We are anonymous, we are legion

Future of Work: Report of the ‘Workshop on the IT/IT-eS Sector and the Future of Work in India’

ambika — 2020-03-05T19:03:07Z

This report provides an overview of the proceedings and outcomes of the Workshop on the IT/IT-eS Sector and the Future of Work in India (hereinafter referred to as the “Workshop”), organised at Omidyar Networks’ office in Bangalore, on June 29, 2018.

This report was authored by Torsha Sarkar, Ambika Tandon and Aayush Rath. It was edited by Elonnai Hickok. Akash Sriram, Divya Kushwaha and Torsha Sarkar provided transcription and research assistance. A PDF of the report can be accessed here.

Introduction

The Workshop was attended by a diverse group of stakeholders which included industry representatives, academicians and researchers, and civil society. The discussions went over various components of the transition in the sector to Industry 4.0, including the impact of Industry 4.0-related technological innovations on work broadly in India, and specifically in the IT/IT-eS sector (hereinafter referred to as the “Sector”). The discussion focused on the reciprocal impact on socio-political dimensions, the structure of employment, and forms of work within workspaces.

The Workshop was divided into three sessions. The first session was themed around the adoption and impact of Industry 4.0 technologies vis-a-vis the organisation of work. Within this the key questions were: the nature of the technologies being adopted, the causes that are driving the uptake of these technologies, and the ‘tasks’ constituting jobs in the Sector.

The second session focussed on the role of skilling and re-skilling measures as mitigators to projected displacement of jobs. The issues dealt with included shifts in company, educational, and social competency profiles as a result of Industry 4.0, transformations in the predominant pedagogy of education, vocational, and skill development programmes in India, and their success in creating employable workers and filling skill gaps in the industry.

The third session looked at social welfare considerations and public policy interventions that may be necessitated in the wake of potential technological unemployment owing to Industry 4.0. The session was designed with a specific focus on the axes of gender and class, addressing questions of precarity, wages, and job security in the future of work for marginalized groups in the workforce.

Preliminary Comments

The Workshop opened with a brief introduction on the research the Centre for Internet and Society (CIS) is undertaking on the Future of Work (hereinafter referred to as “FoW”) vis-a-vis Industry 4.0. The conception of Industry 4.0 that CIS is looking at is the technical integration of cyber-physical systems in production and logistics on one hand, and the use of internet of things (IoT) and the connection between everyday objects and services in the industrial processes on the other. The scope of the project, including the impact of automation on the organisation of employment and shifts in the nature and forms of work, including through the gig economy, and microwork, was detailed. The historical lens taken by the project, and the specific focus on questions of inequality across gender, class, language, and skill were highlighted.

It was pointed out that CIS’ research, in this regard, comes from the necessity of localising and re-examining the global narratives around Industry 4.0. While new technologies will be developed and implemented globally, the impact of these technologies in the Indian context would be mediated through local, political and socio-economic structures. For instance, the Third Industrial Revolution, largely associated with the massification of computing, telecommunications and electronics, is still unfolding in India, while attempts are already being made to adapt to Industry 4.0. These issues provided a starting point to the discussion on the impact of Industry 4.0 in India.

Qualifying Technological Change

Contexualising the narrative with historical perspectives

The panel for the first session commenced with a discussion around a historical perspective on job loss being brought about due to mechanisation. The distinction between Industry 3.0 and 4.0, it was suggested, was largely arbitrary, inasmuch as technological innovation has been a continuous process and has been impacting lives and the way work is perceived. It was argued that the only factor differentiating Industry 4.0 from previous industrial revolutions is ‘intelligent’ technology that is automating routine cognitive tasks. The computer, programmatic logic control (PLC) and data (called the ‘new oil’) were also a part of Industry 3.0, but intelligent technologies are able to provide greater analytical power under Industry 4.0.

The discussion also went over the distinction between the terms ‘job’, ‘task’ and ‘work’. It was argued that the term ‘job’ might be treated as a subset of the term ‘work’, with the latter moving beyond livelihood to encompass questions of dignity and a sense of fulfilment in the worker. With relation to this distinction, it was mentioned that the jobs at the risk of automation would be those that fulfill only the basic level in Maslow’s hierarchy - implying largely routine manual tasks. Additionally, it was explained that although these jobs will continue to use labour through Industry 4.0, it is only the nature of technological enablement that would change to automate more dangerous and hazardous tasks.

Technology as a long-term enabler of job creation

It was argued that technology has historically been associated with job creation. Historical instances cited included that of popular anxiety due to anticipated job loss through the uptake of the spinning machine and the steam engine, whereas the actual reduction in the cost of production led to greater job creation, increased mobility and improved quality of life in the long-term. Such instances were used to further argue that technology has historically not resulted in long-term job reductions.

The platform economy was posited as a model for creating jobs, through the efficient matching of supply and demand through digital platforms. It was indicated that rural to urban migration is aided by such platforms, as labourers voluntarily enrol in skilling initiatives given the certainty of employment through platformization. It was further argued that historically, Indian workers have been educated rather than skilled, and that platformization and automation, coupled with the elasticity of human needs, will provide greater incentives for technically skilled workers by creating desirable jobs.

Factors leading to differential adoption of automation

In relation to the adoption of the technologies Industry 4.0, it was argued that the mere existence of a technology does not necessitate its scalablity at an industrial level. Scalability would be possible only when the cost of labour is high relative to the costs entailed in technological adoption. This was supported by data from a McKinsey Report^{^[1]} which indicated that countries like the US and Germany would be impacted in the short term by automation, because their cost of labour is higher. Conversely, since the cost of labour in India is relatively cheap, the reality of technological displacement is still far away and the impact would not be immediate.

Similarly, a distinction was also made to account for the differential impact of automation in various sectors. For instance, it was indicated that since the IT/IT-eS sector in India is based on exporting services and outsourcing of businesses. Accordingly, if Germany automates its automobile industry, that would impact India less than if it automates the IT/IT-eS sector, as the latter is more reliant on exporting its services to developed economies. The IT/IT-eS sector was further broken down into sub-sectors with the intention of highlighting the differential impact of automation and FoW in each of these sub-sectors. It was agreed that the BPO sub-sector would be more adversely impacted than core IT services, given its constitution of routine nature of tasks at a higher risk of automation.

Disaggregating India’s Skilling Approach

The discussion around skilling measures was contextualised in the Indian context by alluding to data collected from the National Sample Survey Organisation (NSSO) surveys. The data revealed that around 36% of India’s total population is under the age of seventeen and approximately 13% are between 18 - 24. Additional statistics suggested that only around a quarter of the workforce aged 18-24 years had achieved secondary and higher secondary education and close to 13% of the workforce was illiterate. While these numbers included both male and female workers, it was pointed out that it was an incomplete dataset as it excluded transgender workers. It was suggested it should be this segment of the Indian demographic that is targeted for significant skilling pushes, which could be catalysed through specific vocational training centres. It was also suggested that there was a need for to restructure the role of the National Skill Development Corporation (NSDC) in the Indian skilling framework.

A comprehensive picture was painted by conceptualising the skilling framework in India as 5 distinct pillars. This conceptualisation was used to debunk the narrative around NSDC being the sole entity pushing for skill development in the country. The NSDC’s function in the skilling framework was posited as providing funding to skilling initiatives with programmes lasting for a period of 3 months. These 3- month programmes were critiqued for being insufficient for effective training, especially given the low skill levels of workers going into the programmes. The NSDC’s placement rate of 12% as per their own records was used to support this argument. Further suggestions on making the NSDC more effective were made in a later discussion^{^[2]}.

Related to this, the second pillar of vocational skilling was said to be the Industrial Training Institute (ITI). The third pillar was said to be the school system which was critiqued for does not offering vocational education at secondary and senior secondary levels. The fourth pillar comprised of the 16 ministries which governed the labour laws in India - none of whose courses were National Skills Qualifications Framework (NSQF) compliant.

The fifth pillar was construed as the industry itself and the enterprise-based training it conducted. However, it was stated that India’s share of registered companies who did enterprise-based training was dismal. In 2009, the share of enterprise-based training was 16% which rose in 2014 to 36%. Further, most of these 36% were registered large firms as opposed to small and medium sized enterprises. Unregistered companies, it was suggested, were simply doing informal apprenticeships.

Joint public and private skilling initiatives

In addition to government sponsored skilling initiatives, attention was directed to skill development partnerships that took the shape of public-private initiatives. As an example, it was said that that a big player in the ride-hailing economy had worked with NSDC and other skilling entities to ensure that soft skills were being imparted to their driver partners before they were on-boarded onto the platform.

It was also brought forth that innovative forms of skilling and training were gaining traction in the education sector as well in the private sector. This was instantiated through instances of uptake of platforms which apply artificial intelligence, and within that machine learning based techniques, to generate and disseminate easier- to- consume video-based learning.

Driving Job Growth: Solving for Structural Eccentricities of the Indian Labour Market

Catalysing manufacturing-led job growth

The discussion began by discussing specific dynamics of the Indian labour markets in the context of the Indian economy. It was pointed out the productivity level of the services sector is not as high as the productivity level of manufacturing, which is problematic for job creation in a developing economy such as India witnessing capital-intensive growth in the manufacturing sector. The underlying argument was that the jobs of the future in the Indian context will have to be created in the manufacturing sector.

Several macroeconomic policy interventions were suggested to reverse the trend of capital-intensive growth in order to make manufacturing the frontier for enhanced job creation. The need for a trade policy in consonance with the industrial policy was stated as imperative. This was substantiated by highlighting the lack of an inverted duty structure governing the automobile sector that has led India to be amongst the biggest manufacturers of automobiles. The inverted duty structure entails finished products having a lower import tariff and a lower customs duty when compared to import of raw materials or intermediates. However, it was highlighted that a dissonant industrial policy failed to acknowledge that at least 50% of india’s manufacturing comes from Micro, Small & Medium Enterprises (MSMEs) and provided no assistance to MSMEs in obtaining credit, market access or technology upgradation. On the other hand, it was asserted that large corporates get 77% of the total bank credit.

Another challenge that was highlighted was with the Government of India’s severely underfunded manufacturing cluster development programs under the aegis of the Ministry of Textiles and the Ministry of MSMEs. For sectors that contribute majorly towards India’s manufacturing output, it was asserted that these programmes were astonishingly bereft of any governing policy and suffer from several foundational issues. Moreover, it was observed that these clusters are located around the country in Tier 2, 3 and 4 cities where the quality of infrastructure is largely lacking. The Atal Mission for Rejuvenation and Urban Transformation (AMRUT) program devised for the development of these cities is also myopic as the the target cities are not the ones where these manufacturing clusters are located. The rationale behind such an approach was that building infrastructure at geographical sites of job creation would lead to an increase in productivity which would in turn attract greater investment. This would have to necessarily be accompanied by hastening the setting up of industrial corridors - the lackadaisical approach to which was stated as a key component of India being outpaced by other developing economies in the South East Asian region.

An additional policy intervention that was suggested was from the lens of setting up of skilling centres by NSDC in proximity to these manufacturing clusters where the job creation is being evidenced as opposed to larger metropolitan cities.

Carving out space for a vocational training paradigm

It was asserted that the focus of skilling needs to be on the manufacturing rather than services sector, given the centrality of manufacturing to a developing economy undergoing an atypical structural transformation^{^[3]} - as outlined above. Further compounding the problem of jobless growth, it was stated that 50% of the manufacturing workforce have 8 or less years of education and only 5% of the workforce including those that have technical education are vocationally trained, according to the NSS, 62nd Round on Employment and Unemployment.

A gulf in primary and secondary education vis-a-vis vocational training was pointed as one of the most predominant causes behind the much touted ‘skills gap’ that the Indian workforce is said to be battling with. Using data to further cull out the argument, it was said that in 2007, the net enrollment in India for primary education had already reached 97% and that between 2010 - 2015, the secondary education enrollment rate went from 58% to 85%.^{^[4]} It was hypothesised that the latter may have risen to 90% levels since. Furthermore, the higher education enrollment rate also commensurately went up from 11% in 2006 to 26-27% in 2017.^{^[5]} It was argued that this is impossible to achieve without gender parity in higher education. This gender parity in education was contrasted with the systematic decline in the women’s labour force participation that India has been witnessing in the last 30 years.

Consequently, the ‘massification’ of higher education in India over the past 10 years was critiqued as ineffectual in comparison to the Chinese model, as the latter focused on engaging students in vocational training, which the Indian education system had failed to do. The role of the gig economy in creating job opportunities despite this gap between educational and vocational training was regarded as important, especially given the lack of growth in the traditional job markets.

Accounting for the Margins

With relation to the profiles of workers within sectors, it was indicated that factors such as gender, class, skill, income, and race must be accounted for to determine the ‘winners’ and ‘losers’ of automation. Several points were discussed with relation to this disaggregation.

Technology as an equaliser? Gender and skill-biased technological change

First, the idea of technology and development as objective and neutral forces was questioned, with the assertion that human decision-makers, who more often than not tend to be male, allow inherent biases to creep into outputs, processes, and objectives of automation. Data from the Belong Survey in IT services^{^[6]} indicated that the proportion of women in core engineering was 26% of the workforce, while that in software testing was 33%. Coupled with the knowledge that automation and technology would automate software testing first, it was argued that jobs held by female workers were positioned at a higher immediate risk of automation than male workers.

The ‘Leaky Pipe Problem’ in STEM industries i.e. the observation that female workers tend to be concentrated in entry level jobs, while senior management is largely male dominated was also brought to the fore. This was used to bolster the argument that female workers in the Sector will lose out in the shorter term, when automation adversely impacts the lower level jobs.

A survey conducted by Aspiring Minds^{^[7]} which tracked the employability of the engineering graduates was utilised to further flesh out skill biased technological change. As per the survey, 40% of the graduating students are employable in the BPO sector, while only 3% of the students are employable in the sector for software production. With the BPO sector likelier to be impacted more adversely than core IT services, it was emphasised that policy considerations should be very specific in their ambit.

Social security and the platform economy

The discussion around the platform economy commenced with a focus on how it had created economic opportunities in the formal sector by matching demand and supply on one hand, and by reducing inefficiency in the system through technology on the other. It was pointed out that these newer forms of work were creating millions of entrepreneurship opportunities that did not exist previously. These opportunities, it was suggested, were in themselves flexible and contributing the greater push towards enhancing the numbers of those that come within the ambit of India’s formal economy.

This discussion was countered by suggesting that the shift of the workforce from the informal sector to the formal sector, which companies in the gig economy claimed they contributed to, have instead restricted the kind of lives gig workers have been living historically. As an instance, it was pointed out that a farmer who had been working with a completely different set of skills was now being asked to shift to a new set of skills which would be suited for a very specific role and not transposable across occupations. In other words, it would not be meaningful skilling. It was also pointed out that what distinguishes formal work from informal is whether the worker has social security net or not - mere access to banking services or filing of tax returns was not sufficient for characterising a workforce as being formal in nature.

Relatedly, the possibility of social security was discussed for the unorganised sector and microworkers. One of the possibilities discussed was to ensure state subsidised maternity, disability, and death security, and pensions for workers below the poverty line. The fiscal brunt borne by the government for such a scheme was anticipated to not be above 0.4% of the GDP. It was suggested that this would move forward the conversation on minimum wage and fair work, which would be of great importance in broader conversations around working conditions in the platform economy.

The interplay of gender and platformisation

It was highlighted that trends in automation are going to change the occupational structure in the digital economy - the effect of which will especially be felt in cognitive routine jobs given their increased propensity to platformisation. A World Economic Forum report^{^[8]} was cited which indicated the disproportional risk of unemployment faced by women given their concentration in cognitive routine jobs was also brought up.

The discussion logically undertook a deeper look at the platformisation of work with a specific focus on freelance microwork and its impact on the female labour force and culled out certain positive mandates arising from such newer forms of work. It was suggested that industries are more likely to employ female workers in microwork due to lower rates of attrition, and flexible labour. It was reiterated that freelancing in India extends beyond data entry and other routine jobs, to include complex work - thereby also catering to skilled workers desirous of flexibility. Platforms designing systems to meet the demand for flexible work were also discussed, such as platforms geared towards female workers undertaking reskilling measures and counselling for females returning from maternity leave or sabbaticals. Additionally, the difficulty of defining freelancing under existing frameworks of employment, compounded by the lack of legal structures for such work, was outlined.

Systemic challenges within the Indian labour law framework

Static design of legal processes

Labour law was, naturally, acknowledged as a key determinant in the conversation around both the uptake and impact of automative technologies encapsulated within Industry 4.0.

The archaic nature of India’s labour law framework was highlighted as a major impediment to ensuring both worker rights as well as the ease of conducting commerce. It was pointed out that organised labour continues to be under the ambit of the Industrial Disputes Act, which was made effective in 1947, has undergone minimal amendments since. This was critiqued on the basis that the framework for the law is embedded in its historical context, and while the industrial landscape in the country has transformed drastically since the implementation of the Industrial Disputes Act, the legal framework has not evolved. Similarly, the Karnataka Shops and Establishments Act, 1961 which regulates the Sector today was enacted much before the Sector even opened up in India in the 1990s.

Additionally, it was pointed out that the consolidation of the fragmented extant framework of labour laws in India was being consolidated into 4 labour codes without any wholesale modernisation push reforming the laws being consolidated. Consequently, it was argued that the government has to drive changes through policies alone as the legal framework remains static. Barriers to implementation of adequate policies were also discussed, such as the political impact of labour policies, lack of state initiative to deal with the impact of the future of work, apart from the historic inability of the law to keep up with the state of labour and economy.

Labour law arbitrage

One of the reasons behind the increasing contractualizing of labour in India was attributed to over-regulation. There was consensus that the labour law regime was not conducive to industry in India leading to greater opportunistic behaviours from industry participants. It was acknowledged that the political clout that a lot of contractors (of labourers) enjoy along with providing primary employers greater flexibility to hire and fire employees at will has led to a widespread utilisation of contract labour entities.

It was further stated that industry behaviour has adopted several other tools of arbitrage to not consider labour law as a key impediment in the ease of scaling business. Empirical evidence of labour law arbitrage was cited to drive home the point - according to national surveys, 80-85% of enterprises employ less than 99 workers as the law mandates stricter compliance requirements for enterprises employing 100 or more workers^{^[9]}. This was acknowledged a serious hurdle to scaling businesses.

Problems behind other apparently well-intentioned legislation from a public policy lens having counterproductive consequences was also highlighted. In the space of labour laws, the example of the recently enacted Maternity Benefit (Amendment) Act, 2017 was cited. By enhancing maternity benefits, without accounting for other provisioning such as a paternity benefit inclusion, it was anticipated that companies may entirely shy away from hiring women.

Policy Paralysis

The discussion progressed towards a high-level discussion around the efficacy of law vis-a-vis state policy as a means to create a system of checks and balances in the context of Industry 4.0. It was highlighted that law, by design, would be outpaced by technological change. The common law system of law operating in India is premised on a time-tested emphasis on post-facto regulation. In other words, it is reactionary. While policy making in India suffers from a similar plague of playing catch-up, it is in large part due to a bureaucratic structure premised on generalism - a pressing need for domain expertise in policy making was emphasised upon. Having said that, it was stated that it is the institutional design of policy making institutions that needs rectification. What was acknowledged was the success, albeit scant, that individual states have had in policy making catering to specific yet diverse domains. A greater push towards clear and progressive evidence-based policy pushes was stressed upon with the anticipation that it would lead to self-regulation by the industry itself - be it in terms of the future of employment or of the economic direction that the industry will embark on.

Concluding Remarks

The discussions during the course of the Workshop situated the discourse around Industry 4.0 within the contours of the Indian labour realities and the IT sector within that.

As a useful starting point, various broader perspectives around the impact of technological change on the quantum of jobs were brought forth. While the industry perspective was that of technology as an enabler of job creation in the long-run, it was sufficiently tempered by concerns around those impacted adversely in the short to medium-term time frames. These concerns coalesced towards understanding the potential impact of Industry 4.0 on the nature of work, as well as mitigation tools to ease the impact of technological disruption on labour.

Important facets of technological adoption within the Sector were highlighted, such as potential for scalability as well as the distinct eccentricities of the various sub-sectors the IT sector subsumed. The differential impact within the various sub-sectors was pegged to the differential composition of automatable tasks (routine, rule-based) within each sub-sector. However, questions regarding the exact contours of task composition were left unanswered signalling a potential area for further research. On the other hand, the primary challenge to technological adoption faced from the labour-supply side was skilling, or the lack thereof. This was contextualised in the larger scheme of structural issues plaguing the skilling machinery operating in the country, which lead to inadequate dispensation of technical and vocational education and training (TVET). In terms of additional structural issues that would potentially have an impact on how Industry 4.0 plays out in the Indian context, attention was directed towards overdue reform of the labour law framework which has already struggled with incorporating newer forms of working engagements such as platform and gig work, that are being evidenced as a part of Industry 4.0.

An underlying theme that found mention across sessions was the need to devote attention to prevent further marginalisation as a consequence of technological disruption of the already marginalised. Evidence from government datasets as well as from literature around concepts such as skill biased technological change, the leaky pipe problem, and the U-shaped curve of female labour force participation were cited to explicate these issues. The merits of different policy measures to address these concerns, such as social security, living wages, and maternity benefits were also discussed.

While the Workshop touched upon several facets of the discourse around Industry 4.0 in the Sector, it also sprung up areas that require further inquiry. Questions around where in the value chain use-cases for Industry 4.0 technologies were emerging needed a more comprehensive understanding. Moreover, the impact of Sector Skill Councils (SSCs), a central aspect of the skilling ecosystem in India, wasn’t touched upon. An additional path of inquiry that emerged pertained to evolving constructive reforms to legal and economic policy frameworks as top-down interventions within the Sector that could be anticipated to play a significant role in the uptake and impact of Industry 4.0 technologies.

^{^[1]} McKinsey Global Institute, A future that works: Automation, employment, and productivity, https://www.mckinsey.com/~/media/mckinsey/featured%20insights/Digital%20Disruption/Harnessing%20automation%20for%20a%20future%20that%20works/MGI-A-future-that-works-Executive-summary.ashx, (accessed 10 August 2018).

^{^[2]} See discussion under ‘Catalysing manufacturing-led job growth‘.

^{^[3]} R. Verma, Structural Transformation and Jobless Growth in the Indian Economy, The Oxford Handbook of the Indian Economy, 2012.

^{^[4]} S. Mehrotra, ‘The Indian Labour Market: A Fallacy, Two Looming Crises and a Tragedy’, CSE Working Paper, April 2018.

^{^[5]} ibid.

^{^[6]} Mohita Nagpal, ‘Women in tech: There are 3 times more male engineers to females’, belong.co, http://blog.belong.co/gender-diversity-indian-tech-companies, (accessed 10 August 2018).

^{^[7]} Aspiring Minds, National Programming Skills Report - Engineers 2017, https://www.aspiringminds.com/sites/default/files/National%20Programming%20Skills%20Report%20-%20Engineers%202017%20-%20Report%20Brief.pdf, (accessed 11 August 2018).

^{^[8]} World Economic Forum, The Future of Jobs Employment, Skills and Workforce Strategy for the Fourth Industrial Revolution: Global Challenge Insight Report, January 2016.

^{^[9]} Ministry of Statistics and Programme Implementation, All India Report of Sixth Economic Census, Government of India, 2014.

For more details visit https://cis-india.org/internet-governance/blog/future-of-work-report-of-the-workshop-on-the-it-it-es-sector-and-the-future-of-work-in-india

UIDAI says asked nobody to add the helpline number to contacts

Admin — 2018-08-13T15:47:57Z

UIDAI says the toll free number 1800-300-1947 in the contact list of Android phones is an ‘outdated and invalid number’

The article by Komal Gupta was published in Livemint on August 3, 2018. Amber Sinha was quoted.

After the Unique Identification Authority of India’s (UIDAI’s) helpline number was added to the contact list of users through an update available on the Android platform, the government agency in charge of the Aadhaar database of over one billion Indians, stepped in to defend the unique ID project, saying that “some vested interest are trying to create unwarranted confusion in the public”.

The toll free number 1800-300-1947 in the contact list of Android phones is an “outdated and invalid number,” UIDAI said on Friday.

UIDAI has not asked or advised anyone, including any telecom service provider or mobile manufacturer or Android, to include 18003001947 or 1947 in the default list of public service numbers, it said. “UIDAI’s valid toll free number is 1947, which is functional for more than the last two years.”

On Thursday, French security expert Elliot Alderson took to Twitter to ask: “Do you have @UIDAI in your contact list by default?”

The news stormed social media and people checked their phones to find UIDAI’s helpline number pre-saved on their device without their knowledge. Based on a series of tweets that followed, it was established that the number entered users’ phones through an update on the Android platform.

“We are aware of this and are looking into it,” said Google in response to queries from Mint. Calls to the Department of Telecommunications (DoT) seeking comments on the issue remained unanswered.

In an apparent dig at UIDAI and the telcos, Alderson tweeted on Friday: “People noticed that the @UIDAI number is saved by default on their phone: @UIDAI: This is not me! Telecom providers: No, this is not us! ... Do I have to ask to Harry Potter if he magically added this number to people phones?”

Giving a clean chit to the telcom companies, Cellular Operators Association of India (COAI) director general Rajan S. Mathews said: “The inclusion of a certain unknown number in the phonebooks of various mobile handsets is not from any telecom service provider.”

“This doesn’t seem to be a malware- or hacking-related instance,” said Amber Sinha, lawyer and senior programme manager at the Centre for Internet and Society (CIS), a Bengaluru-based think tank. “There are some pre-saved numbers, which comes with the operating system and its update. If the UIDAI claims that it did not ask telecom service providers or mobile manufacturers or Android to include the number, then only Google or the operating system developers can give clarity on this.”

This is not the first time that privacy warriors have launched a crusade against UIDAI and challenged the security framework put in place by it.

Last week, Twitter users publicly shared personal details, including bank accounts, email IDs, PAN and frequent flyer number of Telecom Regulatory Authority of India (Trai) chairman R.S. Sharma, after he posted his 12-digit Aadhaar number and dared people to harm him.

Sharma, himself a former chairman of UIDAI, had revealed his Aadhaar number on Twitter, prompting many of his followers to dig up information about him.

Following this, UIDAI on Tuesday advised people to refrain from revealing their Aadhaar numbers on public platforms, including on social media.

The draft Personal Data Protection Bill, 2018, submitted to the government on 27 July by the expert panel headed by former Supreme Court judge B.N. Srikrishna, categorises the Aadhaar number as sensitive personal information. There are more than 1.21 billion Aadhaar number holders in the country.

For more details visit https://cis-india.org/internet-governance/news/livemint-august-3-2018-uidai-says-asked-nobody-to-add-the-helpline-number-to-contacts

How Chinese apps are making inroads in Indian small towns

Admin — 2018-08-13T15:44:51Z

After selling a company he cofounded to Alibaba in 2013, Sichuan-born Forrest Chen wanted to look beyond China for his next venture. India was one of the countries on his list of potential markets, which included the US, the UK, Indonesia and Thailand.

The article by Mugdha Variyar was published in the Economic Times on August 10, 2018.

“We launched NewsDog in the US in 2015 and got 10,000 users but realised soon that retention was bad because of so much competition,” said Chen, CEO of NewsDog. “That is when we decided to come to India, since the number of (digital) media houses here were fewer and people were still using traditional media.”
After launching here in 2016, first in English, NewsDog has expanded to 10 Indian languages and has 18 million monthly active users, making it one of the top news apps in the country.

A slew of Chinese companies and entrepreneurs has quickly moved to launch mobile applications directly in India to capture the rapidly swelling next generation of internet users—a demographic global and Indian internet companies too are chasing. Several of these Chinese apps have catapulted to the top in India across categories such as entertainment (Tik Tok, Vigo Video), news (UC News, NewsDog), shopping (Club Factory, Shein), as well as browsers and data sharing (UC Browser, Shareit).

“China has seen maturity of content apps that are consumed widely there. With (many) Indians just waking up to digital content on their mobile phones, the Chinese have a head start to port their apps to India,” said Sreedhar Prasad, partner and head for internet business and ecommerce at KPMG India. “Especially in tier 2 cities and beyond, the use of apps that let consumers make short videos or edit images simply and share them is catching on fast. Many of the Chinese apps have been able to cater to this,” he added.

Of course, this would not have been possible without high-speed data connectivity and smartphones becoming more accessible to millions of Indians than ever before. The number of internet users in India is expected to increase to about 500 million this year from about 481 million in December, according to a report in March by the Internet and Mobile Association of India and consultancy firm Kantar IMRB.

Chinese app company ByteDance has launched Tik Tok (over 1 million Android installations) and Vigo Video (over 5 million Android installations) in India to let users upload short videos. Other Chinese apps in the same space such as Kwai are also raking up millions of users in India.

For these Chinese companies, the attraction of a large market, several untapped use-cases for non-metro consumers, and a growing internet base are good enough to place big bets in India.

Chen said it was the growing internet phenomenon and a lack of disruption by traditional media that attracted him to the Indian market. “When I went to rural places around Gurgaon with my COO Yi Ma, we found that a lot of people have smartphones and they use it very regularly.

However, they are still reading newspapers. That’s when we realised there is a gap, which we are trying to fill,” Chen said. Some of these Chinese apps, though, host content some would consider objectionable, and experts say these platforms cannot sustain solely on such material. TikTok was temporarily banned in Indonesia last month due to inappropriate content shared on the app. A highprofile Chinese investor, who did not want to be identified, said these apps may have only a short shelf life in India.

“We have faced some criticism over the content, and we understand that such content harms us,” Chen said. “We are trying to cut it out using artificial intelligence.” Chinese ecommerce apps such as Club Factory and Shein are also seeing thousands of orders daily from India.

For Club Factory, 35 million of its 70 million global customers are from India. “Our focus is towards a value-based customer, which by default includes tier 2 and 3 cities,” Ashwin Rastogi, country head for the ecommerce app, told ET in an interaction last month.

Club Factory is the eighth most used shopping app on Android phones in India in terms of monthly active users, according to App Annie. The company has roped in Bollywood actor Ranveer Singh and Miss World Manushi Chillar for its TV commercials, its first globally. “These Chinese ecommerce apps have invested on ads through social media to target customers, and since many of their products are cheap, under Rs 1,000, a customer is likely to place an order without the risk of losing too much money,” Prasad said.

Alibaba’s UC Browser has crossed 130 million monthly active users in India, catering mainly to non-metro consumers. Its users in India constitute 30% of its 430 million monthly active users globally.

Damon Xi, general manager for India and Indonesia, UCWeb, said UC Browser focuses on non-metro users and UC News on users in metro cities. “We provided data compression technology to make browsing and downloading faster for the users. For instance, there were regions in India where internet connectivity was still improving. In such regions, UC Browser’s data compression technology becomes a great help,” he said.

For several lending startups from China, India seemed a green pasture after business dried up at home following a crackdown by Chinese authorities on pay-day lending. ET reported earlier this year how several lending startups such as WeCash and FinUp were setting up operations in India.

WeCash’s Asia-Pacific head, James Chan, told ET in a previous interaction that the company— with its deep understanding of the lending business based on the “missing middle, new-to-credit, subprime borrowers in China”— saw significant market opportunity in India.

“India and China are similar, and with data and mobile penetration in the country, it is natural to attract Chinese entrepreneurs,” said K Ganesh, partner at entrepreneurship platform GrowthStory.

However, challenges abound for these Chinese companies in India, especially in traversing the gamut of languages while also dealing with a regulatory shadow over data security concerns. NewsDog’s Chen said many Chinese entrepreneurs realise the difficulties in entering the India market.

“There is no wave,” the Chinese investor quoted earlier said. “Only those Chinese companies who have a lot of money can come to India for business.” The proposals of the draft ecommerce policy and the draft data protection bill, if implemented, could also prove troublesome for these Chinese entrepreneurs chasing markets in India.

“(Data) localisation will have a definite impact on Chinese firms,” said Sunil Abraham, head of the Centre for Internet and Society thinktank. The data localization rule requires internet companies, fintech companies in particular, to store all their data only within India.

Sandy Shen, research director at technology researcher Gartner, said India’s data localisation rule could increase the cost of doing business, as services providers would “need to have multiple hosting relations and take additional steps to consolidate data.”

Chinese app makers have had to face tougher hurdles in India. Last year, the Indian Ministry of Defence ordered the Armed Forces to uninstall 42 Chinese apps that it had classified as spyware. Among these apps were UC Browser, UC News, NewsDog, Shareit, Weibo, WeChat, and NewsDog. Smartphone Xiaomi, with which NewsDog has partnered for sharing content, asked the company to prove that its data was not being shared outside India. “Xiaomi were worried about our name on the list. We proved to them that all our data (from India) is (stored) only in Mumbai,” Chen told ET.

Also, late last year, Google temporarily removed UC Browser from its app store after the app came under the Indian government’s radar for reportedly sending data to its servers in China.

For more details visit https://cis-india.org/internet-governance/news/economic-times-august-10-2018-mugdha-variyar

Feminist Information Infrastructure Workshop with Blank Noise and Sangama

ambika — 2018-08-13T15:21:59Z

Akriti Bopanna, Swaraj Paul Barooah and Ambika Tandon as part of the project on Feminist Information Infrastructure, conducted a full-day workshop with Sangama and Blank Noise on August 8, 2018 at CIS, Bangalore.

The workshop focused around fleshing out the research projects that interns at Blank Noise and Sangama will be undertaking, and going over ethical guidelines for feminist research for interviews.

There will be three projects across the two organizations, looking at

The identification process and challenges therein for the trans community,
The impact of mobile phone usage on sex work, and
Impact of social media on the lives of sexual minorities (specifically gay men), focusing on pleasure, social interaction, safety, and peerveillance.

For more details visit https://cis-india.org/internet-governance/news/feminist-information-infrastructure-workshop-with-blank-noise-and-sangama

The National Health Stack: An Expensive, Temporary Placebo

Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta, and Torsha Sarkar — 2018-08-13T15:13:10Z

The year 2002 saw the introduction of a very ambitious National Program for Information Technology in the United Kingdom with the goal to transform the National Health Service — a pre-existing state-sponsored universal healthcare program. This would include a centralised, digital healthcare record for patients and secure access for 30,000 professionals across 300 hospitals.

The article was published by Bloomberg Quint on August 6, 2018.

However, the next ten years would see the scheme meet with constant criticism about its poor management and immense expenditure; and after a gruelling battle for survival, including spending £20 billion and having top experts on board, the NPfIT finally met its end in 2011.

Fast forward eight years — the Indian government’s public policy think tank, NITI Aayog, is proposing an eerily similar idea for the much less developed, and much more populated Indian healthcare sector. On July 6, the NITI Aayog released a consultation paper to discuss “a digital infrastructure built with a deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem”, called the National Health Stack. The paper identifies four challenges that previous government-run healthcare programs ran into and that the current system hopes to solve. These include:

low enrollment of entitled beneficiaries of health insurance,
low participation by service providers of health insurance,
poor fraud detection,
lack of reliable and timely data and analytics.

The current article takes a preliminary look at the goals of the NHS and where it falls behind. Subsequent articles will break down the proposed scheme with regard to safety, privacy and data security concerns, the feasibility of data analytics and fraud detection, and finally, the role of private players within the entire structure.

The primary aim of any digital health infrastructure should be to compliment an existing, efficient healthcare delivery system.

As seen in the U.K., even a very well-functioning healthcare system doesn’t necessarily mean the digitisation efforts will bear fruit.

The NHS is meant to be designed for and beyond the Ayushman Bharat Yojana — the government’s two-pronged healthcare regime that was introduced on Feb. 1. Unfortunately, though, India’s healthcare regime has long been in the need of severe repair, and even if the Ayushman Bharat Yojana works optimally, there are no indications to show that this will miraculously change by their stated target of 2022. Indeed, experts predict it would take at least a ten-year period to successfully implement universal health coverage. A 2013 report by EY-FICCI stated that we must consider a ten-year time frame as well as allocating 3.5-4.7 percent of the GDP to health expenditure to achieve universal health coverage.

However, as per the current statistics, the centre’s allocation for health in the 2017-18 budget is Rs 47,353 crore, which is 1.15 percent of India’s GDP.

Patients wait for treatment in the corridor of the Acharya Tulsi Regional Cancer Treatment & Research Institute in Bikaner, Rajasthan, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Along with the state costs, India’s current expenditure in the health sector comes to a meagre 1.4 percent of the total GDP, far short of what the target should be. Yet, the government aims to attain universal health coverage by 2022.

In the first of its two-pronged strategy, the Ayushman Bharat Yojana aims to establish 1.5 lakh ‘Health and Wellness Centres’ across the country by 2022, which would provide primary healthcare services free of cost.

However, the total fund allocated for ’setting up’ these centres is only Rs 1,200 crore, which comes down to a meagre Rs 80,000 per centre.

It is unclear whether the government plans to establish new sub-centres, or improve the existing ones. Either way, a pittance of Rs 80,000 is grossly insufficient. As per reports, among the 1,56,231 current health centres, only 17,204 (11 percent) have met Indian Public Health Standards as of March 31, 2017. Shockingly, basic amenities like water and electricity are scarce, if not, absent in a substantial number of these centres.

At least 6,000 centres do not have a female health worker, and at least 1,00,000 centres do not have a male health worker.

A woman holds a child in the post-delivery ward of the district hospital in Jind, Haryana, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Even taking the generous assumption that the existing 17,204 centres are in top condition, the future of the rest of these health and wellness centres continues to be bleak.

In truth, both limbs of the Ayushman Bharat strategy remain oblivious to the reality of the situation. The goals do not take into account the existing problems within access to healthcare, nor the relevant economic and social indicators that depict a contrasting reality.

Therefore, the fundamental question remains: if there is no established, well-functioning healthcare delivery system to support, what will the NHS help?

NHS: What Purpose Does It Serve?

The ambitious scope of the National Health Stack consultation paper aside, the central problem plaguing the Indian healthcare system, i.e, delivery, and access to healthcare, remains unaddressed. The first two problems that the NHS aims to solve focus solely on increasing health insurance coverage. However, very problematically, the document does not explicitly mention how a digital infrastructure would lead to rising enrollment of both beneficiaries and service providers of insurance.

This goal of increasing enrollment without a functioning healthcare system could result in two highly problematic scenarios.

Either health and wellness centres will effectively act as enrollment agencies rather than providers of healthcare, or the government would fall back on its ‘Aadhar approach’ and employ external enrollment agents.

The former approach runs a very real risk of the health and wellness centres losing focus on their primary purpose even while statistics show them as functioning centres – thus negatively impacting even the working centres. The latter approach is at a higher risk of running into problems akin to the case of Aadhaar enrollment, such as potential data leakages, identity thefts and a market for fake IDs. Even if we somehow overlook this and assume that the NHS would help increase insurance coverage without additional problems, the larger question still stands: should health insurance even be the primary goal of the government, over and above providing access to healthcare? And what effect will this have on the actual delivery of healthcare services to the common citizen?

A lone patient sleeps in the post operation recovery ward of the district hospital in Jind, Haryana, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Should Insurance Be A Primary Objective Of The Indian Government?

Simply put, the answer is no, because greater insurance coverage need not necessitate better access to healthcare. In recent years, health insurance in India has been rising rapidly due to government-sponsored schemes. In the fiscal year 2016-17, the health insurance market was prized to be worth Rs 30,392 crore. Even with such large investments in insurance premiums, the insurance market accounts for lesser than 5 percent of the total health expenditure.

Furthermore, previous experiences with government-sponsored health insurance schemes have proven that there is little merit to such an expensive task.

For instance, the government’s earlier health insurance scheme, Rashtriya Swasthya Bima Yojana, was predicted to be unable to completely provide ‘accessible, affordable, accountable and good quality health care’ if it focussed only on “increasing financial means and freedom of choice in a top-down manner”.

These traditional insurance-based models are characterised by problems of information asymmetry such as ‘moral hazard’ — patients and healthcare providers have no incentive to control their costs and tend to overuse, resulting in an unsustainable insurance system and cost inflation. Any attempt to regulate providers is met with harsh, cost-cutting steps which end up harming patients.

On another note, some diseases which are responsible for the most number of deaths in the country — including ischaemic heart diseases, lower respiratory tract infections, chronic obstructive pulmonary disease, tuberculosis and diarrhoeal diseases — are usually chronic conditions that need outpatient consultation, resulting in out-of-pocket expenses.

Patients wait at the Head and Neck Cancer Out Patient department of Tata Memorial Hospital in Mumbai, India. (Photographer: Prashanth Vishwanathan/Bloomberg News)

Even though the government has added non-communicable diseases under the ambit of the health and wellness centres, there are still reports stating that for some of the most impoverished, their reality is that 80 percent of the time, they have to cover their expenses from their pocket. This issue in all probability will continue to exist since the status and likelihood for these centres to be successful itself is questionable.

It is clear, that in the current scheme of things, this traditional insurance model of healthcare cannot benefit those it is meant for.

If this is the case, why has the NHS built its main objectives around insurance coverage rather than access to healthcare? It is imperative that we question the legitimacy of these goals, especially if they indicate the government's intentions to push health insurance via the NHS above its responsibility of delivering healthcare. The government's thrust for a digital infrastructure shows tremendous foresight, but at what cost? Even the clear goal of healthcare data portability has very little benefit when one understands that this becomes an important goal only when one has given up on ensuring widespread accessible healthcare. Once the focus shifts from using technology needlessly to developing an efficient and universally accessible healthcare delivery system, the need for data portability dramatically reduces. The temptation of digitisation and insurance coverage cannot and should not blind us from the main goal — access to healthcare. The one lesson that we must learn from the case of the U.K. is that even with a well-functioning healthcare delivery system, a digital infrastructure must be introduced very thoughtfully and carefully. In our eagerness to leapfrog with technology, we must not mistake a placebo for a panacea.

Murali Neelakantan is an expert in healthcare laws. Swaraj Barooah is Policy Director at The Centre for Internet and Society. Swagam Dasgupta and Torsha Sarkar are interns at The Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-august-6-2018-murali-neelakantan-swaraj-barooah-swagam-dasgupta-torsha-sarkar-national-health-stack-an-expensive-temporary-placebo

The Big Eye: The tech is all ready for mass surveillance in India

Admin — 2018-08-13T14:54:14Z

Chennai’s T. Nagar, arguably India’s biggest shopping district by revenues and crowded on any given day, gets even more packed in festival seasons as thousands throng its saree and jewellery stores.

The blog post by Anand Murali was published in Factor Daily on August 13, 2018. Sunil Abraham was quoted.

Every year, Deepavali, less than three months away this year, presents the perfect hunting ground for pickpockets and other petty thieves — and a headache for the local police.

This time, however, the city police have reason to believe it has a handle on things. It has a technology that analyses CCTV footage to spot, in real time, people with a criminal history visiting the T. Nagar area. “We are matching real-time CCTV video footage with our criminal database using the FaceTagr system and if any criminals are identified in that area, we get an immediate alert and we can further investigate,” says P Aravindan, deputy commissioner of police. Last year, FaceTagr, a face recognition software developed by an eponymous Chennai company, was used in a few areas with results that convinced the police to spread it to all of the T Nagar area, he adds.

Aravindan’s counterparts in Punjab are as big fans of real-time surveillance as him. Amritsar Police used something the state’s police calls Punjab Artificial Intelligence System, or PAIS, developed by Gurugram AI company Staqu Technologies, to solve a murder case within 24 hours — again, using CCTV footage and facial recognition technology. The company has piloted a camera mounted on a pair of smart glasses to capture a real-time feed and analyse it for facial matches with a database.

Elsewhere, the Surat Police has a picture intelligence unit that relies on NEC’s proprietary NeoFace technology for facial recognition, as also vehicle number plate recognition, to track persons of interest. The result is alerts that the police can proactively act upon and faster turnaround in solving cases. Surat can claim to be a step ahead of Tokyo: NEC plans to use the latest version of its NeoFace technology at the 2020 Tokyo Olympics to track accredited persons – athletes, officials, media, and others – at multiple venues.

Welcome to the Big Eye helping law keepers and administrators in India to instantly recognise faces and use the information in multiple use cases.

Facial recognition and image cognition tech is nothing new, to be sure. We have seen them in movies for some time now – be it the Jason Bourne series in which the CIA uses complex surveillance tech to track the agent or the Mission Impossible movies where the protagonist use facial recognition to get access to secure areas. Or, the recent Steven Spielberg movie, Ready Player One, in which the villain uses camera drones. This kind of advanced – and even futuristic – image recognition-based surveillance all set to go mainstream in India with the rapid proliferation of cameras: from the public and private CCTVs to the ubiquitous mobile phone cameras.

Investigation on steroids

Chennai-based FaceTagr has been working with Indian Railways since last year to prevent human trafficking. “Finding missing children and the prevention of human trafficking was one of the first use cases that we developed. We work with the Indian Railways, state police departments, and CBI to prevent human trafficking,” says Vijay Gnanadesikan, CEO and co-founder, FaceTagr.

His moment of epiphany that led to the idea for developing FaceTagr was on a morning drive to work in Chennai traffic and watching children begging at his window. “I reached the office and discussed with my cofounder. We realised that there is an existing database of missing children with photographs and, with face recognition technology, we could develop a solution that could help solve the problem and in a way also prevent human trafficking,” says Gnanadesikan. Cut to today: the tool has been deployed at the India-Nepal and India-Bangladesh borders at nearly 24 checkpoints to monitor human trafficking.

FaceTagr is a face recognition technology that works on both static images and video footage. The same technology is being used in a solution for the Chennai police to identify criminals. “Earlier a suspect had to be taken to the police station, fingerprinted, and then his details were verified. Imagine a guy walking on the road at 2 am who is looking suspicious. A police patrol can take the suspect’s photograph with our app and, within a second, receive details about his crime history,” says Gnanadesikan.

The T. Nagar deployment runs on real-time CCTV footage. In the areas it was deployed last year, the system helped reduce the number of crimes “from three digits to a single digit” during last year’s Deepavali season, claims the FaceTagr CEO.

The system compares the real-time CCTV footage of the crowd with the police criminal database for facial matches. “Once someone from the database is identified among the crowd, the picture shows up, which is then re-verified by the police personnel monitoring the system for a reconfirmation,” says Gnanadesikan, adding that an ID match does not mean a crime is committed. “Someone might also be there for shopping and we and the police team are very mindful of that, but it will give the police a notification about the person’s whereabouts in the area.”

One of the clever outcomes of the deployment is that the system helps identify criminals from other cities or areas. According to DCP Aravindan, a police officer in Chennai city will likely not know of a criminal from, say, Tirunelveli, Kanyakumari or other far off places. This is where the face recognition system comes in handy, he says.

“Traditionally, we have data of all criminals station-wise and there is also a crime team which is familiar with the criminals and can recognise them. But, of late, with the improvement in connectivity and communication, people from far-off places come and commit a crime and this has made it challenging to identify them,” he says. The state’s crime database currently has over 60,000 photographs with more photographs being added daily. Every week, the department nabs two or three criminals with the help of the face recognition system, Aravindan adds.

Are there any privacy concerns? “To avoid misuse we have conducted multiple training programs for all the police personnel who are using this application and we have instructed them that unless they find a person suspicious, they should not take a photograph. We have designed an SOP (standard operating procedure) for using the system to avoid misuse,” adds the deputy commissioner.

Surveillance on smart glass

The face recognition system of Staqu, the Gurgaon AI startup, has been deployed in the states of Uttarakhand, Punjab and Rajasthan.

According to Atul Rai, Staqu’s CEO and co-founder, different law enforcement jurisdictions or agencies, even within a state, often have their own sets of data and it becomes difficult to sift through them and find links or patterns. Staqu’s answer to that problem was ABHED, short for Artificial Intelligence Based Human Efface Detection, which formed the base software for a mobile application and is connected to a backend database processing system. “This system accumulates images, speech and text, and using all this information, it develops intelligence for these agencies,” says Rai.

The company has also developed a real-time video surveillance-based face recognition technology that works via a camera mounted on a smart glass. The system was piloted with the Punjab Police and the company is now in the process of deploying with the Dubai Police, says Rai.

Most CCTVs today have a limited view and, in comparison, an officer wearing the smart glass and moving in a crowd will have a better field of view, says Rai. “In real time, the glass will stream the video footage to the server, which will then match the footage and give the report if any person from the database is detected,” he adds.

The Staqu-developed PAIS, or Punjab Artificial Intelligence System, can image match with an accuracy of 98% if the database has five images of the person, claims Rai.

Another use case for face recognition technology that has been coming up in India is in the corporate sector for attendance and security.

“In many of the enterprise use cases, the technology is used in controlled spaces – for example, conferences where most attendees pre-register or employees access systems in companies,” says Uday Chinta, managing director of American technology service company IPSoft, which has also developed and deployed an AI-based personal assistant called Amelia in the US. “Amelia is able to recognise a person using his facial features and able to assist them and give personalised service based on their identity,” says Chinta.

Software services company Tech Mahindra has launched a facial recognition system for employee attendance at its Noida office. According to one report, the system also comes with a “moodometer” that will track the mood and emotions of employees and give additional analytics to the company.

Beyond face analytics, image recognition technology is also being used to identify vehicles. The National Highways Authority of India has been using AI-based image recognition systems to tag and identify vehicles across its infrastructure in the country.

Underlying digital layer: databases

The scarier part to the tech is its dark side: mass surveillance covering all. Countries like China have already deployed mass surveillance on its citizens. Chinese citizens today have a scoring system assigned to them by the government based on various factors including data captured through the surveillance program which will give the preferential access to services like fast internet access.

In the case of India, to facilitate proper surveillance in a state, one of the first requirements is a digital database which already exists in many forms across central and state governments. With or without a double take, the answer is obvious: Aadhaar, India’s citizen ID database. With a population of 135 crore and Aadhaar covering over 90% of this population, it is India’s most extensive database.

Notwithstanding the use cases detailed earlier in this story and the huge interest among state police and law enforcement agencies in India, collecting data and using it – even it is to bust crime – falls into grey areas. In June this year, news reports had National Crime Records Bureau director Ish Kumar saying that investigators need to be given limited access to Aadhaar. Reacting to this, the Unique Identification Authority of India (UIDAI) issued a statement saying that access to Aadhaar biometric data for criminal investigation is not permissible under Section 29 of the Aadhaar Act, 2016 — which perhaps explains why the Punjab Police declined requests for interviews for this story.

Longtime Aadhaar critic Sunil Abraham, executive director of Bengaluru’s Centre for Internet and Society (CIS), calls Aadhaar “the perfect tool for surveillance”.

“The main database is the Aadhaar database. It’s got your iris and biometrics information already and they have said that they will strengthen the fingerprint authentication with facial recognition. So now, they have the have the full surveillance infrastructure that they need. The collection devices (CCTVs) are just there to collect the data but the actual recognition engine is Aadhaar only,” says Abraham, who is leaving CIS to join non-profit Mozilla Foundation as a vice president in January.

According to him, all three types of biometrics – fingerprint data, iris information data, and facial data – can be used in a remote and covert fashion and, therefore, in a non-consensual fashion. (Editor’s note: There is no public incident, to date, that proves such a use.)

Abraham is “100% sure” where we are headed. “The reason why I call Aadhaar a surveillance project is not that there is metadata stored, I call it a surveillance project because the biometrics are being stored. Metadata is one of the problems, that is the profiling risk but the surveillance risk primarily comes from the biometric data that they have,” he says. By metadata, he is referring to a citizen’s information such as phone number, age, sex, address, and other details.

There are also other databases in the works that could provide the basis for surveillance. Like: the Crime and Criminal Tracking Network & Systems (CCTNS) across police stations in India. According to the CCTNS website, as of May 2018, the CCTNS hardware and software deployment has covered nearly 94% of the police stations across India. There have been reports of the CCTNS system being used as a mass surveillance system in the guise of e-policing by authorities in Hyderabad.

Early in 2016, the Hyderabad of Police had launched a tender looking for companies to set up a citizen profiling and monitoring system. According to a report in Telangana Today, the Integrated People Information Hub (IPIH) gives the police access to personal informations of its citizens including names, family details, addresses and other related information by sourcing them from documents like police records, FIRs and other external sources like utility connections, tax payments, voter identification, passport etc.

During Israeli Prime Minister Benjamin Netanyahu’s visit to India in January, Tel Aviv-based AI company Cortica had announced a partnership with India’s Best Group to develop solutions for combing through data captured daily by drones, surveillance cameras, and satellites. The aim is to develop an AI-based real-time identification of patterns, concepts and situational anomalies to identify potential problems, flag them and improve safety in the process. More details such as scale and scope of this partnership are not available at this point in time.

Mass surveillance: Easier said than done

Take a step back. India already has multiple digital surveillance – even if not mass, real-time facial recognition – programs in place to keep track of its citizens. E.g.: the Telecom Enforcement Resource and Monitoring (TERM) and NETRA (NEtwork TRaffic Analysis) surveillance software developed by the Centre for Artificial Intelligence and Robotics (CAIR). These are just some of the surveillance programs operated by the government.

But when it comes to mass surveillance in real time, even with the AI-based tech is available today, the currently installed infrastructure might not be ready for real-time mass surveillance. “Countries like China are good at setting up infrastructure which is very essential for mass surveillance systems to be in place,” says Kedar Kulkarni of Bengaluru-based deep learning startup Hyperverge, who also insists that all CCTVs out there today might not be fit to conduct facial recognition.

According to Kulkarni, for a mass surveillance system to be in place, you either need cameras that can capture and do computing for face recognition within its hardware or you need a robust network which can transmit live feeds from multiple cameras to processing centres, which is very bandwidth intensive.

Most public spaces in India including railway stations, bus depots, metro station, marketplaces are often under CCTV surveillance. New Delhi is all set to have one of the largest deployments in the country of CCTVs with the state government announcing plans to install 1.4 lakh CCTVs across Delhi. The India Railways is also setting aside Rs 3,000 crore in its 2018-19 budget to install CCTV systems across 11,000 trains and 8,500 stations, according to a news report.

In comparison, China is said to have 170 million CCTV cameras installed across the country currently and this number is estimated to go up by 400 million in the next three years, says a BBC news report.

Even the staunchest privacy activists acknowledge what surveillance can deliver if used carefully. “Overall, it is a very powerful technology. It should be used for law enforcement, it should be used for national security. That is the correct domain of application,” says Abraham. He hastens to add the caveats: “When we use it, we have to use it with lots of safeguards and it should be used only on a very small subset of the population. It shouldn’t be a technology that is broadly deployed in the population because it is not necessary, it is not proportionate, and the risks are very high.”

The flip and funny side of facial recognition-based surveillance is that the government does not need the technology to actually work. Just the threat of surveillance – that big brother is watching you – is enough to reduce crime. According to Gnanadesikan, the Chennai CEO of FaceTagr, one reason for the drop in crime rate in last year’s T. Nagar trials was that criminals knew that they were being watched.

For more details visit https://cis-india.org/internet-governance/news/factor-daily-anand-murali-august-13-2018-the-big-eye

UNDP joins Tech Giants in Partnership on AI

Admin — 2018-08-13T15:51:48Z

UNDP joins the Partnership on Artificial Intelligence (AI), a consortium of companies, academics, and NGOs working to ensure that AI is developed in a safe, ethical, and transparent manner. Founded in 2016 by the tech giants - Amazon, DeepMind/Google, Facebook, IBM, and Microsoft - It has since been joined by industry leaders such as Accenture, Intel, Oxford Internet Institute - University of Oxford, eBay, as well as non profit organizations such as UNICEF and Human Rights Watch and many more.

This was published by UNDP on its website on August 1, 2018.

Through the partnership, UNDP’s Innovation Facility will work with partners and communities to responsibly test and scale the use of AI to achieve the Sustainable Development Goals. By harnessing the power of data, we can inform risk, policy and program evaluation, we also can utilize robotics and Internet of Things (IoT) to collect data and reach the previously deemed unreachable - to leave no one behind.

UNDP’s AI portfolio is growing rapidly. Drones and remote sensing are used to improve data collection and inform decisions: in the Maldives for disaster preparedness, and in Uganda to engage refugee and host communities in jointly developing infrastructures. We partnered with IBM to automate UNDP’s Rapid Integrated Assessment, aligning national development plans and sectoral strategies with the 169 Sustainable Development Goals’ targets; and with the UNEP, UNDP has launched the UN Biodiversity Lab, powered by MapX. The spatial data platform will help countries support conservation efforts and accelerate delivery of the 2030 Agenda.

In line with UNDP’s Strategic Plan 2018-2021, innovation plays a central role in fulfilling the organization’s mission and achieving the Sustainable Development Goals. Benjamin Kumpf, UNDP’s Innovation Facility Lead states, “advances in robotics and AI have the potential to radically redefine human development pathways. The path to such redefinitions entails concrete AI experiments to increase the effectiveness of our work as well as norm-setting: we have to think beyond guidelines for ethical AI to designing accountability frameworks.”

The Partnership on AI aims to advance public understanding of AI, formulate best practices, and serve as an open platform for discussion and engagement about AI and its influences on people and society.

Full list of partners

Amazon, Apple, Deepmind, Facebook, Google, IBM, Microsoft, Aaai, ACLU, Accenture, Affectiva, Ai Forum New Zealand, Ai Now Institute, The Allen Institute For Artificial Intelligence (Ai2), Amnesty International, Article 19, Association For Computing Machinery, Center For Democracy & Technology (Cdt), Center For Human-compatible Artificial Intelligence, Center For Information Technology Policy Princeton University, Centre For Internet And Society, India (Cis), Leverhulme Centre For The Future of Intelligence (Cfi), Cogitai, Data & Society Research Institute, Digital Asia Hub, Doteveryone, Ebay, Element Ai, Electronic Frontier Foundation (Eff), Fraunhofer Iao, The Future of Humanity, Future of Life Institute, The Future of Privacy Forum, The Hastings Center, Hong Kong University of Science And Technology Department Of Electronic & Computer Engineering, Human Rights Watch, Intel, Markkula Center For Applied Ethics Santa Clara University, Mckinsey & Company, Nvidia, Omidyar Network Openai, Oxford Internet Institute - University of Oxford, Salesforce, SAP, Sony, Tufts University Hri Lab, UCL Engineering, UNDP, UNICEF, University of Washington Tech Policy Lab, Upturn, Xprize, Zalando

For more details visit https://cis-india.org/internet-governance/news/undp-august-1-2018-undp-joins-tech-giants-in-partnership-on-ai

July 2018 Newsletter

praskrishna — 2018-08-11T02:50:52Z

CIS July 2018 newsletter.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights

Paul Kurien and Akriti Bopanna carried out an analysis of the diversity of participation at the ICANN processes by taking a close look at their mailing lists.
CIS-A2K organized 6 events: partnership discussions with Misimi Telugu monthly magazine; partnership activity in Annamayya Library, Guntur, a workshop in Tumakur University; a workshop of river activists for building Jal Bodh; a workshop of publishers and writers on unicode, open source and wikimedia projects; and a Telugu literary conference.
CIS had worked with the Research and Advisory Group (RAG) of the Global Commission on the Stability of Cyberspace (GCSC). The work looked at the negotiation processes and strategies that various players may adopt as they drive the cyber norms agenda. In continuation CIS has brought out a report which focuses more extensively on the substantive law and principles at play and looks closely at what the global state of the debate means for India.
The debate surrounding privacy has in recent times gained momentum due to the Aadhaar judgement and the growing concerns around the use of personal data by corporations and governments. In this light CIS has made comments and recommendations to the India Privacy Code, 2018.
CIS drafted a response to a Notice of Inquiry (NOI) issued by the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA) on "International Internet Policy Priorities." CIS commented on the free flow of information and jurisdiction, mult-stakeholder approach to internet governance, privacy and security.
Elonnai Hickok, Shweta Mohandas and Swaraj Paul Barooah compiled the AI Task Force Report, India's first step towards an AI framework. The Task Force on Artificial Intelligence was established by the Ministry of Commerce and Industry to leverage AI for economic benefits, and provide policy recommendations on the deployment of AI for India.
Paul Kurian and Akriti Bopanna carried out an analysis of the diversity of participation at the ICANN processes by taking a close look at their mailing lists.

Articles

Digital Native: The bigger picture (Nishant Shah; Indian Express; July 1, 2018).
The Problems That Should Occupy Our Electioneers (Shyam Ponappa; Business Standard; July 6, 2018).
Digital Native: How smart cities can make criminals out of denizens (Nishant Shah; Indian Express; July 15, 2018).
Anti-trafficking Bill may lead to censorship (Swaraj Barooah and Gurshabad Grover; Livemint; July 24, 2018).
Digital Native: Hashtag Along With Me (Nishant Shah; Indian Express; July 29, 2018).
Lining up the data on the Srikrishna Privacy Draft Bill (Sunil Abraham; Economic Times; July 30, 2018).
Spreading unhappiness equally around (Business Standard; July 31, 2018).

CIS in the News

Smartphone rumours spark series of mob killings in India (Samanth Subramanian; The National; July 2, 2018).
Government Gives Nod To Bill For Building DNA Databases In India, For 'Criminal Investigation And Justice Delivery' (Huffington Post; July 5, 2018).
'Hope for such swift crackdowns for everyone' (Times of India; July 6, 2018).
Child-lifting rumours caused 69 mob attacks, 33 deaths in last 18 months (Business Standard; July 9, 2018).
Death by Social Media (Pretika Khanna, Abhiram Ghadyalpatil and Shaswati Das; Livemint; July 9, 2018).
India's Latest Data Leak: People's Aadhaar Number And Bank Account Are Just One Google Search Away (Gopal Sathe; Huffington Post; July 12, 2018).
People Should Have Right To Their Data, Not Companies, Says TRAI (Bloomberg Quint; July 16, 2018).
After Securing Net Neutrality In India, TRAI Goes To Bat For Data Privacy (Gopal Sathe; Huffington Post; July 16, 2018).
TRAI recommendations on data privacy raises eyebrows (Surabhi Agarwal and Gulveen Aulakh; Economic Times; July 18, 2018).
Srikrishna panel upset at timing of Trai suggestions (Megha Mandavia; Economic Times; July 19, 2018).
Firms find wealth in your data (Rajitha Menon; Deccan Herald; July 20, 2018).
WhatsApp races against time to fix fake news mess ahead of 2019 general elections (Venkat Ananth; Economic Times; July 24, 2018).
The crown of thorns that awaits Facebook’s India MD hire (Sunny Sen and Jayadevan PK; Factory Daily; July 25, 2018).
Bit by byte protecting her privacy (Mihir Dalal and Anirban Sen; Livemint; July 26, 2018).
Govt asks CBI to probe Cambridge Analytica in data breach case (Komal Gupta; Livemint; July 27, 2018).
Data localisation may pinch startups, payments firms (Mugdha Variyar and Pratik Bhakta; Economic Times; July 28, 2018).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Wikipedia

Blog Entries

ವಿಕಿಪೀಡಿಯ ತರಬೇತಿ ೨೦೧೮ @ ರಾಂಚಿ (Vikas Hegde; July 4, 2018).
How to write differently for different Telugu digital platforms - awareness session to Indu Gnana Vedika (Pavan Santosh; July 19, 2018).
వాట్సాప్ సాహిత్య వేదిక నుంచి వికీసోర్సుకు (Pavan Santosh; July 31, 2018).

Events Organized

Partnership activity in Annamayya Library (Guntur; July 10, 2014).
Partnership discussions with Misimi Telugu Monthly Magazine (July 24, 2018).
Tumakur University Workshop (Tumkur; July 25, 2018).
Workshop of River activists for building Jal Bodh - Knowledge resource on Water (Pune; July 25, 2018).
Workshop of Publishers and Writers on Unicode, Open Source and Wikimedia Projects (Pune; July 25, 2018).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Privacy

Submissions

Response to a Notice of Enquiry by the US Government on International Internet Policy Priorities (Swagam Dasgupta; July 18, 2018).
The Centre for Internet and Society’s Comments and Recommendations to the: Indian Privacy Code, 2018 (Shweta Mohandas, Elonnai Hickok, Amber Sinha and Shruti Trikanand; July 20, 2018).

Blog Entry

The AI Task Force Report - The first steps towards India’s AI framework (Elonnai Hickok, Shweta Mohandas and Swaraj Paul Barooah; June 27, 2018). The blog post was edited by Swagam Dasgupta.

Participation in Events

IETF 102 Montreal (Organized by Internet Engineering Task Force; Fairmont Queen Elizabeth Montreal in Canada; July 14 - 20, 2018). Gurshabad Grover presented a review of the human rights considerations in the drafts of the Software Update for IoT Devices (SUIT) Working Group in the meeting of the HRPC research group.
Ethical Data Design Practices in the AI (Artificial Intelligence) Age (Organized by Startup Grind, Bangalore at NUMA Bangalore; July 28, 2018). Shweta Mohandas was a panelist.

Cyberspace and Cyber Security

Analysis

The Potential for the Normative Regulation of Cyberspace: Implications for India (Arindrajit Basu; July 30, 2018). The report was edited by Elonnai Hickok, Sunil Abraham and Udbhav Tiwari with research assistance from Tejas Bharadwaj.

Blog Entry

CIS contributes to the Research and Advisory Group of the Global Commission on the Stability of Cyberspace (GCSC) (Arindrajit Basu; July 5, 2018).

Participation in Event

IEEE-SA InDITA Conference 2018 (Organized by IEEE Standards Association; IIIT-Bangalore; July 10 - 11, 2018). Gurshabad Grover gave a brief presentation on how we could apply or reject 'Trust Through Technology' principles in the design of public biometric authentication.

Free Speech & Expression

Blog Entries

ICANN Diversity Analysis (Paul Kurian and Akriti Bopanna; July 16, 2018).
DIDP #31 Diversity of employees at ICANN (Akash Sriram; July 19, 2018).

Participation in Event

26th AMIC Annual Conference – India 2018 (Organized by Manipal Academy of Higher Education; Fortune Inn Valley View, Manipal, Karnataka; June 7 - 9, 2018). Swaraj Paul Barooah was a speaker. An article announcing the event by Kevin Mendonsa was published in the Times of India on June 5, 2018.

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

The Problems That Should Occupy Our Electioneers (Shyam Ponappa; Business Standard; July 5, 2018 and Organizing India Blogspot; July 6, 2018).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/july-2018-newsletter

India’s internet shutdowns are costing the economy billions of dollars

Admin — 2018-07-31T16:54:01Z

Frequent internet shutdowns have begun to hurt the Indian economy.

The blog post by Sushma UN was published in Quartz India on July 31, 2018. Akriti Bopanna was quoted.

In recent years, various regional governments and authorities have displayed a growing tendency to simply switch off internet connectivity to contain social and political disturbances. It has already peaked this year.

In just the first seven months of 2018, there have been 92 such incidents across the country; in all of 2017, there were only 79, according to data from internetshutdowns.in. The website’s findings are based on data collected by New Delhi-based pro bono legal services firm Software Freedom Law Center.

“The economic impact itself is very high because our entire economy is gravitating towards internet connectivity,” said Praveen Bhadada, partner at Zinnov Management Consulting. “The estimate is anywhere between $1 billion to $3 billion of productivity losses (over the last five years) because of these outages.”

Most instances of internet shutdowns in India are knee-jerk responses to political turmoil. The latest was reported in Navi Mumbai, Maharashtra, last week. However, state governments are now resorting to it even during local examinations so as to curb cheating.

While the UN has declared access to the internet a basic human right, some argue that shutdowns are effective in certain cases.

“In times of communal riots…internet shutdown is one vehicle through which you can control the situation,” Bhadada of Zinnov said. “Unless and until one is able to ensure that information is accurate and used in the right light, one has to be a little more guarded.”

What India needs to do now is to work on clear guidelines on when such shutdowns can be ordered. While India’s telecom regulator allows for shutdowns, there is ambiguity around when and why this can be done.

“The government should start with updating the rules for internet shutdowns to have specific, narrowly-defined situations in which shutdowns could be effectuated, if at all. The aim should be no or minimum disruption, as a method of last resort,” said Akriti Bopanna, policy officer with Centre for Internet and Society, a Bengaluru-based non-profit organisation.

For more details visit https://cis-india.org/internet-governance/news/quartz-india-sushma-un-july-31-2018-indias-internet-shutdowns-are-costing-the-economy-billions-of-dollars

Spreading unhappiness equally around

sunil — 2018-07-31T14:49:52Z

The section of civil society opposed to Aadhaar is unhappy because the UIDAI and all other state agencies that wish to can process data non-consensually.

The article was published in Business Standard on July 31, 2018.

There is a joke in policy-making circles — you know you have reached a good compromise if all the relevant stakeholders are equally unhappy. By that measure, the B N Srikrishna committee has done a commendable job since there are many with complaints.

Some in the private sector are unhappy because their demonisation of the European Union’s General Data Protection Regulation (GDPR) has failed. The committee’s draft data protection Bill is closely modelled upon the GDPR in terms of rights, principles, design of the regulator and the design of the regulatory tools like impact assessments. With 4 per cent of global turnover as maximum fine, there is a clear signal that privacy infringements by transnational corporations will be reigned in by the regulator. Getting a law that has copied many elements of the European regulation is good news for us because the GDPR is recognised by leading human rights organisations as the global gold standard. But the bad news for us is that the Bill also has unnecessarily broad data localisation mandates for the private sector.

Some in the fintech sector are unhappy because the committee rejected the suggestion that privacy be regulated as a property right. This is a positive from the human rights perspective, especially because this approach has been rejected across the globe, including the European Union. Property rights are inappropriate because a natural law framing of the enclosure of the commons into private property through labour does not translate to personal data. Also in comparison to patents — or “intellectual property” — the scale of possible discreet property holdings in personal information is several orders higher, posing unimaginable complexity for regulation, possibly creating a gridlock economy.

The section of civil society opposed to Aadhaar is unhappy because the UIDAI and all other state agencies that wish to can process data non-consensually. A similar loophole exists in the GDPR. Remember the definition of processing includes “operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment or combination, indexing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction”. This means the UIDAI can collect data from you without your consent and does not have to establish consent for the data it has collected in the past. There is a “necessary” test which is supposed to constrain data collection. But for the last 10 odd years, the UIDAI has deemed it “necessary” to collect biometrics to give the poor subsidised grain. Will those forms of disproportionate non-consensual data collection continue? Most probably because the report recommends that the UIDAI continue to play the role of the regulator with heightened powers. Which is like trusting the fox with
the henhouse.

Employees should be unhappy because the Bill has an expansive ground under which employers can nonconsensually harvest their data. The Bill allows for non-consensual processing of any data “necessary” for recruitment, termination, providing any benefit or service, verifying the attendance or any other activity related to the assessment of the performance”. This is permitted when consent is not an appropriate basis or would involve disproportionate effort on the part of the employer. This is basically a surveillance provision for employers. Either this ground should be removed like in the GDPR or a “proportionate” test should also be introduced otherwise disproportionate mechanisms like spyware on work computers will be installed by employees without providing notice.

Some free speech activists are unhappy because the law contains a “right to be forgotten” provision. They are concerned that this will be used by the rich and powerful to censor mainstream and alternative media. On the face of the “right to be forgotten” in the GDPR is a much more expansive “right to erasure”, whilst the Bill only provides for a more limited "right to restrict or prevent continuing disclosure”. However, the GDPR has a clear exception for “archiving purposes in the public interest, scientific or historical research purposes or statistical purposes”. The Bill like the GDPR does identify the two competing human rights imperatives — freedom of expression and the right to information. However, by missing the “public interest” test it does not sufficiently social power asymmetries.

Privacy and security researchers are unhappy because re-identification has been made an offence without a public interest or research exception. It is indeed a positive that the committee has made re-identification a criminal offence. This is because the de-identification standards notified by the regulator would always be catching up with the latest mathematical development. However, in order to protect the very research that the regulator needs to protect the rights of individuals, the Bill should have granted the formal and non-formal academic community immunity from liability and criminal prosecution.

Lastly but also most importantly, human rights activists are unhappy because the committee again like the GDPR did not include sufficiently specific surveillance law fixes. The European Union has historically handled this separately in the ePrivacy Regulation. Maybe that is the approach we must also follow or maybe this was a missed opportunity. Overall, the B N Srikrishna committee must be commended for producing a good data protection Bill. The task before us is to make it great and to have it enacted by Parliament at the earliest.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-july-31-2018-sunil-abraham-spreading-unhappiness-equally-around

Smartphone rumours spark series of mob killings in India

Admin — 2018-07-31T14:30:06Z

Nation reels from killings blamed on fake reports of kidnappers spread on WhatsApp

The article by Samanth Subramanian was published in the National on July 2, 2018. Pranesh Prakash was quoted.

All it takes these days to kill a man in India is the merest spark of mistrust, fuelled perhaps by a rumour on social media. Strangers travelling through villages, a transgender woman and even a government official have all been set upon by mobs and killed across the country over the past two months.

On Sunday, in the most recent attack, five men were beaten to death in the district of Dhule, in Maharashtra. Three others survived. The eight men had been seen getting off a bus near a village and talking to a young girl, police officials said.

Residents had been reading hoax messages on WhatsApp for a few days already, which claimed that kidnappers were in the area, looking for victims. So a group confronted the eight travellers at the local market and, choosing not to believe their story, beat them to death with sticks.

On Monday, police said they had arrested 23 people in connection with the killing. "I appeal to everybody not to believe in such posts that are circulated on social media," Deepak Kesarkar, Maharashtra's junior home minister, said. "The law should not be taken into one's own hands."

Including the incident in Dhule, at least 19 people in 11 states have been killed in public killings since the beginning of May. Dozens more have been injured in such attacks.

In Tamil Nadu, a 55-year-old woman was killed for handing out sweets to children — again, the residents suspected her to be a kidnapper. In Hyderabad, a transgender woman was killed, seemingly without provocation. In Assam, two men were set upon and killed when they stopped in a rural part of the state to ask for directions.

The darkest case is laced with irony. Sukanta Chakrabarty was appointed by the government of the state of Tripura to tour its villages and dispel social media rumours about child kidnappers. Last Thursday, he was mistaken for a kidnapper and killed by four young men in the village of Kalacherra.

In response, the government of Tripura cut mobile internet services for two days, to try to cut down the spread of rumours. Other states have also reacted. In Hyderabad in May, police arrested a Facebook user for posting a false video about a "kidnapper" named "Afzal Sagar".

Karnataka’s police department has a social media control room that monitors viral posts. And Tamil Nadu's police have launched awareness drives to alert users about the dubious nature of forwarded WhatsApp messages.

But in a country with nearly 500 million smartphone users, the state is hard pressed to curb the flow of information on WhatsApp and social media.

At least 200 million Indians are on WhatsApp, a messaging platform owned by Facebook. In a statement released two weeks ago, a WhatsApp spokesman encouraged users to "report problematic messages so that we can take action. We're also stepping up our education efforts so that people know how to spot fake news or hoaxes on WhatsApp."

A new WhatsApp feature, which appends a "Forwarded" tag as a caveat to any forwarded message, has not yet been introduced across the entire platform.

The violence instigated by such messages, however, is as much a societal problem as a technological one, said Pranesh Prakash, a fellow with the Centre for Internet and Society, a think tank in Bengaluru.

"I don't think this is a particular moment in time where people are being taken over by a hatred of the outsider,” Mr Prakash said. “I was doing a little digging and found a very similar case even in 2015, in Maharashtra. But what's new is the speed with which this has spread across the country over the past few months."

In part, Mr Prakash said, the violence betrays mistrust of outsiders but also a lack of confidence in law enforcement. People are not sure that reporting suspected kidnappers to the police will result in a prompt or thorough investigation.

"In a newspaper, I read about how someone in the town of Salem [in Tamil Nadu] had said: ‘Why would the police ever tell us the truth?’ That’s uniquely problematic."

But the adequacy of WhatsApp's response is also under scrutiny, especially given Facebook's troubles over fake news and the manipulation of users in the US and other countries.

"It's important that they do all they can to cut down on the spread of these rumours without impinging upon the freedom of speech," Mr Prakash said.

For more details visit https://cis-india.org/internet-governance/news/the-national-july-2-2018-samanth-subramanian-smartphone-rumours-spark-series-of-mob-killings-in-india

Lining up the data on the Srikrishna Privacy Draft Bill

sunil — 2018-07-31T02:52:23Z

In the run-up to the Justice BN Srikrishna committee report, some stakeholders have advocated that consent be eliminated and replaced with stronger accountability obligations. This was rejected and the committee has released a draft bill that has consent as the bedrock just like the GDPR. And like the GDPR there exists legal basis for nonconsensual processing of data for the “functions of the state”. What does this mean for lawabiding persons?

The article was published in Economic Times on July 30, 2018

Non-consensual processing is permitted in the bill as long it is “necessary for any function of the” Parliament or any state legislature. These functions need not be authorised by law.

Or alternatively “necessary for any function of the state authorised by law” for the provision of a service or benefit, issuance of any certification, licence or permit.
Fortunately, however, the state remains bound by the eight obligations in chapter two i.e., fair and reasonable processing, purpose limitation, collection limitation, lawful processing, notice and data quality and data storage limitations and accountability. This ground in the GDPR has two sub-clauses: one, the task passes the public interest test and two, the loophole like the Indian bill that possibly includes all interactions the state has with all persons.

The “necessary” test appears both on the grounds for non-consensual processing, and in the “collection limitation” obligation in chapter two of the bill. For sensitive personal data, the test is raised to “strictly necessary”. But the difference is not clarified and the word “necessary” is used in multiple senses.

Under the “collection limitation” obligation the bill says “necessary for the purposes of processing” which indicates a connection to the “purpose limitation” obligation. The “purpose limitation” obligation, however, only requires the state to have a purpose that is “clear, specific and lawful” and processing limited to the “specific purpose” and “any other incidental purpose that the data principal would reasonably expect the personal data to be used for”. It is perhaps important at this point to note that the phrase “data minimisation” does not appear anywhere in the bill.

Therefore “necessary” could broadly understood to mean data Parliament or the state legislature requires to perform some function unauthorised by law, and data the citizen might reasonably expect a state authority to consider incidental to the provision of a service or benefit, issuance of a certificate, licence or permit.

Or alternatively more conservatively understood to mean data without which it would be impossible for Parliament and state legislature to carry out functions mandated by the law, and data without it would be impossible for the state to provide the specific service or benefit or issue certificates, licences and permits. It is completely unclear like with the GDPR why an additional test of “strictly necessary” is — if you will forgive the redundancy — necessary.

After 10 years of Aadhaar, the average citizen “reasonably expects” the state to ask for biometric data to provide subsidised grain. But it is not impossible to provide subsidised grain in a corruption-free manner without using surveillance technology that can be used to remotely, covertly and non-consensually identify persons. Smart cards, for example, implement privacy by design. Therefore a “reasonable expectation” test is not inappropriate since this is not a question about changing social mores.

When it comes to persons that are not law abiding the bill has two exceptions — “security of the state” and “prevention, detection, investigation and prosecution of contraventions of law”. Here the “necessary” test is combined with the “proportionate” test.

The proportionate test further constrains processing. For example, GPS data may be necessary for detecting someone has jumped a traffic signal but it might not be a proportionate response for a minor violation. Along with the requirement for “procedure established by law”, this is indeed a well carved out exception if the “necessary” test is interpreted conservatively. The only points of concern here is that the infringement of a fundamental right for minor offences and also the “prevention” of offences which implies processing of personal data of innocent persons.

Ideally consent should be introduced for law-abiding citizens even if it is merely tokenism because you cannot revoke consent if you have not granted it in the first place. Or alternatively, a less protective option would be to admit that all egovernance in India will be based on surveillance, therefore “necessary” should be conservatively defined and the “proportionate” test should be introduced as an additional safeguard.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-july-30-2018-sunil-abraham-lining-up-data-on-srikrishna-privacy-draft-bill

The Potential for the Normative Regulation of Cyberspace: Implications for India

pranav — 2018-07-31T23:49:47Z

Author: Arindrajit Basu Edited by: Elonnai Hickok, Sunil Abraham and Udbhav Tiwari Research Assistance: Tejas Bharadwaj

The standards of international law combined with strategic considerations drive a nation's approach to any norms formulation process. CIS has already produced work with the Research and Advisory Group (RAG) of the Global Commission on the Stability of Cyberspace (GCSC), which looks at the negotiation processes and strategies that various players may adopt as they drive the cyber norms agenda.

This report focuses more extensively on the substantive law and principles at play and looks closely at what the global state of the debate means for India

With the cyber norms formulation efforts in a state of flux,India needs to advocate a coherent position that is in sync with the standards of international law while also furthering India's strategic agenda as a key player in the international arena.

This report seeks to draw on the works of scholars and practitioners, both in the field of cybersecurity and International Law to articulate a set of coherent positions on the four issues identified in this report. It also attempts to incorporate, where possible, state practice on thorny issues of International Law. The amount of state practice that may be cited differs with each state in question.

The report provides a bird’s eye-view of the available literature and applicable International Law in each of the briefs and identifies areas for further research, which would be useful for the norms process and in particular for policy-makers in India.Historically, India had used the standards of International Law to inform it's positions on various global regimes-such as UNCLOS and legitimize its position as a leader of alliances such as the Non-Aligned Movement and AALCO. However, of late, India has used international law far less in its approach to International Relations. This Report therefore explores how various debates on international law may be utilised by policy-makers when framing their position on various issues. Rather than creating original academic content,the aim of this report is to inform policy-makers and academics of the discourse on cyber norms.In order to make it easier to follow, each Brief is followed by a short summary highlighting the key aspects discussed in order to allow the reader to access the portion of the brief that he/she feels would be of most relevance. It does not advocate for specific stances but highlights the considerations that should be borne in mind when framing a stance.

The report focuses on four issues which may be of specific relevance for Indian policy-makers. The first brief, focuses on the Inherent Right of Self-Defense in cyberspace and its value for crafting a stable cyber deterrence regime. The second brief looks at the technical limits of attributability of cyber-attacks and hints at some of the legal and political solutions to these technical hurdles. The third brief looks at the non-proliferation of cyber weapons and the existing global governance framework which india could consider when framing its own strategy. The final brief looks at the legal regime on counter-measures and outlines the various grey zones in legal scholarship in this field. It also maps possible future areas of cooperation with the cyber sector on issues such as Active Cyber Defense and the legal framework that might be required if such cooperation were to become a reality.Each brief covers a broad array of literature and jurisprudence and attempts to explore various debates that exist both among international legal academics and the strategic community.

The ongoing global stalemate over cyber norms casts a grim shadow over the future of cyber-security. However, as seen with the emergence of the nuclear non-proliferation regime, it is not impossible for consensus to emerge in times of global tension. For India, in particular, this stalemate presents an opportunity to pick up the pieces and carve a leadership position for itself as a key norm entrepreneur in cyberspace.

Read the full report here

For more details visit https://cis-india.org/internet-governance/blog/the-potential-for-the-normative-regulation-of-cyberspace-implications-for-india

Digital Native: Hashtag Along With Me

nishant — 2018-08-01T00:25:04Z

A hashtag that evolved with a movement.

The article was published in Indian Express on July 29, 2018.

Hashtags generally come with shelf lives and expiry dates. They come to life in a moment of public excitement and then slowly peter out as the attention shifts to something else. Even the most viral hashtags, which contain all the visceral power of explosive emotion, quickly get replaced by the next big thing. Hashtags have been critiqued as inefficient tools for activism. Because they absorb so much energy and attention, only to fade.

While it is true that in the rapidly overloaded information cycles of social media, hashtags might disappear in due time, maybe we need to think of their disappearance as hibernation rather than forgetting, being archived to memory rather than being lost to recall. Perhaps, it is not yet time to wash our hands of hashtag-based activism, because they do not stay in continued attention. Maybe, it is possible that even when hashtags might not be trending and garnering eyeballs, in their very presence and emergence, they transform something and catalyse actions that take incubation cycles longer than the accelerated digitalisation allows for.

Recently, this reminder came when I saw #NotGoingBack trending on Twitter. In 2013, when the Supreme Court of India overturned the Delhi High Court’s judgment reading down Section 377 of the Indian Penal Code, it was a moment of despair for human rights and queer communities that fight for their right to life and love. The judgment reinforced shame, persecution and pain that the queer community in India faced because of an arcane law that punished consenting same-sex love.

In that moment of despair, fighting against the oppression by law and in validation of #queerlivesmatter, a hashtag was born: #NotGoingBack. The hashtag referred both to the metaphorical closet that this judgement would force queer people back into, and also to a political determination of not accepting this verdict — of not going back on our commitments to build diverse, inclusive, and safe societies for all our people. #NotGoingBack captured the narratives of despair, but also the collective resolve to continue fighting for a nation that is for everyone, in 2013.

Since then, it has resurfaced at different points during moments of hope — like the NALSA judgement that legalised the rights of trans-gender people to be identified as the third gender, or, in moments of pain — when we heard of queer people killing themselves, unable to bear the social stigma of being criminalised for their right to love. The hashtag has continued to come up, when legal fights to protect queer rights and lives have proceeded, or when attention had to be drawn to the inhumane reports of murder, torture, rape and imprisonment that followed.

In July 2018, when the new bench constituted by the Supreme Court agreed to question the re-criminalisation verdict, and started hearings about the constitutional validity of this judgment, the hashtag returned in full force — and unlike the other times, it was also suffused with love, hope, and solidarity of a large community of queer, queer-allied, and queer-friendly people who supported this revision. It has been extraordinary to see how public support has changed in the five years since the hashtag made its first appearance. More and more people have realised that while this is a question of queer rights, it is also a question of human rights, and how we live and love. The 2013 verdict suggested that the people were not ready to accept queer lives. The 2018 bench has clearly opined that the role of the court is to protect the people based on constitutional rights, not to pander to populism.

And yet, what has been inspiring is that the popular response to decriminalisation has been overwhelmingly positive. To the extent that even the conservative government at the centre has indicated that it will not challenge the wisdom of the court if it decides to read down Section 377. As we await the final judgment that promises to be historic and hopeful, we cannot deny the indefatigable commitment, movement and protest that the lawyers, activists, and queer community leaders have invested in making this happen. At the same time, it is also a good indicator of how hashtags live, morph, and re-emerge across longer timelines. We need to start recognising them not only in their fruit-fly like presence but as catalysts for longer movements.

For more details visit https://cis-india.org/raw/digital-native-hashtag-along-with-me

Data localisation may pinch startups, payments firms

Admin — 2018-07-29T07:22:30Z

The draft Data Protection Bill is likely to have significant impact on how companies and startups use customer data, particularly as it would increase costs and make it difficult for them to take data outside the country.

The article by Mugdha Variyar and Pratik Bhakta was published in Economic Times on July 28, 2018. Sunil Abraham was quoted.

It is also likely to bring more financial companies, aside from only payments companies, under the ambit of data localisation by categorising all financial data as sensitive personal data. Data localisation has been a point of contention between the Reserve Bank and payment companies.

The draft bill prescribes strict restrictions on how much personal data a company or any data fiduciary can collect and how they can use the data. It also says companies cannot make the provision of any goods or services or the quality or performance of any contract conditional on acquiring consent to process personal data not necessary for that purpose.

Experts say this will put an end to the 'take it or leave it' contracts that several companies often demand from customers.

“This is basically a provision to deal with non-negotiable contracts, wherein the data controller uses its market power to force people to give up personal data,” said Sunil Abraham, executive director of the Centre for Internet and Society, a think tank. “This recommendation makes it clear that ‘take it or leave it’
contracts can only insist on data that is necessary for the service or product being provided.”

On data localisation, the draft bill states that every data fiduciary shall ensure the storage of at least one serving copy of personal data on a server or data centre located in India. While this allows for data mirroring—or the storage of data both abroad and in India—it could make it difficult for companies to take
data outside the country, said Subho Ray, president of the Internet and Mobile Association of India.

This is because the draft bill states that the government can notify categories of personal data as critical personal data that can only be processed in a server or data centre located in India.

“Though there is no clarity yet on critical personal data, there is a strong chance that financial data could be classified as critical data and players dealing with financial data could be mandated to keep data within India only,” said Vivek Belgavi, fintech partner at PwC.

Under the bill, all financial data, including personal data used to identify an account opened by, or card or payment instrument issued by a financial institution, or any personal data regarding the relationship between a financial institution and a data principal including financial status and credit history, has been classified as sensitive personal data.

Credit scoring, lending and insurance companies could also be impacted, said an industry member on condition of anonymity. Abraham said that while crossborder data may be allowed for certain cases, it will include liability on the entity. This move will increase costs for companies as they will have to necessarily store data within the country, as per the experts.

For more details visit https://cis-india.org/internet-governance/news/economic-times-july-28-2018-mugdha-variyar-and-pratik-bhakta-data-localisation-may-pinch-startups-payments-firms