We are anonymous, we are legion

The Design & Technology behind India’s Surveillance Programmes

udbhav — 2017-01-20T15:56:44Z

There has been an exponential growth in the pervasive presence of technology in the daily lives of an average Indian citizen over the past few years. While leading to manifold increase in convenience and connectivity, these technologies also allow for far greater potential for surveillance by state actors.

While the legal and policy avenues of state surveillance in India have been analysed by various organisations, there is very little available information about the technology and infrastructure used to carry out this surveillance. This appears to be largely, according to the government, due to reasons of national security and sovereignty.^[1] This blog post will attempt to paint a picture of the technological infrastructure being used to carry out state surveillance in India.

Background
The revelations by Edward Snowden about mass surveillance in mid-2013 led to an explosion of journalistic interest in surveillance and user privacy in India.^[2] The reports and coverage from this period, leading up to early 2015, serve as the main authority for the information presented in this blog post. The lack of information from official government sources as well as decreasing public spotlight on surveillance since that point of time generally have both led to little or no new information turning up about India’s surveillance regime since this period. However, given the long term nature of these programmes and the vast amounts of time it takes to set them up, it is fairly certain that the programmes detailed below are still the primary bedrock of state surveillance in the country, albeit having become operational and inter-connected only in the past 2 years.

The technology being used to carry out surveillance in India over the past 5 years is largely an upgraded, centralised and substantially more powerful version of the surveillance techniques followed in India since the advent of telegraph and telephone lines: the tapping & recording of information in transit.^[3] The fact that all the modern surveillance programmes detailed below have not required any new legislation, law, amendment or policy that was not already in force prior to 2008 is the most telling example of this fact. The legal and policy implication of the programmes illustrated below have been covered in previous articles by the Centre for Internet & Society which can be found here,^[4] here^[5] and here.^[6] Therefore, this post will solely concentrate on the technological design and infrastructure being used to carry out surveillance along with any new developments in this field that the three source mentioned would not have covered from a technological perspective.

The Technology Infrastructure behind State Surveillance in India

The programmes of the Indian Government (in public knowledge) that are being used to carry out state surveillance are broadly eight in number. These exclude specific surveillance technology being used by independent arms of the government, which will be covered in the next section of this post. Many of the programmes listed below have overlapping jurisdictions and in some instances are cross-linked with each other to provide greater coverage:

Central Monitoring System (CMS)
National Intelligence Grid (NAT-GRID)
Lawful Intercept And Monitoring Project (LIM)
Crime and Criminal Tracking Network & Systems (CCTNS)
Network Traffic Analysis System (NETRA)
New Media Wing (Bureau of New and Concurrent Media)

The post will look at the technological underpinning of each of these programmes and their operational capabilities, both in theory and practice.

Central Monitoring System (CMS)

The Central Monitoring System (CMS) is the premier mass surveillance programme of the Indian Government, which has been in the planning stages since 2008^[7] Its primary goal is to replace the current on-demand availability of analog and digital data from service providers with a “central and direct” access which involves no third party between the captured information and the government authorities.^[8] While the system is currently operated by the Centre for Development of Telematics, the unreleased three-stage plan envisages a centralised location (physically and legally) to govern the programme. The CMS is primarily operated by Telecom Enforcement and Resource Monitoring Cell (TERM) within the Department of Telecom, which also has a larger mandate of ensuring radiation safety and spectrum compliance.

The technological infrastructure behind the CMS largely consists of Telecom Service Providers (TSPs) and Internet Service Providers (ISPs) in India being mandated to integrate Interception Store & Forward (ISF) servers with their Lawful Interception Systems required by their licences. Once these ISF servers are installed they are then connected to the Regional Monitoring Centres (RMC) of the CMS, setup according to geographical locations and population. Finally, Regional Monitoring Centre (RMC) in India is connected to the Central Monitoring System (CMS) itself, essentially allowing the collection, storage, access and analysis of data collected from all across the country in a centralised manner. The data collected by the CMS includes voice calls, SMS, MMS, fax communications on landlines, CDMA, video calls, GSM and even general, unencrypted data travelling across the internet using the standard IP/TCP Protocol.^[9]

With regard to the analysis of this data, Call Details Records (CDR) analysis, data mining, machine learning and predictive algorithms have been allegedly implemented in various degrees across this network.^[10] This allows state actors to pre-emptively gather and collect a vast amount of information from across the country, perform analysis on this data and then possibly even take action on the basis of this information by directly approaching the entity (currently the TERM under C-DOT) operating the system. ^[11] The system has reached full functionality in mid 2016, with over 22 Regional Monitoring Centres functional and the system itself being ‘switched on’ post trials in gradual phases.^[12]

National Intelligence Grid (NATGRID)

The National Intelligence Grid (NATGRID) is a semi-functional^[13] integrated intelligence grid that links the stored records and databases of several government entities in order to collect data, decipher trends and provide real time (sometimes even predictive) analysis of data gathered across law enforcement, espionage and military agencies. The programme intends to provide 11 security agencies real-time access to 21 citizen data sources to track terror activities across the country. The citizen data sources include bank account details, telephone records, passport data and vehicle registration details, the National Population Register (NPR), the Immigration, Visa, Foreigners Registration and Tracking System (IVFRT), among other types of data, all of which are already present within various government records across the country.^[14]

Data mining and analytics are used to process the huge volumes of data generated from the 21 data sources so as to analyse events, match patterns and track suspects, with big data analytics^[15] being the primary tool to effectively utilise the project, which was founded to prevent another instance of the September, 2011 terrorist attacks in Mumbai. The list of agencies that will have access to this data collection and analytics platform are the Central Board of Direct Taxes (CBDT), Central Bureau of Investigation (CBI), Defense Intelligence Agency (DIA), Directorate of Revenue Intelligence (DRI), Enforcement Directorate (ED), Intelligence Bureau (IB), Narcotics Control Bureau (NCB), National Investigation Agency (NIA), Research and Analysis Wing (RAW), the Military Intelligence of Assam , Jammu and Kashmir regions and finally the Home Ministry itself.^[16]

As of late 2015, the project has remained stuck because of bureaucratic red tape, with even the first phase of the four stage project not complete. The primary reason for this is the change of governments in 2014, along with apprehensions about breach of security and misuse of information from agencies such as the IB, R&AW, CBI, and CBDT, etc.^[17] However, the office of the NATGRID is now under construction in South Delhi and while the agency claims an exemption under the RTI Act as a Schedule II Organisation, its scope and operational reach have only increased with each passing year.

Lawful Intercept And Monitoring Project

Lawful Intercept and Monitoring (LIM), is a secret mass electronic surveillance program operated by the Government of India for monitoring Internet traffic, communications, web-browsing and all other forms of Internet data. It is primarily run by the Centre for Development of Telematics (C-DoT) in the Ministry of Telecom since 2011.^[18]

The LIM Programme consists of installing interception, monitoring and storage programmes at international gateways, internet exchange hubs as well as ISP nodes across the country. This is done independent of ISPs, with the entire hardware and software apparatus being operated by the government. The hardware is installed between the Internet Edge Router (PE) and the core network, allowing for direct access to all traffic flowing through the ISP. It is the primary programme for internet traffic surveillance in India, allowing indiscriminate monitoring of all traffic passing through the ISP for as long as the government desires, without any oversight of courts and sometimes without the knowledge of ISPs.^[19] One of the most potent capabilities of the LIM Project are live, automated keyword searches which allow the government to track all the information passing through the internet pipe being surveilled for certain key phrases in both in text as well in audio. Once these key phrases are successfully matched to the data travelling through the pipe using advanced search algorithms developed uniquely for the project, the system has various automatic routines which range from targeted surveillance on the source of the data to raising an alarm with the appropriate authorities.

LIM systems are often also operated by the ISPs themselves, on behalf of the government. They operate the device, including hardware upkeep, only to provide direct access to government agencies upon requests. Reports have stated that the legal procedures laid down in law (including nodal officers and formal requests for information) are rarely followed^[20] in both these cases, allowing unfettered access to petabytes of user data on a daily basis through these programmes.

Crime and Criminal Tracking Network & Systems (CCTNS)

The Crime and Criminal Tracking Network & System (CCTNS) is a planned network that allows for the digital collection, storage, retrieval, analysis, transfer and sharing of information relating to crimes and criminals across India.^[21] It is supposed to primarily operate at two levels, one between police stations and the second being between the various governance structures around crime detection and solving around the country, with access also being provided to intelligence and national security agencies.^[22]

CCTNS aims to integrate all the necessary data and records surrounding a crime (including past records) into a Core Application Software (CAS) that has been developed by Wipro.^[23] The software includes the ability to digitise FIR registration, investigation and charge sheets along with the ability to set up a centralised citizen portal to interact with relevant information. This project aims to use this CAS interface across 15, 000 police stations in the country, with up to 5, 000 additional deployments. The project has been planned since 2009, with the first complete statewide implementation going live only in August 2016 in Maharashtra. ^[24]

While seemingly harmless at face value, the project’s true power lies in two main possible uses. The first being its ability to profile individuals using their past conduct, which now can include all stages of an investigation and not just a conviction by a court of law, which has massive privacy concerns. The second harm is the notion that the CCTNS database will not be an isolated one but will be connected to the NATGRID and other such databases operated by organisations such as the National Crime Records Bureau, which will allow the information present in the CCTNS to be leveraged into carrying out more invasive surveillance of the public at large.^[25]

Network Traffic Analysis System (NETRA)

NETRA (NEtwork TRaffic Analysis) is a real time surveillance software developed by the Centre for Artificial Intelligence and Robotics (CAIR) at the Defence Research and Development Organisation. (DRDO) The software has apparently been fully functional since early 2014 and is primarily used by Indian Spy agencies, the Intelligence Bureau (IB) and the Research and Analysis Wing (RAW) with some capacity being reserved for domestic agencies under the Home Ministry.

The software is meant to monitor Internet traffic on a real time basis using both voice and textual forms of data communication, especially social media, communication services and web browsing. Each agency was initially allocated 1000 nodes running NETRA, with each node having a capacity to analyse 300GB of information per second, giving each agency a capacity of around 300 TB of information processing per second.^[26] This capacity is largely available only to agencies dealing with External threats, with domestic agencies being allocated far lower capacities, depending on demand. The software itself is mobile and in the presence of sufficient hardware capacity, nothing prevents the software from being used in the CMS, the NATGRID or LIM operations.

There has been a sharp and sudden absence of public domain information regarding the software since 2014, making any statements about its current form or evolution mere conjecture.

Analysis of the Collective Data

Independent of the capacity of such programmes, their real world operations work in a largely similar manner to mass surveillance programmes in the rest of the world, with a majority of the capacity being focused on decryption and storage of data with basic rudimentary data analytics.^[27] Keyword searches for hot words like 'attack', 'bomb', 'blast' or 'kill' in the various communication stream in real time are the only real capabilities of the system that have been discussed in the public domain,^[28] which along with the limited capacity of such programmes^[29] (300 TB) is indicative of basic level of analysis that is carried on captured data. Any additional details about the technical details about how India’s surveillance programmes use their captured data is absent from the public domain but they can presumed, at best, to operate with similar standards as global practices.^[30]

Capacitative Global Comparison

As can be seen from the post so far, India’s surveillance programmes have remarkably little information about them in the public domain, from a technical operation or infrastructure perspective. In fact, post late 2014, there is a stark lack of information about any developments in the mass surveillance field. All of the information that is available about the technical capabilities of the CMS, NATGRID or LIM is either antiquated (pre 2014) or is about (comparatively) mundane details like headquarter construction clearances.^[31] Whether this is a result of the general reduction in the attention towards mass surveillance by the public and the media^[32] or is the result of actions taken by the government under the “national security” grounds under as the Official Secrets Act, 1923^[33] can only be conjecture.

However, given the information available (mentioned previously in this article) a comparative points to the rather lopsided position in comparison to international mass surveillance performance. While the legal provisions in India regarding surveillance programmes are among the most wide ranging, discretionary and opaque in the world^[34] their technical capabilities seem to be anarchic in comparison to modern standards. The only real comparative that can be used is public reporting surrounding the DRDO NETRA project around 2012 and 2013. The government held a competition between the DRDO’s internally developed software “Netra” and NTRO’s “Vishwarupal” which was developed in collaboration with Paladion Networks.^[35] The winning software, NETRA, was said to have a capacity of 300 GB per node, with a total of 1000 sanctioned nodes.^[36] This capacity of 300 TB for the entire system, while seemingly powerful, is a miniscule fragment of 83 Petabytes traffic that is predicted to generated in India per day.^[37] In comparison, the PRISM programme run by the National Security Agency in 2013 (the same time that the NETRA was tested) has a capacity of over 5 trillion gigabytes of storage^[38], many magnitudes greater than the capacity of the DRDO software. Similar statistics can be seen from the various other programmes of NSA and the Five Eyes alliance,^[39] all of which operated at far greater capacities^[40] and were held to be minimally effective.^[41] The questions this poses of the effectiveness, reliance and proportionality of the Indian surveillance programme can never truly be answered due to the lack of information surrounding capacity and technology of the Indian surveillance programmes, as highlighted in the article. With regard to criminal databases used in surveillance, such as the NATGRID, equivalent systems both domestically (especially in the USA) and internationally (such as the one run by the Interpol)^[42] are impossible due to the NATGRID not even being fully operational yet.^[43]

Conclusion

Even if we were to ignore the issues in principle with mass surveillance, the pervasive, largely unregulated and mass scale surveillance being carried in India using the tools and technologies detailed above have various technical and policy failings. It is imperative that transparency, accountability and legal scrutiny be made an integral part of the security apparatus in India. The risks of security breaches, politically motivated actions and foreign state hacking only increase with the absence of public accountability mechanisms. Further, opening up the technologies used for these operations to regular security audits will also improve their resilience to such attacks.

^[1] http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law

^[2] http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/

^[3] https://www.privacyinternational.org/node/818

^[4] http://cis-india.org/internet-governance/blog/state-of-cyber-security-and-surveillance-in-india.pdf

^[5] http://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf

^[6] http://cis-india.org/internet-governance/blog/paper-thin-safeguards.pdf

^[7] http://pib.nic.in/newsite/PrintRelease.aspx?relid=54679 & http://www.dot.gov.in/sites/default/files/English%20annual%20report%202007-08_0.pdf

^[8] http://ijlt.in/wp-content/uploads/2015/08/IJLT-Volume-10.41-62.pdf

^[9] http://www.thehindu.com/scitech/technology/in-the-dark-about-indias-prism/article4817903.ece

^[10] http://cis-india.org/internet-governance/blog/india-centralmonitoring-system-something-to-worry-about

^[11] https://www.justice.gov/sites/default/files/pages/attachments/2016/07/08/ind195494.e.pdf

^[12] http://www.datacenterdynamics.com/content-tracks/security-risk/indian-lawful-interception-data-centers-are-complete/94053.fullarticle

^[13] http://natgrid.attendance.gov.in/ [Attendace records at the NATGRID Office!]

^[14] http://articles.economictimes.indiatimes.com/2013-09-10/news/41938113_1_executive-order-nationalintelligence-grid-databases

^[15] http://www.business-standard.com/article/current-affairs/natgrid-to-use-big-data-analytics-to-track-suspects-1

^[16] http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf

^[17] http://indiatoday.intoday.in/story/natgrid-gets-green-nod-but-hurdles-remain/1/543087.html

^[18] http://www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretly-monitor-internet-traffic/article5107682.ece

^[19] ibid

^[20] http://www.thehoot.org/story_popup/no-escaping-the-surveillance-state-8742

^[21] http://ncrb.gov.in/BureauDivisions/CCTNS/cctns.htm

^[22] ibid

^[23] http://economictimes.indiatimes.com/news/politics-and-nation/ncrb-to-connect-police-stations-and-crime-data-across-country-in-6-months/articleshow/45029398.cms

^[24] http://indiatoday.intoday.in/education/story/crime-criminal-tracking-network-system/1/744164.html

^[25] http://www.dailypioneer.com/nation/govt-cctns-to-be-operational-by-2017.html

^[26] http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data

^[27] Surveillance, Snowden, and Big Data: Capacities, consequences, critique: http://journals.sagepub.com/doi/pdf/10.1177/2053951714541861

^[28] http://www.thehindubusinessline.com/industry-and-economy/info-tech/article2978636.ece

^[29] See previous section in the article “NTRO”

^[30] Van Dijck, José. "Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology." Surveillance & Society 12.2 (2014): 197.

^[31] http://www.dailymail.co.uk/indiahome/indianews/article-3353230/Nat-Grid-knots-India-s-delayed-counter-terror-programme-gets-approval-green-body-red-tape-stall-further.html

^[32] http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext

^[33] https://freedomhouse.org/report/freedom-press/2015/india

^[34] http://blogs.wsj.com/indiarealtime/2014/06/05/indias-snooping-and-snowden/

^[35] http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data

^[36] http://economictimes.indiatimes.com/tech/internet/government-to-launch-netra-for-internet-surveillance/articleshow/27438893.cms

^[37] http://trak.in/internet/indian-internet-traffic-8tbps-2017/

^[38] http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will

^[39] http://www.washingtonsblog.com/2013/07/the-fact-that-mass-surveillance-doesnt-keep-us-safe-goes-mainstream.html

^[40] http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

^[41] Supra Note 35

^[42] http://www.papillonfoundation.org/information/global-crime-database/

^[43] http://www.thehindu.com/opinion/editorial/Revive-NATGRID-with-safeguards/article13975243.ece

For more details visit https://cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes

The dark side of future tech: Where are we headed on privacy, security, truth?

Admin — 2018-12-30T09:24:40Z

#2018 Year-End Special: We now live in a time when devices listen, chips track your choices, and governments can watch from behind a barcode. How do we navigate this world?

The article by Dipanjan Sinha was published in the Hindustan Times on December 29, 2018. Pranesh Prakash was quoted.

“One of the definitions of sanity is the ability to tell real from unreal. Soon we’ll need a new definition,” Alvin Toffler, author of the 1970 bestseller Future Shock, once said.

Privacy. Security. Freedom. Democracy. History. News — the lines between the real and unreal are blurring in each of these fields.

Fake news is helping decide elections; history being rewritten as it happens; rumour has become identical in look, feel and distribution to the actual news.

Devices that listen, governments that watch you from behind a barcode, chips that track where you go, what you eat, how you feel — these used to be the stuff of dystopian novels.

In April, the world learnt of the Chinese government’s social credit system, a programme currently in the works that would employ private technology platforms and local councils to use personal data to assign a social score to every registered citizen.

Behave as the state wants you to, and you could get cheaper loans, easier access to education; it’s unclear what the consequences could be for those who do the opposite, but discredits are likely for bad behaviours that range from smoking in non-smoking zones to buying ‘too many’ video games, and being critical of the government.

We’ve seen this before — totalitarian governments where the individual is under constant surveillance by a state that pretends this is for the greater good. But the last time we came across it, it was fiction — George Orwell’s 1984, set in a superstate where thought police took their orders from a totalitarian leader with a friendly name, Big Brother.

CATCH-22

“Just because you’re paranoid doesn’t mean they aren’t out to get you,” Joseph Heller said, in Catch-22, a novel so layered that you’re never sure which bits are true. Who gets access to the data your phone collects? What is the government watching for, after they’ve assigned citizens unique IDs?

It feels good to be able to criticise China, still something of an anomaly in a global community that is largely democratic and free-market, but the UK had a National Identity Cards Act from 2006 to 2010; India has the Aadhar project; Brazil has had the National Civil Identification document since 2017; Germany, a national identity card since 2010, and Colombia has had one since 2013.

They’re collecting biometric data, assigning numbers to citizens and building national registers — with not much word on what’s in them, who has access, or how secure they are.

“To ask what the risk is with accumulating such big data is like asking what the risk is with computers. They are both embedded in our lives,” says Pranesh Prakash, a fellow at the thinktank Centre for Internet and Society.

Security is just the base layer in the pyramid if risks. There is also the risk of discrimination — whether in terms of benefits, employment, or something like marriage, Prakash says. There is the risk of bad data leading to worse discrimination; there is the risk of public profiling.

“The question here is about transparency,” Prakash says. “The questions of what the data contains, who it is accessed by or sold do, how much of it there is, and what the purpose is of collecting it — need to be clearly answered.”

OPERATION THEATRE

New questions are being asked in the field of medicine as well. Where do you draw the line on designer babies? Should parents get to edit the genes of their child-to-be? How much ought we to tinker — do you stop at mutations, or go on to decide hair colour and intellect?

As it becomes cheaper and easier to sequence DNA, the questions over the next steps — of interpreting and analysing the data — will become more complex, says K VijayRaghavan, principal scientific adviser to the government of India, and former director of the National Centre for Biological Sciences. “From here on, with the data deluge, deciding what and how to do it will become fiendishly complex. Especially as commercial interests become involved.”

We have rules and laws for the use of DNA information in research, but corresponding laws that regulate how one can use personal whole genome information in the public space are still being framed. “The data-privacy discussion will soon get to the genomic-data space,” VijayRaghavan says. “Data sharing is needed for patients to benefit. Yet data privacy is needed to prevent exploitative use. It’s a conundrum, and there are no easy answers.”

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-dipanjan-sinha-december-29-2018-the-dark-side-of-future-tech

The Dangers Of Birdsong

praskrishna — 2014-02-12T10:29:10Z

Instant gratification? Social media can quickly turn the game into checkmate if you don’t keep your emotions in check.

Namrata Joshi's article was published in Outlook on January 25, 2014. Sunil Abraham is quoted.

“Woke up from a dream in which I had just learned that I was going to keep wickets for India. In my dream, I thought, let me share this news on Twitter. I didn’t, fearing I would be made a laughing stock.” These are few of a series of stream of consciousness tweets about a dream posted this Monday by author-academician Amitava Kumar. Tweets that don’t just have to do with dreaming of a personal achievement, but also about tweeting it. “Twitter has invaded even our sleeping life,” says Amitava on an e-mail but also admits that he didn’t think for a moment that he was sharing something private in a public place while tweeting his reverie. “Instead, perhaps, I was seeking a private connection with a lot of readers.” Which he did rustle up in good measure. He followed it up by tweeting a picture of his son with him, taken by his 10-year-old daughter Ila, as a homage to a similar photostream by author- photographer-art historian Teju Cole.

Amitava’s unfussy and creative candidness about tweeting things personal, which he prefers to see as “grappling with a form of writing” came in the wake of a weekend of vigorous debate on how social media platforms were bringing the private under unblinking public scrutiny—the immediate hook being the sudden, tragic death of Sunanda Pushkar after her no-holds-barred Twitter war with Pakistani journalist Mehr Tarar (over the latter’s alleged liaison with her husband Shashi Tharoor, which was consumed with much amusement by their vicarious, at times vicious, followers). The Tharoor incident is not a stand-alone case. Be it a confidentiality clause or diplomatic tact, a professional decision or personal affair or even a death of someone close to you, social media has become a stage to play out the classified and the confidential (see infographic) by the celebrities and the aam aadmi alike. The payback? Spats, comebacks, breakdowns, meltdowns, resignations, embarrassments, humiliations, kerfuffles....

And it’s not something confined to India alone. “US Congressman Anthony Weiner’s tweet of his, let’s call it, torso, to a young woman in Seattle is perhaps the most egregious example of a US politician behaving badly online,” says Amitava. No surprise then that Weiner became a butt of late-night comedy shows.

But the larger question here is why. Why this urge and urgency to share it all? What is it about a platform like Twitter or Facebook that makes people bare and dare? Is it that the immediacy, speed and reach allows them the easiest way to extend the boundaries of their secluded, lonely lives, get instant attention and fan the curiosity of someone out there who they don’t even know? And why is propriety and moderation getting thrown out of the window in the world of virtual exchanges? Adman-columnist Santosh Desai calls Twitter a “broadcast system to the universe”. The tweets are often “thought bubbles”, “something you mutter” without a full sense of what public means. “The spur of the moment opinion or feeling acquires public currency,” he says. “The unraveling of the human being, the opening up of the closed box then becomes a new source of stimulation and pleasure,” he says. “I sometimes wonder how we shared before Twitter. We talk about what we like, don’t like at the drop of a hat. At times you are vulnerable and vent things out without an agenda and without knowing the repercussions. We creative bunch are like that,” says popular actress Divya Dutta.

According to Sunil Abraham, executive director of the Centre for Internet and Society, Bangalore, private information is a currency in the global attention economy. “One of the many ways of climbing the attention economy is to divulge private information. Those in public life like filmstars and socialites understand this completely and exploit all traditional broadcast channels and contemporary multicast channels like social media to amass public attention,” he says. Look closely and the online space is no different from the real. There are as many exceptions as there are rules. So for every exhibitionist handle that exploits our latent voyeurism, there is a Natasha Badhwar, one of the most life-affirming presences on Twitter. For her, like Amitava, sharing is a mode of expression. “Sharing gives us agency. We take back the power to tell our story, express our views, share our version in our own words,” she says. According to her, “honest” sharing fuels empathy. “It is contagious, it makes the reader want to share too,” she says. And from that sharing could emerge a new pool of acquaintances, friends and well-wishers. It may not be a virtual escape from the real but a journey and connect back to the actual, an expansion of the human circle than a depletion of it.

But not all our friends and followers need necessarily be sympathetic. Often they are also brutally savage. “The anonymity allows people to say exactly what they want without considering the implications. They don’t realise that it’s not just a handle but a human being they are talking to,” says Nikhil Pahwa, founder of medianama.com. Amitava compares it to drone warfare. “The technology of remote destruction has introduced a new experience of war, and a new logic of killing. You can kill with greater abandon; you can strike in unexpected places; you are confronted with few consequences of your fatal mistakes. Similarly, Twitter allows a mode of social exchange with less culpability. There are very few consequences for trolls, but disastrous ones for their victims,” he says.

But surely that doesn’t mean that you blur all the lines between the private and the public? How to exercise caution? How much to open up (or not) and how much of your core to keep to yourself? Life, after all, is too complex and fragile for blame games and finger-pointing at social media alone. It’s those using it who need to own up. “People need to take responsibility for what they say. It’s like someone telling me how he was abused for 15 minutes on the phone when he could have easily cut the call,” says Nikhil Pahwa. “It’s a modern form of communication which you have to embrace but there’s a line you must draw. For instance, my wife and I never interact on FB or Twitter. I keep the family to myself. Jokes are fine but I don’t abuse or use swear words,” says actor Ashwin Mushran. “There has to be a sense of decorum. I won’t put out what I gossip about with my friends. I have no strategy but am guarded by my own belief system,” says actor Rajat Kapoor.

“It’s normal human nature to express. Be it anger or frustration, as a counsellor I tell people to not suppress emotions but some moderation and etiquette need to apply in cyber space,” says Mukta Puntambekar deputy director of Pune-based Muktangan Rehabilitation Centre. “You have to accept that your followers and friends will have access to details about you. You have to exercise discretion in saving something of yourself for yourself. There are areas that need not be opened up for all,” says actor-comedian Vir Das, who recently posted an open letter on FB—‘Twitter Bad? Facebook Evil? or We Stupid?’—on the pointlessness of blaming social media for the Tharoor family tragedy. To extend the argument further, and add another layer to it, aren’t we also living in times when privacy itself is evolving, asks Rajesh Lalwani, CEO of blogworks and a self-confessed people-watcher. “My grandmother would not even eat in public. But we eat in restaurants, on the streets,” he says.

Privacy is also becoming an ambiguous, vague and complex entity. Getting tagged in a friend’s photo compromises your privacy without your involvement or participation. “The line between private and public has mostly dissolved because of the temporal persistence of digital traces in cyberspace, the global nature of the network and the ubiquitous and pervasive surveillance state,” says Abraham. “On Twitter and FB, things get circulated...what we put up, whether it’s a tweet, an update or a picture, is permanent unlike memory,” says Desai. The digital trail stays online. “We are leaving our digital footprints behind. What we post might be easy but the implications of it are complicated,” says writer, filmmaker and media observer Amit Khanna.

According to him, there is a gap between the progression of technology and society. “There are newer windows but our minds are not growing apace to handle the connected world in a mature way,” he says. So one needs to be additionally circumspect about what we do online, how much of us we put out there. The ‘creative minds’ don’t see it as cut and dried. Natasha thinks that sharing can make people vulnerable to ridicule. “Confronting and embracing that vulnerability is the only way forward. These are not real fears to cling to, these are fears to shed as we grow and realise the extent of our individual power.” Amitava says he has seen several careers destroyed because of a single tweet. But he’d hate to back down and be cautious. As he puts it, “You’ve got to push the envelope and experiment with expression. I hope that when my wrong moment comes, people will be forgiving.” Amen to that.

For more details visit https://cis-india.org/news/outlook-namrata-joshi-january-25-2014-dangers-of-birdsong

The Dangers Of Aadhaar-Based Payments That No One Is Talking About

praskrishna — 2017-01-17T14:39:53Z

Less than three months ago, India’s banking sector was hit by a data breach which compromised 32 lakh debit cards and led to fraudulent transactions worth Rs 1.3 crore.

The article by Mayank Jain was published by Bloomberg on January 17, 2017. Sunil Abraham was quoted.

The incident started a debate around security of payment systems. But the debate had just about begun when the government’s demonetisation decision dragged attention away from it. Now as the dust settles and as the government starts to push newer means of digital payments, the focus is back on the security of systems being seen as an alternative to cash.

One such system is Aadhaar-based payments which could potentially allow citizens to pay anytime anywhere with the tap of a finger.

In theory, it sounds simple.

The Aadhaar-based payment system runs on the existing Aadhaar infrastructure through which a person’s biometrics are used to authenticate the user. Once authenticated, the user can transfer funds directly from one bank account to another without going through a mobile wallet or a card.

The payment system requires a smartphone, a working internet connection and a biometric authentication device with the merchant. The customer needn’t have a card or a phone as long as he or she has an Aadhaar-seeded bank account.

National Payments Corporation of India has developed this payments infrastructure over the existing Aadhaar-Enabled Payments System, the railroad on which the public distribution system has been functioning for years now.

Amitabh Kant, chief executive officer of the government policy think tank NITI Aayog said, earlier this month, that all cards and point-of-sale machines will become redundant in the country in the next two-and-a-half years as Aadhaar-based payments become popular.

A Double-Edged Sword

While payments authenticated by biometrics sound like a good idea in a country where less than one in three people actually own a smartphone, there are fears that integrating biometrics with digital payments could prove to be a security headache.

The first part of the problem is that Aadhaar, while effective, is not a fool-proof method of authentication and identification failures are not uncommon. Building a payment system atop the Aadhaar system will simply transfer some of these vulnerabilities.

The possibility of transaction failures due to a biometric mismatch are real, admitted a former high-ranking official from the Unique Identification Authority of India (UIDAI) who spoke to BloombergQuint on the condition of anonymity.

Officially, the false reject rate – rejection of a biometric when it’s actually correct – is set at a maximum of 2 percent for devices that get certified from the UIDAI. On the ground, however, failure rates vary widely, said the official quoted above.

According to the official statistics on UIDAI, more than 16 lakh Aadhaar-authentication requests failed in the past week. The type of errors encountered ranged from the biometric data not matching the database to demographic details not checking out.

The failure rates on Aadhaar Enabled Payment System for interbank transactions (which is a part of all Aadhaar authentication requests) were found to be as high as 60 percent by the Watal Committee on digital payments which published its report in December.

Additionally, newer security threats may also emerge if the scope of Aadhaar is widened. These include identity theft if a person’s biometrics are compromised from the payment system, phishing attempts, and the difficulty in revoking access once biometric information is compromised.

Biometrics aren’t an exact science, the official quoted above said, while adding that possible glitches have to be weighed against the benefits of offering a widely accessible non-cash mode of payment to citizens.

How Easy Is It To Beat The System?

Sunil Abraham, executive director of Bangalore based research organisation Center for Internet and Society (CIS) said that one way to assess how secure a system is to understand the cost and effort that goes into breaching it.

In the case of Aadhaar-based payment systems, the costs may not be high.

“There’s the gummy finger method which essentially requires some Fevicol or gum to duplicate someone’s fingerprint which can be enough to transact on someone’s behalf without them being there,” said Abraham in a phone conversation with BloombergQuint. “An average person can’t clone a smart card. Just fevicol and glue can help you make a gummy finger. The biometric lobby will say that advanced scanners defeat the gummy finger attack but more advanced scanners are also more expensive.”

Also, using more sensitive devices could push up the instance of false rejection of transactions, said Abraham.

There are other concerns. Like the fact that devices used for Aadhaar identification could store personal information, which, in turn, could be susceptible to a breach.

There are five main components in an Aadhaar app transaction – the customer, the vendor, the app, the back-end validation software, and the Aadhaar system itself. There are also two main external concerns – the security of the data at rest on the phone and the security of the data in transit. At all seven points, the customer’s data is vulnerable to attack.
Bhairav Acharya, Program Fellow, New America

Acharya, who works at a U.S.-based think tank called New America and focuses on cyber-law, said the key concern is that Aadhaar data can be stolen and misused.

“The app and validation software are insecure, the Aadhaar system itself is insecure, the network infrastructure is insecure, and the laws are inadequate.”

The biometric data collected on the authentication device at a merchant location can potentially be stored on the device as well as the smartphone of a merchant for a long time. Abraham added that there is a possibility that non-certified devices will enter the market, which can store data and use it in the future to do fraudulent transactions.

The concerns over potential misuse of biometric data by private agencies has also been highlighted by the Supreme Court of India. Earlier this month, the apex court refused to expedite the hearing on a petition regarding Aadhaar being utilised for multiple use cases by private companies. It, however, observed that private agencies collecting biometric data “is not a great idea”.

Deficient Privacy Laws

Apar Gupta, a Delhi-based lawyer working on cyber security, says that the lack of strong privacy protecting provisions is another concern that should be kept in mind while moving towards an Aadhaar-based payment system.

“The data stays for a long time with the stakeholders in the system. The requesting agency can keep it for seven years and the UIDAI can store it for five years. There are insufficient safeguards and there’s an absence of privacy law and an independent privacy regulator,” he said.

Acharya agreed.

India does not have the necessary laws to deal with a decentralised, biometrically-authenticated, mobile payments system, according to Acharya.

“Moreover, current laws and policies regarding the Aadhaar project, particularly the centralised database, are inadequate from the point of view of data security and end-user privacy,” he said.

Abraham of CIS said the issue is wider than Aadhaar. The problem is the lack of a strong data security law.

We only have a minimal data security law under the Section 43A of the Information and Technology Act which only applies to the private sector. There’s no law that applies to the government. Even 43A has not been applied consistently. There’s no place for you to go and complain if your identity has been compromised.
Sunil Abraham, Executive Director, Centre for Internet & Society

Gupta noted that, in the event of an identity threat, avenues of recourse are also limited. He said the best option is an appeal in the civil court, which is a long drawn out process.

In final analysis, according to Abraham, credit and debit cards are easier to secure as access can be revoked quickly.

“The trouble with biometrics is that the chain of trust is harder to establish because too many people can get access to biometrics and then you need to devise these convoluted solutions like hardware secure zones,” Abraham said.

“So the advantage of going with a smart card is that it can be easily re-secured, but with biometrics, once I compromise it, it’s lifelong.”

For more details visit https://cis-india.org/internet-governance/news/bloomberg-mayank-jain-january-17-2017-dangers-of-aadhaar-based-payments-that-no-one-is-talking-about

The Curious Case of Poor Security in the Indian Twitterverse

udbhav — 2016-12-17T00:28:05Z

What are the technical, legal and jurisdictional issues around the recent Twitter and email hacks claimed by the ‘Legion Crew’, and what can targeted entities do to better protect themselves?

The article was originally published in the Wire on December 15, 2016.

The term legion, an oft-referred identity in popular culture, has begun to attain recent notoriety in Indian cyberspace due to the spate of hacks being carried out by a group of hackers calling themselves ‘Legion Crew’. The group has compromised four Twitter and/or email accounts in the past two weeks, with confirmed hacks of Rahul Gandhi, Vijay Mallya, Barkha Dutt and Ravish Kumar. Lalit Modi, Apollo Hospitals and the parliament (sansad) have been singled out as future targets, with dire warnings of catastrophic data leaks if the group were to be investigated by the authorities. The ethical impression of the hacks have been divided, with some segments of the public supporting the supposedly hacktivist outlook of the group while others condemning their actions as reckless and invasive. In the meantime, no individuals or entities have been accused of the hacks by the police, with most reports claiming the foreign origin of the hacks being the biggest impediment to the investigations.

A technical and legal perspective

The hacks first began against the politician Gandhi, whose Twitter account was hacked almost two weeks ago, with various demeaning tweets being posted for a few hours before access to the account was restored to the rightful owner. The same hacks were then carried out on business tycoon Mallya’s Twitter account last Friday but this time around, his bank details (apparently obtained from his compromised email accounts) were also leaked to the public via Twitter. Similar hacks targeting both the Twitter and email accounts of Dutt and Kumar were also carried out the past weekend. Sensitive details and data dumps (around 1.5 GB in size) of the journalists were released to the public, along with escalating warnings about future attacks. The data dumps released by the hackers seemed to be indicative that the hackers obtained far more information than they had disclosed via the Twitter hacks and were willing to leverage this data as ransom. Twitter, via both their Indian policy representatives and their international office, has denied any compromise to their systems and has claimed that all accounts were legitimately accessed with valid credentials at the time of the hacks. This leads to three main questions: How were the Twitter and email accounts hacked? What is the recourse, especially in terms of investigation, available to the afflicted parties and the authorities? What can potential targets do to secure their online presence from such attacks?

Regarding their technical nature, all of these hacks were sustained compromises that lasted for a few hours each (a long time in cyberspace) and seemed to be reflective of only a fragment of the power the hackers held over the individual’s online presence. Considering Twitter’s denial that the attacks were due to a security flaw on their end as well as the fact that legitimate login details were used to gain access to the accounts, a rather simple investigation can show that the most likely attack vector used by the Legion Crew for these hacks was a DNS Hijacking attack in combination with a Man in the Middle (MITM) attack. These methods abuse the rather simple and (by default) insecure DNS system that is responsible for directing the world’s Internet traffic including email. While the use of DNS to map websites to the IP address of the systems where they are physically hosted (for instance, www.thewire.in maps to 52.76.81.135 at the time of writing this article) is fairly well known, the DNS system also directs most of the world’s email. Similar to DNS A and AAA name records regarding websites, DNS MX records direct email sent to domain names to the correct email servers where they are processed for storage or forwarding, as required. If these MX records are compromised, then hackers can easily redirect emails sent to legitimate email address of the domain name (for instance, xyz@thewire.in) to whatever system they want, including other compromised email addresses.

The original operator of the email account is unaware of any email that is redirected in such a way and has no way of knowing the account has been hacked until they notice they are not consistently receiving emails sent to them, which in well planned hacks can be as for many weeks or even months. These attacks can also be further augmented if the hackers also decide to implement an MITM. In an MITM attack, hackers can redirect all traffic attempting to reach an email account via the MX records to a system they operate by changing the MX records on the domain name server to a malicious system. They can access and store all these emails (along with attachments) via the malicious system and also manipulate the information contained in these emails. Then, either in bulk or selectively, they can re-send the emails to the original email accounts they were intended for from their own servers. The owner will then receive the emails in their inboxes with the apparent impression they are private and being received for the first time. This entire MITM process can be setup in a manner that the emails are rerouted to compromised servers by MX records changes, stored for future analysis and then forwarded to the original recipient account in a matter of seconds.

Given the reliance placed by most websites on email IDs being a primary form of identity authentication, compromising an email ID can give access to most of the social networking, entertainment and even banking websites’ login details of the owner to any individual who has the login details of the account. This is because of the password reset or forgotten password feature available in most services that use only email IDs by default as a form of authenticating account ownership and allowing the user to reset their passwords by setting a reset email to their registered email accounts. Once they gain access to the compromised accounts, hackers can perform these resets with impunity, granting them unrestricted access to the online presence of the owner. In fact, hackers can use these attacks to perform password resets on the email accounts themselves, allowing them unlimited access to past conversation, records and login details that may be stored in the email accounts.

Keeping this background in mind, the most likely methodology behind the hacks is quite simple to explain. The Legion Crew most likely first compromised the email systems of these celebrities by changing the DNS MX records of the email IDs which were registered with Twitter as login IDs for these accounts. This allowed them to redirect emails sent to these email IDs to an alternative system of their choosing. They then used the password reset feature of Twitter, which is similar to those provided by most social networking services, to reset the password of these accounts. However, due to the compromise of the MX records of the domain names used by these celebrities, instead of reaching the inboxes of the entities operating the accounts, the password reset emails were sent to the alternative systems set up by the hackers solely for receiving such emails. After receiving this email, it was a simple matter of resetting the account credentials by clicking on the password reset link on the email and changing the passwords of these accounts to unique passwords only known to the hackers.

The hackers then would (and did) have complete control of the account until the service provider itself intervened and provided an emergency reset along with recommending rectifying the MX records from the malicious one’s inserted by the hackers. The only question left to be answered in the methodology followed by the hackers is how they gained access to the MX records, as DNS records can only be changed using the dashboard of the domain name provider, which in turn is protected by a login password. Allegations have arisen that most (if not all) of the compromised accounts used ‘Net4india’ as their domain name provider. Therefore, it is very possible either that it is a vulnerability on the Net4india systems, an internal compromise of the personnel Net4india and so on leading to access detail to domain name accounts from being compromised. Such security and personnel breaches could have been responsible for providing access to the domain name management dashboard of the hacked celebrities email IDs, after which the attack would have followed the methodology described above by changing the MX records to a malicious system.

Jurisdictional issues

The legal avenues available to the affected parties are fairly clear within the Information Technology Act, 2000 and the Indian Penal Code, 1862. Section 66 and Section 66C of the IT Act, which govern hacking and misuse of passwords respectively, would apply along with possible application of the provisions concerning mischief (Section 425), cheating (Section 420) and extortion (Section 383) of the IPC. However, recent investigations have already begun to show that the various jurisdictional symptoms that plague cybercrimes investigations are also hindering investigations for these hacks. The global nature of the internet ensures that the operating servers, attackers, compromised users and unwitting intermediaries are more often than not all located in different jurisdictions, each with their own set of protections, vulnerabilities and laws. For example, investigations by the Delhi police into IP addresses that accessed Gandhi’s Twitter account during the hack have shown that in the period of few hours the account was accessed from the US, Sweden, Canada, Thailand and Romania. Of course, given the pervasive availability of IP spoofing tools, none of these countries is indicative of the actual location of the hacker. Gaining information from these different servers, in order to trace a route of the hacker’s digital geographical journey, is a bureaucratic and legal nightmare with long delays, unanswered Mutual Legal Assistance Treaty requests and unresponsive service providers being the norm. Like in most cybercrime investigation, if the hackers take certain basic steps to mask their identities and geographical location, their odds being caught by traditional law enforcement are negligible. Investigations that have successfully managed to catch such hacker groups, such as the Project Safe Childhood by the FBI against child pornography on the Tor web, take millions of dollars, months of efforts and a high level of skill. Whether these Twitter hacks will generate the sustained, multijurisdictional effort across law enforcement agencies in India required to catch such crimes remains to be seen. Until then, the questions of attribution, liability and justice will remain unanswered like in a majority of large scale cyber hacks.

Possible measures

Given that various other targets have already been singled out by the hacker group, the need for vigilance and improved security is greater than ever. One basic measure, easily available within Twitter and most other services, that should be carried out is enabling two factor authentication (2FA) on both email and social media accounts. 2FA ensures that the user has to input a One Time Password (OTP) generated on a separate device (such as a mobile phone) at the time of logging in or resetting the password for the account. This would mean that even if the hackers obtain the password or compromise the emails being sent to an account, they will be unable to login into an account without also being in physical possession of the device with the OTP generation application. If this option, which is already available within Twitter, was enabled for the four accounts that were hacked, for example, they would have remained protected despite the email account compromise. Further, domain name service providers should also implement Domain Name System Security Extensions and Domain Keys Identified Mail to prevent DNS and email hijacking, as was carried out on Net4India servers in these Twitter attacks. Using HTTPS on all pages on websites will also go a long way in preventing spoofing and securing user information in transit. Finally, nothing can replace customer education and awareness as the most effective tool to combat the growing cyber threats faced by the average netizen. The weakest link in a digital system is often the end user. A core set of security measures that can be percolated into common practice will serve as the first and best line of defence against such attacks in the future, for both the common man and celebrities alike.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-udbhav-tiwari-december-15-2016-curious-case-of-poor-security-in-indian-twitterverse

The Crypto Wars Are Global

praskrishna — 2016-04-01T16:06:30Z

The blog post by Joseph Cox was published by Motherboard on March 4, 2016

American politicians, media, and the public may be focused on the ongoing battle between Apple and the FBI over encryption in the iPhone, but the so-called Crypto Wars are far from just a national issue.

The proliferation of encryption—and law enforcement’s efforts to defeat it—is a wordwide phenomenon, and one that might have much more urgent consequences outside of Europe and the US.

On top of that, some governments’ reactions to the increased use of cryptography have been more kinetic and drastic.

This was starkly demonstrated with the arrest of a senior Facebook executive in Brazil on Tuesday, seemingly carried out because WhatsApp was unable to fulfill a court order to intercept messages on the service. That case was likely an exceptional one, but it was symptomatic of growing frustration amongst governments and law enforcement around the world.

Plenty of countries already seemingly target devices to circumvent encryption

So as foreign authorities clamp down on crypto in their own way, how will this affect users?

“Outside the US, the consequences for users, the risks, the threats that they face; the reasons they use crypto, are going to be much more pronounced,” Amie Stepanovich, US Policy Manager at Access Now, a digital rights group told Motherboard in a phone call.

For some users, Stepanovich said, “encryption really is a matter of life or death.” She pointed to LGBQT communities in the Middle East or North Africa, where their sexual preference might be illegal.

Various countries have taken wildly different approaches to tackling crypto. Late last year, the Kazakhstan government announced a plan to force all internet users to download a digital certificate that would allow the authorities to snoop on encrypted traffic. And in 2014, the Russian government called for researchers to find a way to crack the Tor anonymity network. Both of those plans have seemingly failed to materialise in any concrete results, but the intention was certainly there.

Others have looked at attacking devices of individuals, something that the FBI is also keen to develop.

“The future might be in the hacking of the device, hacking the end-point,” said Richard Tynan, a technologist at activist group Privacy International.

Indeed, plenty of countries already seemingly target devices to circumvent encryption. Italian surveillance company Hacking Team had at least 70 customers from all over the world, according to hacked internal documents.

The legislative approach has also been fairly popular. In December, China passed a law requiring technology firms to assist in the decryption of information.

This legal route parallels the current battle between Apple and the FBI, where the agency has asked the company to write code that would override the iPhone’s security features. Some feel that if the FBI is successfully in making the technology giant write malicious code, then a precedent will be set for other countries to follow.

“I think that if the US government is successful in ordering Apple to write code, we're going to see other countries also try to push Apple in the same direction,” Stepanovich said. (In its recent amicus brief in the Apple case, Intel wrote that if the FBI is successful in its demands, other countries, particularly those with less protective privacy laws, might see an invitation to require companies to undermine the security of their products.)

J. Carlos Lara, research and policy director from Derechos Digitales in Chile, said “There are many reasons to be following the debate, even if it does not appear to be directly about us, or about our country, because it might become one of the issues in our country at any point in the future.”

Carolina Botero, director of Fundación Karisma, a Colombian civil society organization, told Motherboard that she could imagine a situation similar there to that ongoing in the US if Apple does lose this fight.

“Colombia has a real need to fight against terrorists; there is a real national security issue here,” she said.

Others remained sceptical, saying that some countries may follow their own path, as they've already been doing.

“U.S. commentators greatly over-estimate the positive impact of U.S. self-imposed restrictions in national security matters on how foreign countries will act,” Pranesh Prakash, policy director at the Centre for Internet and Society in India, told Motherboard in an email.

Although it’s not a case strictly dealing with the same issues as Apple and the FBI, Prakash pointed to when the Indian government pressured BlackBerry to install a server in the country, so messages could be more easily intercepted.

“Though the U.S. government does not put restrictions on the encryption that may be deployed by telecom networks and ISPs, the Indian government does. And we aren't even talking about an 'authoritarian' government here, but the world's largest democracy,” he wrote.

The encryption debate is clearly not one limited to only the US, or even Europe. Rather, the spread of cryptography, and how governments respond to that, is likely an immediately more important issue elsewhere in the world.

“The global threat is much more serious,” than in the US, Stepanovich said.

For more details visit https://cis-india.org/internet-governance/news/motherboard-march-4-2016-joseph-cox-crypto-wars-are-global

The crown of thorns that awaits Facebook’s India MD hire

Admin — 2018-07-29T02:00:23Z

Between 2015 to 2017, Facebook nearly doubled its user base to about 250 million in India. The two other popular Facebook products, WhatsApp and Instagram, became swimmingly popular in the country, too – the messaging platform counts 200 million users here and the photos and videos sharing app some 60 million.

The article by Sunny Sen and Jayadevan PK was published by Factor Daily on July 25, 2018. Sunil Abraham was quoted.

By advertising metrics, such a reach – buttressed by usage through the day – is unprecedented and unrivalled. That should make Facebook India the most powerful advertising platform in the country. And, by corollary, its managing director or CEO among the most powerful executives in India, right?

Yes, except that no such person exists.

The corner room position at Facebook India has been unoccupied since October last year despite an extensive search (even on LinkedIn), a $2-million compensation package, and the immense power that comes with the job.

Long, winding months of search – there have been extensive meetings with more than half a dozen shortlisted candidates – are yet to culminate in an announcement that will tell the Indian advertising and media world who will lead Facebook in India, the social media giant’s second-largest market by several metrics.

Why? To put it simply, a yawning trust deficit and the difficulty in fixing it. A deficit that Facebook faces with almost all stakeholders in its ecosystem: users, regulators, advertisers, publishers, and agencies.

In India, the trust gap with regulators began to form with founder Mark Zuckerberg’s pet Free Basics program of early 2015 that ran afoul of net neutrality principles. India’s telecom regulator intervened and the project was ultimately shuttered in February 2016.

Facebook tried to change public perception of Free Basics by running multi-million advertising campaigns.

Facebook tried to change public perception of Free Basics by running multi-million advertising campaigns – billboards, newspaper advertisements, and the works – but the scepticism and opposition from large swathes of the startup ecosystem, proponents of net neutrality, and many Facebook users saw it in. Facebook also has an important case in the Supreme Court from last year, where petitioners have challenged the sharing of data between Facebook, WhatsApp, and third parties. If that was not all, the Cambridge Analytica scandal from early 2018 has all but singed the company’s reputation – its actions in the country have been questioned by the government with one minister even saying he would subpoena Zuckerberg if needed. The recent spate of lynchings, some traced to rumours that spread on WhatsApp, had the government asking the messaging platform what it is doing to stop the killings.

Facebook’s troubles with publishers is well documented. First, it was accused of promoting clickbaity content that forced people to spend more and more time on the platform. After Facebook changed news feed algorithms to show more of friends and family related content and less of news, publishers who had dived headlong into the Facebook ecosystem felt jilted. “Media companies are not making much money from Facebook. DB Corp has said that it is not getting enough revenue from social media so it is taking its content off the platforms… it will try to drive traffic directly to its own websites,” said Abneesh Roy, senior vice president at Edelweiss Capital, a Mumbai investment bank.

“Media companies are not making much money from Facebook. DB Corp has said that it is not getting enough revenue from social media so it is taking its content off the platforms”

Agencies, who often play a cosy role mediating between the buyers of advertisement space or time and the sellers, don’t like digital platforms such as Facebook and Google because both ultimately aim to disintermediate agencies through a set of self-service tools. The suspicion is rooted in commissions that are squeezed by the digital platforms: while print, TV and other media platforms pay a generous 15% or more commission on ad billings, agencies receive only 2% to 4 % from Facebook and 8% to 10% from Google. The digital platforms get away – or, at least, have gotten away so far thanks to the scale and low costs they operate at.

Overall, all this makes Facebook look ogreish that it – and, importantly, its people – may not be in real life. But, American writer Terry Goodkind’s “Reality is irrelevant; perception is everything

” holds true more than ever in the times we live and public perception is hurting the company in India. At least a dozen people, both from within, close and around the company, have told FactorDaily that while user metrics continue to grow strongly in India, especially on the back of an upsurge of data use in India in the last two years (thanks to Reliance Jio), Facebook India is a little at sea. “Facebook needs a face like Rajan Anandan is for Google,” is how one person with close knowledge of the situation put it. Anandan is vice president, South East Asia and India for Google and is its face for the company in this part of the world.

Facebook did not respond to a request mailed for comments.

Hotshot names all but…

Facebook is said to have interviewed – a few of these conversations continue – some of the top names from the India corporate landscape for its India CEO position: Star India MD Sanjay Gupta; Ajit Mohan, CEO, Hotstar; Sameer Nair, CEO, Applause Entertainment, part of the Aditya Birla Group; D Shivakumar, group president, strategy at the Aditya Birla Group; Tata Sky MD Harit Nagpal; Sudhanshu Vats, Viacom18 group CEO; and Sudhir Sitapati, executive director-refreshments at Hindustan Unilever. The hiring conversations even covered Srivatsa Krishna, an Indian Administrative Service officer who was the Karnataka IT secretary until last year.

Some of these people confirmed to FactorDaily they had been reached out to by Facebook and the headhunter Spencer Stuart it has engaged for the task, one denied it, and others didn’t respond to requests for comment.

Mohan and Nair have an edge, according to a hiring firm source and one of the other candidates. “We have heard quite a few names but it seems that Ajit Mohan is a front-runner. He has successfully built Hotstar,” a Facebook insider told FactorDaily, on the condition of anonymity because he is not authorised to speak with the media.

A person with knowledge of the job position said that Facebook was gravitating towards someone with experience in the media industry. “They believe that they are in the content game and want to build that cache,” the person said describing his conversations with David Fischer, Facebook’s vice president of business and marketing partnerships, who is leading the CEO search.

More details were not immediately available on what Facebook wants in a person for the role. “I’m sorry but Spencer Stuart is under confidentiality agreements and may not talk about its work,” a spokesperson for the headhunter said on email.

Facebook’s India leadership crisis, ironically, comes from its stupendous success in the country. India was more a development outpost for the social media giant when it started here in 2010 with a centre in Hyderabad. Kirthiga Reddy, its first Indian employee, transitioned into a market-facing India managing director role when Facebook saw its user base here explode a couple of years later. “She did a great job with setting the foundations of relationships with the big advertisers and agencies here,” said the person with knowledge of the open CEO position quoted earlier. Her successor Umang Bedi, too, was into a sales-heavy role with demand for ad inventory going through the roof at Facebook India.

But, with its growing presence – the company closed calendar 2017 with $700 million in sales, including spots bought by small businesses by swiping a credit card which typically gets registered outside India – the role of the India managing director now has to change, Facebook seems to have acknowledged. When Reddy’s successor, Bedi was the managing director, India, he reported into Dan Neary, vice president for Asia Pacific at Facebook. Neary’s boss was Carolyn Everson, vice president, global marketing solutions at Facebook, who, in turn, reported to Fischer.

“For David, India is a big thing. Sheryl (Sandberg) brought him from Google… He understands India well,” said a second source close to Facebook. Sources say Facebook is thinking of making the reporting relationship of the India MD directly into Fischer cutting two layers from the hierarchy.

“You need a grown-up to lead the market. The kind of role (of a sales head) didn’t help anymore,” said a third source, close to Facebook. “It was like a merry-go-round, especially with the kind of problems (Facebook) India was facing from FreeBasics to fake news.”

The missing hand at the wheel

Without a country head, Facebook India is missing on a lot of things. Like any other country head, the role of the new India head will be that of an ambassador at Facebook’s headquarters in Menlo Park, California. A map-tap approach of a leader achieving numbers isn’t enough. “It is very bad for FB or any company to go headless in a rapidly growing market like India,” said Kavil Ramachandran, Thomas Schmidheiny chair professor of family business and wealth management, Indian School of Business.

The leader will not only have to lobby for investments but also show that India is not a problem child. The company will have to have a growth story of every app and every product that gets rolled out in India. “Why shouldn’t there be a product coming out of India to fight fake news and why does everything have to go up to Dublin,” the third source said. Dublin is where Facebook does a lot of its development work in Europe.

Apart from Facebook Lite, there is no other product that is aimed at the Indian user. Google, in contrast, offers a slew of them like YouTube Go and Google Tez and projects such as Google Wifi or Internet Saathis – all initiatives rooted or aimed at India. Even Apple, with all its premium swag, is looking at India to build maps and brought out the iPhone SE to stay relevant among Indian buyers.

Ramachandran helps put the difficulty of finding someone to fill Facebook’s India MD position – Bedi announced his resignation last October – in context. “Typically, this happens when the job is not attractive for various reasons. In the case of FB, it can’t be money. Then what? Most likely, potential legal implications of any action that may not be under the control of the country head. If the head office does something and the company is breaching the country’s law, the local head will be liable or potentially so. (Cambridge) Analytica is a case in point,” he said.

“Headquarters has a lot to learn from the India team in terms of sophistication and honesty in the regulatory debate. The Californian ideology has run its course.”

Then, there is the question of building trust in a sullied platform. “Basically Facebook has lost consumer trust over the years because they don’t consistently tell the truth, the whole truth and nothing but the truth. Headquarters has a lot to learn from the India team in terms of sophistication and honesty in the regulatory debate. The Californian ideology has run its course,” said Sunil Abraham, executive director of Bengaluru-based Centre for Internet and Society. The California reference is to the brazen manner in which San Francisco-based platforms have grown unmindful of the law and societal norms at times.

At the end of the day, Facebook is valuable to customers as it is able to tell brands what customers want and thus help target ads. The internal thinking, some of which finds some takers in the advertising fraternity, is that Facebook has headroom in sales growth waiting to be grabbed. They point to Google’s India revenues of over $1 billion or nearly Rs 6,900 crore, and projections for the Indian digital ad market of some Rs 19,000 crore by 2020. The real value of the Indian digital ad market is actually a lot more: the estimates understate what is actually made because many companies register their ad revenue in tax havens to lower the incidence of tax on them.

But signing on potential revenues is easier said than done. “In the past one year, our digital ad spend has grown five times. Almost two-thirds of that increased spending has gone to Google,” said a marketing executive with a large two-wheeler company, hinting that Facebook has lost at least a large portion of the incremental revenue. He did not want his name taken in this story because the company doesn’t disclose how it splits its ad spends.

The marketing head of a leading carmaker said that Facebook is very good when it comes to narrowly targeting people but search-based advertising is still big in India. Many of his company’s dealers prefer campaigns on Google and “that is why a large portion of digital revenue is being cornered by Google,” this executive said.

The CEO of a consumer durables company said being on Facebook was “unsexy” now. “There has been so much of trust issues with Facebook that I don’t want my product to be seen there so often… I have scaled down on my Facebook budget,” the CEO said without sharing more details.

An image makeover, then, will be the new India MD’s biggest task and global bosses don’t want it lost in the hierarchical process that most MNCs operate in. The bosses want someone who can take India from $500 million to $5 billion. Fast.

Preparing an organisation for that kind of growth means resourcing it with people who have handled scale in the past or have the potential to do so. Take the example of Nokia – now gone and buried as a brand but 10 years ago, it was India’s biggest MNC. When Shivakumar, now with Aditya Birla Group, was hired as its India managing director in 2006, Nokia had understood the potential that the country offered. The goal was to grow operations of half a billion dollars manifold. Nokia India became a company with $4 billion in sales in the 2008-2009 period. One way to assess that performance is to check where the team that delivered the vision is today. Vipul Sabharwal, whose five-year stint with Nokia ended in 2011 as sales director is now managing director of Luminous Power. V Ramnath, who also left Nokia as its sales director in 2013 is managing director, Racold Thermo. Vineet Taneja, head of marketing at Nokia when he is left in 2010, is now CEO of Dyson in India after stints in between at Bharti Airtel and Samsung India. Poonam Kaul, former director of communications at Nokia, is director of marketing at Apple India now.

Large operations need capable people and Facebook is missing its go-to person in India badly. This is evident in its ask of the CEO candidate here and the changes it is willing to put in place. Gurprriet Siingh, senior client partner with headhunter Korn Ferry, said that there are three reasons why the India head role has been moved closer to the US: to speed up decision-making, to signal the importance of India, and to give context to the individual of what is expected. “A managing director’s role is to manage investors, customers, sales, regulators and government relations,” Siingh added.

With great powers come great responsibilities. That line, immortalised in Spiderman movies, will be playing on the minds of the person who signs up for the Facebook India job. With one tweak: “With great powers come great responsibilities. And, a lot to do.”

For more details visit https://cis-india.org/internet-governance/news/factor-daily-sunny-sen-and-jayadevan-pk-july-25-2018-the-crown-of-thorns-that-awaits-facebook-india-md-hire

The Critical Life of Information

praskrishna — 2014-05-05T04:41:08Z

Nishant Shah and Malavika Jayaram will be speaking at the event organized by Yale University on April 11, 2014.

The immensity of the proliferation of bits of raw information that is fundamental to current digital environments is at a scale that in earlier eras would have been characterized as sublime. Big Data also corresponds to scales of globalization with its heretofore unthinkable geographical expanses and inequalities, suddenly crystallized in local crises. Scholars have argued that the geographical scale of accumulation has been changing and that hierarchies of scale are appearing that reveal the specificity of capital at the present time. This, in turn, requires a re-scaling and re-conceptualization of life. The workshop will address how new notions of information as property, and its harvesting from people in contexts ranging from shopping to health care to social media, condition humanistic inquiry and its concepts of the individual and the collective.

Nishant Shah spoke in the panel on Big Data and Governance. Malavika Jayaram spoke in the panel on Big Data and the Arts. Click to read the original published on Yale University site.

For more details visit https://cis-india.org/news/critical-life-of-information

The Criminal Law Amendment Bill 2013 — Penalising 'Peeping Toms' and Other Privacy Issues

divij — 2013-07-12T12:17:06Z

The pending amendments to the Indian Penal Code, if passed in their current format, would be a huge boost for individual physical privacy by criminalising stalking and sexually-tinted voyeurism and removing the ambiguities in Indian law which threaten the privacy and dignity of individuals.

The author, Divij Joshi is a law student at NLS and is interning with CIS for its privacy project. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

What is the Criminal Law (Amendment) Bill, 2013? What will it change?
The Criminal Law (Amendment) Bill is a bill which is to be introduced in the Indian Parliament, which will replace the Criminal Law (Amendment) Ordinance, 2013[1] currently in force, and aims at amending the existing provisions in criminal law in order to improve the safety of women. The Bill seeks to make changes to the Indian Penal Code, the Code of Criminal Procedure, and the Indian Evidence Act. The Bill will introduce unprecedented provisions in the Indian Penal Code which would criminalise sexual voyeurism and stalking and would amend legal provisions to protect the privacy of individuals, such as discontinuing the practice of examination of the sexual history of the victim of a sexual assault for evidence. With instances of threats to individual privacy on the rise in India, [2] it is high time that the criminal law expands its scope to deal with offences which violate physical privacy.

What threats to privacy will the Act address?
The Act will address the following violations of physical privacy:

Stalking
Draft provision: The ordinance introduces the offence of stalking under Section 345D of the Indian Penal Code, and makes it punishable by imprisonment of not less than one year, which may extend to three years, and a fine. The provision prescribes that ‘Whoever follows a person and contacts, or attempts to contact such person to foster personal interaction repeatedly, despite a clear indication of disinterest by such person, or whoever monitors the use by a person of the internet, email or any other form of electronic communication, or watches or spies on a person in a manner that results in a fear of violence or serious alarm or distress in the mind of such person, or interferes with the mental peace of such person.’ Hence, under the new law, constant, unwanted interaction of any one person with another, for any reason, can be made punishable, if the actions results in fear of violence or distress in any person, or interferes with their mental peace.

Current law and need for amendment: Stalking is generally characterized by unwanted and obsessive harassment or persecution of one person by another. Stalking can be a physical act such as constantly following a person, or can be done through electronic means — usually the internet (known as cyberstalking). Stalking may or may not be an act which physically threatens the security of an individual; however, it can cause mental trauma and fear to the person being stalked. Stalking is a blatant intrusion into an individual’s privacy, where the stalker attempts to establish relationships with their victim which the victim does not consent to and is not comfortable with. The stalker also intrudes into the victim’s private life by collecting or attempting to collect personal information the victim may not want to disclose, such as phone numbers or addresses, and misusing it. If the stalker is left undeterred to continue such actions, it can even lead to a threat to the safety of the victim. Cyber-stalking is a phenomenon which can prove to be even more invasive and detrimental to privacy, as most cyber-stalkers attempt to gain access to private information of the victims so that they can misuse it. Stalking, in any form, degrades the privacy of the victim by taking away their choice to use their personal information in ways they deem fit. [3] Recognizing stalking as an offence would not only protect the physical privacy rights of the victims, but also nip potentially violent crimes in the bud.

Many nations including Australia, the United States of America and Japan have penal provisions which criminalise stalking. [4] In India however, there is no appropriate response to stalking as an offence — either in its physical or electronic forms. The Information Technology Act, the legislation purported to deal with instances of cyber-crimes, overlooks instances of breach of online privacy and stalking which does not lead to publication of obscene images or other obvious manifestations of physical or mental threat. The general provision under which victims of stalking can file complaints is Section 509 of the Indian Penal Code (IPC), which states that — ‘Whoever, intending to insult the modesty of any woman, utters any word, makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard, or that such gesture or object shall be seen, by such woman, or intrudes upon the privacy of such woman, shall be punished with simple imprisonment for a term which may extend to one year, or with fine, or with both.’There are several problems with using this section as a response to stalking. Without a particular definition of what comes under the scope of ‘intrusion of privacy’ under this section, there is reluctance both for the victim to approach the police and for the police to file the complaint. Usually the offence is coupled with some other form of harassment or violence, and the breach of privacy and trauma is not considered as a separate offence. For example, if a person is continuously following or trying to contact you without your consent or approval, but does not physically threaten or insult you, there is no protection in law against such a person. Hence, as pointed out, there is a need to recognize the breach of privacy as a separate ground of offence, notwithstanding other physical or mental grounds. Secondly, the provisions of this section require the criminal to have the ‘intent of insulting the modesty of a woman’. Aside from the difficulties in adjudging the ‘modesty’ of a woman, the provision limits the scope of harassment to only that which intends to insult the modesty of a woman and excludes any other intention as criminal behaviour. The present law amends these problems by disregarding the reason or intent for the behaviour, and by clearly defining the elements of the offence and making stalking as a stand-alone, punishable offence.

Sexual Voyeurism

Draft provision: The Act will add Section 345D to the Indian Penal Code, which reads as follows — ‘Whoever watches, or captures the image of, a woman engaging in a private act in circumstances where she would usually have the expectation of not being observed either by the perpetrator or by any other person at the behest of the perpetrator shall be punished on first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine, and be punished on a second or subsequent conviction, with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine.

Explanation 1.–– For the purposes of this section, “private act” includes an act carried out in a place which, in the circumstances, would reasonably be expected to provide privacy, and where the victim's genitals, buttocks or breasts are exposed or covered only in underwear; or the victim is using a lavatory; or the person is doing a sexual act that is not of a kind ordinarily done in public.

Explanation 2.–– Where the victim consents to the capture of images or any act, but not to their dissemination to third persons and where such image or act is disseminated, such dissemination shall be considered an offence under this section.’

The provision seeks to protect victims of voyeurism, who have been watched, or recorded, without their consent and under circumstances where the victim could reasonably expect privacy, and where the victim’s genitals, buttocks or breasts have been exposed. A reasonable expectation of privacy means that in the circumstances, whether in a public or a private place, the victim has a reasonable expectation that she is not being observed engaging in private acts such as disrobing or sexual acts. The test of reasonable expectation of privacy can be derived from similar provisions in voyeurism laws across the world, and also section 66E of the Information Technology Act.[5] It is particularly important because voyeurism does not necessarily take place in private places like the victims home, but also in public spaces where there is generally an expectation that exposed parts of one’s body are not viewed by anyone.

Current law and need for amendment: A ‘voyeur’ is generally defined as "a person who derives sexual gratification from the covert observation of others as they undress or engage in sexual activities." [6] Voyeurism is the act of a person who, usually for sexual gratification, observes, captures or distributes the images of another person without their consent or knowledge. With the development in video and image capturing technologies, observation of individuals engaged in private acts in both public and private places, through surreptitious means, has become both easier and more common. Cameras or viewing holes may be placed in changing rooms or public toilets, which are public spaces where individuals generally expect a reasonable degree of privacy, and where their body may be exposed. Voyeurism is an act which blatantly defies reasonable expectations of privacy that individuals have about their bodies, such as controlling its exposure to others.[7] Voyeurism is an offence to both the privacy as well as the dignity of a person, by infringing upon the right of individuals to control the exposure of their bodies without their consent or knowledge, either through unwarranted observation of the individual, or through distribution of images or videos against the wishes or without the knowledge of the victim.

Voyeurism is a criminal offence in many jurisdictions across the world such as Australia,[8] the United States,[9] Canada,[10] and the UK,[11] which criminalise either the capturing of certain images, or observation of individuals, or both. In India, the capturing, distribution and transferring of images of ‘private areas’ of a person’s body, under circumstances where the person would have a reasonable expectation of privacy that their body would not be exposed to public view, is punishable with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both. However, this does not cover instances where a person observes another in places and situations where they do not consent to being observed. The inclusion of voyeurism as an offence in the IPC would close several loopholes in the voyeurism law and hopefully be a precedent for the state to better work towards securing the bodily privacy of its citizens.

Examination of Sexual History and Privacy
Draft provision: The amendment to Section 53A of the Indian Evidence Act in the Bill reads, “In a prosecution for an offence under section 354, section 354A, section 354B, section 354C, sub-section (1) or sub-section (2) of section 376, section 376A, section 376B, section 376C, section 376D or section 376E of the Indian Penal Code or for attempt to commit any such offence, where the question of consent is in issue, evidence of the character of the victim or of such person’s previous sexual experience with any person shall not be relevant on the issue of such consent or the quality of consent.”

A similar proviso is added to Section 376 of the Indian Evidence Act.

According to the above provision, in a trial for sexual assault or rape the evidence supplied of a victim’s previous sexual experience or her ‘character’ would not be admissible as relevant evidence to determine the fact of the consent or the quality of the consent.

Current law and need for amendment: The Indian Evidence Act is the legislation which governs the admissibility of evidence in the different courts. In cases of rape or sexual assault and related crimes, the evidence of consent often considered is not just that of the consent of the woman in the act at that time itself, but rather her previous sexual experience and “promiscuous character”. Even though it has been widely censured by the highest court,[12] such practices continue to dominate and prejudice the justice of victims of sexual assault and harassment.[13] The examination of the victim’s sexual history in court is an unwarranted intrusion into their privacy through public disclosure of the sexual history and details of her sexual life, which causes potential embarrassment and sexual stereotyping of the victim, especially in a conservative, patriarchal society like in India. With the new amendments, such evidence will not be permitted in a court of law, hence, it will act as a safeguards against defendants attempting to influence the court's decision through disparaging the ‘character’ of the victim, and will protect the disclosure of intimate, personal details like previous sexual encounters of the victim.

Conclusion
Privacy, crime, and safety of women are intricately linked in any legal system. An essential part of the security of citizens is the safety of their privacy and personal information. If any legal system does not protect the privacy — both of body and of information — of its people, there will always be insecurity in such a system. With the recent debates on women’s safety, several crucial privacy and security issues have been raised, such as the criminalization of voyeurism and stalking, which is a huge boost for privacy rights of citizens in India, and it is hopeful that the government will continue the trend of considering privacy issues along when addressing security concerns for the state.

Update to the Criminal Law Amendment Bill 2013 - Penalising Peeping Toms and other privacy issues

The Criminal Law (Amendment) Bill, 2013, was made into law on April 3, 2013. Several provisions under the Act differ from the provisions in the ordinance. Under the Act, unlike in the Ordinance, the terms or watches or spies on a person in a manner that results in a fear of violence or serious alarm or distress in the mind of such person, or interferes with the mental peace of such person are not included as a part of the offence of stalking. Hence, the offence is limited to the physical act of following or contacting a person, provided that there has been a clear sign of disinterest, or to monitoring the use by a woman of the internet, email or any other forms of electronic communication.

Hence, from the confusing language of the provision, it would seem that the offence of stalking related to monitoring of activities of a woman is restricted to the monitoring of online communications, and not physical acts. The caveat of such monitoring having to cause serious alarm, distress or interference with the mental peace of the victim is also removed. The removal of unwaranted intrusion through watching or spying of a person, and indeed, the removal of any subjective test to determine the effect of stalking is a departure from stalking provisions accross the world, and is a setback for individual privacy, because stalking per se is a privacy offence, relating not only to the physical interference but also the mental harassment it causes to the victims.

The provision has also increased the puinishment for the crime in the first offence to upto three years, and subsequently to upto five years. Further, the provisions sought to be included within Section 53A and Section 376 of the Indian Evidence Act are now included in Section 146 of the Act.

Link to the Criminal Law (Amendment) Act, 2013

[1]. Criminal Law (Amendment) Ordinance, 2013, available at http://mha.nic.in/pdfs/criminalLawAmndmt-040213.pdf

[2]. http://bit.ly/10nMSTT

[3]. Anita Gurumurthy and Nivedita Menon, Violence against Women via Cyberspace, Economic and Political Weekly, 44 (40), 19, (October, 2009).

[4]. For example, see laws listed http://bit.ly/126hBpO

[5]. Section 66E, The Information Technology Act, 2000: ‘66E. Punishment for violation of privacy.- Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.

Explanation - For the purposes of this section--

(a) “transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
(b) “capture”, with respect to an image, means to videotape, photograph, film or record by any means;
(c) “private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
(d) “publishes” means reproduction in the printed or electronic form and making it available for public;
(e) “under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that--(i) he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or
(ii) any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.

[6]. Oxford English Dictionary, available at http://bit.ly/YN2ZvI

[7]. Lance Rothenberg, Rethinking Privacy: Peeping Toms, Video Voyeurs, and the failure of criminal law to recognize a reasonable expectation of privacy in the public space, American University Law Review, 49, 1127, (1999).

[8]. Section 91J, Crimes Act, 1910: "A person who, for the purpose of obtaining sexual arousal or sexual gratification, observes a person who is engaged in a private act without the consent of the person being observed to being observed for that purpose, and knowing that the person being observed does not consent to being observed for that purpose, is guilty of an offence."

[9]. Video Voyeurism Protection Act, 2004.

[10]. Section 162, Criminal Code of Canada: " (1) Every one commits an offence who, surreptitiously, observes — including by mechanical or electronic means — or makes a visual recording of a person who is in circumstances that give rise to a reasonable expectation of privacy, if
(a) the person is in a place in which a person can reasonably be expected to be nude, to expose his or her genital organs or anal region or her breasts, or to be engaged in explicit sexual activity;
(b) the person is nude, is exposing his or her genital organs or anal region or her breasts, or is engaged in explicit sexual activity, and the observation or recording is done for the purpose of observing or recording a person in such a state or engaged in such an activity; or
(c) the observation or recording is done for a sexual purpose.

[11]. Section 67, Sexual Offences Act, 2003.

[12]. http://bit.ly/10nNDwg

[13]. http://reut.rs/13CIDXU

For more details visit https://cis-india.org/internet-governance/blog/the-criminal-law-amendment-bill-2013

The Creation of a Network for the Global South - A Literature Review

tanvi — 2016-02-04T13:13:20Z

I. Introduction

The organization of societies and states is predicated on the development of Information Technology and has begun to enable the construction of specialized networks. These networks aid in the mobilization of resources on a global platform.[1] There is a need for governance structures that embody this globalized thinking and adopt superior information technology devices to bridge gaps in the operation and participation of not only political functions but also economic processes and operations.[2] Currently, public institutions fall short of an optimum level of functioning simply because they lack the information, know-how and resources to respond effectively to this newly globalized and economically liberalized world order. Civil society is beginning to seek a greater participatory voice in both policy making and ideating, which require public institutions to institute a method of allowing this participation while at the same time retaining the crux of their functions and processes. The network society thus requires, As argued by Castells, a new methodology of social structuring, one amalgamating the analysis of social structure and social action within the same overarching framework.[3] This Network propounds itself as a 'dynamic, self-evolving structure, which, powered by information technology and communicating with the same digital language, can grow, and include all social expressions, compatible with each network's goals. Networks increase their value exponentially through their contribution to human resources, markets, raw materials and other such components of production and distribution.' [4]

As noted by Kevin Kelly,' The Atom is the past. The symbol of science for the next century is the dynamical Net.…Whereas the Atom represents clean simplicity, the Net channels the messy power of complexity. The only organization capable of nonprejudiced growth or unguided learning is a network. All other topologies limit what can happen. A network swarm is all edges and therefore open ended any way you come at it. Indeed the network is the least structured organization that can be said to have any structure at all. ..In fact a plurality of truly divergent components can only remain coherent in a network. No other arrangement - chain, pyramid, tree, circle, hub - can contain true diversity working as a whole .'[5]

A network therefore is integral to the facilitation, coordination and advocacy of different agenda within a singular framework, which seeks to formulate suitable responses to a wide range of problems across regions. An ideal model of a network would therefore be one that is reflective of the interconnectivity between relationships, strengthened by effective communication and based on a strong foundation of trust.

The most powerful element of a network is however the idea of a common purpose. The pursuit is towards similar ends and therefore the interconnected web of support it offers is in realization of a singular goal,

II. Evolution of the Network

There are certain norms that must be incorporated for a network to be able to work at its best. Robert Chambers, in his book, Whose Reality Counts? Identifies these norms and postulates their extension to every form of a network, in order to capture its creative spirit and aid in the realization of its goals.[6] A network should therefore ideally foster four fundamental elements in order to inculcate an environment of trust, encouragement and the overall actualization of its purpose. These elements are; Diversity or the encouragement of a multitude of narratives from diverse sources, Dynamism or the ability of participants to retain their individual identities while maintaining a facilitative structure, Democracy or an equitable system of decision making to enable an efficient working of the net and finally, Decentralization or the feasibility of enjoying local specifics on a global platform.[7]

In order to attain these ideal elements it is integral to strengthen certain aspects of the practice through performing specific and focused functions, these include making sure of a clear broad consensus, which ensures the co-joining of a common purpose. Additionally, centralization, in the form of an overarching set of rules must be kept to a minimum, in order to facilitate a greater level of flexibility while still providing the necessary support structure. The building of trust and solid relationships between participants is prioritized to enhance creative ideation in a supportive environment. Joint activities, more than being output oriented are seen as the knots that tie together the entire web of support. Input and participation are the foremost objectives of the network, in keeping with the understanding that "contribution brings gain". [8]

Significant management issues that plague networks include the practical aspects of bringing the network into function through efficient leadership and the consolidation of a common vision. A balanced approach would entail a common consultation on the goals of the network, the sources of funding and an agreed upon structure within which the network would operate. It is also important to create alliances outside of the sector of familiarity and ensure an inclusive environment for members across regions, allowing them to retain their localized individuality while affording them with a global platform. [9]

III. Structure

The structural informality of a network is essential to its sustenance. Networks must therefore ensure that they embody a non-hierarchized structure, devoid of bureaucratic interferences and insulated from a centralized system of control and supervision. This requires an internal system of checks and balances, consisting of periodic reviews and assessments. Networks must therefore limit the powers of supervision of the secretariat. The secretariat must allow for the coordination of its activities and allocate appropriate areas of engagement according to the relative strength of the participating members.

One form of a network structure, postulated within a particular research study is the threads, knots and Nets model. [10] It consists of members within a network bound together by threads of relationship, communication and trust. These threads represent the commonality that binds together the participants of the particular network. The threads are established through common ideas and a voluntary participation in the process of communication and conflict resolution. [11]

The knots represent the combined activities which the participants engage in, with the common goal of realizing a singular purpose. These knots signify an optimum level of activity, wherein members of the network are able to support, inspire and confer tangible benefits onto each other. The net represents the entire structure of the network, which is constructed through a confluence of relationships and common activities. [12] The structure is autonomous in nature and allows participants to contribute without losing their individual identities. It is also dynamic and flexible; incorporating new elements with relative ease. It is therefore a collaboration which affords onto its members the opportunity to expand without losing its purpose. The maintenance of such a structure requires constant review and repair, with adequate awareness of weak links or "threads" and the capability and willingness to knot them together with new participants, thereby extending the net.

For example, the Global Alliance for Vaccines and Immunization used a system of organizational "milestones" to monitor the progress of the network and keep the network concentrated. It requires a sustained institutional effort to fulfill its mandate of "the right of every child to be protected against vaccine-preventable diseases" and brings together international organizations, civil society and private industry. [13] As postulated within the Critical Choices research study of the United Nations, clearly defined milestones are integral to sustaining an effective support mechanism for donors and ensuring that all relevant participants are on board. [14] This also allows for donors to be made aware of the tangible outcomes that have been achieved by the network. Interim goals that are achievable within a short span of time also afford a sense of legitimacy onto the network, allowing it to deliver on its mandate early on. Setting milestones would require an in depth focus and a nuanced understanding of specific aspects of larger problems and delivering early results on these problems would allow for a foundational base of trust, on the foundation of which, a possibly long drawn out consultative process can be fixed.[15]

A Network might often find alliances outside of its sector of operation. For example, Greenpeace was able to make its voice heard in International Climate Change negotiations by engaging with private insurance companies and enlisting their support.[16] The organization looked towards the private sector for support to mobilize resources and enlist the requisite expertise within their various projects. [17]

A. Funding

The financial support a network receives is essential for its sustenance. The initial seed money it receives can be obtained from a single source however, cross sectoral financing is necessary to build a consensus with regards to issues that may be a part of the network's mandate. The World Commission for Dams (WCD), for example, obtains funding from multiple sources in order to retain its credibility. The sources of funding of the WCD include government agencies, multilateral organizations, business associations, NGO's and Government Agencies, without a single donor contributing more than 10% of the total funding it receives.[18] However, the difficulty with this model of funding is the relative complexity in assimilating a number of smaller contributions, which may take away from its capacity to expand its reach and enhance the scope of its work. Cross sectoral funding is less of a fundamental requirement for networks whose primary mandate is implementation, such as The Global Environment Facility (GEF), whose legitimacy is derived from intergovernmental treaties and is therefore only funded by governments.[19] The GEF has only recently broadened its sources of funding to include external contributions from the private sector.

A network can also be funded through the objective it seeks to achieve through the course of its activities. For example, Rugmark an international initiative which seeks to mitigate the use of child labor in South Asia uses an external on site monitoring system to verify and provide labels certifying the production of carpets without the use of child labor.[20] The monitors of this system are trained by Rugmark and carpet producers have to sign a binding agreement, undertaking not to employ children below the age of 14 in order to receive the certification. The funds generated from these carpets, for the import of which American and European importers pay 1% of the import value, are used to provide rehabilitation and education facilities for the children in affected areas. The use of these funds is reported regularly. [21]

The funding must be sustained for a few years, which is a difficult task for networks that require an overall consensus of participants. The greatest outcomes of the network are not tangible solutions to the problem but the facilitation of an environment which allows stakeholders to derive a tangible solution. Thus, the elements of trust, communication and collaboration are integral to the efficient functioning of the network. However, the lack of tangible outcomes exposes the funders to financial risks. The best way to reduce such risks is to institute an uncompromising time limit for the initiative, within which it must achieve tangible results or solutions that can be implemented. A less stringent approach would be to incorporate a system of periodic review and assessment of the accomplishments of the network, subsequent to which further recommendations may be made for a further course of action.[22]

B. Relationships

A three year study conducted by Newell & Swan drew definitive conclusions with respect to the inter-organizational collaboration between participants within a network. The study determined that there currently exist three types of trust; Companion trust or the trust that exists within the goodwill and friendship between participants, Competence trust, wherein the competence of other participants to carry out the tasks assigned to them is agreed upon and lastly, Commitment trust or the trust which is predicated on contractual or inter-institutional that are agreed upon. [23] While companion and competence trust are easily identifiable, commitment trust is more subjective as it is determined by the agreement surrounding the core values and overall identifiable aims. Sheppard & Tuchinsky refer to an identification based trust which is based on a collective understanding of shared values. Such a trust requires significant investment but they argue, "The rewards are commensurably greater and the he benefits go beyond quantity, efficiency and flexibility." [24] Powell postulates, "Trust and other forms of social capital are moral resources that operate in fundamentally different manner than physical capital. The supply of trust increases, rather than decreases, with use: indeed, trust can be depleted if not used." [25]

Karl Wieck endorses the "maintenance of tight control values and beliefs which allow for local adaptation within centralized systems." [26] The autonomy that participants within a network enjoy is therefore considered to be close to sacred, so as to allow them to engage with each other on an equitable footing, while still maintain their individual identities. Freedman and Reynders believe that networks place a so called 'premium' on " the autonomy of those linked through the network…..networks provide a structure through which different groups - each with their own organizational styles, substantive priorities, and political strategies - can join together for common purposes that fill needs felt by each. "[27] Consequently, lower the level of centralized control within a network, the greater the requirement of trust. Allen Nan resonates with this idea, as is evident from her review of coordinating conflict resolution NGO's. She believes that these NGO's are most effective when " beginning with a loose voluntary association which grows through relationship building, gradually building more structure and authority as it develops. No NGO wants to give away its authority until it trusts a networking body of people that it knows. " [28]

C. Communication and Collaboration

The binding force that ties together any network is the importance of relationships between participants and their interactions with organizations outside the network. Research has shown that face to face interaction works best and although email may be practical, a face-to-face meeting at regular intervals builds a level of trust amongst participants. [29] It is however important to prevent network from turning into 'self-selecting oligarchies' and to prevent this, there needs to be a balance drawn between goodwill and the trust in others' competence along with a common understanding of differently hierarchized values. [30]

There is also an impending need to develop a relationship vocabulary, as suggested by Taylor, which would be of particular use within transnational networks and afford a deeper understanding of cross cultural relationships.[31]

D. Participation

A significant issue that networks today have to address is how to inculcate and then subsequently maintain participation in the activities of the network. This would include providing incentives to participants, encouraging diversity and enabling greater creative inflow across sectors to generate innovative output. Participation involves three fundamental elements; Action, which includes active contribution in the form of talking, listening, commenting, responding and sharing information, Process, which aids in an equitable system of decision making and constructing relationships and the underpinned values associated with these two elements, which include spreading equality, inculcating openness and including previously excluded communities or individuals. [32] Participation in itself envisages a three leveled definition; participation as a contribution, where people offer a tangible input, participation as an organization process, where people organize themselves to influence certain pre-existing processes and participation as a form of empowerment where people seek to gain power and authority from participating.

In order to create an autonomous system of evaluating and monitoring the nature and context of participation, a network would have to attempt to systematically incorporate a few fundamental processes, such as; enabling an understanding of the dynamism of a network through an established criteria of monitoring the levels of participation of the members, creating an explicit checklist of qualifications of this participation, such as the contributions of the participants, the limits of commitment and the available resources that must be shared and distributed, acknowledging the importance of relationships as fundamental to the success of any network., building a capacity for facilitative and shared leadership, tracing the changes that occur when the advocacy and lobbying activities of individuals are linked and using these individuals as participants who have the power to influence policy and development at various levels.[33] Finally, the recognition that utilizing the combined faculties of the network would aid in the effectuation of further change is vital to sustaining an active participation in the network.[34] It is common for networks to stagnate simply because of the lack of clarity on what a network really is or what it entails. There are significant misconceptions as to the activities engaged in by the network, such as the idea that a network "works solely as a resource center, to provide information, material and papers, rather than as forums for two way exchanges of information and experiences," contribute to the misunderstanding regarding the participation requirements within a network.[35] To facilitate an active, participatory function of learning, a network needs to be more than a resource center that seeks to meet the needs of beneficiaries. While meeting these needs is essential, development projects tend to obfuscate the benefit/input relationship within a network, thus significantly depleting its dynamism quotient. [36]

One method of moving away from the needs based model is to create a tripartite functionary, as was created within a particular research study. [37] This involves A Contributions Assessment, A Weaver's Triangle for Networks and An identification of channels of participation.

Contributions Assessment is an analysis of what the participants within a network are willing to contribute. It enables the network to assess what resources it has access to and how those resources may be distributes amongst the participants, multiplied or exchanged. [38] This system is predicated on a premise of assessing what participants have to offer as opposed to what they need. It challenges the long held notion of requiring an evaluation to identify problems, to address which recommendations are made and in fact seeks to focus on the moments of excellence and enable a discussion on the factors that contributed to these moments. [39] It thus places a value on the best of "what is" as opposed to trying to find a plausible "what ought to be". This approach allows participants to recognize that they are in fact the real "resource Centre" of the network and are encouraged act accordingly.

A Contributions Assessment may be practically incorporated through a few steps. It must be focused on the contributions, after a discussion on who the contributors may be. The aims of the network must be clarified, along with a specification of the contributions required such as perhaps newsletters, a conference, policy analysis etc. The members of the network must be clear on what they would like to contribute to the network and how such contribution might be delivered. Finally, the secretariat must be able to ideate or innovate on how it can enable more contributions from the networks in a more effective manner. [40]

The Weaver's Triangle has been adapted to be applies within networks and enables participants to understand what the aims and activities of the network are. It identifies the overall aim of the network and the change the network seeks to bring about to the status quo. It then lays out the objectives of the network in the form of specific statements about the said differences that the network seeks to bring about. Finally, the network would have to explain why a particular activity has been chosen. [41] The base of the triangle reflects the specific activities that the network seeks to engage in to achieve the said objectives. The triangle is further divided into two, to ensure that action aims and process aims have equal weightage; this allows for the facilitation of an exchange and a connection between the members of the network. [42]

The Circles of Participation is an idea that has been put forth by the Latin American and Caribbean Women's Health Network. (LACWHN). [43] This Network has three differentiated categories of membership, which it uses to determine the degree of commitment of an organization to the network. R- refers to the members who receive the women's health journal, P refers to members who actively participate in events and campaigns and who are advisors for specific topics. PP refers to the permanent participants within the network at national and international levels. They also receive a journal. This categorization allows the network to make an assessment of the dynamism and growth of a network, with members moving through the categories depending on their levels of participation. [44]

An important space for contributions to the network is the newsletter. This can be facilitated by allowing contributions from various sources, provided they meet the established quality checks, ensuring a balance between regions of origin of the members of the network, ensuring a balance between the policy and program activities of the members and keeping the centralized editorial process to a minimum. This is in keeping with the ideal of a decentralized system of expression that allows each member to retain its individuality while still contributing to the aims of the network. The Women's Global Network on Reproductive Rights (WGNRR) sought to create a similar system of publication to measure the success of their linkages, the levels of empowerment amongst members, in terms of strategizing and enabling localized action and the allocation of space in a fair and equitable manner. [45] Another Network, Creative Exchange customizes its information flow within the network so that each member only receives the information it expresses interest in.[46] This prevents the overburdening of members with unnecessary information.

The activities of the network which don't directly pass through the secretariat or the coordinator of the network can be monitored efficiently by keeping I close contact with new entrants to the network and capturing the essence of the activities that occur on the fringes of the network. This would allow an assessment of the diversity of the network. For example, Creative exchange sends out short follow up emails to determine the number and nature of contacts that have been made subsequent to a particular item in the newsletter. The UK Conflict Development and Peace Network (CODEP) records the newest subscribers to the network after every issue of their newsletter and AB Colombia sends out weekly news summaries electronically which are available for free to recipients who provide details of their professional engagements and why or how they wish to use these summaries. [47] This enables the mapping of the type of recipients the information reaches.

E. Leadership and Coordination

Sarason and Lorentz postulate four distinguishing characteristics that capture the creativity and expertise required by individuals leading and coordinating networks.[48] Knowledge of the territory or a broad understanding of the type of members, the resources available and the needs of the members is extremely important to facilitate an ideal environment of mutual trust and open dialogue between the members. Scanning the network for fluidity and assessing openings, making connections and innovating solutions would enable an efficient leadership that would contribute to the overall dynamism of the network. In addition to this, perceiving strengths and building on assets of existing resources would allow the network to capitalize on its strengths. Finally, the coordinators of a network must be a resource to all members of the network and thus enable them to create better and more efficient systems. They must therefore exercise their personal influence over members wherever required for the overall benefit of the network. Practically, a beneficial leadership would also require an inventive approach by providing fresh and interesting solutions to immediate problems. A sense of clarity, transparency and accountability would also encourage members of the network to participate more and engage with each other. It is important for the leadership within a network to deliver on expectations, while building consensus amongst its members.

A shared objective, a collaborative setting and a constant review of strategies is important to maintain linkages within a network. Responsible relationships underpinned by values and supported by flows of relevant information would allow an effective and fruitful analysis by those who are engaged within a network to do the relevant work. In addition to this, a respect for the autonomy of the network is essential.

F. Inclusion

Public policy networks are more often than not saturated with the economic and social elite from across the developed world. A network across the Global South would have to change this norm and extend its ambit of membership to grass root organizations, which might not have otherwise had the resources or the opportunity to be a part of a network.[49] Networks can achieve their long term goals only if they are driven by the willingness to include organizations from across economic demographics. This would ensure that their output is the result of a collaborative process that takes into account cross cultural norms and differentials across economic demographics.

The participation of diverse actors is reflective of the policy making processing having given due regard to on the ground realities and being sensitive towards the concerns of differently placed interest groups. Networks have been accused of catering only to the needs of industrial countries and subscribing to values of the global north thus stunting local development and enforcing double standards. This tarnishes the legitimacy of the processes inculcated within the network itself. It is therefore all the more essential that a network focused on the global south have a diverse collection of members from across backgrounds and economic contexts. Additionally, the accountability of the network to civil society is dependent on the nature of the links it maintains with the public. Inclusion thus fosters a sense of legitimacy and accountability. The inclusion of local institutions from the beginning would also increase the chances of the solutions provided by the network, being effectively implemented. Local inclusion affords a sense of responsibility and ensures that the network would remain sustainable in the long run. Allowing local stakeholders to take ownership of the network and participate in the formulation of policies, engage in planning and facilitate participation would enable an efficient addressing of significant public policy issues. [50] Thus networks would need to create avenues for participation of local institutions and civil society to engage in a democratic form of decision making.

III. Evaluation

The process of evaluation of a network is most efficiently effectuated through a checklist that has been formulated within a research study for the purpose of evaluating its own network. [51]

This checklist enumerates the various elements that have to be taken into consideration while evaluating the success of a network, as follows;

FIG 1.[52]

1. What is a network? 'Networks are energising and depend crucially on the motivation of members' (Networks for Development, 2000:35) This definition is one that is broadly shared across the literature, although it is more detailed than some. A network has: A common purpose derived from shared perceived need for action Clear objectives and focus A non-hierarchical structure A network encourages Voluntary participation and commitment The input of resources by members for benefit of all A network provides Benefit derived from participation and linking 2. What does a network do? Facilitate shared space for exchange, learning, development - the capacity-building aspect Act for change in areas where none of members is working in systematic way - the advocacy, lobbying and campaigning aspect Include a range of stakeholders - the diversity/ broad-reach aspect 3. What are the guiding principles and values? Collaborative action Respect for diversity Enabling marginalised voices to be heard Acknowledgement of power differences, and commitment to equality 4. How do we do what we do, in accordance with our principles and values? Building Participation Knowing the membership, what each can put in, and what each seeks to gain Valuing what people can put in Making it possible for them to do so Seeking commitment to a minimum contribution Ensuring membership is appropriate to the purpose and tasks Encouraging members to be realistic about what they can give Ensuring access to decision-making and opportunities to reflect on achievements Keeping internal structural and governance requirements to a necessary minimum. Building Relationships and Trust Spending time on members getting to know each other, especially face-to-face Coordination point/secretariat has relationship-building as vital part of work Members/secretariat build relations with others outside network - strategic individuals and institutions Facilitative Leadership (may be one person, or rotating, or a team) Emphasis on quality of input rather than control Knowledgeable about issues, context and opportunities, Enabling members to contribute and participate Defining a vision and articulating aims Balancing the creation of forward momentum and action, with generating consensus Understanding the dynamics of conflict and how to transform relations Promoting regular monitoring and participatory evaluation Have the minimum structure and rules necessary to do the work. Ensure governance is light, not strangling.Give members space to be dynamic Encourage all those who can make a contribution to the overall goal to do so, even if it is small. Working toward decentralised and democratic governance At the centre, make only the decisions that are vital to continued functioning. Push decision-making outwards. Ensure that those with least resources and power have the opportunity to participate in a meaningful way. Building Capacity Encourage all to share the expertise they have to offer. Seek out additional expertise that is missing. 5. What are the evaluation questions that we can ask about these generic qualities? How do each contribute to the achievement of your aims and objectives? Participation What are the differing levels or layers of participation across the network? Are people participating as much as they are able to and would like? Is the membership still appropriate to the work of the network? Purpose and membership may have evolved over time Are opportunities provided for participation in decision-making and reflection? What are the obstacles to participation that the network can do something about? Trust What is the level of trust between members? Between members and secretariat? What is the level of trust between non-governing and governing members? How do members perceive levels of trust to have changed over time? How does this differ in relation to different issues? What mechanisms are in place to enable trust to flourish? How might these be strengthened? Leadership Where is leadership located? Is there a good balance between consensus-building and action? Is there sufficient knowledge and analytical skill for the task? What kind of mechanism is in place to facilitate the resolution of conflicts? Structure and control How is the structure felt and experienced? Too loose, too tight, facilitating, strangling? Is the structure appropriate for the work of the network? How much decision-making goes on? Where are most decisions taken? Locally, centrally, not taken? How easy is it for change in the structure to take place? Diversity and dynamism How easy is it for members to contribute their ideas and follow-through on them? If you map the scope of the network through the membership, how far does it reach? Is this as broad as intended? Is it too broad for the work you are trying to do? Democracy What are the power relationships within the network? How do the powerful and less powerful interrelate? Who sets the objectives, has access to the resources, participates in the governance? Factors to bear in mind when assessing sustainability Change in key actors, internally or externally; succession planning is vital for those in central roles Achievement of lobbying targets or significant change in context leading to natural decline in energy; Burn out and declining sense of added value of network over and above every-day work. Membership in networks tends to be fluid. A small core group can be a worry if it does not change and renew itself over time, but snapshots of moments in a network's life can be misleading. In a flexible, responsive environment members will fade in and out depending on the 'fit' with their own priorities. Such changes may indicate dynamism rather than lack of focus. Decision-making and participation will be affected by the priorities and decision-making processes of members' own organisations. Over-reaching, or generating unrealistic expectations may drive people away Asking same core people to do more may diminish reach, reduce diversity and encourage burn-out

V. Learning and Recommendations

In order to facilitate the optimum working of a network several factors need to be taken into consideration and certain specific processes have to be incorporated into the regular functioning of the network. These are for example,

Ensuring that the evaluation of the network occurs at periodic intervals with the requisite level of attention to detail and efficiency to enable an in depth recalibration of the functions and processes of the network. To this effect, evaluation specialists must be engaged not just at times of crises or instability but as accompaniments to the various processes undertaken by the network. This would enable a holistic development of the network.
It is also important to understand the underlying values that define the unique nature of the network. The coordination of the network, its functions and its activities are intrinsically linked to these values and recognition of this element of the network would enable a greater functionality in the overall operation of the network.
A strong relationship between the members of the network, predicated on trust and open dialogue is essential for its efficient functioning. This would allow the accumulation of innovative ideas and dynamic thought to direct the future activities of the network.
The Secretariat or coordinator of the network must be able to engage the member in monitoring and evaluating the progress of the network. One method of enabling this coordination is through the institution of 'participant observer' methods at international conferences or meetings, which allow the members of the network to report back on the work that they have, which is linked to the work of other members.
The autonomy of a network and its decentralized mechanism of functioning are integral to retain the individuality of its members, who seek to pursue institutional objectives. The members seek to facilitate creative thinking and share ideas and this must be supported by financial resources. A strong bond of trust between the members of a network is therefore essential to enable long term commitments and the flourishing of interpersonal communication between members.
It is important that the subject area of operation of the network be comprehensively defined before the network comes into existence.
As seen with the experience of Canadian Knowledge Networks, it is beneficial to be selective in inviting participant to the network and following a rigorous process of review and selection would ensure that only the best candidates are selected so as to facilitate effective partnerships with other networks, as a result of demonstrable expertise within a particular field.
The management of a network must be disciplined, with clearly demarcated project deadlines and an optimum level of transparency and accountability. At the helm of leadership of every successful network, there has been intelligent, decisive and facilitative exchange, which is essential in securing a durable and potentially expandable space for the network to operate in.

A. Canadian Perspectives

A study of Canadian experiences was conducted by examining The Centers of Excellence and the Networks of Centers of Excellence (NCEs), which were funded through three Federal Granting Councils.[53] An initial observation that was made through the course of this study was that each network is intrinsically different and there is no uniform description which would fit all of them. The objectives of the Networks of Centers of Excellence Program are broadly, as follows; to encourage fundamental and applied research in fields which are critical to the economic development of Canada, to encourage the development and retention of world class scientists and engineers specializing in essential technologies, to manage multidisciplinary, cross sectoral national research programs which integrate stakeholder priorities through established partnerships and finally, to accelerate the exchange of research results within networks by accelerating technology transfers, made to users for social and economic development. [54] Extensive interviews carried out in the course of the research conducted by the ARA Consulting Group Inc. drew up particularly relevant conclusions with respect to the NCEs.

Firstly, they have been able to produce significant "cultural shifts" among the researchers associated with the network. This is attributed to the network facilitating a collaborative effort amongst researchers as opposed to their previous working, which was largely in isolation. The benefits of this collaboration have been identified as providing innovative ideas and leading the research itself in unprecedented directions. This has the effect of equipping Canada with the capability to compete on a global level with respect to its research endeavors. The culture shift has also allowed researchers to be more aware of the problems that plague industry and has instigated more in depth research into the development of the industrial sector. Government initiatives that have attempted to cohesively apply academic research to industry have had limited success. The NCE's however have managed to successfully disintegrate the barriers between these two seemingly disparate fields. This has resulted in a faster and more effective system of knowledge dissemination resulting in durable and self-sustaining economic development, which takes place at a faster rate. The NCE's have also been able to contribute to healthcare, wellness and overall sustainable development through their cross sectoral research approach, a model that can be used worldwide.

Another tangible effect has been that the relationship between industry and academic research is evolving into a positive and collaborative exchange, as opposed to the previous state which was largely isolationist, bordering on confrontational.[55] A possible cause of this is the increased representation of companies in the establishment of networks resulting in them influencing the course of research. This has not been met with any resistance from academic researchers who are driven by the imperative of an open publication. [56] Besides influencing the style of management, industrial representation has also brought about an increase in the level of private sector financial contributions made to NCEs. It is believed that these NCEs may even be able to support themselves in the next 7-8 years through the funding they receive from the commercialization of their research.

A third benefit that has emerged is the faster rate of production of new knowledge and innovative thinking. This is the result of collaborative techniques which is made more efficient through the use of modern technology. The increasing number of multi authored cross institutional scholarly publications made available by the NCE is evidentiary of this trend. The rate and quantity of technology transfers has also increased exponentially as a result of this. Knowledge networks also facilitate the mobilization of human resources and address cross disciplinary problems, resulting in an efficient and synergistic solutions. Their low cost, fast pace approach has been instrumental in constructing an understanding of and capacity to engage in sustainable development.

The significant contributions to sustainable development include the Canadian Genetic Diseases Network, which has discovered two specific genes that cause early onset Alzheimer's disease. The Sustainable Forest Management Network has claimed that its research does have a considerable level of influence on the industrial approach to sustainability. The Canadian Bacterial Disease Network conducts research on bacterially caused diseases which are mostly prevalent in developing countries, with a view to produce antibiotics and vaccines that may be able to successfully combat these vaccines. TeleLearning, another such network is working on the creation of software environments which will form the basis of technology based education in the future. [57] The greatest advantage of these knowledge networks is that they have been able to surpass traditional disciplinary barriers and have emerged at the forefront of interdisciplinary articulation, which is emerging as the path to breakthroughs in the fields of applied sciences and technology in the future. The NCE's have also been able to provide diverse working environments for graduate students, where they have been able to work under scientists associated with different specializations and across different departments. They have also been able to interact with government and industry representatives, giving them a far greater exposure of the field and equipping them to avail of a wide range of employment opportunities.

The corporate style of management incorporated within the NCEs encourages a sense of discipline and an enthusiasm for innovation. The Board of Directors at NCE's take on a perfunctory role and function as a typical corporate board. Researchers are therefore required to provide regular reports and meet deadlines to achieve predetermined goals that have been agreed upon. The new paradigm of sustainable development and the fluid transfer of knowledge requires this structure of management, even within a previously strictly academically oriented environment. NCEs have been incorporated as non-profit corporation for largely legal reasons such as the ownership of intellectual property.

The participation to these networks is restricted and is open only through an invitation, in the form of a submission of project proposals under a particular theme, with the final selection being made subject to a rigorous process of evaluation. This encourages the participants of the network to embody a degree of discipline and carry out their activities in a constructive, time bound manner.

B. Perceived Challenges

These knowledge networks, although extremely beneficial in the long run, do have certain specific issues that need to be addressed. Firstly, most formal knowledge networks do not have a formalized communication strategy. While they do make use of various forms of telecommunication, this communication is is no way formally directed or specific. Although some networks have managed to set up a directed communications strategy, supplemented by the involvement of specifically communications based networks (such as CANARIE) , there is still a long way to go in this area.

As is evident with most academic endeavors in recent years, efficient and sustained development both in terms of economy as well as self-sustenance, requires a smooth transitioning to a close collaboration with the industry. Although the NCE's have made progress in this area, a lesson that can be learnt from this is that knowledge networks do require a collaborative arrangement between researchers, the industry and the financial sector. [58] The nature of this collaboration cannot be predicted before tangible research outputs are developed that reflect the relevance of academia in the industrial and financial sectors. A particular network, PENCE has mandated that the boards of directors include a representative of the financial sector. This is a step forward in opening the doors to greater collaboration and mutually assured growth and sustainable development in both academia as well as the industrial and financial sectors.

As with all knowledge networks there is a continuous need for expansion of the focus areas to cover more fields and instigate research in neglected areas. The largest number of networks has been in the fields of healthcare and health associated work. However there is an impending need for networks to be established in other fields as well, such as those related to environmental issues, social dynamics and the general quality of life. [59]

The Canadian experience has resulted in a nuanced understanding of specific actions that need to be taken to strengthen knowledge networks across the spectrum. Firstly, there is an impending need to build new knowledge networks, which would be required to strengthen institutions upon which the networks are based. These include universities and research institutions, which have been weakened both financially and academically over the past few years. The NCE Program, on the face of it, seems to be strengthening universities, by attracting funding for research endeavors that would otherwise not be available to them. While this may be true, it tends to obfuscate the true nature of a university as an intellectual community, by portraying it as a funding source for research and equipment.[60] The deteriorating role of the university in fostering research and laying the foundation of an intellectual community can be reversed by the competition posed by the NCEs which tend to threaten its stature in the fields of multi-disciplinary and graduate institution. Another aspect that needs to be considered is the role of knowledge networks in fostering sustainable development not only on a national or regional scale but on a global level. This can be effectuated by allowing the amalgamation of the academia and industry through ample representation, a model that has proven to be effective within the NCEs. This is all the more relevant today where multinational corporations hold considerable sway over the global economy, so much so that the role of governments in regulating this economy is gradually decreasing. Multilateral investment treaties and agreements are reflective of this.

The final issue is that of the long standing debate between public good and proprietary knowledge. Canadian knowledge networks are of the opinion that knowledge must be freely disseminated. However, certain networks including the NCEs grant the exclusive right of the development and application of this knowledge to specific industry affiliates. On one hand this facilitates further investment into the research, which creates better products, new jobs and further social development. This is predicated on a fine balance of allowing this development without widening the already disparate socio-economic gaps that exist between developed and developing countries. Thus the balance between public good and propriety knowledge must be effectively managed by the regulatory role discharged by the governments and the decision making faculties of these knowledge networks. [61]

Establishing international linkages across networks based within different regions across the world would also be an effective means of ensuring effective partnerships and the creation of a new, self-sustaining structure. This would bring new prospects of funding into sustainable development activities and engage industrial affiliates with international development activities.

C. Donor Perspectives

The International Development Research Centre, based in Canada has also been instrumental in the setting up of support structures for networks. The IDRC has remained consistent in its emphasis of networks as mechanisms of linking scientists engaged in similar problems across the globe instead of as mechanisms to fund research in countries. This has afforded the IDRC with a greater level of flexibility in responding to the needs of developing countries as well as responding to the financial pressures within Canada to deliver superior technical support with a reduction in overheads. The IDRC sees networking an indispensable aspect of scientific pursuit and technological adaptation in the most effective manner. It is currently supporting four specific types of networks; horizontal networks which link together institutions with similar areas of specialization, vertical networks which work on disparate aspects of the same problem of different but interrelated problems, information networks which provide a centralized form of information service to members, which enables them to exchange information in the manner necessary and finally training networks which provide supervisory services to independent participants within the network.[62]

(I) Internal Evaluations

There is an outstanding need to monitor visits that are undertaken by the coordinator or the specific representatives of the member or donor as applicable. This would expedite the process of identifying problems and aid in deriving tangible solutions in an efficient manner. The criteria for the assessment would vary depending on the goals of the organization. Donors may pose questions with respect to the cost effectiveness of a particular pattern of research and may seek a formal report regarding this aspect. A more extensive model of donor evaluations may even include assessments with respect to the monitoring and coordination of specific functions.

(II) External Evaluations

A system of external evaluation would be useful with assessing data with respect to the operations of programs and their objectives. This would engage newer participants by injecting newer ideas and insights into the management and scope of the network. The most extensive method of network evaluation was one that was postulated by Valverde [63] and reviewed by Faris [64]. It aimed to draw an analysis of particular constraints and specific elements that would influence the execution of network programs. This method identifies a list of threats, opportunities, strengths and weaknesses which would inform future recommendations. The Valverde method makes use of both formal as well as informal data which is varied depending on the type of network and the management structure it employs.[65]

(III) Financial Viability

A network almost always requires external resources to aid in the setting up and coordination of its activities. Donor agencies must recognize the long term commitment that is required in this respect. It is therefore essential that the period for which this funding will be made available be clarified at the outset, to leave agencies with ample time to plan for the possibility of cessation of external financial support. [66] As concluded from the findings of the research study, although most networks are offered external support, it is primarily technology transfer and information networks that have been able to generate the bulk of funding in this respect. They have been able to obtain this financial assistance from a variety of sources including participating organizations as well as governments. [67] The funding for purely research networks however are inconsistent and the networks would have to plan in advance for a possible cessation of financial support.[68]

(IV) Adaptability

From the perspective of donors, the degree of adaptability and level of responsiveness of a particular network is especially relevant in assessing the coordination, control and leadership of a particular network. A network that is plagued by ineffective leadership and the lack of coordination is unable to adapt to changing circumstances and meet the needs of its participants. A combination of collaborative effort, a localized approach and far-sighted leadership instills in the participants of the network a sense of comfort in its processes and in the donors a faith in its ability to address topical issues and remain relevant.

(V) The Exchange of Information

As noted by Akhtar, a network is created to respond to the growing need to improve channels of information exchange and communication. [69] Information needs to be tailored to suit its users and must be disseminated accordingly. The study conducted has concluded that information networks that are engaged in the transfer of technology are inefficient in disseminating internally derived information and recognizing the needs of their users.[70] Given that these networks are especially user oriented this systemic failure is extremely problematic. There is also a need to review the mechanism of transferring strategic research techniques and the approaches employed in dealing with developing countries. Special attention must be paid to the beneficiaries of a particular network so that the research conducted is directed towards that particular demographic. This is especially relevant for information networks, which from the evaluation; appear to be generating data but not considering who would be using these services.[71]

(VI) Capacity Building

Facilitating the training of individuals both on a formal and informal level has led to an enhance level of research and reporting, as well as the designing of projects. There is however a need to tailor this training to suit the needs of the participants of a particular network. Networks which have been able to provide inputs which are not ordinarily locally provided have instigated the establishment of national and regional institutions. [72]

(VII) Cost Effectiveness

It is important to note however that networks need to employ the most cost effective mechanism of delivering support services to national programs. A network must work in a manner that allows for enough individual enterprise but at the same time follows a collaborative model to generate more effective and relevant research within a short span of time and through the utilization of minimum resources. The Caribbean Technology Consultation Services (CTCS) for example was found to be far more cost effective and in fact 50% cheaper than the services of the United Nations Industrial Development Organization. [73] Similarly, the evaluators of the LAAN found that funding a network was significantly cheaper than finding individual research projects.[74]

[1] Castells, Manuel (2000) "Toward a Sociology of the Network Society" Contemporary Sociology, Vol

29 (5) p693-699

[2] Reinicke, Wolfgang H & Francis Deng, et al (2000) Critical Choices: The United Nations, Networks

and the Future of Global Governance IDRC, Ottawa

[3] Supra ., n.1, p.697

[4] Ibid

[5] Supra n.1, p.61

[6] Chambers, Robert (1997) Whose Reality Counts? Putting the First Last Intermediate Technology

Publications, London

[7] Ibid

[8] Chisholm, Rupert. F (1998) Developing Network Organizations: Learning from Practice and Theory

Addison Wesley

[9] Brown, L. David. 1993. "Development Bridging Organizations and Strategic

Management for Social Change." Advances in Strategic Management 9.

[10] Madeline Church et al, Participation, Relationships and Dynamic change: New Thinking On Evaluating The Work Of International Networks Development Planning Unit, University College London (2002), p. 16

[11] Ibid

[12] Ibid

[13] Reinicke, Wolfgang H & Francis Deng, et al (2000) Critical Choices: The United Nations, Networks

and the Future of Global Governance IDRC, Ottawa, p.61

[14] Ibid

[15] Ibid

[16] Supra n.13, p. 65

[17] Ibid

[18] Supra n. 13, p. 62

[19] Ibid

[20] Supra n. 13, p. 63

[21] Ibid

[22] Supra n. 13, p. 64

[23] Newell, Sue & Jacky Swan (2000) "Trust and Inter-organizational Networking" in Human Relations,

Vol 53 (10)

[24] Sheppard, Blair H & Marla Tuchinsky (1996) "Micro-OB and the Network Organisation" in Kramer, R.

And Tyler T. (eds) Trust in Organisations, Sage

[25] Powell, Walter W (1996) "Trust-based forms of governance" in Kramer, R. And Tyler T. (eds) Trust in

Organisations , Sage

[26] Stern, Elliot (2001) "Evaluating Partnerships: Developing a Theory Based Framework", Paper for

European Evaluation Society Conference 2001, Tavistock Institute

[27] Freedman, Lynn & Jan Reynders (1999) Developing New Criteria for Evaluating Networks in Karl, M.

(ed) Measuring the Immeasurable: Planning Monitoring and Evaluation of Networks, WFS

[28] Allen Nan, Susan (1999) "Effective Networking for Conflict Transformation" Draft Paper for

International Alert./UNHCR Working Group on Conflict Management and Prevention

[29] Supra n. 10, p. 20

[30] Ibid

[31] Taylor, James, (2000) "So Now They Are Going To Measure Empowerment!", paper for INTRAC 4th

International Workshop on the Evaluation of Social Development, Oxford, April

[32] Karl, Marilee (2000) Monitoring And Evaluating Stakeholder Participation In Agriculture And Rural

Development Projects: A Literature Review, FAO

[33] Supra n. 10, p.25

[34] Ibid

[35] Supra n. 10, p. 26

[36] Ibid

[37] Supra n. 10, p.27

[38] Ludema, James D, David L Cooperrider & Frank J Barrett (2001) "Appreciative Inquiry: the Power of

the Unconditional Positive Question" in Reason, P. & Bradbury, H. (eds) Handbook of Action

Research , Sage

[39] Ibid

[40] Supra n. 10, p. 29

[41] Ibid

[42] Ibid

[43] Sida (2000) Webs Women Weave, Sweden, 131-135

[44] Ibid

[45] Dutting, Gisela & Martha de la Fuente (1999) "Contextualising our Experiences: Monitoring and

Evaluation in the Women's Global Network for Reproductive Rights" in Karl, M. (ed) Measuring the

Immeasurable: Planning Monitoring and Evaluation of Networks , WFS

[46] Supra n. 10, p. 30

[47] Supra n. 10, p. 32

[48] Allen Nan, Susan (1999) "Effective Networking for Conflict Transformation" Draft Paper for

International Alert./UNHCR Working Group on Conflict Management and Prevention

[49] Supra n. 13, p. 67

[50] Supra n. 13, 68

[51] Supra n 10, 36

[52] See Madeline Church et al, Participation, Relationships and Dynamic change: New Thinking On Evaluating The Work Of International Networks Development Planning Unit, University College London (2002), p. 36-37

[53] The three granting councils are: the Natural Sciences and Engineering Research Council (NSERC),

the Social Sciences and Humanities Research Council (SSHRC), and the Medical Research Council

(MRC).

[54] Howard C. Clark, Formal Knowledge Networks: A Study of Canadian Experiences, International Institute for Sustainable Development 1998, p. 16

[55] Ibid, p. 18

[56] Ibid, p. 18

[57] Ibid, p. 19

[58] Ibid , p 21

[59] Ibid , p. 22

[60] Ibid, p. 31

[61] Ibid

[62] Terry Smutylo and Saidou Koala, Research Networks: Evolution and Evaluation from a Donor's Perspective, p. 232

[63] Valverde, C. 1988, Agricultural research networking : Development and evaluation, International Services for National Agricultural Research, The Hague, Netherlands. Staff Notes (18-26 November 1988)

[64] Faris, D.G 1991, Agricultural research networks as development tools: Views of a network coordinator, IDRC, Ottawa, Canada, and International Crops Research Institute for the Semi-Arid Tropic, Patancheru, Andhra Pradesh, India

[65] Supra n. 62

[66] Terry Smutylo and Saidou Koala, Research Networks: Evolution and Evaluation from a Donor's Perspective, p. 233

[67] ibid

[68] Ibid

[69] Akhtar, S. 1990. Regional Information Networks : Some Lessons from Latin America. Information Development 6 (1) : 35-42

[70] Ibid, p. 242

[71] Ibid, p. 242

[72] Ibid., p. 243

[73] Stanley, J.L and Elwela, S.S.B 1988, Evaluation report for the Caribbean Technology Consultancy Services (CTCS), CTCS Network Project (1985-1988) IDRC Ottawa, Canada

[74] Moreau,L. 1991, Evaluation of Latin American Aqualculture Network. IDRC, Ottawa, Canada

For more details visit https://cis-india.org/internet-governance/blog/the-creation-of-a-network-for-the-global-south-a-literature-review

The Cost of Free Basics in India: Does Facebook's 'walled garden' reduce or reinforce digital inequalities?

Amrita Sengupta — 2025-04-05T04:10:28Z

In this essay—written in April 2016 soon after India's Telecom Regulatory Authority (TRAI) upheld net neutrality and effectively banned Free Basics in India— the author uses development theories to study the Free Basics programme. The author explored three key paradigms: 1) Construction of knowledge, power structures and virtual colonization in the Free Basics Programme, (2) A sub-internet of the marginalized and (3) the Capabilities Approach and explored how the programme reinforces levels of digital inequalities as opposed to reducing it. This essay was written in 2016 and there have been various shifts in the digital and tech landscape. Further a lot of numbers and statistics are from 2016 and not all ideas held here may be transferable today. This should be read as such. This is being published now, on account of 10 years since the Free Basics project was set to be implemented in India.

In 2015, Facebook introduced internet.org in India and it faced a lot of criticism. The programme was relaunched as the Free Basics programme, ostensibly to provide, free of cost, access to the Internet to the economically deprived section of society. The content, i.e. websites, were pre-selected by Facebook and was provided by third-party providers. Later, Telecom Regulatory Authority of India (TRAI) ruled in favor of net neutrality, banning the program in India. A crucial conversation in this debate was also about whether the Free Basics program was going to actually be helpful for those it set out to support.

This paper examines Facebook’s Free Basics programme and its perceived role in bridging digital divides, in the context of India, where it has been widely debated, criticized and finally banned in a ruling from Telecom Regulatory Authority of India (TRAI). While the debate on the Free Basics programme has largely been embroiled around the principles of network neutrality, this paper will try to examine it from an ICT4D perspective, embedding the discussion around key development paradigms.

This essay begins by introducing the Free Basics programme in India and the associated proceedings, following which existing literature is reviewed to explore the concept of development, the perceived role of ICT in development, thus laying the scope of this discussion. The essay then examines the question of whether the Free Basics programme reduces or reinforces digital inequality by looking at 3 development paradigms: (1) Construction of knowledge, power structures and virtual colonization in the Free Basics Programme, (2) A sub-internet of the marginalized: looking at second level digital divides and (3) the Capabilities Approach and premise of connectivity as a source of equality and freedom.

The essay concludes with a view that the need for digital access should be viewed as a subset of overall contextual development as opposed to programs unto themselves and taking purely techno-solutionist approaches. There is a requirement for effective needs identification as part of ICT4D research to locate the users at the center and not at the periphery of the discussions. Lastly, policymakers should look into the addressal of more basic concerns like that of access and connectivity and not just on solutions which can be claimed as “quick-wins” in policy implementation.

Click to download the Essay

For more details visit https://cis-india.org/internet-governance/blog/the-cost-of-free-basics-in-india

The constitutionality of MHA surveillance order

nehaa — 2018-12-31T14:06:04Z

The rules require review committees to examine all surveillance orders issued under this section every couple of months.

The article by Nehaa Chaudhari was published in Asian Age on December 30, 2018.

The MHA notification authorising 10 agencies to intercept, monitor and decrypt “any information” generated, transmitted, received or stored in “any computer” has kicked up a row. One section calls it electronic surveillance at the behest of the Big Brother. This time the qualitative difference is data stored anywhere, not just data in motion, can be intercepted.

Privacy is a fundamental right in India. Nine Supreme Court judges agreed on this in late August, last year. It is “the constitutional core of human dignity” and flows primarily from the “guarantee of life and personal liberty” of our Constitution, they said, in the case of K.S.Puttaswamy vs Union of India. This meant two rules for the Indian state. Rule number 1.) Do not intrude upon a citizen’s right to life and personal liberty; and rule number 2.) Take all necessary steps to safeguard individual privacy.

However, because no fundamental right is absolute, the Indian state is allowed to deviate from rule number 1 in certain situations. It can restrict individual privacy provided that it first fulfills three conditions: The restriction must be backed by law; it must be for a legitimate state aim; and, it must be proportionate.

All laws (including existing ones) and government actions, with consequences for individual privacy, must meet the three conditions listed above to be valid.

Those that fail to do so are unconstitutional, and must be suitably amended, or will be struck down, as was the case with Section 377 of the Indian Penal Code, earlier this year. Section 69 of the Information Technology Act, under which the Ministry of Home Affairs has issued its recent surveillance order, warrants similar scrutiny.

Section 69 empowers the Centre and all state governments to authorise any of their officers to surveil citizens’ electronic communications and information. They may do so for any of the reasons laid down in the same section, including India’s sovereignty, integrity, defence, security and foreign relations, or public order, or to prevent the incitement of certain offences, or to investigate any offence. Government orders issued under this section must be reasoned, and in writing. These orders, and the resultant surveillance activity, must follow the procedure laid down in a set of rules framed under the Information Technology Act in 2009. The rules require review committees to examine all surveillance orders issued under this section every couple of months. The review committee at the Centre examines the Union government’s surveillance orders, while state governments’ orders are examined by committees at their respective states. But, review committees, whether at the Centre, or at any of the states, only have
three members each, tasked with reviewing hundreds of orders every day. Moreover, they consist only of government officials. Neither the Information Technology Act, nor the accompanying 2009 rules, require Parliamentary or judicial oversight of electronic surveillance by the executive.

In the past week, at least two petitions have been filed before the Supreme Court,which claim that the MHA’s surveillance order violates the fundamental right to privacy and is unconstitutional. This order for electronic surveillance is a clear deviation from rule number 1, and so the question before the court will be if it meets each of the conditions above to be valid.

Is the MHA order lawful? Yes, given as it was framed under the framework of the IT Act. There remains however, a larger question of the constitutionality of Section 69 itself. If the court finds Section 69 itself to be unconstitutional, any action taken pursuant to Section 69, including the recent MHA order, will also be unconstitutional.

Is the MHA order pursuant to a legitimate state aim? The order itself does not specify what in particular the government hopes to achieve. However, given as it was issued under Section 69, the government could well argue that it was only for the six purposes laid down in the statute.

Moreover, according to the Supreme Court in the right to privacy judgment, legitimate state aims are “matters of policy to be considered by the Union government.” The court even offered examples of possible legitimate state aims, which included the grounds listed under Section 69.

Is the MHA order proportionate? No; and neither is the IT Act’s framework dealing with electronic surveillance. The IT Act allows government surveillance of citizens, unchecked by either the legislature, or the judiciary. It creates a scenario where tiny government committees must review the government’s own decisions to curtail citizens’ fundamental rights. Moreover, it penalises individuals with up to seven years in jail, in addition to fines, for not complying with any interception, monitoring, or decryption request by an authorised government agency.

In light of the recent MHA order, this means that individuals must comply with surveillance requests by 10 government agencies including tax authorities, the police, and civil and military intelligence agencies, or be prepared to face jail time. This is unethical, undemocratic, and unconstitutional.

Unchecked government surveillance threatens not just an individual’s fundamental right to privacy, but also her fundamental freedoms of speech, movement, and assembly among others, also guaranteed fundamental rights under the Indian Constitution.

These rights and freedoms are the very essence of what it means to be a free citizen in a modern democracy. A democratic state must only exercise its police powers in the narrowest of circumstances, within bright lines, clearly defined.

In August, 2017, the Supreme Court laid down the framework to identify these narrow circumstances and bright lines in so far as the fundamental right to privacy was concerned. But, the promise of Puttaswamy is only as good as its implementation, and here lies its biggest challenge.

As Pranesh Prakash, Fellow at the Centre for Internet and Society, said on a television channel recently, perhaps it is about time that we stopped relying solely on the courts to step in to safeguard our fundamental rights, and started demanding that our elected law-markers did their jobs, or did them better. After all, a general election is but a few months away.

For more details visit https://cis-india.org/internet-governance/news/nehaa-chaudhari-asian-age-december-30-2018-constitutionality-of-mha-surveillance-order

The Constitutionality of Indian Surveillance Law: Public Emergency as a Condition Precedent for Intercepting Communications

bedaavyasa — 2014-08-04T04:52:42Z

Bedavyasa Mohanty analyses the nuances of interception of communications under the Indian Telegraph Act and the Indian Post Office Act. In this post he explores the historical bases of surveillance law in India and examines whether the administrative powers of intercepting communications are Constitutionally compatible.

Introduction

State authorised surveillance in India derives its basis from two colonial legislations; §26 of the Indian Post Office Act, 1898 and §5 of the Telegraph Act, 1885 (hereinafter the Act) provide for the interception of postal articles[1] and messages transmitted via telegraph[2] respectively. Both of these sections, which are analogous, provide that the powers laid down therein can only be invoked on the occurrence of a public emergency or in the interest of public safety. The task of issuing orders for interception of communications is vested in an officer authorised by the Central or the State government. This blog examines whether the preconditions set by the legislature for allowing interception act as adequate safeguards. The second part of the blog analyses the limits of discretionary power given to such authorised officers to intercept and detain communications.

Surveillance by law enforcement agencies constitutes a breach of a citizen’s Fundamental Rights of privacy and the Freedom of Speech and Expression. It must therefore be justified against compelling arguments against violations of civil rights. Right to privacy in India has long been considered too ‘broad and moralistic’[3] to be defined judicially. The judiciary, though, has been careful enough to not assign an unbound interpretation to it. It has recognised that the breach of privacy has to be balanced against a compelling public interest [4] and has to be decided on a careful examination of the facts of a certain case. In the same breath, Indian courts have also legitimised surveillance by the state as long as such surveillance is not illegal or unobtrusive and is within bounds [5]. While determining what constitutes legal surveillance, courts have rejected “prior judicial scrutiny” as a mandatory requirement and have held that administrative safeguards are sufficient to legitimise an act of surveillance. [6]

Conditions Precedent for Ordering Interception

§§5(2) of the Telegraph Act and 26(2) of the Indian Post Office Act outline a two tiered test to be satisfied before the interception of telegraphs or postal articles. The first tier consists of sine qua nons in the form of an “occurrence of public emergency” or “in the interests of public safety.” The second set of requirements under the provisions is “the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence.” While vesting the power of interception in administrative officials, the sections contemplate a legal fiction where a public emergency exists and it is in the interest of sovereignty, integrity, security of the state or for the maintenance of public order/ friendly relations with foreign states. The term “public emergency,” however, has not been clearly defined by the legislature or by the courts. It thus vests arbitrary powers in a delegated official to order the interception of communication violating one’s Fundamental Rights.

Tracing the History of the Expression “Public Emergency”

The origins of the laws governing interception can be traced back to English laws of the late 19th Century; specifically one that imposed a penalty on a postal officer who delayed or intercepted a postal article.[7] This law guided the drafting of the Indian Telegraph Act in 1885 that legitimised interception of communications by the state. The expression “public emergency” appeared in the original Telegraph Act of 1885 and has been adopted in that form in all subsequent renderings of provisions relating to interception. Despite the contentious and vague nature of the expression, no consensus regarding its interpretation seems to have been arrived at. One of the first post-independence analyses of this provision was undertaken by the Law Commission in 1968. The 38th Law Commission in its report on the Indian Post Office Act, raised concerns about the constitutionality of the expression. The Law Commission was of the opinion that the term not having been defined in the constitution cannot serve as a reasonable ground for suspension of Fundamental Rights.[8] It further urged that a state of public emergency must be of such a nature that it is not secretive and is apparent to a reasonable man.[9] It thus challenged the operation of the act in its then current form where the determination of public emergency is the discretion of a delegated administrative official. The Commission, in conclusion, implored the legislature to amend the laws relating to interception to bring them in line with the Constitution. This led to the Telegraph (Amendment) Act of 1981. Questions regarding the true meaning of the expression and its potential misuse were brought up in both houses of the Parliament during passing of the amendment. The Law Ministry, however, did not issue any additional clarifications regarding the terms used in the Act. Instead, the Government claimed that the expressions used in the Act are “exactly those that are used in the Constitution.” [10] It may be of interest to note here that the Constitution of India, neither uses nor defines the term “public emergency.” Naturally, it is not contemplated as a ground for reasonably restricting Fundamental Rights provided under Article 19(1). [11] Similarly, concerns regarding the potential misuse of the powers were defended with the logically incompatible and factually inaccurate position that the law had not been misused in the past.[12]

Locating “Public Emergency” within a Proclamation of Emergency under the Constitution (?)

Public emergency in not equivalent to a proclamation of emergency under Article 352 of the Constitution simply because it was first used in legislations over six decades before the drafting of the Indian Constitution began. Besides, orders for interception of communications have also been passed when the state was not under a proclamation of emergency. Moreover, public emergency is not the only prerequisite prescribed under the Act. §5(2) states that an order for interception can be passed either on the occurrence of public emergency or in the interest of public safety. Therefore, the thresholds for the satisfaction of both have to be similar or comparable. If the threshold for the satisfaction of public emergency is understood to be as high as a proclamation of emergency then any order for interception can be passed easily under the guise of public safety. The public emergency condition will then be rendered redundant. Public emergency is therefore a condition that is separate from a proclamation of emergency.

In a similar vein the Supreme Court has also clarified[13] that terms like “public emergency” and “any emergency,” when used as statutory prerequisites, refer to the occurrence of different kinds of events. These terms cannot be equated with one another merely on the basis of the commonality of one word.

The Supreme Court in Hukam Chand v. Union of India,[14] correctly stated that the terms public emergency and public safety must “take colour from each other.” However, the court erred in defining public emergency as a situation that “raises problems concerning the interest of the public safety, the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or the prevention of incitement to the commission of an offence.” This cyclic definition does not lend any clarity to the interpretive murk surrounding the term. The Act envisages public emergency as a sine qua non that must exist prior to a determination that there is a threat to public order and sovereignty and integrity of the state. The court’s interpretation on the other hand would suggest that a state of public emergency can be said to exist only when public order, sovereignty and integrity of the state are already threatened. Therefore, while conditions precedent exist for the exercise of powers under §5(2) of the Act, there are no objective standards against which they are to be tested.

Interpretation of Threshold Requirements

A similar question arose before the House of Lords in Liversidge v. Anderson.[15] The case examined the vires of an Act that vested an administrative authority with the conditional power to detain a person if there was reasonable cause to believe that the person was of hostile origin. Therein, Lord Atkin dissenting with the majority opinion stated in no unclear terms that power vested in the secretary of state was conditional and not absolute. When a conditional authority is vested in an administrative official but there aren’t any prescriptive guidelines for the determination of the preconditions, then the statute has the effect of vesting an absolute power in a delegated official. This view was also upheld by the Supreme Court in State of Madhya Pradesh v. Baldeo Prasad.[16] The court was of the opinion that a statute must not only provide adequate safeguards for the protection of innocent citizens but also require the administrative authority to be satisfied as to the existence of the conditions precedent laid down in the statute before making an order. If the statute failed to do so in respect of any condition precedent then the law suffered from an infirmity and was liable to be struck down as invalid.[17] The question of the existence of public emergency, therefore being left to the sole determination of an administrative official is an absolute and arbitrary power and is ultra vires the Constitution

Interestingly, in its original unamended form, §5 contained a provisio stating that a determination of public emergency was the sole authority of the secretary of state and such a finding could not be challenged before a court of law. It is this provision that the government repealed through the Telegraph (Amendment) Act of 1981 to bring it in line with Constitutional principles. The preceding discussion shows that the amendment did not have the effect of rectifying the law’s constitutional infirmities. Nonetheless, the original Telegraph Act and its subsequent amendment are vital for understanding the compatibility of surveillance standards with the Constitutional principles. The draconian provisio in the original act vesting absolute powers in an administrative official illustrates that the legislative intent behind the drafting of a 130 year law cannot be relied on in today’s context. Vague terms like public emergency that have been thoughtlessly adopted from a draconian law find no place in a state that seeks to guarantee to its citizens rights of free speech and expression.

Conclusion

Interception of communications under the Telegraph Act and the Indian Post office act violate not only one’s privacy but also one’s freedom of speech and expression. Besides, orders for the tapping of telephones violate not only the privacy of the individual in question but also that of the person he/she is communicating with. Considering the serious nature of this breach it is absolutely necessary that the powers enabling such interception are not only constitutionally authorised but also adequately safeguarded. The Fundamental Rights declared by Article 19(1) cannot be curtailed on any ground outside the relevant provisions of Cls. 2-6.[18] The restrictive clauses in Cls. (2)-(6) of Article 19 are exhaustive and are to be strictly construed.[19] Public emergency is not one of the conditions enumerated under Article 19 for curtailing fundamental freedoms. Moreover, it lacks adequate safeguards by vesting absolute discretionary power in a non-judicial administrative authority. Even if one were to ignore the massive potential for misuse of these powers, it is difficult to conceive that the interception provisions would stand a scrutiny of constitutionality.

Over the course of the last few years, India has been dangerously toeing the line that keeps it from turning into a totalitarian surveillance state. [20] In 2011, India was the third most intrusive state[21] with 1,699 requests for removal made to Google; in 2012 that number increased to 2529[22]. The media is abuzz with reports about the Intelligence Bureau wanting Internet Service Providers to log all customer details [23] and random citizens being videotaped by the Delhi Police for “looking suspicious.” It becomes essential under these circumstances to question where the state’s power ends and a citizens’ privacy begins. Most of the information regarding projects like the CMS and the CCTNS is murky and unconfirmed. But under the pretext of national security, government officials have refused to divulge any information regarding the kind of information included within these systems and whether any accountability measures exist. For instance, there have been conflicting opinions from various ministers regarding whether the internet would also be under the supervision of the CMS [24]. Even more importantly, citizens are unaware of what rights and remedies are available to them in instances of violation of their privacy.

The intelligence agencies that have been tasked with handling information collected under these systems have not been created under any legislation and therefore not subject to any parliamentary oversight. Attempts like the Intelligence Services (Powers and Regulation) Bill, 2011 have been shelved and not revisited since their introduction. The intelligence agencies that have been created through executive orders enjoy vast and unbridled powers that make them accountable to no one[25]. Before, vesting the Indian law enforcement agencies with sensitive information that can be so readily misused it is essential to ensure that a mechanism to check the use and misuse of that power exists. A three judge bench of the Supreme Court has recently decided to entertain a Public Interest Litigation aimed at subjecting the intelligence agencies to auditing by the Comptroller and Auditor General of India. But the PIL even if successful will still only manage to scratch the surface of all the wide and unbridled powers enjoyed by the Indian intelligence agencies. The question of the constitutionality of interception powers, however, has not been subjected to as much scrutiny as is necessary. Especially at a time when the government has been rumoured to have already obtained the capability for mass dragnet surveillance such a determination by the Indian courts cannot come soon enough.

[1] Indian Post Office Act, 1898, § 26

[2] Indian Telegraph Act, 1885 § 5(2)

[3] PUCL v. Union of India, AIR 1997 SC 568

[4] Govind vs. State of Madhya Pradesh, (1975) 2 SCC 148

[5] Malak Singh vs. State Of Punjab & Haryana, AIR 1981 SC 760

[6] Supra note 3

[7] Law Commission, Indian Post Office Act, 1898 (38^th Law Commission Report) para 84

[8] ibid

[9] id

[10] Lok Sabha Debates , Minister of Communications, Shri H.N. Bahuguna, August 9, 1972

[11] The Constitution of India, Article 358- Suspension of provisions of Article 19 during emergencies

[12] Lok Sabha Debates , Minister of Communications, Shri H.N. Bahuguna, August 9, 1972

[13] Hukam Chand v. Union of India, AIR 1976 SC 789

[14] ibid

[15] Liversidge v. Anderson [1942] A.C. 206

[16] State of M.P. v. Baldeo Prasad, AIR 1961 (SC) 293 (296)

[17] ibid

[18] Ghosh O.K. v. Joseph E.X. Air 1963 SC 812; 1963 Supp. (1) SCR 789

[19] Sakal Papers (P) Ltd. v. Union of India, AIR 1962 SC 305 (315); 1962 (3) SCR 842

[20] See Notable Observations- July to December 2012, Google Transparency Report, available at http://www.google.com/transparencyreport/removals/government/ (last visited on July 2, 2014) (a 90% increase in Content removal requests by the Indian Government in the last year)

[21] Willis Wee, Google Transparency Report: India Ranks as Third ‘Snoopiest’ Country, July 6, 2011 available at http://www.techinasia.com/google-transparency-report-india/ (last visited on July 2, 2014)

[22] See Notable Observations- July to December 2012, Google Transparency Report, available at http://www.google.com/transparencyreport/removals/government/ (last visited on July 2, 2014) (a 90% increase in Content removal requests by the Indian Government in the last year)

[23] Joji Thomas Philip, Intelligence Bureau wants ISPs to log all customer details, December 30, 2010 http://articles.economictimes.indiatimes.com/2010-12-30/news/27621627_1_online-privacy-internet-protocol-isps (last visited on July 2, 2014)

[24] Deepa Kurup, In the dark about ‘India’s Prism’ June 16, 2013 available at http://www.thehindu.com/sci-tech/technology/in-the-dark-about-indias-prism/article4817903.ece

[25] Saikat Dutta, We, The Eavesdropped May 3, 2010 available at http://www.outlookindia.com/article.aspx?265191 (last visited on July 2, 2014)

For more details visit https://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law

The Changing Role of the Media in India: Constitutional Perspectives

praskrishna — 2014-02-04T06:05:31Z

The School of Law, Christ University is conducting National Conference on The Changing Role of the Media in India: Constitutional Perspectives from 28 February – 1 March 2014. Snehashish Ghosh will be moderating a session at this conference.

Christ University is one of India’s premier universities, offering a wide range of undergraduate, postgraduate and doctoral programmes. The School of Law was introduced in 2006 and is presently offering competitive law programmes, including the 5-Year integrated B.A., LL.B and B.B.A., LL.B (Hons.), as well as LL.M, M.Phil and Ph.D. The School of Law, is in pursuit of a dynamic environment that promotes holistic development of our students, through various co-curricular and extra-curricular activities. In this regard, it organizes a national conference every year. The theme for this year is ‘The Changing Role of the Media in India: Constitutional Perspectives’. The conference is planned to deliberate on the following sub-themes:

The Impact of the Press as the Fourth Estate on Constitution & Democracy
Independence of the Judiciary vis-a-vis Media Activism
Right to Information and the Freedom of the Press
Social Media and its Impact on Free Speech

For more info see the event details posted on Christ University website.

For more details visit https://cis-india.org/news/changing-role-of-media-in-india-constitutional-perspectives

The Changing Landscape of ICT Governance and Practice - Convergence and Big Data

praskrishna — 2015-09-07T13:48:37Z

Sharat Chandra Ram was granted the Young Scholar Award 2015 to attend the Young Scholar Workshop (August 24 - 25, 2015) followed by main CPRSouth2015 conference (Communication Policy Research South) conference (26th - 28th August 2015) - "The Changing Landscape of ICT Governance and Practice - Convergence and Big Data" that was co-organized by the 'Innovation Center for Big Data and Digital Convergence, Yuan Ze University, Taiwan. The agenda for Young Scholar 2015 pre-conferernce workshop can be accessed here. The CPR South 2015: Conference Programme agenda can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/the-changing-landscape-of-ict-governance-and-practice-convergence-and-big-data