security, intellectual property rights and cyber security”. But a proposed national encryption policy circulated in September 2015 would have achieved the opposite effect.

The policy was comically short-lived. After its poorly-drafted provisions invited ridicule, it was swiftly withdrawn. But the government has promised to return with a fresh attempt to regulate encryption soon. The incident highlights the worrying assault on communications privacy and free speech in India, a concern compounded by the enormous scale of the telecommunications and Internet market.

Even with only around 26 percent of its population online, India is already the world’s second-largest Internet user, recently overtaking the United States. The number of Internet users in India is set to grow exponentially, spurred by ambitious governmental schemes to build a ‘Digital India’ and a country-wide fiber-optic backbone. There will be a corresponding increase in the use of the Internet for communicating and conducting commerce.

Encryption on the Internet

Encryption protects the security of Internet users from invasions of privacy, theft of data, and other attacks. By applying an algorithmic cipher (key), ordinary data (plaintext) is encoded into an unintelligible form (ciphertext), which is decrypted using the key. The ciphertext can be intercepted but will remain unintelligible without the key. The key is secret.

There are several methods of encryption. SSL/TLS, a family of encryption protocols, is commonly used by major websites. But while some companies encrypt sensitive data, such as passwords and financial information, during its transit through the Internet, most data at rest on servers is largely unencrypted. For instance, email providers regularly store plaintext messages on their servers. As a result, governments simply demand and receive backdoor access to information directly from the companies that provide these services. However, governments have long insisted on blanket backdoor access to all communications data, both encrypted and unencrypted, and whether at rest or in transit.

On the other hand, proper end-to-end encryption – full encryption from the sender to recipient, where the service provider simply passes on the ciphertext without storing it, and deletes the metadata – will defeat backdoors and protect privacy, but may not be profitable. End-to-end encryption alarms the surveillance establishment, which is why British Prime Minister David Cameron wants to ban it, and many in the US government want Silicon Valley companies to stop using it.

Communications privacy

Instead of relying on a company to secure communications, the surest way to achieve end-to-end encryption is for the sender to encrypt the message before it leaves her computer. Since only the sender and intended recipient have the key, even if the data is intercepted in transit or obtained through a backdoor, only the ciphertext will be visible.

For almost all of human history, encryption relied on a single shared key; that is, both the sender and recipient used a pre-determined key. But, like all secrets, the more who know it, the less secure the key becomes. From the 1970s onwards, revolutionary advances in cryptography enabled the generation of a pair of dissimilar keys, one public and one private, which are uniquely and mathematically linked. This is asymmetric or public key cryptography, where the private key remains an exclusive secret. It offers the strongest protection for communications privacy because it returns autonomy to the individual and is immune to backdoors.

For those using public key encryption, Edward Snowden’s revelation that the NSA had cracked several encryption protocols including SSL/TLS was worrying. Brute-force decryption (the use of supercomputers to mathematically attack keys) questions the integrity of public key encryption. But, since the difficulty of code-breaking is directly proportional to key size, notionally, generating longer keys will thwart the NSA, for now.

The crypto-wars in India

Where does India’s withdrawn encryption policy lie in this landscape of encryption and surveillance? It is difficult to say. Because it was so badly drafted, understanding the policy was a challenge. It could have been a ham-handed response to commercial end-to-end encryption, which many major providers such as Apple and WhatsApp are adopting following consumer demand. But curiously, this did not appear to be the case, because the government later exempted WhatsApp and other “mass use encryption products”.

The Indian establishment has a history of battling commercial encryption. From 2008, it fought Blackberry for backdoor access to its encrypted communications, coming close to banning the service, which dissipated only once the company lost its market share. There have been similar attempts to force Voice over Internet Protocol providers to fall in line, including Skype and Google. And there is a new thrust underway to regulate over-the-top content providers, including US companies.

The policy could represent a new phase in India’s crypto-wars. The government, emboldened by the sheer scale of the country’s market, might press an unyielding demand for communications backdoors. The policy made no bones of this desire: it sought to bind communications companies by mandatory contracts, regulate key-size and algorithms, compel surrender of encryption products including “working copies” of software (the key generation mechanism), and more.

The motives of regulation

The policy’s deeply intrusive provisions manifest a long-standing effort of the Indian state to dominate communications technology unimpeded by privacy concerns. From wiretaps to Internet metadata, intrusive surveillance is not judicially warranted, does not require the demonstration of probable cause, suffers no external oversight, and is secret. These shortcomings are enabling the creation of a sophisticated surveillance state that sits ill with India’s constitutional values.

Those values are being steadily besieged. India’s Supreme Court is entertaining a surge of clamorous litigation to check an increasingly intrusive state. Only a few months ago, the Attorney-General – the government’s foremost lawyer – argued in court that Indians did not have a right to privacy, relying on 1950s case law which permitted invasive surveillance. Encryption which can inexpensively lock the state out of private communications alarms the Indian government, which is why it has skirmished with commercially-available encryption in the past.

On the other hand, the conflict over encryption is fueled by irregular laws. Telecoms licensing regulations restrict Internet Service Providers to 40-bit symmetric keys, a primitively low standard; higher encryption requires permission and presumably surrender of the shared key to the government. Securities trading on the Internet requires 128-bit SSL/TLS encryption while the country’s central bank is pushing for end-to-end encryption for mobile banking. Seen in this light, the policy could simply be an attempt to rationalize an uneven field.

Encryption and freedom

Perhaps the government was trying to restrict the use of public key encryption and Internet anonymization services, such as Tor or I2P, by individuals. India’s telecoms minister stated: “The purport of this encryption policy relates only to those who encrypt.” This was not particularly illuminating. If the government wants to pre-empt terrorism – a legitimate duty, this approach is flawed since regardless of the law’s command arguably no terrorist will disclose her key to the government. Besides, since there are very few Internet anonymizers in India who are anyway targeted for special monitoring, it would be more productive for the surveillance establishment to maintain the status quo.

This leaves harmless encrypters – businesses, journalists, whistle blowers, and innocent privacy enthusiasts. For this group, impediments to encryption interferes with their ability to freely communicate. There is a proportionate link between encryption and the freedom of speech and expression, a fact acknowledged by Special Rapporteur David Kaye of the UN Human Rights Council, where India is a participating member. Kaye notes: “Encryption and anonymity are especially useful for the development and sharing of opinions, which often occur through online correspondence such as e-mail, text messaging, and other online interactions.”

This is because encryption affords privacy which promotes free speech, a relationship reiterated by the previous UN Special Rapporteur, Frank La Rue. On the other hand, surveillance has a “chilling effect” on speech. In 1962, Justice Subba Rao’s famous dissent in the Indian Supreme Court presciently connected privacy and free speech:

The act of surveillance is certainly a restriction on the [freedom of speech]. It cannot be suggested that the said freedom…will sustain only the mechanics of speech and expression. An illustration will make our point clear. A visitor, whether a wife, son or friend, is allowed to be received by a prisoner in the presence of a guard. The prisoner can speak with the visitor; but, can it be suggested that he is fully enjoying the said freedom? It is impossible for him to express his real and intimate thoughts to the visitor as fully as he would like. To extend the analogy to the present case is to treat the man under surveillance as a prisoner within the confines of our country and the authorities enforcing surveillance as guards. So understood, it must be held that the petitioner’s freedom under [the right to free speech under the Indian] Constitution is also infringed.

Kharak Singh v. State of Uttar Pradesh (1964) 1 SCR 332, pr. 30.

Perhaps the policy expressed the government’s discomfort at individual encrypters escaping surveillance, like free agents evading the state’s control. How should the law respond to this problem? Daniel Solove says the security of the state need not compromise individual privacy. On the other hand, as Ronald Dworkin influentially maintained, the freedoms of the individual precede the interests of the state.

Security and trade interests

However, even when assessed from the perspective of India’s security imperatives, the policy would have had harmful consequences. It required users of encryption, including businesses and consumers, to store plaintext versions of their communications for ninety days to surrender to the government upon demand. This outrageously ill-conceived provision would have created real ‘honeypots’ (originally, honeypots are decoy servers to lure hackers) of unencrypted data, ripe for theft. Note that India does not have a data breach law.

The policy’s demand for encryption companies to register their products and give working copies of their software and encryption mechanisms to the Indian government would have flown in the face of trade secrecy and intellectual property protection. The policy’s hurried withdrawal was a public relations exercise on the eve of Prime Minister Modi’s visit to Silicon Valley. It was successful. Modi encountered no criticism of his government’s visceral opposition to privacy, even though the policy would have severely disrupted the business practices of US communications providers operating in India.

Encryption invites a convergence of state interests between India and US as well: both countries want to control it. Last month’s joint statement from the US-India Strategic and Commercial Dialogue pledges “further cooperation on internet and cyber issues”. This innocuous statement masks a robust information-gathering and -sharing regime. There is no guarantee against the sharing of any encryption mechanisms or intercepted communications by India.

The government has promised to return with a reworked proposal. It would be in India’s interest for this to be preceded by a broad-based national discussion on encryption and its links to free speech, privacy, security, and commerce.

Click to read the post published on Free Speech / Privacy / Technology website.

For more details visit https://cis-india.org/internet-governance/blog/the-short-lived-adventure-of-india2019s-encryption-policy

The seedy underbelly of revenge porn

praskrishna — 2015-09-27T14:25:43Z

Intimate photos posted by angry exes are becoming part of an expanding online body of dirty work.

The article by Sandhya Soman was published in the Times of India on August 23, 2015.

Three lakh 'Likes' aren't easy to come by. But Geeta isn't gloating. She's livid, and waiting for the day a video-sharing site will take down the popular clip of her having sex with her vengeful ex-husband. "Every other day somebody calls or messages to say they've seen me," says Geeta.

She is not alone. Two weeks ago, law student Shrutanjaya Bhardwaj Whatsapped women he knew asking if any of them had come across cases of online sexual harassment. In a few hours, his phone was filled with tales of harassment by ex-boyfriends and strangers. Instances ranged from strangers publishing morphed photographs on Facebook, to ex-husbands and boyfriends circulating intimate photos and videos on porn sites. Of the 40 responses, around 25 were cases of abuse by former partners. "I have heard friends talking about the problem, but never realized it was this bad," says Bhardwaj.

These days, revenge is best served online - it travels faster and has potential for greater damage. But despite the widespread nature of the crime, many targets hesitate to complain for fear of being shamed and blamed. "A 15-year-old girl is going to worry about how her parents will react if she talks about it," says Chinmayi Arun, research director, Centre for Communication Governance at Delhi National Law University. There is also fear of harassment by the police, says Rohini Lakshane, researcher, Centre for Internet and Society. Worst of all is the waiting. "Even if a police complaint is filed, it takes ages to find out who shot it, who uploaded it and where it is circulated. Such content is mirrored across many sites," she says.

Geeta is familiar with the routine. Her harassment started with photographs sent to family, friends and colleagues. After an acrimonious divorce, several videos were released in 2013. "There were some 25-30 videos on various sites.

After an FIR was filed, the police wrote to websites and some of the links were removed," says Geeta, who has been flagging content on a popular site, which has not yet responded to her privacy violation report. "My face is seen clearly on it. People even come up to me in restaurants saying they've seen it. How do I get on with my life?" asks a distraught Geeta. She also recently filed an affidavit supporting the controversial porn ban PIL in a last-ditch effort to erase the abuse that began after her divorce.

The cyber cell officer in charge of her case says he had got websites to shut down several URLs but was thwarted by the repeal of section 66A of the IT Act that dealt with offensive messages sent electronically. When asked why section 67 (cyber pornography) of the same act and various sections in the criminal law couldn't be used, the officer says that only 66A is applicable to the evidence he has. "I asked for more links and she sent them to me. We'll see if other sections can be applied," he says. Lawyers and activists, argue that existing laws are good enough like sections 354A (sexual harassment), 354C (voyeurism), 354D (stalking) and 509 (outraging modesty) of the IPC.

Though there are no official statistics for what is popularly referred to as 'revenge' porn, there is a flood of such images online. Lakshane, who studied consent in amateur pornography for the NGO-run EroTICs India project in 2014, found clandestinely shot clips to exhibitionist ones where faces are blurred or cropped.

Social activist Sunita Krishnan has raised the red flag over several video clips, including two that show gang rape, which were circulated on Whatsapp. Some of the content she came across showed familiarity between the man and woman, indicating an existing relationship. In one clip, the man says: "How dare you go with that fellow. What you did it to him, do it to me."

Most home-grown clips end up on desi sites with servers abroad, making it difficult to take down content. Some do have a policy of asking for consent of people in the frame. But Lakshane, who wanted to test this policy, says when she approached one website that has servers abroad saying that she had a sexually explicit video, the reply was a one-liner asking her to send it. "They didn't ask for any consent emails," she says. In lieu of payment, they offered her a free account on another file-sharing site, which seemed to partner with the site. With no financial links to those submitting videos, sites like these make money out of subscriptions from consumers, or ads.

A few months ago, the CBI arrested a man from Bengaluru for uploading porn clips, using high-end editing software and cameras. Kaushik Kuonar allegedly headed a syndicate and was supposed to be behind the rape clips reported by Krishnan. "I am skeptical of the idea of amateur porn being randomly available across the Internet. There seem to be people like the man in Bengaluru who are apparently sourcing, distributing and making money out of it," says Chinmayi Arun. "He had 474 clips, including some of rape," adds Krishnan.

Social media companies, meanwhile, say they're working with authorities to prevent such violations. Facebook spokesperson says the company removes content that violates its community standards. It also works with the women and child development ministry to help women stay safe online. Google, Microsoft, Twitter and Reddit have promised to remove links to revenge porn on request, while countries like Japan and Israel have made it illegal.

In India, the National Commission for Women started a consultation on online harassment but is yet to submit a report. In the absence of clarity, activists like Krishnan endorse the banning of porn sites. Not all agree with sweeping solutions. Lakshane says sometimes a court order helps to get tech companies to act faster on requests as in the case of a 2012 sex tape scandal where Google removed search results to 360 web pages. Also, the term 'revenge' porn, she says, is a misnomer as the videos are meant to shame women. "These are not movies where actors get paid. Somebody else is making money off this gross violation of privacy."

For more details visit https://cis-india.org/internet-governance/blog/the-times-of-india-sandhya-soman-august-23-2015-the-seedy-underbelly-of-revenge-porn

The Second IJLT-CIS Lecture Series at National Law School, Bangalore

praskrishna — 2011-05-13T11:03:04Z

The Indian Journal of Law and Technology and the Centre for Internet and Society, present the second IJLT- CIS Lecture Series, an event comprised of an intensive series of lectures by luminaries with expertise in law and technology to give students, professionals and anyone interested in a comprehensive idea about the theme, "Emerging Issues in Privacy law".

The focus will be on contemporary sub-issues of critical relevance such as:

The Unique Identification Project and Challenges to Privacy
Cloud Computing and Behavioural Tracking
The State and Privacy: Electronic Surveillance

Speakers

The following delegates would be speaking at the conference:

Usha Ramanathan
Malavika Jayaram
Vivek Durai
Prof. Sudhir Krishnaswamy

Profiles of the Speakers

Usha Ramanathan

Dr. Usha Ramanathan is an internationally recognized expert on law and poverty. She studied law at Madras University, the University of Nagpur and Delhi University. She is a frequent adviser to non-governmental organisations and international organizations. She is a member of Amnesty International's Advisory Panel on Economic, Social and Cultural Rights and has been called upon by the World Health Organisation as a expert on mental health on various occasions. Her research interests include human rights, displacement, torts and environment. She has published extensively in India and abroad.

Malavika Jayaram

Malavika Jaya has an experience of more than 15 years as a lawyer with a specialization in information technology and intellectual property. She is a partner in Jayaram & Jayaram, Bangalore managing a portfolio of work that has a strong focus on IT/IP and commercial work, especially with an international angle and is a fellow of the Centre for Internet and Society. She works with CIS in its efforts to explore, understand, and affect the shape and form of the Internet, and its relationship with the cultural and social milieu of our time.

More info on Malavika Jayaram can be found here

Vivek Durai

Vivek G Durai is co-founder and managing partner at Atman Law Partners. He represents Indian and overseas clients in connection with their India entry strategies, venture capital and private equity investments, infrastructure projects, technology contracts, procurement and supply agreements and real estate investments.

More info on Vivek Durai can be found here

Professor (Dr.) Sudhir Krishnaswamy

Prof. Sudhir Krishnaswamy graduated from National Law School Bangalore with a BA LLB (Hons) degree. He then went onto finish a BCL and DPhil in Law from the University of Oxford on a Rhodes Scholarship. He has taught at National Law School, Bangalore and Pembroke College, University of Oxford among other places. His research interests include constitutional law, administrative law, intellectual property law, legal profession and reform of the legal system.

More info on Prof. Krishnaswamy can be found here

Admission will not charged but in order to enable us to ensure adequate seating, do register without fail by the 18th of May by email at editorialboard@ijlt.in.

Updates regarding the conference will be posted here.

For more details visit https://cis-india.org/events/ijlt-cis-lecture-series

The scariest bill in Parliament is getting no attention – here’s what you need to know about it

sunil — 2015-09-13T07:56:42Z

A bill proposes creation of a national DNA data bank, without requisite safeguards for privacy, and opens the information to everything from civic disputes to compilation of statistics.

The blog post by Nayantara Narayanan was published in Scroll.in on July 24, 2015.

On Wednesday, the Narendra Modi government told the Supreme Court that India's citizens have no fundamental right to privacy. Attorney General Mukul Rohatgi referred to a 1950 court verdict which held that the right to privacy was not a fundamental right while defending the constitutional validity of the Aadhar scheme, a massive database of information of individual citizens including biometrics and bank accounts. At the same time, the government is planning another big database.

In the ongoing stormy monsoon session of Parliament, where the government and opposition have locked horns over several proposed legislation, Human DNA Profiling Bill 2015 has been making little noise but can have widespread impact on India’s criminal justice system and the privacy of citizens. The bill aims to regulate the collection and use of genetic material from crime scenes, and also proposes the creation of a national DNA databank that might be used for non-forensic purposes.

DNA is a mighty tool, especially in criminal forensics, but access to a person’s genetic information can be highly intrusive and dangerous. DNA contains information about health and genetic relationships that can influence employment, insurance. It can be tampered with and planted at crime scenes.

Law and poverty expert Usha Ramanathan and Centre for Internet and Society executive director Sunil Abraham, who are members of an expert committee on DNA profiling constituted by the government, have written dissent notes against the final draft of the Human DNA Profiling Bill. Ramanathan and Abraham are of the opinion that there aren’t adequate safeguards to privacy and too much power rests with the proposed DNA Profiling Board.

Ramanathan notes that one of the biggest challenges of a DNA database is function creep – the gradual widening of the use of a technology beyond the purpose for which it was originally intended. As this DNA profiling bill enters Parliament, here are some questions we should be asking.

Is DNA evidence infallible?

The short answer is “no”. Despite all the crime shows and murder movies we have seen where DNA evidence nails the perpetrator to the crime, DNA evidence is far from absolute. Genetic material recovered from a crime scene is likely to be only a partial strand of DNA. Analysing this partial strand can lead to a match with the person that left the DNA behind but can also lead to a coincidental match with people who happen to have a similar gene sequence in their DNA. False incriminations can happen when more than one person’s DNA get mixed at the crime scene, from DNA contamination, mislabelling and even degradation over time.

In the Aarushi Talwar murder case, for instance, the Hyderabad-based Centre for DNA Fingerprinting and Diagnostics altered its 2008 report in 2013 and admitted to typographical errors in the description of its DNA samples. The evidence could have changed the course of the investigation.

What will the national DNA database look like?

The bill proposes to set up a national DNA data bank and a number of state or regional data banks that will feed into the national data pool. Every data bank will have six categories under which DNA profiles will be filed – crime scene index, suspects’ index, offenders’ index, missing persons’ index, unknown deceased persons’ index, and volunteers’ index. The DNA profiling board will have the power to include more categories. In the offenders’ index, the DNA information will be linked to the name of the person from whom it was collected. All others will be linked to a case reference number.

What happens when my genetic material is on the database?

The bill gives sanction for broad use of DNA profiles and samples – to identify victims of accidents or disasters, to identify missing persons, for civil disputes and other offences. It also allows the information to be used to create population statistics, identification research, parental disputes, issues relating to reproductive technologies and migration. In his dissent note, Abraham argues that all non-forensic use should be rejected.

Cases like whether paternity should be determined, unwed mothers leaving their children and adopted children looking for their natural parents are hugely contestable things, said Ramanathan. “You are changing multiple structures and not recognising any of them,” she added.

Even though the bill allows for DNA information of offenders to be expunged once a court acquits them or sets aside a conviction, it makes no provision for removing other kinds of profiles.

The CDFD, which will be instrumental in building and processing DNA profiles, is using the CODIS software bought from the US's Federal Bureau of Investigation an compatible with their systems. The FBI used CODIS to identify victims of the terrorist attacks on the World Trade Center in 2001. More recently, the CDFD used CODIS to identify some who died in the Uttarakhand floods of 2013 after asking for 5,000 people who were possibly relatives of the deceased to undertake DNA testing.

Can the DNA profiling board protect our genetic information?

The bill grants the board vast powers to allow the use of DNA profiles in any civil and criminal proceedings that it deems necessary. “Ideally these powers would lie with the legislative or judicial branch,” Abraham said, in his dissent note. “Furthermore, the Bill establishes no mechanism for accountability or oversight over the functioning of the Board.”

Ramanathan questions the constitution of the board itself, her worry being that the board is not a body of disinterested officials. The secretary of the board is supposed to be from the Centre for DNA Fingerprinting and Diagnostics, an autonomous institute that will get a lot of work from the creation of the national DNA data bank.

Why does a DNA fingerprinting consent form ask for caste?

One of the most troubling features of the creation of a databank is the consent form to be signed by a person donating blood for DNA analysis. Along with name, gender and address, the form also asks for caste to be listed.

India has a history of unwarrantedly linking caste and community with criminality. Members of decriminalised tribes regularly report being harassed by the police and even having false cases foisted on them simply because they are linked to a certain community. Tagging caste onto genetic data can result in unfair profiling and identification errors.

The United Kingdom set up its national criminal DNA database in 1995. The database expanded over a decade by including genetic information of anyone who was arrested till more than one million innocent people were on it – including a grandmother who didn’t return a football to children who kicked it into her garden. The dangers of a genetic database are too much state oversight, false implication in crimes and a loss of privacy – none of which should come to pass without at least a debate.

For more details visit https://cis-india.org/internet-governance/news/the-scariest-bill-in-parliament-is-getting-no-attention-2013-here2019s-what-you-need-to-know-about-it

The Rules of Engagement

nishant — 2015-04-24T11:48:54Z

Why the have-nots of the digital world can sometimes be mistaken as trolls. I am not sure if you have noticed, but lately, the people populating our social networks have started to be more diverse than before.

Nishant Shah's column was published in the Indian Express on October 29, 2012.

Oh, sure, we are still talking about a fairly middle-class hang-out that happens largely in English and is restricted to people in urban environments who have the economic and cultural capital of access. But if you browse through your friends’ lists and compare it with, say, the network from five years ago, you will realise that the age demography has changed quite dramatically. I am not suggesting that the Web was only the realm of the young – let us face it, the people who actually created the infrastructure of the Web were not tiny tots. However, with Web 2.0 at the turn of the millennium, we have had an extraordinary focus on young people online.

But as the networks grow to include more people, there are now a lot of people online, who might not be the 16-year-old BlackBerry-wielding digital native, nor be in the “business of internet” but are finding a space for themselves, tentatively and steadily negotiating with this new space. Some of it might be because, those of us who were new kids on the block in the Nineties, are now older by a decade and are still on the block, but replaced by newer kids around the block. Some of it might be because there is an ease of access as portable computing devices grow more personal and get more people to use their smartphones as a gateway into the online worlds. But a lot of it is actually because the fold of the Web is expanding. The digital spaces of conversation are being integrated into our everyday lives and practices, replacing older forms of media and information structures and processes of social and cultural belonging.

And so, even though the penetration of the interwebz is not as rapid in countries like India as one would have hoped for, we do see a wide age group of people coming online, forming networks, and entering into conversations. I hadn’t really realised this, even though I was adding them to my social networks, that the digital immigrants are now here, and they are here to stay. It suddenly surfaced in my thoughts, because I recently heard a few narratives which made me dwell on the effort and the learning that one takes for granted but is a prerequisite for belonging to these new social spaces.

One of the first complaints I heard was about a hostility that many digital immigrants face when they start engaging with the social media. They follow the manuals. They read the FAQs. They look at patterns, and learn. And yet, even when they seem to be doing what seems to be exactly what everybody else is doing, they are often told that they got it all wrong. This is bewildering for many, because they cannot really see the difference. And the reason is that the social web is governed by a whole lot of unwritten rules and codes, which clearly are the rites of passage into the online world. These are not things that can be taught. These are not written in a guideline that tells you how to behave on Facebook or how to sift through the live-streams on Twitter. It is a fiercely guarded set of dos and don’ts which clearly distinguish between the digital natives and the digital immigrants, reinforcing exclusivity and exclusion. And when the digital immigrant violates these rules, they are often faced with a sneer, a sarcastic comment, or a dismissal as “not with it”.

The second thing I have repeatedly noticed is “calling troll” to people who do not always know these rules. Trolling is not new to the world of the internet. People who disrupt conversations and discussions by posting provocative or tangential information, by voicing hateful opinions, by passing harsh judgments, or sometimes by willfully breaking the rules of the communities, in order to seek attention and interrupt the flow of conversations are called trolls. Trolls are universally frowned upon and trolling wars often take up epic proportions because people get emotionally invested in them. Trolls are often shamed publicly, their mistakes brought into an embarrassing spot-light and ridiculed in back-channels or even in public discussions.

Calling somebody a troll presumes that the user is conversant with the rules of the game and is then breaking them, working with the idea that if you are online, you are naturally a digital native. The digital immigrants often create noob mistakes that can appear troll-like but are not intended to be so, and are often on the receiving end of a community’s hostility. And it is time, now that our online networks are growing, for us to realise that our presumptions about who is online need to change. If we are looking at an inclusive Web, we need to stop imagining that the person on the other side of the interface is necessarily like us, and develop new networks of nurture, which allows the digital immigrants safe spaces to experiment, make mistakes, and learn like the best of us. The next time, before you call somebody a troll, see if it might just be somebody learning the tricks of the trade. If they are doing something wrong, just politely point it out to them. And remember, acceptance is not only for people who are like us, but about people who are markedly unlike us.

For more details visit https://cis-india.org/digital-natives/blog/india-express-news-nishant-shah-oct-29-2012-the-rules-of-engagement

The Rising Stars in Music Loath Losing their Only Platform

Umar Shah and Mir Farhat — 2017-12-21T15:59:24Z

Strap: The music from Kashmir wants to find a way out, but shutting internet down only adds to the bitterness.

Srinagar, J&K: Amid the gaudy Old City area of Srinagar, where the air is heavy with the pungent smell of teargas shells, 25-year-old Ali Saifuddin has been busy working on compositions that he will perform at a prominent indie music festival in Pune in December 2017. Pune may be discovering Saifuddin’s music only now, but he has performed in Dubai and London too, owing to the fanbase he has garnered on social media.


Mehmeet Syed’s popularity on social media has taken her to countries like US, UK, Australia and Abu Dhabi (Picture Courtesy: Mehmeet Syed Facebook page)	Umar Majeed shot to fame with his rendition of Pakistan’s national anthem on the Santoor		Yawar Abdal, a Kashmiri singer, says he doesn’t see the logic behind keeping the internet shut for months (Picture Courtesy: Yawar Abdal Facebook Page)

It was in 2014 when the budding musician bought recording gear and created a Facebook page. Hours after uploading his first video, Saifuddin became an internet sensation. “I was stunned to see thousands of views on Facebook. People who I had never met with hailed my tunes and encouraged me to produce more,” Saifuddin says.

With 9,000 followers on Instagram and more than 6,000 ‘likes’ on his Facebook page, Saifuddin often gets offers to perform outside Kashmir.

“(As an artist) you need a platform, and in Kashmir, it is the internet that sides with you,” says Yawar Abdal, another popular Youtuber, whose song Tamanna has garnered over 400,000 views since June. “I uploaded a minute-long video on Facebook in April last year. It became viral and made me famous,” Abdal says.

The 23-year-old Pune University student has more than 13,000 followers on Instagram and above 10,000 likes on Facebook. “There are no shows organised in Kashmir. Internet is the only platform where people can broadcast what they posses,” he says.

Frequent curfews, even online, are like a curse for Kashmiris. Internet services are being clamped down in the Valley quite often, particularly after the killing of militant leader Burhan Wani on July 8. Wani’s killing sparked violent protests resulting in the deaths of 15 civilians the very next day. The clashes killed 383 people - including 145 civilians, 138 militants and 100 state and Central security personnel - and around 15,000 others were injured. While many were also put under illegal detention following the outbreak of deadly violence, the government suspended internet for more than six months in 2016.

In such a scenario, where shutdowns are stretching from streets to the social media, it is not surprising to see Kashmiris voice their dissent through art whenever they find a window open. In 2017, internet services were blocked 27 times across various districts of the Valley, either on mobile, or on both mobile and broadband, in the hope that it prevents rumour mongering and instigation of violence.

“This is unnatural and tantamount to choking a person’s right to free speech,” says Saifuddin, who has been criticising the human rights violations in Kashmir with songs that carry a political undertone. Son of medical doctors based in UK, Saifuddin got initiated to rock music through Jimi Hendrix and Led Zeppelin during school days, before heading to Delhi University for a BA degree in 2011. “There I found the treasure of music. I finally had a computer and an internet connection. Youtube became my first, and so far, the only teacher,” recalls Saifuddin. His songs on Youtube include Aye Raah-e-Haq Ke Shaheedon, Phir Se Hum Ubharaygay, and Manzoor Nahi - a song he posted to protest against Prime Minister Narendra Modi’s visit to Kashmir in November 2015.

For Mehmeet Syed, whose music was limited to CDs since 2004, internet opened new avenues. Her popularity on social media has taken her to countries like US, UK, Australia and Abu Dhabi among others. “Being on social media is very important as it lets people stay updated about my work. My popularity touched new heights after I took to the internet,” says Syed, who owns a verified Facebook page with more than 1.20 lakh followers. On Instagram, she is a novice. But an internet ban means “heartbreak” to her. “Internet is not shut down in other places witnessing violence and conflict…We are very unfortunate to face internet bans,” says Syed.

“As singers, we have to record songs, mail them for editing, or receive content from studio. Without internet, we are stuck, paralysed,” she says.

Explaining how internet is more than a means of free expression, Mehmeet says, “Times have changed. This is the era of iTunes and YouTube. The songs we release in Kashmir are watched online across the globe. And this is how you earn today.”

The freedom to share content has empowered even the marginalised lot who were only known locally for their talent. Abdul Rashid, a transgender wedding singer popular as ‘Reshma’ in Srinagar’s Old City, became an online sensation after one of her wedding songs was widely viewed on Facebook, and media followed up with stories around her.

“Nobody knew me outside my locality. But today, I get calls from across Kashmir to sing on weddings. This became possible through Facebook. It gave me wide publicity,” Reshma says.

Umar Majeed, a Class 12 student from Zainakoot in Srinagar, is keeping the folk tradition of Kashmir alive with the help of internet. While the 19-year-old inherited skills on Santoor from his father, Abdul Majeed, it was social media that propelled him to fame. Umar played the national anthem of Pakistan on Santoor, accompanied by two other musicians on Rabaab. “The instrumental composition was viewed 450,000 times in two days,” says Umar, adding that they are working on a musical theme of the Indian national anthem as well.

With 5,000 friends on Facebooķ and 2,500 followers on Instagram, Umar has a quite wide network for a schoolkid. “We get a lot of encouragement and confidence when people comment on and appreciate our work online,” he says. But repeated internet ban keeps the young musician away from the much needed feedback.

“When I get an idea, I instantly compose it on Santoor and upload it on Facebook to get viewers’ response… But when there is internet ban, I have no mood to play even when I get an idea, and soon I forget it,” he says.

Mehmeet points out that internet not only promises freedom of expression but also provides monetary support to indie artists through platforms like iTunes, Google Play, Pandora, Amazon and Sawaan. She has been generating revenue to support her music through 21 of her tracks uploaded on these platforms, Mehmeet says.

The repeated shutdown of internet during the Republic Day and Independence Day also sends a wrong message to Kashmiris, says Mehmeet. “We realise that such attitude is step-motherly, which is unacceptable. And we as Kashmiris have not yet reached the stage where we think we have got independence.” Saifuddin seconds her sentiments. “If it is a democracy, then I have a right to speak my heart out. Why would the government choke my voice?” he asks.

When asked if the clamping down of internet service affects his music and earning, Saifuddin retorts poetically: “If not for the internet, I wouldn’t be around. So yes, it pains to see Kashmir being sealed on streets and on the cyberspace as well.

“It makes you angry at times to see things that happen nowhere but in Kashmir.”

Abdal, on the contrary, wants his music to be apolitical. “I sing the songs of Sufi saints and strive to rejuvenate the dying Kashmiri music,” he says.

But, the ban on internet services leaves him perturbed. “Without listeners, you begin losing interest. I hope one day the government understands that there is no logic in keeping the internet shut for weeks and months,” says Abdal, adding that he also observes a drop in demand for live gigs in the absence of internet.

“When you have a lot to share, but the medium through which you could take it to people is blocked, discomfort is what you’re left with.”

Umar Shah and Mir Farhat are Srinagar-based freelance writers and members of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/the-rising-stars-in-music-loath-losing-their-only-platform

The rise of India’s typography community

Admin — 2017-08-07T15:17:25Z

Meet India’s typography community, as they adapt regional language scripts for the digital age and take their passion mainstream.

Seven hundred and eighty languages and 400 scripts: that’s the number the People’s Linguistic Survey of India identified in 2013. Of these, how many scripts do we see daily? Giving text a unique ‘voice’ are typefaces and fonts, created by type designers across the world. It’s safe to say that India is a prime player in this market because of the sheer number of languages we have. Satya Rajpurohit, founder of Ahmedabad-based Indian Type Foundry (ITF), knows this all too well. His family of fonts, called Kohinoor, is what your Apple device is probably displaying every time you look at regional text.

Innovate and experiment

“Designing Indic fonts is tricky; languages that have nothing in common script-wise — like Hindi and Gujarati — should complement each other,” he explains. After getting a global brand to license ITF’s fonts (his other clients include Google, Samsung and Sony), he invested $3 million of his own money in creating fontstore.com, India’s first subscription-based model. Launched early July, he says, “It works like Netflix for fonts: pay a monthly commitment of around $15 and use as many as you need. Within the first month, we’ve had 300 subscribers.” It took 35 designers working for two years to design the commissioned fonts that are available exclusively on the site; more will be added periodically to expand the library.

This propensity to innovate is not uncommon among the Indian type community. Shiva Nallaperumal from Chennai was on the Forbes 30 Under 30 list this year, for being the youngest Indian recipient, at 24, of the SOTA (Society of Typographic Aficionados) Catalyst Award. A graduate of Maryland Institute College of Art, USA, he recently launched Calcula, his latest experimental typeface, in collaboration with a Dutch type foundry, Typotheque. “It also involved coding (done by a partner), as it engineers itself while you type to fit into the letters on either side. It was just a project in pushing boundaries; now, the market will have to find uses for it,” he shares.

Going public

Today, the interest in Indic types is on the rise, thanks to this emerging community of designers. Public demonstrations are also fuelling curiosity. “In Delhi, we organise Typerventions, where we meet common people in a public space and make font installations,” says designer Pooja Saxena, who created a Santhali font. These interventions include writing words with pieces of watermelon and stencilling the word “petrichor” on the road in water and watching it evaporate in the Delhi heat. “There are also typography boot camps and workshops in March, around World Typography Day,” she says, which are surprisingly well-attended.

In Mumbai, type design studio Mota Italic, run by Rob Keller and Kimya Gandhi, organises Typostammtisch (pronounced too-poe-shtaam-tish) events — there’s one happening today at 5 pm at the Doolally Taproom in Colaba. Groups of at least 30 people come together for each meet, invariably held at a pub and featuring lively show-and-tell presentations and games using regional script. “This week, we’ve planned a Type Tour of India,” says Keller.

Latin vs Indic

Regional languages in India were first set to type by the British, which resulted in some bastardisation of the script. Nallaperumal explains, “South Indian scripts are written with a scribe, so it is a single line with no contrast. Devanagiri is more calligraphic because of the pens they are written with. The person who made the first Tamil fonts did not get that. He applied the calligraphic logic to our languages, resulting in varying thickness in each character, which actually does not exist.” But it’s too late to go back to the original, as people wouldn’t be able to recognise it, feel the designers. “We need to improve what people are comfortable with right now. Designing one Indian typeface is more difficult than Latin. With English, you’re done with 26 letters; Indian languages have around 800 characters each, most of which are complicated,” says Rajpurohit.

Regional type was also constrained by the cost of the technology involved, and restricted to the machines that were used to develop them. Aurobind Patel, design consultant for leading Indian and UK newspapers, says, “Font development is now much more accessible, and thanks to smartphones, there’s a need for type that translates the same way across devices. Google has pumped in enormous amounts of money to create fonts, even in dying languages that literally have a handful of readers to ensure that any search that pops up on their engine looks authentic.” However, the challenge in creating typefaces for uncommon Indic languages is immense. Saxena knows the difficulties all too well, as she worked for two and a half years to design the Santhali font, commissioned by The Centre for Internet and Society (they were creating a Wikipedia site in the language). “It needed a lot of hands-on research, looking at old printing materials, talking to readers and writers, getting their feedback on how it should look,” she says.

On the web

The growth of Indic is, unsurprisingly, coming at a most opportune time. While a 1997 study by Babel, a joint initiative of the Internet Society and Montreal-based Alis Technologies, showed that in the mid 1990s English made up almost 80% of the Internet, today, according to internetworldstats.com, that’s down to 30%. A paper presented at a social media conference in Barcelona in 2011 found that 49% of all tweets were in languages other than English. And, closer home, a NASSCOM-Akmai Technologies report released last August said that by 2020, there will be an estimated 730 million Internet users in India — and of the new users, 75% will access it from rural India, and a similar number will engage using local languages.

Sarang Kulkarni, founder of EkType, a Mumbai-based foundry that focuses on Indian type, explains, “These numbers are attracting international attention: around 25 countries are developing Indian typefaces, including China.”

Looking back

Earlier this year, the story of designer Robert Green and the beautiful Doves Type that he recovered from the bottom of the Thames River was doing the rounds on social media. In 2016, designer Steve Welsh ran a Kickstarter campaign to revive a font called Euclid — it is now called Lustig Elements, after its designer. “Many familiar typefaces in use today are preserved or were revived from earlier eras. Baskerville and Garamond — eighteenth and sixteenth century typefaces, respectively — were revived at the beginning of the 20th century. Then there are updated derivatives of old types, like the ubiquitous Times New Roman, which itself is a hybrid of Robert Granjon’s 16th century designs and (again) Baskerville,” says Green, on what we can learn from older types.

While there is not much revival of fonts happening in India — considering that our history of type goes back a couple of centuries, it’s understandable — typography has made its way into pop culture. At EkType, Kulkarni has worked with Hanif Kureshi, of Kyoorius Designyatra, to digitise hand-painted lettering, thus preserving the typographic practice of street painters around the country. “As technology advances, 3D typefaces can be used online and in word processing software as well,” says Kulkarni.

In the classroom

Education in type design, including at University of Reading’s MA Typeface Design course, is Latin-centric. “We are not taught to design in Indian script. There might be a small workshop, but in formal education we are only taught to design in English,” says Saxena, an MATD graduate.

Vaibhav Singh, another Reading scholar, who has designed fonts for Adobe, agrees. “Young designers require reliable sources of information to inform their practice and those are few and far between,” he says. Stating that historical research is patchy at the moment, he feels postgraduate and doctoral theses coming from design schools are beginning to form a base for future work. “Histories of printing usually steer clear of technology, design, and production – and this is an area where interdisciplinary collaboration will add to our knowledge of India’s typographic history,” he says.

To this end, Singh has started a publishing imprint and a journal called Contextual Alternate, launching next year, to address the lack of scholarly research.

Pop goes the type

Brands like Mumbai-based Kulture Shop have made typography cool; they also function as a collective, with over 40 artists contributing to the designs on six product lines. Co-founder Kunal Anand says, “Typography and words have a way of cutting through the noise. You can show an image that can capture a thousand words but when you say something using typography, the subtleties of a letter can change the word entirely.” He adds that people can link their identity to typography, literally wearing it on their sleeve. Kochi-based Teresa George, who runs ViaKerala and the Malayalam Project, says that when it comes to Kerala, script is enmeshed in the culture. “Type can be an extension of who we are. For the younger generation, it’s a way of connecting to their roots,” she says.

This kind of interest is important, as the type we see around us is ubiquitous, says Mahendra Patel, former principal designer at National Institute of Design, Ahmedabad.

“The simple life is the most difficult life. Within the limitations that older foundries had, they created beautiful types. Now in the digital age, we have a certain sense of responsibility towards these classical and historical fonts, and it’s important to go back and revive them. At the same time, there are plenty of new fonts coming out. For me, both are right. There is enough space for both revival and new approaches.”

Basics of type design

Typeface is a collection of fonts: the former is like an album, the latter, the songs. For example, Helvetica is a typeface and Helvetica Bold is a font.

Fonts are designed based on what they are going to be used for. This includes the spacing between each letter combination, and the height and length of the ascenders and descenders.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-susanna-myrtle-lazarus-august-4-2017-the-rise-of

The rise of AI in Indian healthcare industry: An innovative asset to the rescue

Admin — 2018-08-06T02:40:50Z

The use of Artificial Intelligence (AI) is rapidly increasing with the growth of start-ups and large Information and Communications Technology (ICT) companies that offer AI healthcare solutions for healthcare challenges in India.

The blog post was published by Media India Group on June 27, 2018. CIS research was quoted.

There is an uneven ratio of skilled doctors to patients in our country. According to the Indian Journal of Public Health (2017 edition), India had 4.8 practicing doctors per 10,000 population. It is expected to grow to 6.9 per 10,000 people by the year 2030, but the minimum doctor to patient ratio recommended by the World Health Organisation (WHO) is 1:1000. AI is an effective measure to tackle challenges like the uneven ratio, making doctors more skilled at their jobs, catering to rural areas for a high-quality healthcare, training doctors and nurses to tackle complex procedures.

How does AI in healthcare function?

AI in the healthcare sector is a range of technologies that enable machines to sense, comprehend, act and learn so that they can carry out administrative and healthcare functions, be used in research and for training purposes. Some of the technologies included in the healthcare sector are natural language processing, intelligent agents, computer vision, machine learning, chatbots, voice recognition etc. These technologies can be adopted at varying levels across the healthcare ecosystem. Machine learning can be used to merge an individual’s omic (genomic, proteomic, metabolic) data with other data sources to predict the probability of developing a disease, which can then be addressed through timely intercessions such as preventative therapy.

AI in the healthcare sector in India

AI in the healthcare sector in India is potentially developing. According to a report by the CIS India published earlier this year, AI could help add USD 957 billion to the Indian economy by 2035. Of the USD 5.5 billion that was raised by global digital healthcare companies in July-September 2017 quarter, at least 16 Indian Healthcare IT companies received funding, the report said. State governments are also providing support to AI start-ups.

AI is capable of solving various healthcare challenges in India. The technological innovation is proving to be beneficial in diagnosis procedure, monitoring of chronic conditions, assisting in robotic surgery, drug discovery etc. Among several companies that are exploring various uses of AI in the healthcare segment, Microsoft is taking a major initiative along with Apollo and other hospitals to expand its use in several segments like cardiology, eye-care, diseases like Tuberculosis, HIV etc.

Healthcare start-ups are majorly engaging themselves in the use of Artificial Intelligence.

A list of six healthcare start-ups that are using Artificial Intelligence in India:

Niramai, a Bengaluru-based start-up founded in the year 2016, is using AI for pain-free breast cancer screening.
MUrgency, a Mumbai-based healthcare mobile application is helping people connect in need of medical emergency responses with qualified medical, safety, rescue and assistance professionals.
Advancells, a Noida-based start-up provides stem cell therapy, also known as regenerative therapy, has a large potential in the field of organ transplantation.
Portea, a Bengaluru-based start-up offers home visits from doctors, nurses, physiotherapists and technicians for patients. Patients who are unable to visit hospitals can receive assistance from doctors and medical professionals using remote diagnostics and monitoring equipments, point-of-care devices.
AddressHealth, a Bengaluru-based start-up provides primary pediatric healthcare services to school children where they are screened for hearing, vision, dental health, anthropometry, alongside a medical competition.
LiveHealth, a Pune-based start-up works as a management information system (MIS) for healthcare providers. It collects samples, manages patient records, diagnoses them and generates reports.

Artificial Intelligence, the next-gen innovative thing will act as an “invisible hand” in revolutionising the healthcare sector and is expected to grow in India to USD 372 billion by 2022.

For more details visit https://cis-india.org/internet-governance/news/media-india-group-june-27-2018-binita-punwani-rise-of-ai-in-indian-healthcare-industry

The rise and rise of slacktivism

praskrishna — 2015-10-25T14:49:58Z

Can we change the world with the click of a mouse? Or is it just another feel-good phenomenon? The writer explores the growing penchant for online petitions and desktop activism.

The article by Divya Gandhi was published in the Hindu on October 3, 2015. Pranesh Prakash was quoted.

“I am a female journalist and Kumudam’s history of objectifying and judging women sickens me,” writes reporter Kavitha Muralidharan in a no-holds-barred petition on change.org. Tamil magazine Kumudam, which last week published pictures of women in leggings describing them as “vulgar”, must apologise, she said. The apology didn’t come, but on last count the letter to Kumudam’s editor had galvanised over 20,000 signatures and, at least in part, the petition’s aim — to flag sexism in the media — had been met.

Online activism forums such as change.org, jhatkaa.org, avaaz.org or bitgiving.com have turned the Net into a vibrant space for debate, influencing public opinion and, to varying degrees, catalysing change.

Slacktivism — if we must call it that — has existed a while and cannot be dismissed, says Policy Director at the Centre for Internet and Society, Pranesh Prakash. “We can’t underestimate the power of the collective, the power of the word in influencing public opinion and policy.”

Take, for instance, the three-minute ‘Kodaikanal Won’t’ video promoted by Jhatkaa where artist Sofia Ashraf raps about Unilever’s flouting of environmental and safety norms at its thermometer unit in Kodaikanal. The video was watched over 3,00,000 times in its first 48 hours, and a parallel online petition, which asks the company to clean up its “toxic mess” got 91,054 signatures.

No, Unilever has not formally committed to ‘clean up its mess’ yet but what the campaign did was to create public pressure on the company to engage with the mainstream media, says Nityanand Jayaram, an environmental activist who has worked on the Kodaikanal case since 2001. “We had 14 years of invisible hard work behind us. That shroud of invisibility was removed with one social media campaign.”

“Most petitions I can think of have been accompanied by actions on the ground as well,” says Kavita Krishnan, Secretary, All India Progressive Women’s Association. “For instance, if an online petition that says arrest those threatening John Dayal gets 6,000 signatures in 48 hours, these are 6,000 people across the country. I cannot collect them on a Delhi street within 48 hours. It is not that these people would not join a demonstration if they could, but there is no real difference between their having attended a demonstration and their having signed that petition. There are other issues for which you need sustained action or quiet, behind-the-scenes work, but in terms of protests, I think online petitions are very effective.”

How do the views and shares and signatures turn into yardsticks to measure the success of a campaign? In the case of BitGiving, virality translates into crowdfunding. Among its success stories, it counts a campaign to help send India’s ice hockey team, which got no government support, to the Ice Hockey Championship Cup of Asia this year. The campaign came alive on social media, was highlighted in mainstream media, captured the interest of several high-profile funders, and managed to raise more money than the team needed for training, accommodation, airfare and equipment. Jhatkaa measures its campaigns by various criteria, says Deepa Gupta, Executive Director. “We track outcome, the number of people impacted… and we track media coverage.”

A quick scroll down some of these sites reflects the staggering range of subjects that has captured the urban imagination — from OROP to hyper-local issues (garbage in Bengaluru) or animal rights (the culling of stray dogs in Kerala). Just this past week on change.org, “#Khans4Kisaans” shouted out to Shah Rukh, Salman and Aamir to “help the farmers dying in Bollywood’s backyard”; another called for the declassification of Netaji-related files; and a third protested the ban on beef.

So are these forums then turning the apathetic urbanite into a political animal, someone who takes a stance? “Yes and no,” says Prakash. “It really is about how much people get involved in the issue. Often we have citizen groups that form around issues offline, and we have seen very real action on the ground, say, cleaning a lake or even getting a road repaired.”

Gupta says that Jhatkaa’s baseline assumption is not that Indians are apolitical, but that there aren’t enough meaningful ways for them to participate in our democracy outside of elections. “As individuals who aren’t issue experts, many citizens feel powerless when it comes to affecting change on the issues that they care most about.”

She was perplexed, she says, at how difficult it can be for citizens to meaningfully engage with government institutions or corporations in a way that they are heard. “I knew the only way to build a nation-wide constituency of citizens who could take collective action would be if we mobilised people with the help of modern communications and social media.”

Ghousiya Sultana, a PhD student, agrees. She has signed several online petitions and believes that she is, in some small way, making a difference. “I want to feel like I fought a good fight.” On the other hand, corporate executive Anant Kumar says he doesn’t believe in this trend. He is concerned about transparency, how his donation might be used or misused, and he does not see how a letter with a few thousand signatures can have much of a bearing on issues.

But, as Krishnan says, “An online petition doesn’t work like an on-off switch that resolves an issue immediately. It is about whether you successfully shamed them in public. It is about sparking a dialogue.”

With inputs from Zara Khan

For more details visit https://cis-india.org/internet-governance/news/hindu-october-3-2015-divya-gandhi-the-rise-and-rise-of-slacktivism

The real Sibal’s law: Resisting Section 66A is futile

praskrishna — 2012-12-03T05:16:11Z

The Information Technology Act is “substantially the same” as laws instituted in other democracies like UK and the United States. What’s more, the language that is employed in various sections is exactly the same. Thus was the thrust of Kapil Sibal’s defense of Section 66A on NDTV last night.

The article by Lakshmi Chaudhry was published in FirstPost on November 30. Pranesh Prakash's blog post on section 66A which was also carried in Outlook is quoted.

The problem therefore lies not in the law but in its interpretation: “It’s very difficult to interpret the act on the ground. If you give this power to a sub-inspector of police, it is more than likely to be misused.” Sibal is hence “open” to putting in place guidelines that may prevent such abuse, whether it involves requiring a senior police officer to make the call or specifying the “circumstances” in which the law is applicable.

Now, there are many ways to tear apart Sibal’s logic. In Outlook, for example, Centre for Internet and Society’s Pranesh Prakash offers a detailed comparison with the UK law to show that: one, the UK courts have “read down” the “broad wording” of the law; two, they remain subject to EU human rights provisions; and three, UK law may well be unconstitutional under the Indian Constitution which offers stronger free speech protection.

Prakash’s legal arguments are worthy, meticulously argued and — in my view — somewhat moot.

Here’s why. Would discarding or amending Section 66A prevent the MNS goons from hauling Sunil Vishwakarma to the police station for a Facebook update? Would it prevent the Palghar policemen from filing a case against Shaheen and Rinu under pressure from the local Sainiks? Would that Jadhavpur professor then be immune from Trinamool harrassment for offending Mamata?

The answer is a big fat N-O.

Sibal is right. In India, the actual law is often irrelevant. Interpretation is all. And that interpretation in the real world of the police thana is determined not by legal standards but according to political power. So we have wonderfully progressive statutes on the book — as we do in the matter of women’s rights — that exist only in theory. More effective and employed are the draconian, colonial-era laws that are routinely used to punish the innocent. The IT act is just one of them.

In India, law is a weapon, a brahmastra of the powerful. The Sainiks were looking to make an example of someone, to exercise their political brawn. Shaheen and Rinu were convenient targets, and once selected, no law could have saved them from Shiv Sena wrath. The legal threshold for “offensive” content is irrelevant to NCP Kiran Pawaskar who put pressure on the police to arrest two Air India employees because they “shared lewd jokes about politicians, made derogatory comments against the Prime Minister and insulted the national flag in their posts.”

The goonda raj of politicians on the Internet merely reflects the reality offline. All that our online activity does is make the aam aadmi more visible, and therefore easier to target and victimise. They can’t put in spy cameras in every living room, but now they can monitor our conversations on Facebook and Twitter instead. In a sense, the Internet has allowed Big Brother into our homes

This is why comparisons to UK or US — which enjoy the rule of law — are irrelevant. And why upgrading the rank of the policeman — DCP or Inspector-general — making the call will not change the outcome in most cases. The political pressures on a DCP or IG are not different than on a lowly sub-inspector who takes action not because he doesn’t understand the law, but because he understands all too well the costs of non-compliance. As for putting a magistrate in charge, well, it was a magistrate who authorised the arrests of Shaheen and Rinu.

The only reason the policemen who arrested the girls may be punished is that the Congress party is in power in Maharashtra, as in not the Shiv Sena or the BJP. In Kolkata, for example, Mamata-di has no intention of taking action against those who arrested Ambikesh Mahapatra. ‘Raja chale bazaar to kutta bhonke hazaar‘ (the king walks to market, though a thousand dogs bark),” declared Didi when pressed on Justice Katju’s criticism of her anti-free speech stance.

It succinctly embodies the attitude of our leaders. Sibal may be saddened by the Palghar case but he was every bit as unruffled as Mamata when Ravi Srinivasan was arrested for an innocuous tweet accusing Karti Chidambaram of corruption. There are naturally no plans to drop the case against him. So it matters little if the IT act is amended or who is tasked with interpreting Section 66A. Who is punished, who receives justice, however delayed, is determined by politics not law.

In his NDTV interview, Sibal chided Barkha for bringing up “5-10 instances” of unlawful arrests when “there must be millions of [abusive] comments that have been put on the internet.” It’s a familiar Sibal strategy that he has employed in the past. Pressed on Ravi Srinivasan’s arrest, he told reporters, “There are 500 things by the name of Kapil Sibal and there are some things which I really don’t like. But I have not taken action.”

What he’s really saying is that each time we update, tweet or comment, we enter an online version of russian roulette, the kind you play with a gun. You never know which chamber is loaded, or when a politician is likely to pull the trigger. We survive not by the mercy of the law but at the whim of the powerful. In India, law isn’t an ass; it’s our dear netaji’s chaprasi.

For more details visit https://cis-india.org/news/first-post-politics-lakshmi-chaudhry-november-30-2012-the-real-sibals-law-resisting-section-66a-is-futile

The Quixotic Fight to Clean up the Web

sunil — 2012-01-26T20:53:02Z

The ongoing attempt to pre-screen online content won’t change anything. It will only drive netizens into the arms of criminals, writes Sunil Abraham in this article published in Tehelka Magazine, Vol 9, Issue 04, Dated 28 Jan 2012.

GOOGLE AND Facebook’s ongoing case in the Delhi High Court over offensive online content is curious in three ways. First, the complaint does not mention the IT Act, 2000. Prior to the 2008 amendment, intermediaries (in this case, Google, Facebook, etc) had no immunity. But after the amendment, intermediaries have significant immunity and are not considered liable unless takedown notices are ignored.

Second, it is curious that the complaint does not mention specific individuals or groups directly responsible for authoring the allegedly offensive material. Only intermediaries have been explicitly named. If specific content items have been submitted in court then it is curious that specific accounts and users have not been charged with the same offences.

Three, Delhi-based journalist Vinay Rai claims that takedown notices and requests for user information were ignored by the intermediaries. As yet, unpublished research at the Centre for Internet and Society has reached the exact opposite conclusion. We sent fraudulent takedown notices to seven of the largest intermediaries in India as part of a policy sting operation. Six of them over-complied and demonstrated no interest in protecting freedom of expression. Our takedown notices were complied with even though they were largely nonsensical. It is therefore curious that Rai’s takedown notices were ignored.

Under Section 79 of the IT Act, the intermediary must not “initiate the transmission”, “select the receiver of the transmission” and “select or modify the information contained in the transmission”. In other words, they must not possess “actual knowledge” of the content. This would be absolutely true if intermediaries acted as “dumb pipes” or “mere conduits”. But today, they have reactive “human filters” ensuring conformance to community guidelines that often go beyond constitutional limits on freedom of expression.

For example, Facebook deletes breastfeeding photographs if a certain proportion of the breast is visible, despite numerous protests. Intermediaries also use proactive “machine filters” to purge their networks of pornography and copyright infringing content. In order to retain immunity under the IT Act, intermediaries would have to demonstrate that they have no “actual knowledge”. This would also imply that they cannot proactively filter or pre-screen content without becoming liable for illegal content.

More sophisticated “machine filters” will continue to be built for social media platforms as computing speeds increase and costs decrease dramatically. But there will be significant collateral damage — the vibrancy of online Indian communities will be diminished as legitimate content will be removed and this in turn will retard Internet adoption rates. Free media, democratic governance, research and development, culture and the arts will all be fundamentally undermined. So whether pre-censorship is technically feasible is an irrelevant question. The real question is what limits on freedom of expression are reasonable in the Internet age.

The legal tussle is yet another chance for reflecting on the shortcomings of the IT Act

Censorship is like prohibition, illegal content will persist, the mafia will profit and ordinary citizens will be implicated in criminal networks. Use of anonymising proxies, circumvention tools and encryption technologies will proliferate, frustrating network optimisation efforts and law enforcement activities.

This is yet another opportunity for reflecting on the shortcomings of the ITAct. A lot of the confusion and anxiety today emerges from vague language, unconstitutional limits on freedom of expression, multi-tiered blanket surveillance provisions, blunt security policy measures contained in the statute and its associated rules. The next Parliament session is the last opportunity for MPs to ask for the rules for intermediaries, cyber cafes and reasonable security practices to be revisited. The MP who musters the courage to speak will be dubbed a superhero.

As told to Shonali Ghosal. Sunil Abraham is Executive director, centre for internet and society and can be contacted at sunil@cis-india.org. The original article was published in Tehelka.

Illustration by Sudeep Chaudhuri

For more details visit https://cis-india.org/internet-governance/quixotic-fight-to-clean-the-web