We are anonymous, we are legion

The National Privacy Roundtable Meetings

bhairav — 2014-03-21T10:03:44Z

The Centre for Internet & Society ("CIS"), the Federation of Indian Chambers of Commerce and Industry ("FICCI"), the Data Security Council of India ("DSCI") and Privacy International are, in partnership, conducting a series of national privacy roundtable meetings across India from April to October 2013. The roundtable meetings are designed to discuss possible frameworks to privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Background: The Roundtable Meetings and Organisers

CIS is a Bangalore-based non-profit think-tank and research organisation with interests in, amongst other fields, the law, policy and practice of free speech and privacy in India. FICCI is a non-governmental, non-profit association of approximately 250,000 Indian bodies corporate. It is the oldest and largest organisation of businesses in India and represents a national corporate consensus on policy issues. DSCI is an initiative of the National Association of Software and Service Companies, a non-profit trade association of Indian information technology ("IT") and business process outsourcing ("BPO") concerns, which promotes data protection in India. Privacy International is a London-based non-profit organisation that defends and promotes the right to privacy across the world.

Privacy in the Common Law and in India

Because privacy is a multi-faceted concept, it has rarely been singly regulated. A taxonomy of privacy yields many types of individual and social activity to be differently regulated based on the degree of harm that may be caused by intrusions into these activities.[1]

The nature of the activity is significant; activities that are implicated by the state are attended by public law concerns and those conducted by private persons inter se demand market-based regulation. Hence, because the principles underlying warranted police surveillance differ from those prompting consensual collections of personal data for commercial purposes, legal governance of these different fields must proceed differently. For this and other reasons, the legal conception of privacy — as opposed to its cultural construction – has historically been diverse and disparate.

Traditionally, specific legislations have dealt separately with individual aspects of privacy in tort law, constitutional law, criminal procedure and commercial data protection, amongst other fields. The common law does not admit an enforceable right to privacy.[2] In the absence of a specific tort of privacy, various equitable remedies, administrative laws and lesser torts have been relied upon to protect the privacy of claimants.[3]

The question of whether privacy is a constitutional right has been the subject of limited judicial debate in India. The early cases of Kharak Singh (1964)[4] and Gobind (1975)[5] considered privacy in terms of physical surveillance by the police in and around the homes of suspects and, in the latter case, the Supreme Court of India found that some of the Fundamental Rights “could be described as contributing to the right to privacy” which was nevertheless subject to a compelling public interest. This inference held the field until 1994 when, in the Rajagopal case (1994),[6] the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty guaranteed by Article 21 of the Constitution of India. However, Rajagopal dealt specifically with a book, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the PUCL case (1996)[7] and, while finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards.[8] A more robust statement of the right to privacy was made recently by the Delhi High Court in the Naz Foundation case (2011)[9] that de-criminalised consensual homosexual acts; however, this judgment is now in appeal.

Attempts to Create a Statutory Regime

The silence of the common law leaves the field of privacy in India open to occupation by statute. With the recent and rapid growth of the Indian IT and BPO industry, concerns regarding the protection of personal data to secure privacy have arisen. In May 2010, the European Union ("EU") commissioned an assessment of the adequacy of Indian data protection laws to evaluate the continued flow of personal data of European data subjects into India for processing. That assessment made adverse findings on the adequacy and preparedness of Indian data protection laws to safeguard personal data.[10]

Conducted amidst negotiations for a free trade agreement between India and the EU, the failed assessment potentially impeded the growth of India’s outsourcing industry that is heavily reliant on European and North American business.

Consequently, the Department of Electronics and Information Technology of the Ministry of Communications and Information Technology, Government of India, issued subordinate legislation under the rule-making power of the Information Technology Act, 2000 ("IT Act"), to give effect to section 43A of that statute. These rules – the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("Personal Data Rules")[11] — were subsequently reviewed by the Committee on Subordinate Legislation of the 15^th Lok Sabha.[12] The Committee found that the Personal Data Rules contained clauses that were ambiguous, invasive of privacy and potentially illegal.[13]

In 2011, a draft privacy legislation called the ‘Right to Privacy Bill, 2011’, which was drafted within the Department of Personnel and Training ("DoPT") of the Ministry of Personnel, Public Grievances and Pensions, Government of India, was made available on the internet along with several file notings ("First DoPT Bill"). The First DoPT Bill contained provisions for the regulation of personal data, interception of communications, visual surveillance and direct marketing. The First DoPT Bill was referred to a Committee of Secretaries chaired by the Cabinet Secretary which, on 27 May 2011, recommended several changes including re-drafts of the chapters relating to interception of communications and surveillance.

Aware of the need for personal data protection laws to enable economic growth, the Planning Commission constituted a Group of Experts under the chairmanship of Justice Ajit P. Shah, a retired Chief Justice of the Delhi High Court who delivered the judgment in the Naz Foundation case, to study foreign privacy laws, analyse existing Indian legal provisions and make specific proposals for incorporation into future Indian law. The Justice Shah Group of Experts submitted its Report to the Planning Commission on 16 October 2012 wherein it proposed the adoption of nine National Privacy Principles.[14] These are the principles of notice, choice and consent, collection limitation, purpose limitation, disclosure of information, security, openness, and accountability. The Report recommended the application of these principles in laws relating to interception of communications, video and audio recordings, use of personal identifiers, bodily and genetic material, and personal data.

Criminal Procedure and Special Laws Relating to Privacy

While the Kharak Singh and Gobind cases first brought the questions of permissibility and limits of police surveillance to the Supreme Court, the power to collect information and personal data of a person is firmly embedded in Indian criminal law and procedure. Surveillance is an essential condition of the nation-state; the inherent logic of its foundation requires the nation-state to perpetuate itself by interdicting threats to its peaceful existence. Surveillance is a method by which the nation-state’s agencies interdict those threats. The challenge for democratic countries such as India is to find the optimal balance between police powers of surveillance and the essential freedoms of its citizens, including the right to privacy.

The regime governing the interception of communications is contained in section 5(2) of the Indian Telegraph Act, 1885 ("Telegraph Act") read with rule 419A of the Indian Telegraph Rules, 1951 ("Telegraph Rules"). The Telegraph Rules were amended in 2007[15] to give effect to, amongst other things, the procedural safeguards laid down by the Supreme Court in the PUCL case. However, India’s federal scheme permits States to also legislate in this regard. Hence, in addition to the general law on interceptions contained in the Telegraph Act and Telegraph Rules, some States have also empowered their police forces with interception functions in certain cases.[16] Ironically, even though some of these State laws invoke heightened public order concerns to justify their invasions of privacy, they establish procedural safeguards based on the principle of probable cause that surpasses the Telegraph Rules.

In addition, further subordinate legislation issued to fulfil the provisions of sections 69(2) and 69B(3) of the IT Act permit the interception and monitoring of electronic communications — including emails — to collect traffic data and to intercept, monitor, and decrypt electronic communications.[17]

The proposed Privacy (Protection) Bill, 2013 and Roundtable Meetings

In this background, the proposed Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

Previous roundtable meetings to seek comments and opinion on the proposed Privacy (Protection) Bill, 2013 took place at:

New Delhi: April 13, 2013 (http://bit.ly/17REl0W) with 45 participants;
Bangalore: April 20, 2013 (http://bit.ly/162t8rU) with 45 participants;
Chennai: May 18, 2013 (http://bit.ly/12ICGYD) with 25 participants.
Mumbai, June 15, 2013 (http://bit.ly/12fJSvZ) with 20 participants;
Kolkata: July 13, 2013 (http://bit.ly/11dgINZ) with 25 participants; and
New Delhi: August 24, 2013 (http://bit.ly/195cWIf) with 40 participants.

The roundtable meetings were multi-stakeholder events with participation from industry representatives, lawyers, journalists, civil society organizations and Government representatives. On an average, 75 per cent of the participants represented industry concerns, 15 per cent represented civil society and 10 per cent represented regulatory authorities. The model followed at the roundtable meetings allowed for equal participation from all participants.

[1]. See generally, Dan Solove, “A Taxonomy of Privacy” University of Pennsylvania Law Review (Vol. 154, No. 3, January 2006).

[2]. Wainwright v. Home Office [2003] UKHL 53.

[3]. See A v. B plc [2003] QB 195; Wainwright v. Home Office [2001] EWCA Civ 2081; R (Ellis) v. Chief Constable of Essex Police [2003] EWHC 1321 (Admin).

[4]. Kharak Singh v. State of Uttar Pradesh AIR 1963 SC 1295.

[5]. Gobind v. State of Madhya Pradesh AIR 1975 SC 1378.

[6]. R. Rajagopal v. State of Tamil Nadu AIR 1995 SC 264.

[7]. People’s Union for Civil Liberties v. Union of India (1997) 1 SCC 30.

[8]. A Division Bench of the Supreme Court of India comprising Kuldip Singh and Saghir Ahmad, JJ, found that the procedure set out in section 5(2) of the Indian Telegraph Act, 1885 and rule 419 of the Indian Telegraph Rules, 1951 did not meet the “just, fair and reasonable” test laid down in Maneka Gandhi v. Union of India AIR 1978 SC 597 requisite for the deprivation of the right to personal liberty, from whence the Division Bench found a right to privacy emanated, guaranteed under Article 21 of the Constitution of India. Therefore, Kuldip Singh, J, imposed nine additional procedural safeguards that are listed in paragraph 35 of the judgment.

[9]. Naz Foundation v. Government of NCT Delhi (2009) 160 DLT 277.

[10]. The 2010 data adequacy assessment of Indian data protection laws was conducted by Professor Graham Greenleaf. His account of the process and his summary of Indian law can found at Graham Greenleaf, "Promises and Illusions of Data Protection in Indian Law" International Data Privacy Law (47-69, Vol. 1, No. 1, March 2011).

[11]. The Rules were brought into effect vide Notification GSR 313(E) on 11 April 2011. CIS submitted comments on the Rules that can be found here – http://cis-india.org/internet-governance/blog/comments-on-the-it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.

[12]. The Committee on Subordinate Legislation, a parliamentary ‘watchdog’ committee, is mandated by rules 317-322 of the Rules of Procedure and Conduct of Business in the Lok Sabha (14^th edn., New Delhi: Lok Sabha Secretariat, 2010) to examine the validity of subordinate legislation.

[13]. See the 31^st Report of the Committee on Subordinate Legislation that was presented on 21 March 2013.

[14]. See paragraphs 7.14-7.17 on pages 69-72 of the Report of the Group of Experts on Privacy, 16 October 2012, Planning Commission, Government of India.

[15]. See, the Indian Telegraph (Amendment) Rules, 2007, which were brought into effect vide Notification GSR 193(E) of the Department of Telecommunications of the Ministry of Communications and Information Technology, Government of India, dated 1 March 2007.

[16]. See, inter alia, section 14 of the Maharashtra Control of Organised Crime Act, 1999; section 14 of the Andhra Pradesh Control of Organised Crime Act, 2001; and, section 14 of the Karnataka Control of Organised Crime Act, 2000.

[17]. See, the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data and Information) Rules, 2009 vide GSR 782 (E) dated 27 October 2009; and, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 vide GSR 780 (E) dated 27 October 2009.

For more details visit https://cis-india.org/internet-governance/blog/national-privacy-roundtable-meetings

The National Health Stack: An Expensive, Temporary Placebo

Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta, and Torsha Sarkar — 2018-08-13T15:13:10Z

The year 2002 saw the introduction of a very ambitious National Program for Information Technology in the United Kingdom with the goal to transform the National Health Service — a pre-existing state-sponsored universal healthcare program. This would include a centralised, digital healthcare record for patients and secure access for 30,000 professionals across 300 hospitals.

The article was published by Bloomberg Quint on August 6, 2018.

However, the next ten years would see the scheme meet with constant criticism about its poor management and immense expenditure; and after a gruelling battle for survival, including spending £20 billion and having top experts on board, the NPfIT finally met its end in 2011.

Fast forward eight years — the Indian government’s public policy think tank, NITI Aayog, is proposing an eerily similar idea for the much less developed, and much more populated Indian healthcare sector. On July 6, the NITI Aayog released a consultation paper to discuss “a digital infrastructure built with a deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem”, called the National Health Stack. The paper identifies four challenges that previous government-run healthcare programs ran into and that the current system hopes to solve. These include:

low enrollment of entitled beneficiaries of health insurance,
low participation by service providers of health insurance,
poor fraud detection,
lack of reliable and timely data and analytics.

The current article takes a preliminary look at the goals of the NHS and where it falls behind. Subsequent articles will break down the proposed scheme with regard to safety, privacy and data security concerns, the feasibility of data analytics and fraud detection, and finally, the role of private players within the entire structure.

The primary aim of any digital health infrastructure should be to compliment an existing, efficient healthcare delivery system.

As seen in the U.K., even a very well-functioning healthcare system doesn’t necessarily mean the digitisation efforts will bear fruit.

The NHS is meant to be designed for and beyond the Ayushman Bharat Yojana — the government’s two-pronged healthcare regime that was introduced on Feb. 1. Unfortunately, though, India’s healthcare regime has long been in the need of severe repair, and even if the Ayushman Bharat Yojana works optimally, there are no indications to show that this will miraculously change by their stated target of 2022. Indeed, experts predict it would take at least a ten-year period to successfully implement universal health coverage. A 2013 report by EY-FICCI stated that we must consider a ten-year time frame as well as allocating 3.5-4.7 percent of the GDP to health expenditure to achieve universal health coverage.

However, as per the current statistics, the centre’s allocation for health in the 2017-18 budget is Rs 47,353 crore, which is 1.15 percent of India’s GDP.

Patients wait for treatment in the corridor of the Acharya Tulsi Regional Cancer Treatment & Research Institute in Bikaner, Rajasthan, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Along with the state costs, India’s current expenditure in the health sector comes to a meagre 1.4 percent of the total GDP, far short of what the target should be. Yet, the government aims to attain universal health coverage by 2022.

In the first of its two-pronged strategy, the Ayushman Bharat Yojana aims to establish 1.5 lakh ‘Health and Wellness Centres’ across the country by 2022, which would provide primary healthcare services free of cost.

However, the total fund allocated for ’setting up’ these centres is only Rs 1,200 crore, which comes down to a meagre Rs 80,000 per centre.

It is unclear whether the government plans to establish new sub-centres, or improve the existing ones. Either way, a pittance of Rs 80,000 is grossly insufficient. As per reports, among the 1,56,231 current health centres, only 17,204 (11 percent) have met Indian Public Health Standards as of March 31, 2017. Shockingly, basic amenities like water and electricity are scarce, if not, absent in a substantial number of these centres.

At least 6,000 centres do not have a female health worker, and at least 1,00,000 centres do not have a male health worker.

A woman holds a child in the post-delivery ward of the district hospital in Jind, Haryana, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Even taking the generous assumption that the existing 17,204 centres are in top condition, the future of the rest of these health and wellness centres continues to be bleak.

In truth, both limbs of the Ayushman Bharat strategy remain oblivious to the reality of the situation. The goals do not take into account the existing problems within access to healthcare, nor the relevant economic and social indicators that depict a contrasting reality.

Therefore, the fundamental question remains: if there is no established, well-functioning healthcare delivery system to support, what will the NHS help?

NHS: What Purpose Does It Serve?

The ambitious scope of the National Health Stack consultation paper aside, the central problem plaguing the Indian healthcare system, i.e, delivery, and access to healthcare, remains unaddressed. The first two problems that the NHS aims to solve focus solely on increasing health insurance coverage. However, very problematically, the document does not explicitly mention how a digital infrastructure would lead to rising enrollment of both beneficiaries and service providers of insurance.

This goal of increasing enrollment without a functioning healthcare system could result in two highly problematic scenarios.

Either health and wellness centres will effectively act as enrollment agencies rather than providers of healthcare, or the government would fall back on its ‘Aadhar approach’ and employ external enrollment agents.

The former approach runs a very real risk of the health and wellness centres losing focus on their primary purpose even while statistics show them as functioning centres – thus negatively impacting even the working centres. The latter approach is at a higher risk of running into problems akin to the case of Aadhaar enrollment, such as potential data leakages, identity thefts and a market for fake IDs. Even if we somehow overlook this and assume that the NHS would help increase insurance coverage without additional problems, the larger question still stands: should health insurance even be the primary goal of the government, over and above providing access to healthcare? And what effect will this have on the actual delivery of healthcare services to the common citizen?

A lone patient sleeps in the post operation recovery ward of the district hospital in Jind, Haryana, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Should Insurance Be A Primary Objective Of The Indian Government?

Simply put, the answer is no, because greater insurance coverage need not necessitate better access to healthcare. In recent years, health insurance in India has been rising rapidly due to government-sponsored schemes. In the fiscal year 2016-17, the health insurance market was prized to be worth Rs 30,392 crore. Even with such large investments in insurance premiums, the insurance market accounts for lesser than 5 percent of the total health expenditure.

Furthermore, previous experiences with government-sponsored health insurance schemes have proven that there is little merit to such an expensive task.

For instance, the government’s earlier health insurance scheme, Rashtriya Swasthya Bima Yojana, was predicted to be unable to completely provide ‘accessible, affordable, accountable and good quality health care’ if it focussed only on “increasing financial means and freedom of choice in a top-down manner”.

These traditional insurance-based models are characterised by problems of information asymmetry such as ‘moral hazard’ — patients and healthcare providers have no incentive to control their costs and tend to overuse, resulting in an unsustainable insurance system and cost inflation. Any attempt to regulate providers is met with harsh, cost-cutting steps which end up harming patients.

On another note, some diseases which are responsible for the most number of deaths in the country — including ischaemic heart diseases, lower respiratory tract infections, chronic obstructive pulmonary disease, tuberculosis and diarrhoeal diseases — are usually chronic conditions that need outpatient consultation, resulting in out-of-pocket expenses.

Patients wait at the Head and Neck Cancer Out Patient department of Tata Memorial Hospital in Mumbai, India. (Photographer: Prashanth Vishwanathan/Bloomberg News)

Even though the government has added non-communicable diseases under the ambit of the health and wellness centres, there are still reports stating that for some of the most impoverished, their reality is that 80 percent of the time, they have to cover their expenses from their pocket. This issue in all probability will continue to exist since the status and likelihood for these centres to be successful itself is questionable.

It is clear, that in the current scheme of things, this traditional insurance model of healthcare cannot benefit those it is meant for.

If this is the case, why has the NHS built its main objectives around insurance coverage rather than access to healthcare? It is imperative that we question the legitimacy of these goals, especially if they indicate the government's intentions to push health insurance via the NHS above its responsibility of delivering healthcare. The government's thrust for a digital infrastructure shows tremendous foresight, but at what cost? Even the clear goal of healthcare data portability has very little benefit when one understands that this becomes an important goal only when one has given up on ensuring widespread accessible healthcare. Once the focus shifts from using technology needlessly to developing an efficient and universally accessible healthcare delivery system, the need for data portability dramatically reduces. The temptation of digitisation and insurance coverage cannot and should not blind us from the main goal — access to healthcare. The one lesson that we must learn from the case of the U.K. is that even with a well-functioning healthcare delivery system, a digital infrastructure must be introduced very thoughtfully and carefully. In our eagerness to leapfrog with technology, we must not mistake a placebo for a panacea.

Murali Neelakantan is an expert in healthcare laws. Swaraj Barooah is Policy Director at The Centre for Internet and Society. Swagam Dasgupta and Torsha Sarkar are interns at The Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-august-6-2018-murali-neelakantan-swaraj-barooah-swagam-dasgupta-torsha-sarkar-national-health-stack-an-expensive-temporary-placebo

The National Cyber Security Policy: Not a Real Policy

bhairav — 2013-09-25T09:49:11Z

Cyber security in India is still a nascent field without an organised law and policy framework. Several actors participate in and are affected by India's still inchoate cyber security regime. The National Cyber Security Policy (NCSP) presented the government and other stakeholders with an opportune moment to understand existing legal limitations before devising a future framework. Unfortunately, the NCSP's poor drafting and meaningless provisions do not advance the field.

This article was published in the Observer Research Foundation's Cyber Security Monitor Vol. I, Issue.1, August 2013.

For some time now, law and policy observers in India have been noticing a definite decline in the quality of national policies emanating from the Central Government. Unlike legislation, which is notionally subject to debate in the Parliament of India, policies face no public evaluation before they are brought in to force. Since, unlike legislation, policies are neither binding nor enforceable, there has been no principled ground for demanding public deliberation of significant national policies. While Parliament’s falling standard of competence has been almost unanimously condemned, there has been nearly no criticism of the corresponding failure of the Centre to invigilate the quality of the official policies of its ministries. Luckily for the drafters of the National Cyber Security Policy (NCSP), the rest of the country has also mostly failed to notice its poor content.

The NCSP was notified into effect on 2 July 2013 by the Department of Electronics and Information Technology – which calls itself DeitY – of the Ministry of Communications and Information Technology. As far as legislation and legal drafting go, DeitY has a dubious record. In March 2013, in a parliamentary appraisal of subordinate law framed by DeitY, a Lok Sabha committee found ambiguity, invasions of privacy and potentially illegal clauses. Apprehensions about statutory law administered by DeitY have also found their way to the Supreme Court of India, where a constitutional challenge to certain provisions of the Information Technology Act, 2000 (IT Act) continues. On more than one occasion, owing to poor drafting, DeitY has been forced to issue advisories and press releases to clarify the meaning of its laws. Ironically, the legal validity of these clarifications is also questionable.

A national policy must set out, in real and quantifiable terms, the objectives of the government in a particular field within a specified time frame. To do that, the policy must provide the social, economic, political and legal context prevalent at the time of its issue as well as a normative statement of factual conditions it seeks to achieve at the time of its expiry. Between these two points in time, the policy must identify and explain all the particular social, economic, political and legal measures it intends to implement to secure its success. Albeit concerned solely with economic growth, the Five-Year Plans – the Second and Tenth Plans in particular, without prejudice to their success or failure, are samples of policies that are well-drafted. In this background, the NCSP should be judged on the basis of how it addresses, in no particular order, national security, democratic freedoms, economic growth and knowledge development. Let us restrict ourselves to the first two issues.

There are broadly two intersections between national security and information technology; these are: (i) the security of networked communications used by the armed forces and intelligence services, and (ii) the storage of civil information of national importance. While the NCSP makes no mention of it, the adoption of the doctrine of network-centric warfare by the three armed forces is underway. Understanding the doctrine is simple – an intensive use of information technology to create networks of information aids situational awareness and enables collaboration to bestow an advantage in combat. However, the doctrine is vulnerable to asymmetric attack using both primitive and highly sophisticated means. Pre-empting such attacks should be a primary policy concern; not so, apparently, for the NCSP which is completely silent on this issue. The NCSP is slightly more forthcoming on the protection of critical information infrastructure of a civil nature. Critical information infrastructure, such as the national power grid or the Aadhar database, is narrowly defined in section 70 of the IT Act where it used to describe a protected system. Other provisions of the IT Act also deal with the protection of critical information infrastructure. The NCSP does not explain how these statutory provisions have worked or failed, as the case may be, to necessitate further mention in a policy document. For instance, section 70A of the IT Act, inserted in 2008, enables the creation of a national nodal agency to undertake research and development and other activities in respect of critical information infrastructure. Despite this, five years later, the NCSP makes a similar recommendation to operate a National Critical Information Infrastructure Protection Centre to undertake the same activities. In the absence of any meaningful explanation of intended policy measures, there is no reason to expect that the NCSP will succeed where an Act of Parliament has failed.

But, putting aside the shortcomings of its piece-meal provisions, the NCSP also fails to address high-level conceptual policy concerns. As information repositories and governance services through information technology become increasingly integrated and centralised, the security of the information that is stored or distributed decreases. Whether by intent or error, if these consolidated repositories of information are compromised, the quantity of information susceptible to damage is greater leading to higher insecurity. Simply put, if power transmission is centrally controlled instead of zonally, a single attack could black out the entire country instead of only a part of it. Or if personal data of citizens is centrally stored, a single leak could compromise the privacy of millions of people instead of only hundreds. Therefore, a credible policy must, before it advocates greater centralisation of information, examine the merits of diffused information storage to protect national security. The NCSP utterly fails in this regard.

Concerns short of national security, such as the maintenance of law and order, are also in issue because crime is often planned and perpetrated using information technology. The prevention of crime before it is committed and its prosecution afterwards is a key policy concern. While the specific context may vary depending on the nature of the crime – the facts of terrorism are different from those of insurance fraud – the principles of constitutional and criminal law continue to apply. However, the NCSP neither examines the present framework of cybersecurity-related offences nor suggests any changes in existing law. It merely calls for a “dynamic legal framework and its periodic review to address the cyber security challenges” (sic). This is self-evident, there was no need for a new national policy to make this discovery; and, ironically, it fails to conduct the very periodic review that it envisages. This is worrying because the NCSP presented DeitY with an opportunity to review existing laws and learn from past mistakes. There are concerns that cybersecurity laws, especially relevant provisions of the IT Act and its rules, betray a lack of understanding of India’s constitutional scheme. This is exemplified by the insertion, in 2008, of section 66A into the IT Act that criminalises the sending of annoying, offensive and inconvenient electronic messages without regard for the fact that free speech that is annoying is constitutionally protected.

In India, cybersecurity law and policy attempts to compensate for the state’s inability to regulate the internet by overreaching into and encroaching upon democratic freedoms. The Central Monitoring System (CMS) that is being assembled by the Centre is a case in point. Alarmed at its inability to be privy to private communications, the Centre proposes to build systems to intercept, in real time, all voice and data traffic in India. Whereas liberal democracies around the world require such interceptions to be judicially sanctioned, warranted and supported by probable cause, India does not even have statutory law to regulate such an enterprise. Given that, once completed, the CMS will represent the largest domestic interception effort in the world, the failure of the NCSP to examine the effect of such an exercise on daily cybersecurity is bewildering. This is made worse by the fact that the state does not possess the technological competence to build such a system by itself and is currently tendering private companies for equipment. The state’s incompetence is best portrayed by the activities of the Indian Computer Emergency Response Team (CERT-In) that was constituted under section 70B of the IT Act to respond to “cyber incidents”. CERT-In has repeatedly engaged in extra-judicial censorship and has ham-handedly responded to allegedly objectionable blogs or websites by blocking access to entire domains. Unfortunately, the NCSP, while reiterating the operations of CERT-In, attempts no evaluation of its activities precluding the scope for any meaningful policy measures.

The NCSP’s poor drafting, meaningless provisions, deficiency of analysis and lack of stated measures renders it hollow. Its notification into force adds little to the public or intellectual debate about cybersecurity and does nothing to further the trajectory of either national security or democratic freedoms in India. In fairness, this problem afflicts many other national policies. There is a need to revisit the high intellectual and practical standards set by most national policies that were issued in the years following Independence.

For more details visit https://cis-india.org/internet-governance/blog/orfonline-bhairav-acharya-observer-research-foundation-cyber-security-monitor-august-2013-nsp-not-a-real-policy

The Narendra Modi app: The secret weapon in BJP’s elections arsenal

Admin — 2018-03-29T16:28:28Z

Narendra Modi app, BJP's secret weapon.

The article by Jayadevan PK and Pankaj Mishra was published by Factor Daily on March 29, 2018. Pranesh Prakash was quoted.

Story Highlights

Why is Rahul Gandhi beating the drums about the Narendra Modi app? Because he knows that the app – with over 10 million users already – will be crucial decider of a BJP victory or failure in the general elections.
The Narendra Modi app’s mission is two fold — mobilize and integrate some 100 million BJP members and use the app to deliver targeted messaging to voters. Party president Amit Shah has a target that each district should have 100,000 downloads.
In the coming general elections, there will be more than 180 million first-time voters – people who are relatively easy to target on social media. Of the 241 million Facebook users in India, about 54 million are between the age of 18 and 23 years.

Congress president Rahul Gandhi earlier this week got panned for his criticism of the Narendra Modi app. The app, Gandhi had said on Twitter, was leaking user data and added that Prime Minister Narendra Modi was “the Big Boss who likes to spy on Indians”. Much of what the Congress leaders said was hyperbole common at the hustings.

But as it turns out, Gandhi has good reason to beat the drums wildly: the Narendra Modi app is going to be, by all accounts, the Bharatiya Janata Party’s arrowhead as India pads up for its biggest general elections next year. The app is going to be the fulcrum of the BJP’s tech outreach and social media strategy in the months ahead of the elections, which may be held earlier than the scheduled early 2019 going by the buzz in political circles in capital New Delhi.

The usage of the state apparatus to promote an app owned by Modi personally and the way it plans to use data of its users is drawing criticism from political rivals and privacy activists. Critics have pointed out that the app asks for too many permissions, is less than ideally secure, and is run by the BJP while being positioned as the official application of the prime minister of India. These questions are now taking a serious tone after the Facebook-Cambridge Analytica scandal.

“Overall, Facebook’s fallout means even more focus and reliance on the Narendra Modi app by the BJP,” said a person familiar with BJP’s social and digital plans, adding the Facebook and WhatsApp platforms will be in the background and continue to be valuable. This person asked to remain anonymous.

By “Facebook’s fallout”, he is referring to the aftermath of the scandal that implicated political consulting firm Cambridge Analytica of misusing Facebook data of millions of users without consent. Questions are also being raised in the UK and US about the involvement of Russian actors using Facebook, Google and Twitter to influence key global events such as Britain’s exit from the European Union and the US presidential elections in 2016.

After a sting by British broadcaster Channel4 showed Cambridge Analytica used dubious means to influence elections, both the Congress party and the BJP have accused each other of using the services of the analytics company.

To be sure, it will be difficult for anyone to ignore Facebook and WhatsApp for the sheer reach they offer – Facebook has over 240 million users in India and WhatsApp has a similar number of users in India. But growing the Narendra Modi app’s user base will mean a channel that won’t need to be constantly paid for and in the BJP’s direct control with all the granular data and reach that such a platform can offer.

India has the largest number of Facebook users in the world.

“The game plan is to make Narendra Modi app the killer platform for the next elections and beyond,” said the person aware of the BJP’s plan. With estimated downloads of over 10 million already, the Narendra Modi app’s mission is two-fold — mobilize and integrate some 100 million BJP members across the party’s operations and use the app to deliver targeted messaging to existing and potential voters.

To that end, Prime Minister Modi himself and the BJP have been driving app downloads in ways that will put seasoned growth hackers to shame. For instance, Modi’s new book Exam Warriors. Readers can scan QR codes in the book and post responses to the Narendra Modi app. The target: more young users for the app who will soon vote for the first time. A student taking the 12th board exams this year is likely 18 years old, come the 2019 elections.

As has been pointed out, targeting first-time voters in a country where 41% of the population is younger than 20 years is a no-brainer. Political scientist Oliver Heath posited in 2015 that the BJP’s 2014 victory came about more thanks to first-time voters rather the votes it weaned away from rival parties. There were 136 million new voters in 2014. This time there will be more than 180 million first-timers – people who are relatively easy to target on social media. Of the 241 million Facebook users in India, about 54 million are between the age of 18 and 23 years.

The BJP also has plans to co-opt educational institutions to distribute the book, said another source. The book, released in February 2018 is being translated into various languages starting with Hindi and Marathi. The BJP state government in Maharashtra is procuring nearly 150,000 books on Modi but it hasn’t said yet it would be Exam Warriors that it would buy and distribute to state schools.

The number of times Prime Minister Narendra Modi has plugged the app in his Mann Ki Baat speeches.

The prime minister also channels users to the app in his speeches and on his social media channels. A typical plug in his monthly Mann Ki Baat speech would call out a comment received on the app or ask “fellow countrymen” to share a photo or views on an issue on the app. Since October 2014, Modi has made 41 Mann Ki Baat speeches and he has mentioned the Narendra Modi app over 50 times, an analysis of his speeches shows (See graph).

Besides launching modules that enable the prime minister to talk to his council of ministers or run surveys and bundling the app with new phones to drive users, the BJP has also from time to time driven some hard app download targets to its rank and file. In September 2016, for instance, the Gujarat party chief said it will ensure at least 7 lakh downloads of the app as a birthday gift to Modi. BJP President Amit Shah wants nearly 50 million downloads for the app and has directed state officials to drive nearly 100,000 app installations in each district. “Do not take this as an information (or suggestion). Accountability will be ensured and it is the responsibility of each district unit to ensure downloading of one lakh of Narendra Modi App,” Shah reportedly said at the party’s national executive meeting in March 2016.

The app is already in play at the Karnataka elections scheduled for April. “As of now, the app has national content. Going forward we will be pumping lot of content related to Karnataka in Kannada. It will include voice, non-voice and lot of messages. He (Modi) will also be sharing through the app for Kannadigas,” says Amresh K, BJP Information Technology Cell State Convener.

“We will also be doing a Narendra Modi campaign to drive downloads,” said Amresh, who is helping create manifestos for 224 constituencies in Karnataka. “Earlier it used to be one state-level manifesto. This time we have it for 224 constituencies. We’re also engaging with 500-1000 influencers in these constituencies and about 100 sectors to compile their inputs,” he said. The 2013 manifesto of the BJP, a 40-page document, led with the development agenda focussed on specific sectors but also promised freebies such as 25-kilogram free rice to the poor and free laptop to high school goers.

Modi’s popularity as a leader in central to the app. “More than BJP today, Modi as a brand has become extremely strong. There’s a lot of mud sticking to political leaders but in comparison, he seems to be coming through as spotless,” says brand strategist and author M G Parameswaran, who helped create some of the biggest brands such as Santoor and Wipro. To appeal to the young voter, it’s important for Modi to stick to the “development narrative and not get derailed by the Hindutva narrative,” he adds.

So how does the app really help the BJP? The answer to this question really lies in the BJP’s earlier campaigns and the party’s learnings. FactorDaily interviewed people closely associated with BJP’s 2014 campaign to find out.

The ‘Golden Triple’

India could go to polls as early as the end of this year, as is being speculated by the political chatterati, or early next year. Nearly one billion Indians eligible to vote this time around (814 million in 2014) will decide the fate of 543 seats to which representatives are elected. As Rajesh Jain, a former advisor to the BJP campaign points out on his blog, “using data and analytics to identify supporters and then getting them out to vote on election day will be instrumental in determining the eventual winner”. He estimates that nearly 670 million people in India, comprising 330 million who don’t vote and 340 million who aren’t likely to support a mainstream party (or are undecided), are up for grabs.

Importantly, the dynamics at the hustings have changed. “Unlike 2015, this isn’t an election with a wave (the Narendra Modi wave). This isn’t a Facebook or a WhatsApp election in that sense. This is going to be about micro-targeting and use of Narendra Modi app. If BJP wins 2019, the app will become even more all-pervasive and a way to be free from platforms like WhatsApp and Facebook,” said the source familiar with the BJP’s plans quoted above.

Micro-targeting is the practice of crafting messages and advertising to small user cohorts. For this to work, the advertiser, will need to understand its target audience deeply and accurately. Having data from various sources, including the Modi app, will help target the electorate better.

The golden triple is a combination of booth level information, contact details and political leaning of a voter.

The lynchpin of the data strategy of the BJP is what number crunchers call the “Golden Triple”, which has three pieces to it: the details of the booth at which someone votes, the contact phone number and the political leaning of the voter. Voter details are public information in India. Collating that accurately with contact phone numbers is difficult but doable (and likely has already been done by political parties including the BJP).

The BJP, through its missed call-based membership drive back in November 2014, had amassed nearly 100 million registered members. At the time, the BJP had collected voter ID details of members as well. In other words, the party already has over 100 million ‘golden triples’. “If you have 10 crore golden triples, your target audience is sorted,” said the source who knows of BJP’s plans.

“There are four things on which the battles are won and lost—identifying those who already are your supporters, voter registration, pursue them, and finally ensuring that they turn out on the day when it all matters the most,” says the person. The Narendra Modi app becomes a tool to mobilize party workers and getting them to execute the game plan. It also doubles up as a channel to send targeted messages based on the data it has captured already.

Having data of its supporters in a constituency can help parties craft targeted messages and zone in on the audience better using social media platforms, says Ankit Lal, the author of India Social: How social media is leading the charge and changing the countryand a social media strategist for the Aam Aadmi Party (AAP). For instance, Facebook allows you to build a custom audience by uploading a list of email addresses or phone numbers.

The election commission’s Form 20 gives polling booth level data on which candidate got how many votes. “Now, this combined with more specific data sets, can make it far more impactful,” says the person quoted above. For instance, if the numbers aren’t looking good in a certain region, the Narendra Modi app can be used to mobilise party workers to campaign harder in those areas.

In 2014, the BJP used a market research and analytics agency Penn Schoen Berland (PSB) to firm up the key planks on which it would fight elections. The party built its campaign around issues of corruption, security of women, and inflation based on the firm’s inputs. For sure, there will be voter surveys done by the BJP (as also other parties) this time, too, but with the Narendra Modi app and its growing install base, the party’s understanding of local, district-level issues – even booth-level inputs – get strengthened through internal surveys and other mechanisms.

But, can the sophisticated combination of data analytics, micro-targeting, and bespoke messaging swing an election? The answer depends on how close the electoral fight in different constituencies will turn out to be.

When victory margins are thin, targeted campaigns (especially on social media) can win seats. Case in point: Gujarat assembly elections late last year. As this article points out, the victory margins in 57 out of 182 seats in Gujarat was less than 5% – in other words, just a few thousand votes could swing victory either which way. “The win or loss margin is very small, generally less than 5% of the electorate for a majority of constituencies,” says Lal, the AAP strategist. “For urban areas, it is easy to influence results using social media because the margins are so close.” In Karnataka, more than 30 of the 224 seats in the legislative assembly had wins with a margin of less than 3%.

What about the national elections? Here, too, the narrow wins are make or break in nature. Ninety-two seats were won with a winning margin of less than 5% in the 2014 elections. This despite the Modi wave that saw the BJP end with 282 seats in the Lok Sabha – the first time in 30 years a party won a simple majority in the lower house of Parliament.

In other words, social media has – and will continue to have – a definite sway in Indian electoral outcomes and the Narendra Modi app has its role cut out for itself.

The privacy question

On March 23, a security researcher who goes by the pseudonym Elliot Alderson, revealed that the data collected by Narendra Modi app is being passed on to analytics company Clevertap. The app also takes 22 permissions from the user, including the ability to access the user’s contacts, gallery and microphone. Privacy advocates warn that doing so without explicitly telling the user is a breach of trust. “Be careful when you enter personal data. It is often not needed and this data is often misuse (sic) after that,” Alderson messaged FactorDaily on Twitter in reply to a question. His tweets were what had the Congress Party’s Gandhi kicking up a minor storm accusing the BJP of spying on users. To be sure, it is common practice to integrate analytics and marketing tools like Clevertap into an app (also see: CleverTap’s Commitment to User Consent and Data Privacy).

Thejesh G N, founder of Datameet, a community of data scientists and open data enthusiasts, says that it’s okay for politicians to use websites or apps to string members together or talk to their constituents. But they should follow ground rules such as stating the purpose of data collection clearly, collecting minimum amount of data, sharing information about who is collecting the data, for what purpose and guaranteeing the security of personal data, and also stating how it will share data with third parties and for what purpose. This may have sounded like ideal principles of data use but less so in the aftermath of the Facebook-Cambridge Analytica scandal which has brought into focus the flagrant violation of privacy standards by almost every platform.

“People might be thinking they are giving data to the prime minister… in fact, it’s probably going to a campaign database. It’s important to make that clear.”

In the case of Narendra Modi app, some of these basic rules aren’t followed, points out Thejesh, a privacy activist from Bengaluru. “The app description on Play Store says ‘Official App of Prime Minister of India, Narendra Modi. It brings to you latest information, instant updates & helps you contribute towards various tasks. It provides a unique opportunity to receive messages and emails directly from the Prime Minister.’ But the app is not owned by Government of India and so the statement is misleading,” he says. “People might be thinking they are giving data to the prime minister… in fact, it’s probably going to a campaign database. It’s important to make that clear.”

Lal of AAP minces no words when it comes to the question of ownership of data. “That’s the biggest question. How did a private app end up being used by the prime minister’s office? Either they were conned into it or they know about it. If they did it deliberately, they knowingly stole data which is no smaller than that of Cambridge Analytica. There it was between Cambridge Analytica and Facebook, here it is between citizen and their prime minister,” he says.

“There is a distinction to be drawn between providing one’s own data and providing the data of others that you happen to have.”

In 2015, privacy and tech policy expert Pranesh Prakash helped report a security vulnerability that exposed the data of Narendra Modi app users. “In 2016 again, the same set of security vulnerabilities blew up… this time, more than 5 million people’s personal profiles including their birthdates, phone numbers was available to the public,” Prakash told India Today TV. “There is a distinction to be drawn between providing one’s own data and providing the data of others that you happen to have. For instance, the Narendra Modi app asks for permissions for ‘Contacts’, which allows it to harvest your contacts. Are they using it (as you suggest they would) for the elections? If so, are they upfront about that as one of the purposes for the data collection? And are they collecting your details or details of your contacts as well,” Prakash later told FactorDaily in reply to a question on the use of data from the Narendra Modi app.

The BJP has responded to some of the criticism. Amit Malviya, the BJP IT Cell chief pointed FactorDaily to the party’s statement that said: “Narendra Modi App is a unique App, which unlike most Apps, gives access to users in ‘guest mode’ without even any permission or data. The permissions required are all contextual and cause-specific. Contrary to Rahul (Gandhi)’s lies, fact is that data is being used for only analytics using third-party service, similar to Google Analytics. Analytics on the user data is done for offering users the most contextual content. This ensures that a user gets the best experience by showing content in his language & interests. A person who looks up agri-related info will get agri related content easily. A person from TN will get updates in Tamil and get an update about an important initiative about TN.”

Will the Narendra Modi app prove to be the BJP’s Brahmastra – the mythical destructive weapon from ancient Hindu texts? The contextual content served on the app in the coming months will give the answer. If it is hyperlocal and raises issues at the booth level, you can be sure that the Brahmastra has been deployed.

For more details visit https://cis-india.org/internet-governance/news/factor-daily-jayadevan-pk-and-pankaj-mishra-march-29-2018-narendra-modi-app-bjp-2019-election

The mystery of the website which published the ‘scoop’ on BJP’s Ram Madhav

Admin — 2018-02-22T14:55:33Z

The website has since been taken down, but the identity of its creators may not be very easy to find.

The blog post by Kaveesha Kohli and Talha Ashraf was published in The Print on February 13, 2018.

The BJP filed a criminal complaint Sunday against a website after it published a report about an alleged video said to show the party’s national general secretary Ram Madhav in a ‘compromising position’. However, the site no longer exists and experts say it may be difficult to find out who was behind the ‘expose’.

Congress MP from Assam, Sushmita Dev, was among those who shared the website’s report, which claimed that the senior BJP functionary and in-charge of the party’s north-east affairs, was allegedly caught in a hotel.

But soon after the Nagaland unit of the BJP vehemently denounced it as “fictitious report” and filed an FIR, the website ceased to exist. In its complaint, the BJP said the “news report is totally false and it seeks to character assassinate Ram Madhav and sabotage the election campaign of the BJP”.

However, the screenshot of the article continues to be shared on social media.

Registration details of thenewsjoint.com (now defunct) taken from The Internet Corporation for Assigned Names and Numbers (ICANN) that manages domain names says the site was created and registered on 2 January 2018. The site’s expiry date is 2 January 2019.

Since its creation, the site has published multiple stories, most of which have been published in the last two weeks.

“If we look through Google cache, it has published multiple stories about budget aftershocks, Sensex falls by record, Modi Sarkar shuts bamboo budget, etc,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

Anyone could have published the website with the domain name The News Joint, said Madhulika Srikuamar, Junior Fellow, Cyber Initiative, Observer Research Foundation.

“The buyer, for an additional fee, can opt to keep her details private and not reveal her identity online,” she said.

The domain name thenewsjoint.com is registered through a private organisation named DomainsByProxy.com. The use of the private organisation is to maintain secrecy and makes it easy to hide the owner’s actual name and address. So how can it be traced?

“In order to track the original owners of the domain name, the police will have to take the court order and ask DomainsByProxy to hand over the name and IP address of the persons who registered themselves,” said Prakash.

And there’s no way to regulate against such sites as well.

“While there are no specific domestic regulations that govern the registration, sale and purchase of domain names, most restrictions on domain name registration stem from intellectual property protections,” said Srikumar.

In this particular case, it remains unclear whether the website was taken down because of the article on Madhav.

Prakash says it is important to verify whether The News Joint was created to peddle false news, or was pretending to be a genuine news website.

“It can be compared to the broader news environment in India where very mainstream newspapers, especially their Web desks, very often end up publishing news without any regard for journalistic ethics, without verification of the facts,” he said.

For more details visit https://cis-india.org/internet-governance/news/the-print-kaveesha-kohli-and-talha-ashraf-the-vanishing-act-scoop-on-bjp-ram-madhav

The Mother and Child Tracking System - understanding data trail in the Indian healthcare systems

ambika — 2019-12-30T17:18:05Z

This article was first published by Privacy International, on October 17, 2019

Case study of MCTS: Read

On October 17th 2019, the UN Special Rapporteur (UNSR) on Extreme Poverty and Human Rights, Philip Alston, released his thematic report on digital technology, social protection and human rights. Understanding the impact of technology on the provision of social protection – and, by extent, its impact on people in vulnerable situations – has been part of the work the Centre for Internet and Society (CIS) and Privacy International (PI) have been doing.

Earlier this year, PI responded to the UNSR's consultation on this topic. We highlighted what we perceived as some of the most pressing issues we had observed around the world when it comes to the use of technology for the delivery of social protection and its impact on the right to privacy and dignity of benefit claimants.

Among them, automation and the increasing reliance on AI is a topic of particular concern - countries including Australia, India, the UK and the US have already started to adopt these technologies in digital welfare programmes. This adoption raises significant concerns about a quickly approaching future, in which computers decide whether or not we get access to the services that allow us to survive. There's an even more pressing problem. More than a few stories have emerged revealing the extent of the bias in many AI systems, biases that create serious issues for people in vulnerable situations, who are already exposed to discrimination, and made worse by increasing reliance on automation.

Beyond the issue of AI, we think it is important to look at welfare and automation with a wider lens. In order for an AI to function it needs to be trained on a dataset, so that it can understand what it is looking for. That requires the collection large quantities of data. That data would then be used to train and AI to recognise what fraudulent use of public benefits would look like. That means we need to think about every data point being collected as one that, in the long run, will likely be used for automation purposes.

These systems incentivise the mass collection of people's data, across a huge range of government services, from welfare to health - where women and gender-diverse people are uniquely impacted. CIS have been looking specifically at reproductive health programmes in India, work which offers a unique insight into the ways in which mass data collection in systems like these can enable abuse.

Reproductive health programmes in India have been digitising extensive data about pregnant women for over a decade, as part of multiple health information systems. These can be seen as precursors to current conceptions of big data systems within health informatics. India’s health programme instituted such an information system in 2009, the Mother and Child Tracking System (MCTS), which is aimed at collecting data on maternal and child health. The Centre for Internet and Society, India, undertook a case study of the MCTS as an example of public data-driven initiatives in reproductive health. The case study was supported by the Big Data for Development network supported by the International Development Research Centre, Canada. The objective of the case study was to focus on the data flows and architecture of the system, and identify areas of concern as newer systems of health informatics are introduced on top of existing ones. The case study is also relevant from the perspective of Sustainable Development Goals, which aim to rectify the tendency of global development initiatives to ignore national HIS and create purpose-specific monitoring systems.

After being launched in 2011, 120 million (12 crore) pregnant women and 111 million (11 crore) children have been registered on the MCTS as of 2018. The central database collects data on each visit of the woman from conception to 42 days postpartum, including details of direct benefit transfer of maternity benefit schemes. While data-driven monitoring is a critical exercise to improve health care provision, publicly available documents on the MCTS reflect the complete absence of robust data protection measures. The risk associated with data leaks are amplified due to the stigma associated with abortion, especially for unmarried women or survivors of rape.

The historical landscape of reproductive healthcare provision and family planning in India has been dominated by a target-based approach. Geared at population control, this approach sought to maximise family planning targets without protecting decisional autonomy and bodily privacy for women. At the policy level, this approach was shifted in favour of a rights-based approach to family planning in 1994. However, targets continue to be set for women’s sterilisation on the ground. Surveillance practices in reproductive healthcare are then used to monitor under-performing regions and meet sterilisation targets for women, this continues to be the primary mode of contraception offered by public family planning initiatives.

More recently, this database - among others collecting data about reproductive health - is adding biometric information through linkage with the Aadhaar infrastructure. This data adds to the sensitive information being collected and stored without adhering to any publicly available data protection practices. Biometric linkage is aimed to fulfill multiple functions - primarily authentication of welfare beneficiaries of the national maternal benefits scheme. Making Aadhaar details mandatory could directly contribute to the denial of service to legitimate patients and beneficiaries - as has already been seen in some cases.

The added layer of biometric surveillance also has the potential to enable other forms of abuse of privacy for pregnant women. In 2016, the union minister for Women and Child Development under the previous government suggested the use of strict biometric-based monitoring to discourage gender-biased sex selection. Activists critiqued the policy for its paternalistic approach to reduce the rampant practice of gender-biased sex selection, rather than addressing the root causes of gender inequality in the country.

There is an urgent need to rethink the objectives and practices of data collection in public reproductive health provision in India. Rather than continued focus on meeting high-level targets, monitoring systems should enable local usage and protect the decisional autonomy of patients. In addition, the data protection legislation in India - expected to be tabled in the next session in parliament - should place free and informed consent, and informational privacy at the centre of data-driven practices in reproductive health provision.

This is why the systematic mass collection of data in health services is all the more worrying. When the collection of our data becomes a condition for accessing health services, it is not only a threat to our right to health that should not be conditional on data sharing but also it raises questions as to how this data will be used in the age of automation.

This is why understanding what data is collected and how it is collected in the context of health and social protection programmes is so important.

For more details visit https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare

The Mirror in the Enigma: How Germany lost World War II to a Mathematical Theorem

elonnai hickok — 2011-09-22T07:53:25Z

Today we use encryption in pretty much everything — cellphones, Internet, banking, satellites, and spaceships. How far have we come since the days of the Enigma and how does it affect our daily lives? CIS invites you to attend a short lecture by Rohit Gupta on August 12, 2011.

About the Lecture

During World War II, the Germans began communicating their military information using the famous Enigma encryption machine. Subsequently, we see how three Polish mathematicians led by Marian Rejewski broke the code using a fundamental theorem in 'group theory'. It has been suggested by certain generals that this breach directly led to the collapse of the Axis powers.

In his talk Rohit will begin with the simplest ways to secure privacy in communication throughout human history, and build up to the rise of the Enigma.

About Rohit

Rohit Gupta is a mathematician who thinks the universe is a giant hologram generated by a microscopic black hole which behaves like a rapidly blinking disco ball. He's finding ways to prove this beyond doubt.

VIDEO

For more details visit https://cis-india.org/internet-governance/events/mirror-in-the-enigma

The Ministry And The Trace: Subverting End-To-End Encryption

Gurshabad Grover, Tanaya Rajwade and Divyank Katira — 2021-07-12T08:18:18Z

A legal and technical analysis of the 'traceability' rule and its impact on messaging privacy.

The paper was published in the NUJS Law Review Volume 14 Issue 2 (2021).

Abstract

End-to-end encrypted messaging allows individuals to hold confidential conversations free from the interference of states and private corporations. To aid surveillance and prosecution of crimes, the Indian Government has mandated online messaging providers to enable identification of originators of messages that traverse their platforms. This paper establishes how the different ways in which this ‘traceability’ mandate can be implemented (dropping end-to-end encryption, hashing messages, and attaching originator information to messages) come with serious costs to usability, security and privacy. Through a legal and constitutional analysis, we contend that traceability exceeds the scope of delegated legislation under the Information Technology Act, and is at odds with the fundamental right to privacy.

Click here to read the full paper.

For more details visit https://cis-india.org/internet-governance/blog/the-ministry-and-the-trace-subverting-end-to-end-encryption

The law tries to catch up with tech

Admin — 2018-09-06T02:11:08Z

At his testimony before the U.S. Congress, Facebook CEO Mark Zuckerberg spoke about the upcoming elections in India.

The article by Arnika Thakur was published in Fortune India on May 22, 2018

“2018 is an incredibly important year for elections not just with the U.S. midterms, but around the world. There are important elections in India, in Brazil, in Mexico, in Pakistan, and in Hungary,” he said. “We want to make sure we do everything we can to protect the integrity of those elections.”

But is Zuckerberg’s assurance enough? Can Facebook truly ensure that there is no meddling in India’s general elections; political consulting firm Cambridge Analytica is accused of harvesting Facebook data of millions of people, and targeting them with ads designed to influence the Brexit referendum and the U.S. presidential election?

Instead, shouldn’t India proactively strengthen its data privacy laws?

India’s existing regulation on data protection—the Information Technology (IT) Act, 2000 in its original form, experts say, did not explicitly protect data. And even subsequent amendments were “retrofitting of the law”, says Sunil Abraham, executive director of the Centre for Internet & Society, a Bengaluru-based research and advocacy firm.

One amendment, Section 43-A, makes a “body corporate” possessing, dealing or handling any sensitive personal data or information liable to pay damages if it has been negligent in implementing and maintaining reasonable security practices, and thereby causing “wrongful loss or wrongful gain” to any person. The other amendment, Section 72-A, provides criminal remedy imprisonment of up to three years or a fine of up to Rs 5 lakh or both for disclosure of personal information in breach of lawful contract.

But Abraham says by specifying sensitive personal data, the law excludes breach or misuse of data that aren’t biometrics or the like. “Whenever you produce regulations in this manner those regulations are rarely comprehensive, and, therefore, we are in this situation,” he says. In other words, seemingly innocuous information such as a person’s pop culture interests, political ideology, literary preference, shopping history is not protected.

Under the current law, companies are also not responsible for notifying users if their data are breached. “The entire framework around notification, or how does a user know that their data has actually been affected by a breach; none of these provisions actually exist under Indian law,” says Amlan Mohanty, senior associate, technology and policy, PLR Chambers, a law firm.

Sahir Hidayatullah, CEO of Smokescreen Technologies, a cybersecurity firm, says since Indians are not culturally attuned to the idea of privacy, a comprehensive law is important.

India understands that the existing data protection law is behind the times. Last year, the government constituted a committee of experts chaired by former Supreme Court Justice B.N. Srikrishna to study the matter, make specific suggestions, and suggest a draft Data Protection Bill. In February, speaking on the sidelines of an international conference, India’s electronics and information technology minister Ravi Shankar Prasad said the committee will soon submit its report.

The lawmakers can perhaps take a cue from the European Union’s General Data Protection Regulation (GDPR), which will come into effect this May. Among other things, GDPR gives individuals greater rights to access data on them, correct inaccuracies, erase personal data in certain cases, and to even transfer their data from one firm to another.

GDPR also clearly defines consent. “The request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language,” it says. The law gives the users the right to withdraw their consent at any time. Currently, most Internet companies seek consent to multiple matters at once, usually when a new user registers for or downloads its service and it is often difficult, if at all, to review it. GDPR will change that in the EU.

Supratim Chakraborty, associate partner at law firm Khaitan & Co, says a clear regulation on consent is requisite in India, where many are first-time Internet users or do not understand English or are even illiterate. “When you obtain consent, it has to be understood in a proper manner by the people, and secondly, the people who are receiving the data are also obligated to protect it in a particular manner. That is something that we should gun for in the new law,” says Chakraborty.

Mohanty of PLR Chambers says GDPR also spells out the principles of applicability with clarity by stating the law will be applicable even on a foreign entity if the breach impacts an EU citizen. “The problem in India is ensuring that foreign companies operating in India are held accountable,” he says. “One of the key issues that India has to deal with is ensuring that the law that India passes is going to be applicable to entities that function outside India.”

Sivarama Krishnan, partner and leader, cybersecurity, at consultancy PwC India, says India also needs to address the issue of who or which body will implement the data protection law. “In the Western world, there is usually a privacy commission or authority, and resources to enforce the regulation. In India, there is lack of enforcement capability in the government to implement the existing regulation,” he says.

There is also the matter of the government’s priority. The union government’s biometric identification programme, Aadhaar, does not have a spotless record on data protection users’ data have on multiple times been breached, or even published online, by third party service providers, hackers, and even by government websites.

But India has seen serious consequences of weak data protection: A judge’s report on the 1993 Bombay riots found that voters’ lists and business registers were used by perpetrators to identify victims and their businesses.

Today, there is a lot more data a criminal can get access to, from a government identification programme to your Facebook profile to your smartphone’s GPS signal. No data breach is innocuous.

For more details visit https://cis-india.org/internet-governance/news/fortune-india-arnika-thakur-may-22-2018-law-tries-to-catch-up-with-tech

The Last Word: Is there a need to review Information Technology Act?

praskrishna — 2012-11-21T12:10:15Z

Does the high-handed arrest of two young girls mean it's time to review and revise the IT Act?

Aryaman Sundaram, Pavan Duggal, Pranesh Prakash and Ravi Visvesvaraya Prasad took part in a discussion with Karan Thapar on section 66A of the IT Act. This was aired on CNN-IBN on November 20, 2012.

Pranesh Prakash said that it was just not a history of misuse of section 66A of the IT Act because that presumes that the law is otherwise fine and it has just been applied wrongly. This law is fundamentally flawed. It is unconstitutional. It is like a law in which there is a provision on rape, murder, theft, nuisance, everything put together in a single section with the same punishment being given for all of them. This obviously is not good law making but that is exactly what has been done in this case by taking bits from laws in the UK and from elsewhere and mashing them all up into one omnibust gargantuan monster which is unconstitutional.

Pranesh Prakash also added that the fact is that if you have bad laws they will be used to harass people. Having good law is one part of that. Apart from that there has been also other laws which have been misapplied in this case. In all these recent cases, section 66A of the IT Act wasn't the only provision used. This particular section has been used in conjunction with some other laws. So section 66A of the IT Act independently is not required. There are other laws in the Indian Penal Code and elsewhere which are usually enough to cover all the things that section 66A of the IT Act is right now covering. It is just an add on provision that really can't justify its existence unless it is really reduced in scope.

Watch the full video that was aired on CNN-IBN

For more details visit https://cis-india.org/news/ibnlive-videos-november-20-2012-the-last-word-is-there-a-need-to-review-information-technology-act

The Last Chance for a Welfare State Doesn’t Rest in the Aadhaar System

sumandro — 2016-04-19T13:18:42Z

Boosting welfare is the message, which is how Aadhaar is being presented in India. The Aadhaar system as a medium, however, is one that enables tracking, surveillance, and data monetisation. This piece by Sumandro Chattapadhyay was published in The Wire on April 19, 2016.

Originally published in and cross-posted from The Wire.

Once upon a time, a king desired that his parrot should be taught all the ancient knowledge of the kingdom. The priests started feeding the pages of the great books to the parrot with much enthusiasm. One day, the king asked the priests if the parrot’s education has completed. The priests poked the belly of the parrot but it made no sound. Only the rustle of undigested pages inside the belly could be heard. The priests declared that the parrot is indeed a learned one now.

The fate of the welfare system in our country is quite similar to this parrot from Tagore’s parable. It has been forcefully fed identification cards and other official documents (often four copies of the same) for years, and always with the same justification of making it more effective and fixing the leaks. These identification regimes are in effect killing off the welfare system. And some may say that that has been the actual plan in any case.

The Aadhaar number has been recently offered as the ‘last chance’ for the ailing welfare system – a last identification regime that it needs to gulp down to survive. This argument wilfully overlooks the acute problems with the Aadhaar project.

Firstly, the ‘last chance’ for a welfare state in India is not provided by implementing a new and improved identification regime (Aadhaar numbers or otherwise), but by enabling citizens to effectively track, monitor, and ensure delivery of welfare, services, and benefits. This ‘opening up’ of the welfare bureaucracy has been most effectively initiated by the Right to Information Act. Instead of a centralised biometrics-linked identity verification platform, which gives the privilege of tracking and monitoring welfare flows only to a few expert groups, an effective welfare state requires the devolution of such privilege and responsibility.

We should harness the tracking capabilities of electronic financial systems to disclose how money belonging to the Consolidated Fund of India travel around state agencies and departmental levels. Instead, the Aadhaar system effectively stacks up a range of entry barriers to accessing welfare – from malfunctioning biometric scanners, to connectivity problems, to the burden of keeping one’s fingerprint digitally legible under all labouring and algorithmic circumstances.

Secondly, authentication of welfare recipients by Aadhaar number neither make the welfare delivery process free of techno-bureaucratic hurdles, nor does it exorcise away corruption. Anumeha Yadav has recently documented the emerging ‘unrest at the ration shop’ across Rajasthan, as authentication processes face technical and connectivity delays, people get ‘locked out’ of public services for not having or having Aadhaar number with incorrect demographic details, and no mechanisms exist to provide rapid and definitive recourse.

RTI activists at the Satark Nagrik Sangathan have highlighted that the Delhi ration shops, using Aadhaar-based authentication, maintain only two columns of data to describe people who have come to the shop – those who received their ration, and those who did not (without any indication of the reason). This leads to erasure-by-design of evidence of the number of welfare-seekers who are excluded from welfare services when the Aadhaar-based authentication process fails (for valid reasons, or otherwise).

Reetika Khera has made it very clear that using Aadhaar Payments Bridge to directly transfer cash to a beneficiary’s account, in the best case scenario, may only take care of one form of corruption: deception (a different person claiming to be the beneficiary). But it does not address the other two common forms of public corruption: collusion (government officials approving undue benefits and creating false beneficiaries) and extortion (forceful rent seeking after the cash has been transferred to the beneficiary’s account). Evidently, going after only deception does not make much sense in an environment where collusion and extortion are commonplace.

Thirdly, the ‘relevant privacy question’ for Aadhaar is not limited to how UIDAI protects the data collected by it, but expands to usage of Aadhaar numbers across the public and private sectors. The privacy problem created by the Aadhaar numbers does begin but surely not end with internal data management procedures and responsibilities of the UIDAI.

On one hand, the Aadhaar Bill 2016 has reduced the personal data sharing restrictions of the NIAI Bill 2010, and has allowed for sharing of all data except core biometrics (fingerprints and iris scan) with all agencies involved in authentication of a person through her/his Aadhaar number. These agencies have been asked to seek consent from the person who is being authenticated, and to inform her/him of the ways in which the provided data (by the person, and by UIDAI) will be used by the agency. In careful wording, the Bill only asks the agencies to inform the person about “alternatives to submission of identity information to the requesting entity” (Section 8.3) but not to provide any such alternatives. This facilitates and legalises a much wider collection of personal demographic data for offering of services by public agencies “or any body corporate or person” (Section 57), which is way beyond the scope of data management practices of UIDAI.

On the other hand, the Aadhaar number is being seeded to all government databases – from lists of HIV patients, of rural citizens being offered 100 days of work, of students getting scholarships meant for specific social groups, of people with a bank account. Now in some sectors, such as banking, inter-agency sharing of data about clients is strictly regulated. But we increasingly have non-financial agencies playing crucial roles in the financial sector – from mobile wallets to peer-to-peer transaction to innovative credit ratings. Seeding of Aadhaar into all government and private databases would allow for easy and direct joining up of these databases by anyone who has access to them, and not at all by security agencies only.

When it becomes publicly acceptable that the money bill route was a ‘remedial’ instrument to put the Rajya Sabha ‘back on track’, one cannot not wonder about what was being remedied by avoiding a public debate about the draft bill before it was presented in Lok Sabha. The answer is simple: welfare is the message, surveillance is the medium.

Acceptance and adoption of all medium requires a message, a content. The users are interested in the message. The message, however, is not the business. Think of Free Basics. Facebook wants people with none or limited access to internet to enjoy parts of the internet at zero data cost. Facebook does not provide the content that the users consume on such internet. The content is created by the users themselves, and also provided by other companies. Facebook own and control the medium, and makes money out of all content, including interactions, passing through it.

The UIDAI has set up a biometric data bank and related infrastructure to offer authentication-as-a-service. As the Bill clarifies, almost all agencies (public or private, national or global) can use this service to verify the identity of Indian residents. Unlike Facebook, the content of these services do not flow through the Aadhaar system. Nonetheless, Aadhaar keeps track of all ‘authentication records’, that is records of whose identity was authenticated by whom, when, and where. This database is gold (data) mine for security agencies in India, and elsewhere. Further, as more agencies use authentication based on Aadhaar numbers, it becomes easier for them to combine and compare databases with other agencies doing the same, by linking each line of transaction across databases using Aadhaar numbers.

Welfare is the message that the Aadhaar system is riding on. The message is only useful for the medium as far as it ensures that the majority of the user population are subscribing to it. Once the users are enrolled, or on-boarded, the medium enables flow of all kinds of messages, and tracking and monetisation (perhaps not so much in the case of UIDAI) of all those flows. It does not matter if the Aadhaar system is being introduced to remedy the broken parliamentary process, or the broken welfare distribution system. What matters is that the UIDAI is establishing the infrastructure for a universal surveillance system in India, and without a formal acknowledgement and legal framework for the same.

For more details visit https://cis-india.org/internet-governance/blog/the-last-chance-for-a-welfare-state-doesnt-rest-in-the-aadhaar-system

The kids are all on Facebook

praskrishna — 2012-07-20T06:24:17Z

In one photo, Prerna stands in front of the mirror, back slightly arched, a fringe covering her left eye, one hand on her hip, pursing her lips. The other hand holds the camera in a steadfast grip. Below this picture are almost a hundred likes and comments. There is nothing unusual as such about this photo on Facebook. Prerna, however, is just 11.

This article by Shikha Kumar was published in Daily News & Analysis on July 8, 2012. Sunil Abraham is quoted.

"Stop looking so pretty" and "OMG! You’re so thin" are some of the comments that appear under the picture of this young girl.

In another picture, Diksha’s wavy hair cascades around her face as she fixes the camera with an unwavering stare. The caption reads — "I love my hair. I know I sound like a conceited bitch." Diksha is 12.

Children like Prerna and Diksha, who are under the age of 13, are officially not allowed to open accounts on Facebook. But they are among the 7.5 million under-13 users of the popular social networking website, according to a study released by Consumer Reports last year. The study further revealed that among such users, 5 million were under the age of 10. Closer home, a McAfee-Synovate survey conducted across various cities in India revealed that 64% kids in the age group of 9-12 are members of social networking sites.

You may find the trend daunting since ‘kids’ are supposed to step out and socialise, rather than chat online. However, it’s a reality that we have no choice but to accept as a modern reality.

Internally, Facebook seems to have accepted the trend. As revealed by a news reports last month, the company is readying a technology that will allow children younger than 13 to open accounts and operate them in a secure manner. Possible approaches include connecting the children’s Facebook accounts with their parents’, and giving parents the control over who befriends their children on the website.

The New ways of being in touch with ‘friends’
The move has once again put the spotlight on the ways in which social networking is changing the way children interact with each other.

Namrata Bhoomkar, 13, logs on to the website at least two to three times a day. "I check my news feeds and see what my friends are up to. If you’re not on Facebook, you can’t be updated with what’s happening with everybody," she says.

Apart from finding out what their friends are up to, kids also spend a lot of time sharing their pictures, and are proficient at photo editing software like Photoshop, Picasa and Photobooth to make their pictures more striking.

Another way of standing out is to give pictures creative captions. "I google random quotes on love and life and then put those up as captions on the pictures. I get a lot of likes for it, which makes me feel nice," says 13-year old Sakshi Shrivastav.

Having No clue about privacy settings
However, while the kids use many of Facebook’s features, few are aware of the risks or the privacy settings available on the website that can protect them. In the McAfee-Synovate survey, 32% of the kids were not aware of any online threats, such as cyber hacking, stalking, bullying and identity thefts.

As a result, lessons are often learnt the hard way. "A 39-year-old man started sending me messages saying that I’m very pretty. My father found out and told me to disable my account. I was very upset since all my friends are on Facebook. So finally, my sister helped me activate my privacy settings," says an underage girl on the condition of anonymity.

Anandita Mishra, a security expert at McAfee Cybermum India, says that she does not advocate kids’ presence on Facebook. "There are several dangers; there might be paedophiles lurking, strangers pretending to be younger or your child may be a victim of online abusing or bullying," she says.

With the new timeline format, even though one’s account is protected, the cover pictures are always visible to everybody. In such cases, Mishra recommends either keeping no cover photo or keeping pictures of favourite cartoon characters.

In the face of so many risks, some experts believe that Facebook’s move to officially allow younger kids under some form of parental supervision is a step in the right direction.

"Children’s interaction online should always be under parental supervision. Censorship and control is not the responsibility of the government, but of parents," points out Sunil Abraham, director, Centre for Internet and Society.

Abraham believes that if this technology comes into force, children will consume content more responsibly. This will also give them the chance to go out in the real world and get some real communication experience, the old-fashioned way.

"They will even behave responsibly. If the account is supervised, they are less likely to engage in bullying, abusing, sexting or any other unacceptable forms of social behaviour," he adds.

While she is not totally in favour of this development, McAfee’s Mishra sees no other way because parents are unable to control their children. "Seven million kids are online with or without parental supervision. You cannot have cyber policing of children. It is important to inculcate the right values about responsible internet usage," she says.

For more details visit https://cis-india.org/news/kids-on-facebook

The internet’s new billion

praskrishna — 2011-04-02T07:31:19Z

New web users — in countries like Brazil and China — are changing the culture of the internet.

The harried mother had little wish to visit an internet cafe with two squirmy boys in tow, but she said there was no choice.

New to this potholed neighborhood on the city’s northern edge, Fabina da Silva, 31, needed to enroll her sons in school. Registering online was the only way.

“If it wasn’t a necessity, I wouldn’t be here,” da Silva said on a recent afternoon as her 6-year-old, Lucas, thumped his toy Sponge Bob on the mouse pad beside her. “Nowadays, internet in Brazil is a necessity.”

Brazil has long been a bellwether nation for emerging-market internet trends and it’s riding a wave that will soon sweep the globe. The newest billion people to venture online are doing so in developing countries rather than North America or Europe.

And whether those newcomers are getting online for fun or because they must, they’re doing so en masse. For businesses nimble enough to serve markets as diverse as Brazil, Russia, India, China and Indonesia, the shift promises a staggering number of new customers.

But internet trend-watchers say there’s more at stake than the emergence of a worldwide class of digital consumers. The new users are changing the culture of the internet itself. Researchers say the web as it was originally, if idealistically, conceived — a largely free, monolingual space where a shared digital culture prevailed — may soon be a distant memory. And it’s happening remarkably fast.

“Potentially explosive” is how Marcos Aguiar describes the growth. He’s a senior partner at the Boston Consulting Group’s Sao Paulo office who co-authored a report released in September called “The Internet’s New Billion.” It concludes the number of web users in developing-world “BRICI” countries — Brazil, Russia, India, China and Indonesia — will jump from 610 million this year to 1.2 billion by 2015.

When the internet crossed the billion-user threshold just five years ago, the developed world commanded a 60-40 majority online, according to the United Nations’ International Telecommunications Union. Today, that proportion has roughly reversed.

The new users are younger, poorer and more numerous than ever before, BCG’s analysts said, and increasing numbers will need web access and won't be able to afford broadband in their living room.

As Fabina da Silva pecked away on a keyboard to register her sons for school, she was in many ways typical of low-income Brazilian users. Those who don’t have web access at home often pay small fees to use ad hoc cybercafes known here as “LAN houses.” Many began as rooms full of connected computers, or local area networks, for multi-player gaming, but their customer base has since broadened.

In India, those following the trend say a huge portion of the new billion will enter the web via mobile devices.

“If you look at our broadband figures in India, it’s quite pathetic,” said Sunil Abraham, director of the Centre for Internet and Society, a think tank in Bangalore. “And less than 1 percent of the population has ever accessed the internet.”

But recently, many Indian telecommunication firms have begun giving out free data plans with their mobile devices — a move Sunil said will instantly send millions of Indians onto the internet. “The moment an end user acquires a smart phone they become a data user because they’re not paying for it,” he said. “But they’re not coming onto the internet like you and I know.”

Instead, phone companies only provide access to a few sites, such as Wikipedia and Facebook Zero, a stripped-down mobile version of the social networking site that omits photos but allows messaging and status updates. “They’re coming onto a network that, from the beginning, is a complete walled garden,” he said.

The new walls dividing regions of the internet aren’t likely to stop there. Even as more users join the web worldwide, they are increasingly separated by language. What the nearly 400 million users in China experience as the internet is vastly different than the web surfed by Americans. Much of the software and websites on the Chinese web are produced domestically in the local language. That’s also how it works in Russia and Indonesia.

Some observers say this difference has political consequences. “Many of the local companies provide far better service than the likes of Google and Facebook in those markets,” said Evgeny Morozov, a digital technology researcher at Stanford University. “But also those local websites are much easier to censor because the corporate entities behind those sites all have some domestic presence.”

Morozov is author of an up-coming book “The Net Delusion: The Dark Side of Internet Freedom,” and he said there’s a dark side to be found in the internet’s new billion, too. Because poorer users resort to more centralized methods for getting online — cybercafes, cell-phone towers — their activity will be much easier to monitor.

“The fact that so much of this is happening in cybercafes and mobile devices actually empowers the government because those two things are much easier to control than a desktop computer in your house,” Morozov said.

Morozov is also skeptical of notions that greater diversity of cultures online will lead to more cultural dialogue. “There is very little interaction between communities and it’s not because the tools are lacking. It’s just that modern-day Indians and modern-day Russians have nothing to talk about most of the time,” he said. “There may simply be no demand for joining that global village.”

More optimistic web scholars argue there will be cultural conversations, but bridging the gaps between communities will take effort. “The internet has become a bunch of interlinked but linguistically distinct and culturally specific spaces,” said Ethan Zuckerman, a senior researcher at Harvard University’s Berkman Center for Internet and Society. “There’s some interface between them but there’s a lot less than there was years back when we were sort of pretending that this was one great global space.”

Instead of becoming the world’s biggest tool for cultural exchange, Zuckerman said the web could become its principal medium for mutual misunderstanding. “We’re mostly talking to people like ourselves rather than talking across cultural boundaries,” Zuckerman said. “And when we do cross cultural boundaries, it’s often in a way where we’re overhearing something that really pisses us off.”

Take for example the 2005 scandal after a Danish newspaper posted cartoons depicting the prophet Mohammed, sparking riots across the Muslim world. Zuckerman said such incidents may become routine. “It’s a problem of unseen audiences,” he said. “We always have to be aware there are other audiences out there listening, and they’re particularly listening for mentions of themselves.”

For a more amusing and recent online snafu, Zuckerman prefers citing a topic that went viral on the micro-blogging site Twitter this summer. The topic, the Brazilian Portuguese phrase “Cala boca, Galvao,” was mysterious to many English-speaking users. Asked to explain, a few mischievous Brazilians claimed the Galvao was a rare Amazon bird being slaughtered to extinction for its colorful feathers. For everyone who re-tweeted the phrase, so the pranksters claimed, 10 cents would be donated to a global effort to save the bird.

The encouragement helped catapult the phrase into the ranks of Twitter’s top-trending topics, or most-repeated phrases worldwide last June. But in reality, Galvao was the first name of Galvao Bueno, a Brazilian sports commentator on the Globo network, whose pronouncements during the World Cup had irritated many of his compatriots. In Brazilian Portuguese, “Cala boca” roughly means, “shut up.”

“There’s an entirely different conversation going on that’s so incomprehensible to Americans that the Brazilians make fun of us when we try to understand,” Zuckerman said. “In many ways that sort of characterizes for me what’s going on with the contemporary ‘net.'”

But Zuckerman still believes virtual borders can be crossed. In 2005, he co-founded Global Voices, an aggregator and translator of blogs from around the world, in part to help the next billion web users communicate.

“These billion users are sort of proxy for the global middle class,” he said. “They’re an increasing economic force, an increasing cultural force, and they are the people we need to negotiate with and have a conversation with if we want to address problems like climate change.”

In the run-down Engenho da Rainha neighborhood in Rio de Janeiro, some of the LAN house customers seemed more interested in using the web to play games than solve the world’s problems.

One wiry teen in a blue baseball cap barely glanced away from his screen to answer questions. “I’ll spend all day, all night on the internet if I’m allowed,” said Carlos Wallace Cruz, 16. “I’d say I’m 98 percent addicted.”

Cruz’s drug of choice isn’t likely to ring a bell with Americans his age. It’s a video game available only on Orkut, a Google social networking site, wildly popular in Brazil and India but less so in the United States.

When a visitor asked if he ever spent time on Orkut’s much more famous rival site, Cruz responded with earnest puzzlement.

“What’s Facebook?” he asked.

Read the original in the Global Post

For more details visit https://cis-india.org/news/internet-new-billion

The Internet, Culture, and Society - Looking at Past, Present, and Future Worldwide

praskrishna — 2011-10-21T10:13:23Z

It is now well known that with 4.5 billion mobile phone owners in the world and increased Internet penetration, global cultures and communities have experienced shifts in their economic, political, and social well-being due to the digital revolution. As a scholar and consultant who works worldwide, Prof Ramesh Srinivasan will illustrate how new media technologies have been used creatively to enable political movements in Kyrgyzstan, literacy and educational reform in India, and economic development across the developing world. In addition to this, he will discuss some of digital culture's biggest challenges, including considering how the Web can start to empower different types of cultural perspectives and knowledges. The talk will be live streamed.

Prof. Ramesh Srinivasan

Ramesh Srinivasan is an Assistant Professor in the Department of Information Studies and Design|Media Arts at the University of California Los Angeles. He is a hybrid of an engineer, designer, social scientist, and ethnographer. His research and consultancy work focuses on the interaction between new media technologies and global cultures and communities. This involves studying the ways in which information technology shapes global education, health, economics, politics, governance, and social movements. He works in such diverse parts of the world as Kyrgyzstan, India, Native America, and more. Ramesh earned a doctorate in design from Harvard University, a Master of Science in Media Arts and Sciences from MIT Media Laboratory and a Bachelor of Science in Industrial Engineering from Stanford University.

For more information on Dr. Ramesh Srinivasan

video

For more details visit https://cis-india.org/events/Internet-Culture-Society

The Internet Will Be Everywhere In 2025, For Better Or Worse

praskrishna — 2014-04-04T09:08:38Z

In 2025, the Internet will enhance our awareness of the world and ourselves while diminishing privacy and allowing abusers to "make life miserable for others," according to a new report by the Pew Research Center and Elon University.

The blog post was originally published on the website of WCAI Cape and Islands NPR on March 12, 2014. Dr. Nishant Shah is quoted.

But more than anything, experts say, it will become ubiquitous and embedded in our lives — the same way electricity is today.

"The Internet will shift from the place we find cat videos to a background capability that will be a seamless part of how we live our everyday lives," says Joe Touch, director of the University of Southern California's Information Sciences Institute. "We won't think about 'going online' or 'looking on the Internet' for something. We'll just be online, and just look."

The report follows a survey last month on how the Internet has affected our lives in the 25 years since Sir Tim Berners-Lee released a paper proposing the World Wide Web. By 1989, the Internet had already been around for nearly two decades, but it wasn't widely accessible. Berners-Lee's ideas became the foundation of the way we access the Internet today.

So the Pew report asked: What do you expect to be the most significant overall impacts of our uses of the Internet on humanity between now and 2025? Here are some of the 1,800 respondents' predictions:

Survey Highlights

The Internet will allow us to collect information on every aspect of our lives and become more aware of our behavior — at the peril of privacy.

"We'll have a picture of how someone has spent their time, the depth of their commitment to their hobbies, causes, friends, and family. This will change how we think about people, how we establish trust, how we negotiate change, failure, and success," says Judith Donath, a fellow at Harvard University. Other experts predict that this can also effectively personalize health care and disease prevention.

But the conveniences come with tradeoffs. Llewellyn Kriel, head of a media services company in South Africa, has a far less rosy view. "Everything will be available online with price tags attached. Cyberterrorism will become commonplace. Privacy and confidentiality of any and all personal will become a thing of the past," he says.

Some predict that privacy in 2025 will be a luxury reserved for the upper class.

The Internet's pervasiveness will spread both education and ignorance

"The smartest person in the world currently could well be stuck behind a plow in India or China," says Hal Varian, chief economist for Google. "Enabling that person — and the millions like him or her — will have a profound impact on the development of the human race."

The downside? Group-think, mob mentality and manipulation. "The Internet will be used as the most effective force of mind control the planet has ever seen, leaving the Madison Avenue revolution as a piddling, small thing by comparison," says Mikey O'Connor, an elected representative to ICANN's GNSO Council, representing the ISP and Connectivity Provider Constituency.

We can't fully understand its effects yet

"The greatest impact of the Internet is what we are already witnessing, but it is going to accelerate," says Nishant Shah, director of research at the Centre for Internet and Society in India.

It might not even do as much as we think, as Dell engineer Anoop Ghanwani predicts: "Regulation will always stand in the way of anything significant happening."

Jeff Jarvis, entrepreneurial journalism professor at the City University of New York, compares the Internet to the printing press: Its significance could not have been predicted. "The impact of the book on society was not fully realized until 100 years after the invention of the press. ... In the development of the Net and its impact on society, we are at 1472 in Gutenberg years," Jarvis says. "Consider the change brought by the Web its first 20 years, and now you ask us to predict the next dozen? Sorry."

For more details visit https://cis-india.org/news/cape-and-islands-march-12-2014-the-internet-will-be-everywhere-in-2025-for-better-or-worse