We are anonymous, we are legion

Connections 2018

praskrishna — 2018-12-10T15:32:06Z

Gurshabad Grover attended Connections 2018, a pre-IETF event organised by the India Internet Engineering Society (IIESoc) in Bangalore on October 31 and November 1, 2018.

IIESoC organized the event with an objective to:

Discuss the interests and issues important to the network deployment, operation and design of networks in India as they impact IETF standards.

Educate and prepare new members for IETF involvement. Facilitate member involvement in IETF areas.

Provide information, guidance and direction to assist Indian community in involvement in the IETF.

Work from different IETF working groups was discussed in four tracks: IoT Standardisation, SDN and Network Operations, IPv6, and Deployments.

Click to view the agenda

For more details visit https://cis-india.org/internet-governance/news/connections-2018

Lessons from US response to cyber attacks

Arindrajit Basu — 2018-11-01T05:53:42Z

Publicly attributing the attacks to a state or non-state actor is vital for building a credible cyber deterrence strategy.

The article was published in Hindu Businessline on October 30, 2018. The article was edited by Elonnai Hickok.

In September, amidst the brewing of a new found cross-continental romance between Kim Jong-Un and Donald Trump, the US Department of Justice filed a criminal complaint indicting North Korean hacker Park Jin Hyok for playing a role in at least three massive cyber operations against the US. This included the Sony data breach of 2014; the Bangladesh bank heist of 2016 and the WannaCry ransomware attack in 2017. This indictment was followed by one on October 4, of seven officers in the GRU, Russia’s military agency, for “persistent and sophisticated computer intrusions.” Evidence adduced in support included forensic cyber evidence like similarities in lines of code or analysis of malware and other factual details regarding the relationship between the employers of the indicted individuals and the state in question.

While it is unlikely that prosecutions will ensue, indicting individuals responsible for cyber attacks offers an attractive option for states looking to develop a credible cyber deterrence strategy.

Attributing cyber attacks

Technical uncertainty in attributing attacks to a specific actor has long fettered states from adopting defensive or offensive measures in response to an attack and garnering support from multilateral fora. Cyber attacks are multi-stage, multi-step and multi-jurisdictional, which complicates the attribution process and removes the attacker from the infected networks.

Experts at the RAND Corporation have argued that technical challenges to attribution should not detract from international efforts to adopt a robust, integrated and multi-disciplinary approach to attribution, which should be seen as a political process operating in symbiosis with technical efforts. A victim state must communicate its findings and supporting evidence to the attacking state in a bid to apply political pressure.

Clear publication of the attribution process becomes crucial as it furthers public credibility in investigating authorities; enables information exchange among security researchers and fosters deterrence by the adversary and potential adversaries.

Although public attributions need not take the form of a formal indictment and are often conducted through statements by foreign ministries, a criminal indictment is more legitimate as it needs to comply with the rigorous legal and evidentiary standards required by the country’s legal system. Further, an indictment allows for the attack to be conceptualised as a violation of the rule of law in addition to being a geopolitical threat vector.

Lessons for India

India is yet to publicly attribute a cyber attack to any state or non-state actor. This is surprising given that an overwhelming percentage of attacks on Indian websites are perpetrated by foreign states or non-state actors, with 35 per cent of attacks emanating from China, as per a report by the Indian Computer Emergency Response Team (CERT-IN), the national nodal agency under the Ministry of Electronics and Information Technology (MEITY) which deals with cyber threats.

Along with other bodies, such as the National Critical Information Protection Centre (NCIIPC) which is the nodal central agency for the protection of critical information infrastructure, CERT-IN forms part of an ecosystem of nodal agencies designed to guarantee national cyber security.

There are three key lessons that policy makers involved in this ecosystem can take away from the WannaCry attribution process and the Park indictment. First, there is a need for multi-stakeholder collaboration through sharing of research, joint investigations and combined vulnerability identification among the various actors employed by the government, law enforcement authorities and private cyber security firms.

The affidavit suggested that the FBI had used information from various law enforcement personnel, computer scientists at the FBI; Mandiant — a cyber security firm retained by the US Attorney’s Office and publicly available materials produced by cyber security companies. Second, the standards of attribution need to demonstrate compliance both with the evidentiary requirements of Indian criminal law and the requirements in the International Law on State Responsibility. The latter requires an attribution to demonstrate that a state had ‘effective control’ over the non-state actor.

Finally, the attribution must be communicated to the adversary in a manner that does not risk military escalation. Despite the delicate timing of the indictment, Park’s prosecution by the FBI did not dampen the temporary thaw in relations between US and North Korea.

While building capacity to improve resilience, detect attacks and improve attribution capabilities should be a priority, we need to remember that regardless of the breakthrough in both human and infrastructural capacities, attributing cyber attacks will never be an exercise in certainty.

India will need to marry its improved capacity with strategic geopolitical posturing. Lengthy indictments may not deter all potential adversaries but may be a tool in fostering a culture of accountability in cyberspace.

For more details visit https://cis-india.org/internet-governance/blog/hindu-businessline-arindrajit-basu-october-30-2018-lessons-from-us-response-to-cyber-attacks

October 2018 Newsletter

Admin — 2018-11-15T02:44:58Z

Highlights

Published an article titled "Digital Technology Engaging Pedagogy through Hindi Wikipedia - A Case Study" in International Journal of English Language, Literature in Humanities. The authors of the article were Hindi faculty members of Christ University. Ananth Subray from Centre for Internet & Society provided research assistance.
Ananth Subray wrote an article "History of Wikipedia Education programme at Christ University" which has given an insight of Christ Wikipedia Education Program, how students are involved in different capacities in the program and shares the best practices of the Education Program.
CIS-A2K has collaborated with Tribal Research and Training Institute (TRTI) to facilitate development of Open knowledge resources on Community Forest Resource and content development in Wikimedia projects with community participation. These contents will become a part of "Van Bodh Knowledge repository".
Elonnai Hickok and Arindrajit Basu co-authored a research paper that was published as part of the Briefings from the Research and Advisory Group (RAG) of the Global Commission on the Stability of Cyberspace (GCSC) for the Full Commission Meeting held at Bratislava in 2018.
Arindrajit Basu in an article published by Oxford Human Rights Hub has argued that artificial Intelligence offers the potential to augment many existing bureaucratic processes and improve human capacity, if implemented in accordance with principles of the rule of law and international human rights norms.
Agnidipto Tarafder and Arindrajit Basu in an article published in Socio-Legal Review has traced the journey of the recent 377 (Navtej Johar v Union of India) and assessed its societal implications.
CIS invites applications for *three Research Fellow positions* to undertake field studies of platform-work in two cities, including Bangalore and another city (to be decided). The project seeks to produce a comparative understanding of at least two different kinds of platform-work as unfolding across Indian cities. Each fellow will be responsible for one field study (one form of work in one city) based on their language fluency and research experience.

Articles

377 Bites the Dust: Unpacking the long and winding road to the judicial decriminalization of homosexuality in India (Agnidipto Tarafder and Arindrajit Basu; Socio Legal Review; October 11, 2018).
Digital Native: Time to Walk the Talk (Nishant Shah; Indian Express; October 14, 2018).
Why Data Localisation Might Lead To Unchecked Surveillance (Pranesh Prakash; Bloomberg Quint; October 15, 2018).
Discrimination in the Age of Artificial Intelligence (Arindrajit Basu; Oxford Human Rights Hub; October 23, 2018).
Digital Native: Hashtag Fatigue (Nishant Shah; Indian Express; October 28, 2018).
Lessons from US response to cyber attacks (Arindrajit Basu; Hindu Businessline; October 30, 2018). The article was edited by Elonnai Hickok.

Media Coverage

Gmail users beware while giving access (Surupasree Sarmmah; Deccan Herald; October 4, 2018).
Are online shows obscene? (Anila Kurian; Deccan Herald; October 10, 2018).
Internet services not to be affected as DNS servers undergo update (Hindustan Times; October 12, 2018).
Spending too much time on social media? Tech abuse may lead to mental health issues (Divya Shekhar; Economic Times; October 13, 2018).
Sales of surveillance cameras are soaring, raising questions about privacy (Rahul Sachitanand; Economic Times; October 14, 2018).
Not Surprised by Indian govt's data localisation directives: Michael Dell (Anand J.; VC Circle; October 17, 2018).
Factcheck: No, phones of users who provided only Aadhaar as proof of identity won’t be disconnected (Kanishk Karan; Scroll.in; October 18, 2018).
Rural Indians don’t trust messages on WhatsApp blindly: Survey (Vidhi Choudhary; Hindustan Times; October 19, 2018).
Brazil’s experience a red flag for WhatsApp in Indian polls, say experts (Vidhi Choudhary; Hindustan Times; October 21, 2018).
Reliance-Jio Users Complain Of Porn Websites Being Blocked; Company Yet To Issue Official Statement (Logical Indian; October 27, 2018).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Peer Reviewed Article

Digital Technology Engaging Pedagogy through Hindi Wikipedia - A Case Study (Dr. George Joseph,Dr. Sebastian K.A, and Kavitha A with research assistance from Ananth Subray; International Journal of English Language, Literature in Humanities, Volume 6, Issue 8, August 2018).
.

Blog Entries

South India Copyright Workshop (Subodh Kulkarni; October 21, 2018).
History of Wikipedia Education programme at Christ (Deemed to be University) (Ananth Subray; Wikimedia Blog; October 29, 2018).

Event Organized

Van Bodh Workshop for content development on Forest Resources at Gadchiroli (Co-organized by TRTI and CIS-A2K; Gadchiroli; October 2 - 5, 2018).

Participation in Event

Community Toolkit for Greater Diversity (Organized by Wikipedia Community; Mandrem, Goa; October 5 - 7, 2018). P.P. Sneha participated in the event.

►Copyright and Patent

Media Coverage

5th Global Congress On IP And The Public Interest: Successes, Strategies Highlighted (David Branigan; Intellectual Property Watch; October 3, 2018).

Participation in Events

KEI Seminar on "Appraising the WIPO Broadcast Treaty and its Implications on Access to Culture" (Organized by KEI; Geneva; October 3 - 4, 2018). Anubha Sinha spoke on the panel titled "Rationale, Beneficiaries and Scope (of the Treaty)".
Stakeholders Consultation on draft WIPO Treaty to Protect Broadcasting Organization (Organized by Ministry of Commerce and Industry, Govt. of India; Copyright Office, New Delhi; October 23, 2018). Anubha Sinha participated in the meeting.

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Participation in Event

Panel Discussion on Equitable Access to Knowledge (Organized by DST Centre for Policy Research (IISc); Bangalore; October 23, 2018). Pranesh Prakash was a panelist and moderator at the event.

Media Coverage

Sting job by Hyderabad scientist exposes fake journals (Business Standard; October 11, 2018).

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Participation in Events

Confidentiality of Communications and Privacy of Data in the Digital Age (Organized by INCLO and Privacy International; Human Rights Council 39th ordinary session; September 25, 2018). Elonnai Hickok participated in the event.
Meetings of ISO/IEC JTC 1/SC 27 'IT Security techniques' (Organized by Standards Norway with support from NTNU, Microsoft, Telenor, et.al.; Gjøvik, Norway; September 30 - October 4, 2018). Gurshabad Grover participated in the meetings.
State of Work in India (Organized by Bangalore International Centre, TERI and Azim Premji University; Bangalore; October 3, 2018).
Technology Foresight Group Tandem Research's AI policy lab on the theme AI and Environment (Organized by Tandem Research; Goa; October 5, 2018). Shweta Mohandas attended a roundtable discussion on artificial intelligence and environment.
Indian Feminist Judgment Project Workshop (Organized by Jindal Industries; New Delhi; October 6 - 7, 2018). Swaraj Paul Barooah participated in the discussions.
Community Standards Roundtable Conversations (Organized by Facebook, School of Media & Cultural Studies, and Tata Institute of Social Sciences; Bangalore; October 7, 2018). Ambika Tandon participated in the roundtable discussions.
Surveillance Stories: Optimizing rights and governance (Organized by National Centre for Biological Sciences; Bangalore; October 16, 2018). Sunil Abraham gave a talk.
Debating Ethics: Dignity and Respect in Data Driven Life (Organized by International Conference of Data Protection and Privacy Commissioners; Brussels; October 24 - 25, 2018). Elonnai Hickok was a speaker in the panel "Move Slower and Fix Things".

►Cyber Security

Research Paper

Conceptualizing an International Security Regime for Cyberspace (Elonnai Hickok and Arindrajit Basu; October 26, 2018).

Event Organized

Roundtable on Cyber-security and the Private Sector (Omidyar Network Office; Bangalore; October 17, 2018).

Participation in Event

CyFy 2018 (Organized by Observer Research Foundation; New Delhi; October 3 - 5, 2018).

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Policies & the Public Interest (Shyam Ponappa; Business Standard; October 4, 2018 and Organizing India Blogspot; October 4, 2018).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Job

Call for Research Fellows - Field Studies of Platform-Work: The Research Fellows will be associated with CIS from December 2018 to June 2019, undertake fieldwork, participate in two research workshops, and prepare an Ethnographic Report based on the fieldwork.

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/october-2018-newsletter

Surveillance Stories: Optimizing rights and governance

Admin — 2018-10-31T01:39:56Z

Sunil Abraham gave a talk at the National Centre for Biological Sciences, Tata Institute of Fundamental Research, Bangalore on October 16, 2018. Sunil used a series of stories to explain how surveillance works and fails in the context of theft, murder, insider trading, terrorism, demonetization and encounter killings.

These stories were used to explore multiple technical solutions for solving the “surveillance optimization problem”. Policy makers have to simultaneously maximize various rights — the right to privacy, the right to transparency, the right to free speech — and uphold the imperatives of the nation state: national security, law enforcement and effective governance.

Two decades ago, Lawrence Lessig introduced a socioeconomic theory of regulation called the ‘pathetic dot theory’, which discusses how individuals in a society are regulated by four forces — law, code or technical infrastructure, market and social norms. The talk will explore how these four regulatory options contribute to solving the surveillance optimization problem.

This was published on the website of National Centre for Biological Sciences

For more details visit https://cis-india.org/internet-governance/news/surveillance-stories-optimizing-rights-and-governance

Participation in the meetings of ISO/IEC JTC 1/SC 27 'IT Security techniques'

Admin — 2018-10-31T01:28:29Z

From 30 September 2018 to 4 October 2018, Gurshabad Grover participated in the meetings of the working groups of ISO/IEC JTC 1/SC 27 'IT Security techniques' held in Gjøvik, Norway. The meetings were organized by Standards Norway with support from NTNU, Microsoft, Telenor, et.al.

Gurshabad mainly focused on the meetings of Working Group 5 responsible for standards and research in "Identity management and privacy technologies" in SC 27. I attended sessions discussing work related to current ISO/IEC standards and upcoming work in the WG, such as:

Establishing a PII deletion concept in organizations

Privacy guidelines for smart cities

Additional privacy-enhancing data de-identification standards

Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

User-centric framework for PII handling based on user privacy preferences

Gurshabad will be a co-rapporteur on a 12-month study period to investigate the 'Impact of Artificial Intelligence on Privacy' which was initiated by the WG in the meeting. Additionally, I was a part of the drafting committee which prepared the final resolutions and liaison statements from the meeting.

Gurshabad also attended the Norwegian Business Forum on cyber security which was held on October 4th, which featured talks by professionals and academicians working in cyber security in their different sectors. The agenda for the business forum can be found here.

For more details visit https://cis-india.org/internet-governance/news/participation-in-the-meetings-of-iso-iec-jtc-1-sc-27-it-security-techniques

Technology Foresight Group Tandem Research's AI policy lab on the theme AI and Environment

Admin — 2018-10-31T01:10:34Z

Shweta Mohandas attended a roundtable discussion on artificial intelligence and environment held at Tandem Research's office in Goa on October 5, 2018. She also made the framing intervention for the first session by addressing the question - What are the likely ethical conundrums, and plausible unintended consequences of the use of AI for sustainability?

Conversations at the lab clustered around four main themes:

AI in the Anthropocene
What are the most critical sustainability challenges in India – and can AI be useful in addressing them? What are the likely ethical conundrums, and plausible unintended consequences of the use of AI for sustainability?

Conservation after nature
What AI interventions are possible to foster better conservation and can AI driven citizen science initiatives improve people’s relationship with the natural world? Can AI help imagine a more dynamic and proximate co-existence with other species, after nature?

Water ecosystems
Can AI help us imagine new paradigm of water control and infrastructure that are more dynamic and ‘mirror’ the complexity of natural water systems? Will AI lead to decentralization and empowerment of water users or will it result in centralized models and loss of power and agency of water users?

Future Cities
Can AI systems be used to foster sustainability practices around mobility, energy, waste, and help better plan development zones and create early warning systems? What systems can be built to encourage citizen participation for solving sustainability problems and increase transparency and accountability of municipal governments?

For more details visit https://cis-india.org/internet-governance/news/technology-foresight-group-tandem-researchs-ai-policy-lab-on-the-theme-ai-and-environment

Smart City Standardization - ICT Perspective

Admin — 2018-12-10T16:00:28Z

An event on Smart City standardization – ICT Perspective was organized by the Bureau of Indian Standards in Bangalore on October 30, 2018. Gurshabad Grover attended the event.

Different efforts and challenges in the space of smart city standardisation were discussed by the speakers and panelists. See the agenda.

For more details visit https://cis-india.org/internet-governance/news/smart-city-standardization-ict-perspective

Reliance-Jio Users Complain Of Porn Websites Being Blocked; Company Yet To Issue Official Statement

Admin — 2018-10-29T02:35:43Z

Going by a lot of Jio network users, it seems that Mukesh Ambani’s Jio has banned hundreds of porn sites, in compliance with the order of the Department of Telecommunications.

The blog post was published by Logical Indian on October 27, 2018. Pranesh Prakash was quoted.

The order came after the Uttarakhand High Court on September 28, 2018, had directed the Centre to block over 850 pornographic websites. Many Jio users have taken to social media to show their protests. On Twitter, several users have threatened even to change their network if Jio doesn’t lift the ban.

However, the telecom operator has not issued an official statement confirming the ban or on the development so far. The complaints have come to notice after many users pointed out on social media platforms like Reddit and Twitter that several porn websites are no longer available on Jio network, as reported by the Financial Times.

The High Court’s Order

According to The Indian Express, the Uttarakhand High court’s order came after the alleged gang rape of a 16-year old girl by four students at her boarding school in Dehradun. It is alleged that the accused were “instigated by watching pornography” on their mobile phones before committing the crime.

In the order, the division bench of acting chief, justice Rajiv Sharma and justice Manoj Kumar Tiwari said, “There shall be a direction to all the Internet Service License Holders to punctually obey the notification dated 31st July 2015 and to block the publication or transmission of obscene material in any electronic form.” It further added that material containing sexually explicit act or conduct and also publishing or transmitting of material depicting children in sexually explicit acts should also be blocked.

Same crackdown in 2015

In 2015, the Department of Telecommunications had issued an order to block 857 porn websites. They had asked all the internet service providers to take compliance with the order and block the websites. A lot of people protested against this crackdown by the government. However, after receiving a huge criticism from the people, the government partially lifted the ban. But, following the rule, nothing had happened, and the porn sites were functioning as before, reported The Guardian.

An Indian think tank, Centre for Internet and Society member Pranesh Prakash said “It is illegitimate because it is not as though the government has found these websites unlawful … This is a blanket ban, and the government has not thought through the consequences,” reported by The Guardian.

The Logical Indian Take

Watching or not watching porn is a person’s liberty. India is a democratic nation, and according to our constitution, we are conferred with the freedom of expression and the right to personal liberty. So, this non-confirmed porn ban by Reliance Jio would be getting into the freedom of an individual.

After China, India has the second-largest number of internet users in the world. And, Reliance-Jio is just the third user base in India. The ban would not affect the population much but is definitely a threat to the user rights.

For more details visit https://cis-india.org/internet-governance/news/the-logical-indian-october-27-2018-reliance-jio-users-complain-of-porn-websites-being-blocked

Rural Indians don’t trust messages on WhatsApp blindly: Survey

Admin — 2018-10-28T06:21:34Z

Only 8% of the respondents marked 10 as their trust score on a scale of 1-10, where 1 stands for complete distrust and 10 for complete trust, in information received on WhatsApp, found a survey.

The article by Vidhi Choudhary was published in the Hindustan Times on October 19, 2018. Sunil Abraham was quoted.

WhatsApp users in rural India do not blindly trust messages they receive on the messaging service, according to a limited survey across 14 states, a finding that must provide some cheer to law enforcement officials and policymakers trying to combat fake news and rumours, and to the messaging service itself.

Only 8% of the respondents marked 10 as their trust score on a scale of 1-10, where 1 stands for complete distrust and 10 for complete trust, in information received on WhatsApp, found a survey conducted by Digital Empowerment Foundation (DEF), a New Delhi-based non-profit organisation that seeks to find solutions to bridge the digital divide.

To be sure, the Digital Empowerment Foundation survey titled “What’s up Rural India?” recorded responses from only 1018 rural users in 14 states including districts like Bettiah in Bihar, Barabanki in Uttar Pradesh, Chamba, Narendra Nagar and Pratapnagar in Uttarakhand, Betul and Guna in Madhya Pradesh, Musiri in Tamil Nadu, Memboobnagar, Vikarabad and Warangal in Telangana and Alwar and Barmer in Rajasthan among others, and only a larger survey can authoritatively weigh in on the trust people have in the messaging service.

Since May, at least 30 people have been lynched by mobs with rumours on the messaging platform being responsible for some of the incidents. Fake videos and rumours of child-lifting circulated via WhatsApp have triggered lynchings in at least eight states. The Indian government wrote to WhatsApp about the incidents and the platform, owned by Facebook Inc made some changes, including a clear labelling of forwarded messages as well as limiting the number of forwards to tackle the spread of rumours and Fake News.

WhatsApp has over 200 million users in India, its largest market, and India’s chief election commissioner OP Rawat said in a recent interview with Hindustan Times that attempts to influence poll outcomes using technology was the biggest challenge before his organization, which is responsible for the conduct of polls in India.

According to the DEF survey, almost 70% of the respondents rated their trust score between 1-5. “This composition of trust is unlike what I’d imagined. Users in rural India have exercised restraint in believing the information they get from WhatsApp. They still prefer to check with peers and local communities about what is right and wrong,” said Osama Manzar, founder and director at DEF.

What’s up, rural India?

Survey on WhatsApp by Digital Empowerment Foundation:

It is heartening to know people in rural India are sceptical about messages shared on WhatsApp, said Sunil Abraham co-founder at think-tank Centre for Internet and Society. “It’s a societal learning curve. Most of these users have been exposed to WhatsApp over the last one year. Previous incidents where trust has been misused is perhaps a reason for their apprehension. Their scepticism will grow in the light of all the disappointments that have happened. Ask them this question in 2019 and the numbers are likely to rise further,” added Abraham. Statistics in terms of overall usage of WhatsApp shows that about 66% rural users interviewed in the survey spend 1-4 hours on the messaging app daily, 46% receive between 11-60 messages in a day, 38% are active on upto five WhatsApp groups with a majority being in groups with friends, followed by work colleagues, and family. Experts said the usage of WhatsApp in rural India is surprisingly high. The high usage can be attributed to the rise of smartphone penetration in these areas.

A majority of 88% users also knew what a WhatsApp forward is and 45% said they receive between 6-20 forwarded messages in a day. In July, WhatsApp launched a label to identify forwarded messages in a bid to combat fake news and the spread of misinformation globally, including India. It later set a limit to the use of forwarded messages to 5 chats in India.

In response to an email query, WhatsApp said it has made product changes that make it clear when users have received forwarded messages and also provided greater controls for group administrators to help reduce the spread of unwanted messages in private chats.

“WhatsApp is a private messaging service for communicating with friends and family... We are working together with a number organisations to step up our education efforts so that people know how to spot fake news and hoaxes circulating online. It is heartening to note that these efforts are making a difference and keeping our users safe,” said a WhatsApp spokesperson.

Among other findings, about 40% of respondents said they were part of WhatsApp groups created by members or representatives of political parties.

“This reflects the level of campaigning and penetration of political parties. Villages are always politically sensitive and also interested in politics,” said Manzar.

Interestingly, the survey noted that 63% of the respondents were not on the service in 2014. WhatsApp will play a key role in the campaigns for 2019 as this will be the first election with a host of rural India users actively part of the service.

Data shows that the share of active WhatsApp users in rural India has doubled since 2017, according to a survey done by the Centre for the Study of Developing Societies. Abraham added this means political parties have a “direct channel” of communication with a “huge percentage of the voter base”.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-october-19-2018-vidhi-choudhary-rural-indians-don-t-trust-messages-on-whatsapp-blindly-survey

Factcheck: No, phones of users who provided only Aadhaar as proof of identity won’t be disconnected

Admin — 2018-10-28T06:13:12Z

Ever since the Supreme Court’s judgment on Aadhaar, which prohibited the use of the 12-digit biometrics-linked unique identity number by private entities as well as its linking with phone numbers and bank accounts, telecom companies and their customers in particular are wondering what this means for them.

The blog post by Kanishk Karan was published in Scroll.in on October 18, 2018. Pranesh Prakash was quoted.

On Thursday, the Times of India reported that crores of mobile phone connections face the “prospect of disconnection” if their SIM cards are not backed up by identity documents other than Aadhaar. The report also appeared on TimesNowHindi. The reports prompted the Union government to issue a statement insisting that the disconnection concerns are “completely untrue and imaginary”. But questions still remain about what comes next.

Joint statement

The news reports said that 50 crore mobile phone customers – who had used only Aadhaar to verify their identity as part of the Know Your Customer verification process, which became mandatory for all phone numbers last year – will need to re-verify their identity using alternative documents or face disconnection. This is because the Supreme Court verdict had concluded that linking Aadhaar to mobile connections, even voluntarily, is illegal.

In a joint press statement on Thursday, the Department of Telecommunication and Unique Identification Authority of India, the body that oversees Aadhaar, refuted this claim. The statement said that a “few news reports” have tried to create “unnecessary panic” by claiming that phone numbers may be at risk of disconnection. It insisted that those customers who used only Aadhaar for their verification process could use other documents to re-verify their identities, without being worried about their phones being disconnected. “In any case her/his mobile no. will not be disconnected,” the statement said. “What Supreme Court has done is that it has prohibited issue of new SIM cards via Aadhaar eKYC process due to lack of a law. There is no direction to deactivate the old mobile phones.”

The statement made it clear that telecom companies cannot ask for Aadhaar as proof of identity when issuing new SIMs. The authorities also used the statement to clarify a few other questions that have come up following the September 26 Aadhaar verdict.

Aadhaar data

One of the big sources of confusion that the verdict created was the Aadhaar data that telecom companies had already collected while carrying out Know Your Customer verification for phone numbers over the last year. The verdict seemed to suggest that all such data needs to be deleted within a certain time frame.

But the joint statement insists that this direction only applies to UIDAI and not to telecom companies. “The Court has also not asked to delete all the eKYC data of telecom customers after six months,” it said. The statement claims that the verdict only orders the UIDAI to delete the authentication data it holds, and, in fact, says that telecom companies are mandated to keep that data and that “there is no need” for them to delete it.

But not everyone agrees with this interpretation of the judgment.

Prasanna S, one of the lawyers who appeared on behalf of those petitioning against Aadhaar in the Supreme Court, said that the statement’s claim that telecoms do not need to delete Aadhaar data is wrong.

The Aadhaar ruling was a 4:1 majority judgment with Justice DY Chandrachud the sole dissident.

“The government and Telecom Regulatory Authority of India [should have issued] direction on the directive given by the Supreme Court to delete data within two weeks,” he said, referring to the portion of Chandrachud’s dissenting opinion in the verdict. Chandrachud had disagreed with the majority on a number of issues. But all five judges on the bench had agreed that linking Aadhaar to phone numbers was unconstitutional and posed a grave threat to privacy, liberty and autonomy of individuals. In his order, Chandrachud issued directions for Aadhaar data to be deleted within two weeks, which some lawyers believe should be binding even though it was in the dissenting opinion.

New authentication app

Since telecom companies can no longer use Aadhaar-based verification to authenticate new customers, the statement also said that the Department of Telecom and UIDAI are working on a mobile application that will perform the gask instead. According to the statement, when carrying out the authentication of a new SIM, the application will capture a “live photograph”, including location coordinates and a time stamp. Along with the live photograph, the application will require other government-issued identification documents such as voter ID or passport.

While that may solve the problem of having a simple authentication process instead of Aadhaar, questions have been raised about whether this procedure is vulnerable to fraud.

Pranesh Prakash, a fellow at the Centre for Internet and Society, said as of now it is unclear how the government would find a way to prevent “a single live photo being used multiple times”. If the same photo is used for issuing three SIM cards by the agent, would the government be any wiser, he wondered. Prakash said that, rather than the technology infrastructure, the important area to focus here is the security loopholes in the identity verification process.

Earlier this year, UIDAI had introduced a number of new provisions, including the virtual ID and face authentication, saying it will make fraud and data leaks less likely, as well as make it easier for those who are facing trouble with biometric authentication. Later, the directive was put on hold by the Department of Telecom. Thursday’s statement suggests a similar application, using live photos, but does not say when this technology will be rolled out.

For more details visit https://cis-india.org/internet-governance/news/scroll-kanishk-karan-october-18-2018-factcheck-no-phones-of-users-who-provided-only-aadhaar-as-proof-of-identity-wont-be-disconnected

Brazil’s experience a red flag for WhatsApp in Indian polls, say experts

Admin — 2018-10-28T06:06:19Z

Data shows that the share of active WhatsApp users in rural India has doubled since 2017, according to a survey by the Centre for the Study of Developing Societies.

The article by Vidhi Choudhary was published in Hindustan Times on October 21, 2018. Sunil Abraham was quoted.

Instant messaging service WhatsApp will have to put more safeguards in place to avoid its misuse in the 2019 Lok Sabha elections,experts say. Some point to the experience in the recent elections in Brazil,where the Facebook-owned platform battled allegations on its use to influence the popular vote, with mass-WhatsApp messages pushing anti-leftist propaganda.

“There is no easy way to say this but the likelihood of a WhatsApp scandal in the run-up to the 2019 elections in India is imminent. I won’t be surprised if there is already something similar taking place in India. That’s because there is no way to control the message that is being shared on the platform. The only way to stop this is by revoking the end-to-end encryption which will impair the privacy WhatsApp users enjoy,” said lawyer Rahul Matthan, partner at the law firm Trilegal and author of Privacy 2.0, which traces the historic origin and current debates on privacy.

WhatsApp has over 200 million users in India, its largest market. The absence of a data protection law in India (one is in the works but is unlikely to be passed before the elections) only adds to this problem, although this transcends WhatsApp.

“The large scale sale of phone numbers, and subsequent bombardment of messages, without seeking consent is also a reminder that we urgently need rules to limit the use of personal data for political campaigns. Europe’s law, the GDPR (General Data Protection Regulation), for example, puts strict limits on direct marketing, including by political parties and campaigners. Yet India is approaching its own elections without any effective data protection rules in place,” said Amba Kak, public policy adviser at web browser Mozilla.

The election commission is aware of the challenge. In an interview to Hindustan Times, chief election commissioner OP Rawat said the biggest challenge for the ECI right now is posed by technology firms that have wherewithal to influence voters.

According to a survey conducted by the Digital Empowerment Foundation (DEF) and reported by the HT earlier this week, 40% of rural users of the messaging platform were part of WhatsApp groups created by members or representatives of political parties. A third of the users spend between one hour and four hours on the app daily, the survey found. “This reflects the level of campaigning and penetration of political parties. Villages are always politically sensitive and also interested in politics,” the HT report said, quoting DEF’s Osama Manzar.

The survey noted that 63% of the respondents were not on the service in 2014. The share of active WhatsApp users in rural India has doubled since 2017, according to the Centre for the Study of Developing Societies.

A possible solution is to make sure voters are consistently informed about the issue of misinformation and fake news in India, added Matthan. “WhatsApp should continue to build a concerted marketing campaign against fake news to make voters aware, so that they exercise restraint while sending and sharing messages received from other users. The only trouble is if the message is received from a trusted ally, then one is likely to believe it. That’s why there is no absolute way to ensure shadow campaigns are not circulated on WhatsApp,” he explained.

The Facebook-owned platform has said in an earlier statements that it believes this is a challenge that requires government, civil society and technology companies to work together. “Our strategy has been twofold. First, to give people the controls and information they need to stay safe; and second, to work proactively to prevent misuse on WhatsApp,” WhatsApp said in the statement in July.

In July, WhatsApp launched a label to identify forwarded messages in a bid to combat fake news and the spread of misinformation globally, including India. It later set a limit to the use of forwarded messages to five chats in India. After that WhatsApp took out full-page advertisements in Indian newspapers offering “easy tips” to distinguish between fact and fiction as it battles rising pressure to curb the spread of misinformation in India after the lynching of at least 30 people in the country since May, with at least some being caused by rumours forwarded over phones.

Sunil Abraham, director at the think tank Centre for Internet and Society said WhatsApp could employ a network of fact checkers and explore “in application education”.

Local authorities in various parts of the country have resorted to Internet shutdowns to counter incidents of violence triggered by rumours on WhatsApp. Law firm Software Freedom Law Center (SFLC), based in New Delhi, has tracked down 116 Internet shutdowns across India in 2018 alone. In 2017, India reported 79 shutdowns; in 2016, the number was 31 and in 2012 it was just three. The rise from three shutdowns in 2012 to more than 100 this year marks a 3,766% surge. “State and central government and local authorities might consider this a solution. But a shutdown is completely against freedom of speech and that’s our view,” said an SFLC spokesperson. WhatsApp users in rural India do not blindly trust messages they receive on the messaging service, according to the DEF survey.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-vidhi-choudhary-october-21-2018-brazil-s-experience-a-red-flag-for-whatsapp-in-indian-polls-say-experts

Confidentiality of Communications and Privacy of Data in the Digital Age

praskrishna — 2018-10-28T06:02:07Z

On September 25, 2018, Elonnai Hickok participated in a side event Confidentiality of Communications and Privacy of Data in the Digital Age organized by INCLO and Privacy International at the Human Rights Council 39th ordinary session. Elonnai spoke on artificial intelligence and privacy.

For more details visit https://cis-india.org/internet-governance/news/confidentiality-of-communications-and-privacy-of-data-in-the-digital-age

Conceptualizing an International Security Regime for Cyberspace

Elonnai Hickok and Arindrajit Basu — 2018-10-26T15:09:23Z

This paper was published as part of the Briefings from the Research and Advisory Group (RAG) of the Global Commission on the Stability of Cyberspace (GCSC) for the Full Commission Meeting held at Bratislava in 2018.

Policy-makers often use past analogous situations to reshape questions and resolve dilemmas in current issues. However, without sufficient analysis of the present situation and the historical precedent being considered, the effectiveness of the analogy is limited.This applies across contexts, including cyber space. For example, there exists a body of literature, including The Tallinn Manual, which applies key aspects (structure, process, and techniques) of various international legal regimes regulating the global commons (air, sea, space and the environment) towards developing global norms for the governance of cyberspace.

Given the recent deadlock at the Group of Governmental Experts (GGE), owing to a clear ideological split among participating states, it is clear that consensus on the applicability of traditional international law norms drawn from other regimes, will not emerge if talks continue without a major overhaul of the present format of negotiations. The Achilles Heel of the GGE thus far has been a deracinated approach to the norms formulation process. There has been excessive focus on the content and the language of the applicable norm rather than the procedure underscoring its evolution, limited state and non state participation, and a lack of consideration for social, cultural, economic and strategic contexts through which norms emerge at the global level. Even if the GGE process became more inclusive and included all United Nations members, strategies preceding the negotiation process must be designed in a manner to facilitate consensus.

There exists to date, no scholarship that traces the negotiation processes that lead to the forging of successful analogous universal regimes or an investigation into the nature of normative contestation that enabled the evolution of the core norms that shaped these regimes. To develop an effective global regime governing cyberspace, we must consider if and how existing international law or norms for other global commons might also apply to ‘cyberspace’, but also transcend this frame into more nuanced thinking around techniques and frameworks that have been successful in consensus building. This paper focuses on the latter and embarks on an assessment of how regimes universally maximized functional utility through global interactions and shaped legal and normative frameworks that resulted, for some time, at least, in broad consensus.

Click to read more

For more details visit https://cis-india.org/internet-governance/blog/conceptualizing-an-international-security-regime-for-cyberspace

Discrimination in the Age of Artificial Intelligence

Arindrajit Basu — 2018-10-26T14:47:57Z

The dawn of Artificial Intelligence (AI) has been celebrated by both government and industry across the globe. AI offers the potential to augment many existing bureaucratic processes and improve human capacity, if implemented in accordance with principles of the rule of law and international human rights norms. Unfortunately, AI-powered solutions have often been implemented in ways that have resulted in the automation, rather than mitigation, of existing societal inequalities.

This was originally published by Oxford Human Rights Hub on October 23, 2018

Image Credit: Sarla Catt via Flickr, used under a Creative Commons license available at https://creativecommons.org/licenses/by/2.0/

In the international human rights law context, AI solutions pose a threat to norms which prohibit discrimination. International Human Rights Law recognizes that discrimination may take place in two possible ways, directly or indirectly. Direct discrimination occurs when an individual is treated less favourably than someone else similarly situated on one of the grounds prohibited in international law, which, as per the Human Rights Committee, includes race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status. Indirect discrimination occurs when a policy, rule or requirement is ‘outwardly neutral’ but has a disproportionate impact on certain groups that are meant to be protected by one of the prohibited grounds of discrimination. A clear example of indirect discrimination recognized by the European Court of Human Rights arose in the case of DH&Ors v Czech Republic. The ECtHR struck down an apparently neutral set of statutory rules, which implemented a set of tests designed to evaluate the intellectual capability of children but which resulted in an excessively high proportion of minority Roma children scoring poorly and consequently being sent to special schools, possibly because the tests were blind to cultural and linguistic differences. This case acts as a useful analogy for the potential disparate impacts of AI and should serve as useful precedent for future litigation against AI-driven solutions.

Indirect discrimination by AI may occur at two stages. First is the usage of incomplete or inaccurate training data that results in the algorithm processing data that may not accurately reflect reality. Cathy O’Neil explains this using a simple example. There are two types of crimes-those that are ‘reported’ and others that are only ‘found’ if a policeman is patrolling the area. The first category includes serious crimes such as murder or rape while the second includes petty crimes such as vandalism or possession of illicit drugs in small quantities. Increased police surveillance in areas in US cities where Black or Hispanic people reside lead to more crimes being ‘found’ there. Thus, data is likely to suggest that these communities commit a higher proportion of crimes than they actually do – indirect discrimination that has been empirically been shown through research published by Pro Publica.

Discrimination may also occur at the stage of data processing, which is done through a metaphorical ‘black-box’ that accepts inputs and generates outputs without revealing to the human developer how the data was processed. This conundrum is compounded by the fact that the algorithms are often utilised to solve an amorphous problem-which attempts to break down a complex question into a simple answer. An example is the development of ‘risk profiles’ of individuals for the determination of insurance premiums. Data might show that an accident is more likely to take place in inner cities due to more densely packed populations in these areas. Racial and ethnic minorities tend to reside more in these areas, which means that algorithms could learn that minorities are more likely to get into accidents, thereby generating an outcome (‘risk profile’) that indirectly discriminates on grounds of race or ethnicity.

It would be wrong to ignore discrimination, both direct and indirect, that occurs as a result of human prejudice. The key difference between that and discrimination by AI lies in the ability of other individuals to compel the decision-maker to explain the factors that lead to the outcome in question and testing its validity against principles of human rights. The increasing amounts of discretion and, consequently, power being delegated to autonomous systems mean that principles of accountability which audit and check indirect discrimination need to be built into the design of these systems. In the absence of these principles, we risk surrendering core tenets of human rights law to the whims of an algorithmically crafted reality.

For more details visit https://cis-india.org/internet-governance/blog/oxford-human-rights-hub-arindrajit-basu-october-23-2018-discrimination-in-the-age-of-artificial-intelligence

Debating Ethics: Dignity and Respect in Data Driven Life

Admin — 2018-11-07T03:03:25Z

Elonnai Hickok was a speaker in the panel "Move Slower and Fix Things" which was part of the 40th International Conference of Data Protection and Privacy Commissioners. The event was organized by International Conference of Data Protection and Privacy Commissioners (ICDPPC) from October 22 - 26, 2018 in Brussels. Elonnai participated in the event on October 24 and 25, 2018.

Click to read about the Programme here

For more details visit https://cis-india.org/internet-governance/news/debating-ethics-dignity-and-respect-in-data-driven-life