We are anonymous, we are legion

Sunil Abraham | The online warrior

praskrishna — 2014-08-12T16:04:21Z

With a vision that combines free speech with digital privacy, this policymaker has redefined the role of the internet in society.

The article by Anirban Sen was published in Livemint on August 9, 2014

Freedom of digital security | Sunil Abraham

Tucked away in a neighbourhood in Bangalore’s upscale Indiranagar residential area is an innocuous, three-storeyed, white building. A grassy empty plot lies opposite. It could be just another house in a neighbourhood dotted by similar structures.

The scene changes dramatically inside. People talk animatedly, poring over computer screens, wired in like it is a hackers’ lair. It has a “secret command centre” kind of room in the basement.

In the midst of what looks like a geek utopia, a bespectacled man rattles off facts and figures on Internet laws, cyber-security and digital privacy. Forty-year-old Sunil Abraham started the non-profit research think tank Centre for Internet and Society (CIS) in 2008.

The venture, which focuses primarily on Internet governance, has attracted investment from philanthropist Rohini Nilekani (ironical, considering Abraham has been an outspoken critic of the Unique Identification Authority of India, or UIDAI, project that was spearheaded by her husband and Infosys co-founder Nandan Nilekani). Over the years, Abraham has become an authority on issues related to freedom of expression, Internet privacy and security, free software and cyber laws.

His efforts have yielded results. The best example is the Justice A.P. Shah committee report released in October 2012. It puts a stamp of authority on Indian privacy principles, and ensures privacy protections “do not have a chilling effect on the freedom of expression and transparency enabled by the RTI (right to information)”, as Abraham wrote in Forbes India magazine last year.

“We’re not regulatory hawks,” explains Abraham, an engineer by education. “We don’t have an ideology—we don’t have people who are either left or right. And therefore we don’t want to regulate the private sector for the sake of it, just to cause them more grief. We have great appreciation for the role the private sector plays in the economy.” He adds that their design principles are conservatism, forbearance and equivalence. “With these broad principles, we believe we can get Internet regulation right,” he says.

Abraham has actively advocated free speech and privacy of individuals. Last year, in an interview with Mint, he spoke about the need to upgrade the country’s draconian information technology laws. Abraham’s Twitter timeline is full of posts related to open source software, the National Security Agency, hackers, accessibility, and the UIDAI project.

A free software advocate, Abraham’s journey in the area of freedom of expression and speech was thrust on him. “I’m a fraud, and a charlatan,” he says, laughing. “I only have a degree in industrial production engineering. I have never been trained to do what I’m able to do today.”

In 1998, at the behest of T. Pradeep, founder of the non-governmental organization Samuha, Abraham started an organization called Mahiti. It aimed to reduce the cost and complexity of information and communication technology by using free software. In 2008, Bangalore-based legal researcher Lawrence Liang came to him with the idea for CIS. Philanthropist Anurag Dikshit provided the initial seed funding and CIS was born. Dikshit still continues to fund and support CIS.

“I’ve always surrounded myself with competent people,” Abraham says.

At CIS, Abraham’s core team is composed mostly of lawyers, social scientists and mathematicians such as Nishant Shah, Pranesh Prakash and Nirmita Narasimhan. “Initially we were like four individual fingers, but after that increasingly we started to punch like a single fist,” says Abraham, who was born and raised in Bangalore.

For the first 25 years of his life, Abraham never stepped out of the south. In the next 15 years, he would travel across the world and visit more than a dozen countries. Abraham completed his degree in industrial and production engineering from the Dayananda Sagar College of Engineering in Bangalore and during second year of college, organized a peaceful demonstration of 5,000 college and school students against the 1992 Babri Mosque demolition and the Mumbai riots of 1993.

As he talks about the key influences during his days at Mahiti and CIS, one name stands out—noted Internet hacktivist Aaron Swartz, who committed suicide last year. “His courage is something we might aspire towards,” says Abraham of the computer programmer who was posthumously inducted into the Internet Hall of Fame. Other names include Michael Geist, professor at the University of Ottawa, Canada, and an authority on issues related to intellectual property. “Geist is a gold standard on how to precipitate advocacy change,” says Abraham.

Before starting CIS, Abraham had taken up an assignment with the United Nations that helped him develop international acquaintances. While there, he managed the International Open Source Network project backed by the United Nations Development Programme (UNDP). Since then, he has been working with the governments of countries such as Myanmar and Iraq on issues like open data and open standards. Such policies help upgrade redundant technologies, help in transparency and promote e-governance.

For the Moldovan government, Abraham wrote the open standards policy, which the country’s Parliament did not approve and execute. A similar policy for the Iraqi government became law, and more recently, he has been working with the government of Myanmar. “For Myanmar, I will be working on a national open data policy. Governments also often ask for our help on copyright laws, IT acts, international Internet governance, etc—but most of them come through back-channels and informally,” says Abraham, who spends the little spare time he gets with his daughter.

For CIS, one of the biggest achievements over the past five years was being part of the policy framework for the Union government’s draft national policy on standardizing e-governance. The organization has been working to increase Internet penetration in the country, especially in rural areas. Over the past five years, CIS has been part of the Justice A.P. Shah committee, which focuses on privacy laws in India, and is also working on the country’s telecom policy.

Colleagues at CIS describe Abraham as a workaholic who doesn’t get in the way of fellow workers. Abraham advocates the management ethos of three sources—that of Al Qaeda, Mahatma Gandhi and Scott Adams, who has written books on management and created the Dilbert comic strip. “The first principle in the Al Qaeda school of management is subsidiarity,” explains Abraham. “The Al Qaeda stands for ‘The Hub’. Al means The, Qaeda means Hub. If you think of the hub in a network, it’s a very important component of a network. It brings various nodes together and helps different nodes connect with one another.” He adds, “Nothing that I say should be misunderstood as an endorsement of the terrorist organization. We have no sympathies for what they do.”

For more details visit https://cis-india.org/news/livemint-august-9-2014-anirban-sen-sunil-abraham-the-online-warrior

Sunil Abraham on Aadhaar's misuse during demonetisation

praskrishna — 2017-01-19T01:35:02Z

Sunil Abraham spoke to Economic Times on the misuse of Aadhaar during demonetisation.

Sunil Abraham said:

"We saw Aadhaar being misused at large-scale during the demonetization, criminals had created a black market in Aadhaar identity cards and photocopies of Aadhaar. Those interested in converting black money were purchasing these photocopies from the black market and giving them to bank officials so that they could maintain fake records that tried to prove that ordinary people came in photos' cash transactions.

Whenever we try to introduce technological measures we must always think of the human systems that are at work and the human procedures that are at work. Another example is today telcos giving sim cards based on Aadhaar authentication to meet their sales targets some of these telcos are giving multiple sim cards for a single Aadhaar based KYC. Those sim cards are often resold into black market or given to persons that are not familiar with the aadhaar number holder and this has only makes the security situation in the country worse. It has not improved." Watch the Video

For more details visit https://cis-india.org/internet-governance/news/economic-times-january-14-2017-sunil-abraham-on-aadhaar-misuse-during-demonetisation

Summer School on Disinformation

Admin — 2018-08-23T13:27:37Z

Sunil Abraham will participate as a speaker at the event organized by Digital Asia Hub, Hans-Bredow-Institut, University of Hamburg, Institute for Technology & Society of Rio de Janeiro - ITS Rio and Berkman Klein Center for Internet and Society at Harvard University from August 22 - 24, 2018 at Azure Room, Pullman, Jakarta in Indonesia.

Sunil Abraham will make a presentation on Disinformation and Online Recruitment. He will also be chairing the Roundtable on Platforms, Publics and Policies.

For more details visit https://cis-india.org/internet-governance/news/summer-school-on-disinformation

Summary Report Internet Governance Forum 2015

jyoti — 2015-11-30T10:47:13Z

Centre for Internet and Society (CIS), India participated in the Internet Governance Forum (IGF) held at Poeta Ronaldo Cunha Lima Conference Center, Joao Pessoa in Brazil from 10 November 2015 to 13 November 2015. The theme of IGF 2015 was ‘Evolution of Internet Governance: Empowering Sustainable Development’. Sunil Abraham, Pranesh Prakash & Jyoti Panday from CIS actively engaged and made substantive contributions to several key issues affecting internet governance at the IGF 2015. The issue-wise detail of their engagement is set out below.

INTERNET GOVERNANCE

I. The Multi-stakeholder Advisory Group to the IGF organised a discussion on Sustainable Development Goals (SDGs) and Internet Economy at the Main Meeting Hall from 9:00 am to 12:30 pm on 11 November, 2015. The discussions at this session focused on the importance of Internet Economy enabling policies and eco-system for the fulfilment of different SDGs. Several concerns relating to internet entrepreneurship, effective ICT capacity building, protection of intellectual property within and across borders were availability of local applications and content were addressed. The panel also discussed the need to identify SDGs where internet based technologies could make the most effective contribution. Sunil Abraham contributed to the panel discussions by addressing the issue of development and promotion of local content and applications. List of speakers included:

Lenni Montiel, Assistant-Secretary-General for Development, United Nations
Helani Galpaya, CEO LIRNEasia
Sergio Quiroga da Cunha, Head of Latin America, Ericsson
Raúl L. Katz, Adjunct Professor, Division of Finance and Economics, Columbia Institute of Tele-information
Jimson Olufuye, Chairman, Africa ICT Alliance (AfICTA)
Lydia Brito, Director of the Office in Montevideo, UNESCO
H.E. Rudiantara, Minister of Communication & Information Technology, Indonesia
Daniel Sepulveda, Deputy Assistant Secretary, U.S. Coordinator for International and Communications Policy at the U.S. Department of State
Deputy Minister Department of Telecommunications and Postal Services for the republic of South Africa
Sunil Abraham, Executive Director, Centre for Internet and Society, India
H.E. Junaid Ahmed Palak, Information and Communication Technology Minister of Bangladesh
Jari Arkko, Chairman, IETF
Silvia Rabello, President, Rio Film Trade Association
Gary Fowlie, Head of Member State Relations & Intergovernmental Organizations, ITU

Detailed description of the workshop is available here http ://www .intgovforum .org /cms /igf 2015-main -sessions

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2327-2015-11-11-internet-economy-and-sustainable-development-main-meeting-room

Video link Internet economy and Sustainable Development here https://www.youtube.com/watch?v=D6obkLehVE8

II. Public Knowledge organised a workshop on The Benefits and Challenges of the Free Flow of Data at Workshop Room 5 from 11:00 am to 12:00 pm on 12 November, 2015. The discussions in the workshop focused on the benefits and challenges of the free flow of data and also the concerns relating to data flow restrictions including ways to address them. Sunil Abraham contributed to the panel discussions by addressing the issue of jurisdiction of data on the internet. The panel for the workshop included the following.

Vint Cerf, Google
Lawrence Strickling, U.S. Department of Commerce, NTIA
Richard Leaning, European Cyber Crime Centre (EC3), Europol
Marietje Schaake, European Parliament
Nasser Kettani, Microsoft
Sunil Abraham, CIS India

Detailed description of the workshop is available here http ://www .intgovforum .org /cms /workshops /list -of -published -workshop -proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2467-2015-11-12-ws65-the-benefits-and-challenges-of-the-free-flow-of-data-workshop-room-5

Video link https://www.youtube.com/watch?v=KtjnHkOn7EQ

III. Article 19 and Privacy International organised a workshop on Encryption and Anonymity: Rights and Risks at Workshop Room 1 from 11:00 am to 12:30 pm on 12 November, 2015. The workshop fostered a discussion about the latest challenges to protection of anonymity and encryption and ways in which law enforcement demands could be met while ensuring that individuals still enjoyed strong encryption and unfettered access to anonymity tools. Pranesh Prakash contributed to the panel discussions by addressing concerns about existing south Asian regulatory framework on encryption and anonymity and emphasizing the need for pervasive encryption. The panel for this workshop included the following.

David Kaye, UN Special Rapporteur on Freedom of Expression
Juan Diego Castañeda, Fundación Karisma, Colombia
Edison Lanza, Organisation of American States Special Rapporteur
Pranesh Prakash, CIS India
Ted Hardie, Google
Elvana Thaci, Council of Europe
Professor Chris Marsden, Oxford Internet Institute
Alexandrine Pirlot de Corbion, Privacy International

Detailed description of the workshop is available here http ://www .intgovforum .org /cms /worksh o ps /list -of -published -workshop -proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2407-2015-11-12-ws-155-encryption-and-anonymity-rights-and-risks-workshop-room-1

Video link available here https://www.youtube.com/watch?v=hUrBP4PsfJo

IV. Chalmers & Associates organised a session on A Dialogue on Zero Rating and Network Neutrality at the Main Meeting Hall from 2:00 pm to 4:00 pm on 12 November, 2015. The Dialogue provided access to expert insight on zero-rating and a full spectrum of diverse views on this issue. The Dialogue also explored alternative approaches to zero rating such as use of community networks. Pranesh Prakash provided a detailed explanation of harms and benefits related to different approaches to zero-rating. The panellists for this session were the following.

Jochai Ben-Avie, Senior Global Policy Manager, Mozilla, USA
Igor Vilas Boas de Freitas, Commissioner, ANATEL, Brazil
Dušan Caf, Chairman, Electronic Communications Council, Republic of Slovenia
Silvia Elaluf-Calderwood, Research Fellow, London School of Economics, UK/Peru
Belinda Exelby, Director, Institutional Relations, GSMA, UK
Helani Galpaya, CEO, LIRNEasia, Sri Lanka
Anka Kovacs, Director, Internet Democracy Project, India
Kevin Martin, VP, Mobile and Global Access Policy, Facebook, USA
Pranesh Prakash, Policy Director, CIS India
Steve Song, Founder, Village Telco, South Africa/Canada
Dhanaraj Thakur, Research Manager, Alliance for Affordable Internet, USA/West Indies
Christopher Yoo, Professor of Law, Communication, and Computer & Information Science, University of Pennsylvania, USA

Detailed description of the workshop is available here http://www.intgovforum.org/cms/igf2015-main-sessions

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2457-2015-11-12-a-dialogue-on-zero-rating-and-network-neutrality-main-meeting-hall-2

V. The Internet & Jurisdiction Project organised a workshop on Transnational Due Process: A Case Study in MS Cooperation at Workshop Room 4 from 11:00 am to 12:00 pm on 13 November, 2015. The workshop discussion focused on the challenges in developing an enforcement framework for the internet that guarantees transnational due process and legal interoperability. The discussion also focused on innovative approaches to multi-stakeholder cooperation such as issue-based networks, inter-sessional work methods and transnational policy standards. The panellists for this discussion were the following.

Anne Carblanc Head of Division, Directorate for Science, Technology and Industry, OECD
Eileen Donahoe Director Global Affairs, Human Rights Watch
Byron Holland President and CEO, CIRA (Canadian ccTLD)
Christopher Painter Coordinator for Cyber Issues, US Department of State
Sunil Abraham Executive Director, CIS India
Alice Munyua Lead dotAfrica Initiative and GAC representative, African Union Commission
Will Hudsen Senior Advisor for International Policy, Google
Dunja Mijatovic Representative on Freedom of the Media, OSCE
Thomas Fitschen Director for the United Nations, for International Cooperation against Terrorism and for Cyber Foreign Policy, German Federal Foreign Office
Hartmut Glaser Executive Secretary, Brazilian Internet Steering Committee
Matt Perault, Head of Policy Development Facebook

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2475-2015-11-13-ws-132-transnational-due-process-a-case-study-in-ms-cooperation-workshop-room-4

Video link Transnational Due Process: A Case Study in MS Cooperation available here https://www.youtube.com/watch?v=M9jVovhQhd0

VI. The Internet Governance Project organised a meeting of the Dynamic Coalition on Accountability of Internet Governance Venues at Workshop Room 2 from 14:00 – 15:30 on 12 November, 2015. The coalition brought together panelists to highlight the challenges in developing an accountability framework for internet governance venues that include setting up standards and developing a set of concrete criteria. Jyoti Panday provided the perspective of civil society on why acountability is necessary in internet governance processes and organizations. The panelists for this workshop included the following.

Robin Gross, IP Justice
Jeanette Hofmann, Director Alexander von Humboldt Institute for Internet and Society
Farzaneh Badiei, Internet Governance Project
Erika Mann, Managing Director Public PolicyPolicy Facebook and Board of Directors ICANN
Paul Wilson, APNIC
Izumi Okutani, Japan Network Information Center (JPNIC)
Keith Drazek , Verisign
Jyoti Panday, CIS
Jorge Cancio, GAC representative

Detailed description of the workshop is available here http://igf2015.sched.org/event/4c23/dynamic-coalition-on-accountability-of-internet-governance-venues?iframe=no&w=&sidebar=yes&bg=no

Video link https://www.youtube.com/watch?v=UIxyGhnch7w

VII. Digital Infrastructure Netherlands Foundation organized an open forum at Workshop Room 3 from 11:00 – 12:00 on 10 November, 2015. The open forum discussed the increase in government engagement with “the internet” to protect their citizens against crime and abuse and to protect economic interests and critical infrastructures. It brought together panelists topresent ideas about an agenda for the international protection of ‘the public core of the internet’ and to collect and discuss ideas for the formulation of norms and principles and for the identification of practical steps towards that goal. Pranesh Prakash participated in the e open forum. Other speakers included

Bastiaan Goslings AMS-IX, NL
Pranesh Prakash CIS, India
Marilia Maciel (FGV, Brasil
Dennis Broeders (NL Scientific Council for Government Policy)

Detailed description of the open forum is available here http://schd.ws/hosted_files/igf2015/3d/DINL_IGF_Open%20Forum_The_public_core_of_the_internet.pdf

Video link available here https://www.youtube.com/watch?v=joPQaMQasDQ

VIII. UNESCO, Council of Europe, Oxford University, Office of the High Commissioner on Human Rights, Google, Internet Society organised a workshop on hate speech and youth radicalisation at Room 9 on Thursday, November 12. UNESCO shared the initial outcome from its commissioned research on online hate speech including practical recommendations on combating against online hate speech through understanding the challenges, mobilizing civil society, lobbying private sectors and intermediaries and educating individuals with media and information literacy. The workshop also discussed how to help empower youth to address online radicalization and extremism, and realize their aspirations to contribute to a more peaceful and sustainable world. Sunil Abraham provided his inputs. Other speakers include

1. Chaired by Ms Lidia Brito, Director for UNESCO Office in Montevideo

2.Frank La Rue, Former Special Rapporteur on Freedom of Expression

3. Lillian Nalwoga, President ISOC Uganda and rep CIPESA, Technical community

4. Bridget O’Loughlin, CoE, IGO

5. Gabrielle Guillemin, Article 19

6. Iyad Kallas, Radio Souriali

7. Sunil Abraham executive director of Center for Internet and Society, Bangalore, India

8. Eve Salomon, global Chairman of the Regulatory Board of RICS

9. Javier Lesaca Esquiroz, University of Navarra

10. Representative GNI

11. Remote Moderator: Xianhong Hu, UNESCO

12. Rapporteur: Guilherme Canela De Souza Godoi, UNESCO

Detailed description of the workshop is available here http://igf2015.sched.org/event/4c1X/ws-128-mitigate-online-hate-speech-and-youth-radicalisation?iframe=no&w=&sidebar=yes&bg=no

Video link to the panel is available here https://www.youtube.com/watch?v=eIO1z4EjRG0

INTERMEDIARY LIABILITY

IX. Electronic Frontier Foundation, Centre for Internet Society India, Open Net Korea and Article 19 collaborated to organize a workshop on the Manila Principles on Intermediary Liability at Workshop Room 9 from 11:00 am to 12:00 pm on 13 November 2015. The workshop elaborated on the Manila Principles, a high level principle framework of best practices and safeguards for content restriction practices and addressing liability for intermediaries for third party content. The workshop saw particpants engaged in over lapping projects considering restriction practices coming togetehr to give feedback and highlight recent developments across liability regimes. Jyoti Panday laid down the key details of the Manila Principles framework in this session. The panelists for this workshop included the following.

Kelly Kim Open Net Korea,
Jyoti Panday, CIS India,
Gabrielle Guillemin, Article 19,
Rebecca McKinnon on behalf of UNESCO
Giancarlo Frosio, Center for Internet and Society, Stanford Law School
Nicolo Zingales, Tilburg University
Will Hudson, Google

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2423-2015-11-13-ws-242-the-manila-principles-on-intermediary-liability-workshop-room-9

Video link available here https://www.youtube.com/watch?v=kFLmzxXodjs

ACCESSIBILITY

X. Dynamic Coalition on Accessibility and Disability and Global Initiative for Inclusive ICTs organised a workshop on Empowering the Next Billion by Improving Accessibility at Workshop Room 6 from 9:00 am to 10:30 am on 13 November, 2015. The discussion focused on the need and ways to remove accessibility barriers which prevent over one billion potential users to benefit from the Internet, including for essential services. Sunil Abraham specifically spoke about the lack of compliance of existing ICT infrastructure with well established accessibility standards specifically relating to accessibility barriers in the disaster management process. He discussed the barriers faced by persons with physical or psychosocial disabilities. The panelists for this discussion were the following.

Francesca Cesa Bianchi, G3ICT
Cid Torquato, Government of Brazil
Carlos Lauria, Microsoft Brazil
Sunil Abraham, CIS India
Derrick L. Cogburn, Institute on Disability and Public Policy (IDPP) for the ASEAN(Association of Southeast Asian Nations) Region
Fernando H. F. Botelho, F123 Consulting
Gunela Astbrink, GSA InfoComm

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2438-2015-11-13-ws-253-empowering-the-next-billion-by-improving-accessibility-workshop-room-3

Video Link Empowering the next billion by improving accessibility https://www.youtube.com/watch?v=7RZlWvJAXxs

OPENNESS

XI. A workshop on FOSS & a Free, Open Internet: Synergies for Development was organized at Workshop Room 7 from 2:00 pm to 3:30 pm on 13 November, 2015. The discussion was focused on the increasing risk to openness of the internet and the ability of present & future generations to use technology to improve their lives. The panel shred different perspectives about the future co-development of FOSS and a free, open Internet; the threats that are emerging; and ways for communities to surmount these. Sunil Abraham emphasised the importance of free software, open standards, open access and access to knowledge and the lack of this mandate in the draft outcome document for upcoming WSIS+10 review and called for inclusion of the same. Pranesh Prakash further contributed to the discussion by emphasizing the need for free open source software with end‑to‑end encryption and traffic level encryption based on open standards which are decentralized and work through federated networks. The panellists for this discussion were the following.

Satish Babu, Technical Community, Chair, ISOC-TRV, Kerala, India
Judy Okite, Civil Society, FOSS Foundation for Africa
Mishi Choudhary, Private Sector, Software Freedom Law Centre, New York
Fernando Botelho, Private Sector, heads F123 Systems, Brazil
Sunil Abraham, CIS India
Pranesh Prakash, CIS India
Nnenna Nwakanma- WWW.Foundation
Yves MIEZAN EZO, Open Source strategy consultant
Corinto Meffe, Advisor to the President and Directors, SERPRO, Brazil
Frank Coelho de Alcantara, Professor, Universidade Positivo, Brazil
Caroline Burle, Institutional and International Relations, W3C Brazil Office and Center of Studies on Web Technologies

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2468-2015-11-13-ws10-foss-and-a-free-open-internet-synergies-for-development-workshop-room-7

Video link available here https://www.youtube.com/watch?v=lwUq0LTLnDs

For more details visit https://cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015

Summary of the Public Consultation by Vigyan Foundation, Oxfam India and G.B. Pant Institute, Allahabad

vipul — 2016-01-28T15:22:56Z

On December 22nd and 23rd a public consultation was organized by the Vigyan Foundation, Oxfam India and G.B. Pant Institute, Allahabad at the GB Pant Social Science Institute, Allahabad to discuss the issues related to making Allahabad into a Smart City under the Smart On December 22nd and 23rd a public consultation was organized by the Vigyan Foundation, Oxfam India and G.B. Pant Institute, Allahabad at the GB Pant Social Science Institute, Allahabad to discuss the issues related to making Allahabad into a Smart City under the Smart City scheme of the Central Government. An agenda for the same is attached herewith. City scheme of the Central Government.

The Centre for Internet and Society, Bangalore (CIS) is researching the 100 Smart City Scheme from the perspective of Big Data and is seeking to understand the role of Big Data in smart cities in India as well as the impact of the generation and use of the same. CIS is also examining whether the current legal framework is adequate to deal with these new technologies. It was in this background that CIS attended a part of the workshop.

At the outset the organizers had noted that there will be no discussion on technology and its adoption in this particular workshop.. The format involved a speaker providing his/her viewpoint on the topic concerned and the discussion revolved mainly around problems relating to traffic, parking, roads, drainage, etc. and there was no discussion of technology or how to utilise it to solve these problems. From the discussions CIS has had with certain people who are quite involved with these public consultations, the impression that we have is that the solutions to these problems were not very complicated and required only some intent and execution, and if that was achieved it would go a long way in improving the infrastructure of the city. This perspective raises the question of whether or not India needs 'Smart Cities' to improve the life of residents or if basic urban solutions are adequate and are in fact needed to lay the foundation for any potential smart city that might be established in the future.

It is quite interesting to see the difference in the levels at which the debate on smart cities is happening, in that when the central government talks about smart cities they try to highlight technology and other aspects such as smart meters, smart grids, etc. while the discussion on the ground in the actual cities is currently at a much more basic stage. For example the government website for the smart city project, while describing a smart city, mentions a number of “smart solutions” such as “electronic service delivery”, “smart meters” for water, “smart meters” for electricity, “smart parking”, Intelligent Traffic Management”, “Tele-medicine”, etc. Even in all the major public service announcements on the smart city project, the government effort seems to be to focus on these “smart solutions”, projecting technology as the answer to urban problems. However those in the cities themselves appear to be more concerned with adequate parking, adequate water supply, proper roads, waste disposal, etc. This difference in approach is only representative of the yawning gap between the mindspace of those who conceive these schemes and market them on the one hand and those who are tasked with implementing the schemes on the other hand as well as the realities of what cities in India need to address problems related to infrastructure and functioning. However the silver lining in this scenario, atleast on a personal level, is that the people on the ground, are not blindly turning to technology to solve their problems but actually trying to look for the best solutions regardless of whether it is a technology based solution or not.

Agenda

For more details visit https://cis-india.org/internet-governance/blog/summary-of-the-public-consultation-by-vigyan-foundation-oxfam-india-and-g-b-pant-institute-allahabad

Summary of the CIS workshop on the Draft Human DNA Profiling Bill 2012

maria — 2013-07-12T15:33:25Z

On March 1st, 2013, the Centre for Internet and Society organized a workshop which analysed the April 2012 draft Human DNA Profiling Bill and its potential implications on human rights in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Think you control who has access to your DNA data? That might just be a myth of the past. Today, clearly things have changed, as draft Bills with the objective of creating state, regional, and national DNA databases in India have been leaked over the last years. Plans of profiling certain residents in India are being unravelled as, apparently, the new policy when collecting, handling, analysing, sharing and storing DNA data is that all personal information is welcome; the more, the merrier!

Who is behind all of this? The Centre for DNA Fingerprinting and Diagnostics in India created the 2007 draft DNA Profiling Bill[1], with the aim of regulating the use of DNA for forensic and other purposes. In February 2012 another draft of the Bill was leaked which was created by the Department of Biotechnology. The most recent version of the Bill was drafted in April 2012 and seeks to create DNA databases at the state, regional and national level in India[2]. According to the latest 2012 draft Human DNA Profiling Bill, each DNA database will contain profiles of victims, offenders, suspects, missing persons and volunteers for the purpose of identification in criminal and civil proceedings. The Bill also establishes a process for certifying DNA laboratories, and a DNA Profiling Board for overseeing the carrying out of the Act.

However, the 2012 draft Human DNA Profiling Bill lacks adequate safeguards and its various loopholes and overreaching provisions could create a potential for abuse. The creation of DNA databases is currently unregulated in India and although regulations should be enacted to prevent data breaches, the current Bill raises major concerns in regards to the collection, use, analysis and retention of DNA samples, DNA data and DNA profiles. In other words, the proposed DNA databases would not only be restricted to criminals…

DNA databases...and Justice for All?

Source: Libertas Academica on flickr

During the workshop [3]on the 2012 draft Human DNA Profiling Bill, DNA[4] was defined as a material that determines a persons´ hereditary traits, whilst DNA profiling[5] was defined as the processing and analysis of unique sequences of parts of DNA. Thus the uniqueness of DNA data is clear and the implications that could potentially occur through its profiling could be tremendous. The 2007 DNA Profiling Bill has been amended, yet its current 2012 version appears not only to be more intrusive, but to also be extremely vague in terms of protecting data, whilst very deterministic in regards to the DNA Profiling Board´s power. A central question in the meeting was:

Should DNA databases be created at all?

The following concerns were raised and discussed during the workshop:

● The myth of the infallibility of DNA evidence

The Innocence Project[6], which was presented at the workshop, appears to provide an appeal towards the storage of DNA samples and profiles, as it represents clients seeking post-conviction DNA testing to prove their innocence. According to statistics presented at the workshop, there have been 303 post-conviction exonerations in the United States, as a result of individuals proving their innocence through DNA testing. Though post-conviction exonerations can be useful, they cannot be the basis and main justification for creating DNA databases. Although DNA testing could enable post-conviction exonerations, errors in matching data remain a high probability and could result in innocent people being accused, arrested and prosecuted for crimes they did not commit. Thus, arguments towards the necessity and utility of the creation of DNA databases in India appear to be weak, especially since DNA evidence is not infallible[7].

False matches can occur based on the type of profiling system used, and errors can take place in the chain of custody of the DNA sample, all of which indicate the weakness of DNA evidence being used. DNA data only provides probabilities of potential matches between DNA profiles and the larger the amount of DNA data collected, the larger the probability of an error in matching profiles[8].

● The non-criteria of DNA data collection

How and when can DNA data be collected? The amended draft 2012 Bill remains extremely vague and broad. In particular, the Bill states that all offences under the Indian Penal Code and other laws, such as the Immoral Traffic (Prevention) Act, 1956, are applicable instances of human DNA profiling. Section B(viii) of the Schedule states that human DNA profiling will be applicable for offences under ´any other law as may be specified by the regulations made by the Board´. This incredibly vague section empowers the DNA Profiling Board with the ultimate power to decide upon the offences under which DNA data will be collected. The issue is this: most laws have loopholes. A Bill which lists applicable instances of human DNA profiling, under the umbrella of a potentially indefinite number of laws, exposes individuals to the collection of their DNA data, which could lead to potential abuse.

● The DNA Profiling Board´s power

The DNA Profiling Board has ´absolute´ power, especially according to the 2012 draft Human DNA Profiling Bill. Some of the Board´s functions include providing recommendations for provision of privacy protection laws, regulations and practices relating to access to, or use of, stored DNA samples or DNA analyses[9]. The Board is also required to advise on all ethical and human rights issues, as well as to take ´necessary steps´ to protect privacy. However, it remains unclear how a Board which lacks human rights expertise will carry out such tasks.

No human rights experts

Despite the various amendments[10] to the section on the composition of the Board, no privacy or human rights experts have been included. According to the Bill, the Board will be comprised of many molecular biologists and other scientists, while human rights experts have not been included to the list. This can potentially be problematic as a lack of expertise on privacy and human rights laws can lead to the regulation of DNA databases without taking civil liberties into consideration.

Vague authorisation for communication of DNA profiles

The Bill also empowers the Board to ´authorise procedures for communication of DNA profiles for civil proceedings and for crime investigation by law enforcement and other agencies´[11]. Although the 2007 Bill [12]restricted the Boards´ authorisation to crime investigation by law enforcement agencies, its 2012 amendment extends such authorisation to ´civil proceedings´ which can also be carried out by so-called ´other agencies´.[13] This amendment raises concerns, as the ´other agencies´ and the term ´civil proceedings´ remain vague.

Protecting the public

The Board is also authorised to ´assist law enforcement agencies in using DNA techniques to protect the public´[14]. Over the last years, laws are being enacted that enable law enforcement agencies to use technologies for surveillance purposes in the name of ´public security´, and the 2012 draft Bill is no exception. Many security measures have been applied to ´protect the public´, such as CCTV cameras and other technologies, but their actual contribution to public safety still remains a controversial debate[15]. DNA techniques which would effectively protect the public have not been adequately proven, thus it remains unclear how the Board would assist law enforcement agencies.

Sharing data with international agencies…and regulating DNA laboratories

In addition to the above, the Board would also encourage cooperation between Indian investigation agencies and international agencies[16]. This would potentially enable the sharing of DNA data between third parties and would enhance the probability of data being leaked to unauthorised third parties.

The Board would also be authorised to regulate the standards, quality control and quality assurance obligations of the DNA laboratories[17]. The draft 2012 Bill ultimately gives monopolistic control to the DNA Profiling Board over all the procedures related to the handling of DNA data!

● The DNA Data Bank Manager

According to the 2012 draft Human DNA Profiling Bill[18], it is the DNA Data Bank Manager who would carry out ´all operations of and concerning the National DNA Data Bank´. All such operations are not clearly specified. The powers and duties that the DNA Data Bank Manager would be expected to have are not specified in the Bill, which merely states that they would be specified by regulations made by the DNA Profiling Board.

The Bill also empowers the Manager to determine appropriate instances for the communication of information[19]. In other words, law enforcement agencies and DNA laboratories can request the disclosure of information from the DNA Data Bank Manager, without prior authorisation. The DNA Data Bank Manager is empowered to decide the requested data.

DNA access restrictions

Are you a victim or a cleared suspect? You better be, if you want access to your data to be restricted! The 2012 draft Human DNA Profiling Bill [20]states that access to information will be restricted in cases when a DNA profile derives from a victim or a person who has been excluded as a suspect. The Bill is unclear as to how access to the data of non-victims or suspects is regulated.

● Availability of DNA profiles and DNA samples

According to the amended draft 2012 Bill[21], DNA profiles and samples can be made available in criminal cases, judicial proceedings and for defence purposes among others. However, ´criminal cases´ are loosely defined and could enable the availability of DNA data in low profile cases. Furthermore, the availability of DNA data is also enabled for the ´creation and maintenance of a population statistics database´. This is controversial because it remains unclear how such a database would be used.

● Data destruction

According to an amendment to section 37, DNA data will be kept on a ´permanent basis´ and the DNA Data Bank Manager will expunge a DNA profile only once the court has certified that an individual is no longer a suspect. This raises major concerns, as it does not clarify under what conditions individuals can have access to their data during its retention, nor does it give volunteers and missing persons the opportunity to have their data deleted from the data bank.

Workshop conclusions

Source: micahb37 on flickr

The various loopholes in the Bill which can create a potential for abuse were discussed throughout the workshop, as well as various issues revolving around DNA data retention, as previously mentioned.

During the workshop, some participants questioned the creation of DNA databases to begin with, while others argued that they are inevitable and that it is not a question of whether they should exist, but rather a question of how they should be regulated. All participants agreed upon the need for further safeguards to protect individuals´ right to privacy and other human rights. Further research on the necessity and utility of the creation of DNA databases in regards to human rights was recommended. In addition to all the above, the Ministry of Law and Justice was recommended to pilot the draft DNA Profiling Bill to ensure better provisions in regards to privacy and data protection.

A debate on the use of DNA data in civil cases versus criminal cases was largely discussed in the workshop, with concerns raised in regards to DNA sampling being enabled in civil cases. The fact that the terms ´civil cases´ and ´criminal cases´ remain broad, vague and not legally-specified, raised huge concerns in the workshop as this could enable the misuse of DNA data by authorities. Thus, the members attending the workshop recommended the creation of two separate Bills regulating the use of DNA data: a DNA Profiling Bill for Criminal Investigation and a DNA Profiling Bill for Research. The creation of such Bills would restrict the access to, collection, analysis, sharing of and retention of DNA data to strictly criminal investigation and research purposes.

However, even if separate Bills were created, who is to say that when implemented DNA in the database would not be abused? Criminal investigations can be loosely defined and research purposes can potentially cover anything and everything. So the question remains:

Should DNA databases be created at all?

[1] Draft DNA Profiling Bill 2007, http://dbtindia.nic.in/DNA_Bill.pdf

[2] Human DNA Profiling Bill 2012: Working draft versión – 29th April 2012,

[3] Centre for Internet and Society, Analyzing the Draft Human DNA Profiling Bill 2012, 25 February 2013, http://cis-india.org/internet-governance/events/analyzing-draft-human-dna-profiling-bill

[4] Genetics Home Reference: Your Guide to Understanding Genetic Conditions, What is DNA?, http://ghr.nlm.nih.gov/handbook/basics/dna

[5] Shanna Freeman, How DNA profiling Works, http://science.howstuffworks.com/dna-profiling.htm

[6] Innocence Project, DNA exoneree case profiles, http://www.innocenceproject.org/know/

[7] Australian Law Reform Commission (ALRC), Essentially Yours: The Protection of Human Genetic Information in Australia (ALRC Report 96), ´Criminal Proceedings: Reliability of DNA evidence´, Chapter 44, http://www.alrc.gov.au/publications/44-criminal-proceedings/reliability-dna-evidence

[8] Ibid.

[9] Human DNA Profiling Bill 2012: Working draft version – 29th April 2012, Section 12(o, p, t), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[10] Ibid: Section 4(q)

[11] Ibid: Section 12(j)

[12] Draft DNA Profiling Bill 2007, Section 13, http://dbtindia.nic.in/DNA_Bill.pdf

[13] : Human DNA Profiling Bill 2012: Working draft version – 29^th April 2012, Sections 12(j), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[14] Ibid: Section 12(l)

[15] Schneier, B.(2008), Schneier on Security, ´CCTV cameras´, http://www.schneier.com/blog/archives/2008/06/cctv_cameras.html

[16] Human DNA Profiling Bill 2012: Working draft version – 29^th April 2012, Sections 12(u) and 12(v), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[17] Ibid: Section on the ´Standards, Quality Control and Quality Assurance Obligations of DNA Laboratories´

[18] Ibid: Section 33

[19] Ibid: Section 35

[20] Ibid: Section 43

[21] Ibid: Section 40

For more details visit https://cis-india.org/internet-governance/blog/summary-of-cis-workshop-on-dna-profiling-bill-2012

Suicide videos: Facebook beefs up team to monitor content

praskrishna — 2017-05-20T02:59:14Z

Responding to the spate of suicides being livestreamed, social media giant Facebook has announced it will add another 3,000 people to its 4,500-strong review team that moderates content. The review team will also work in tandem with law enforcement agencies on this issue.

The article by Kim Arora was published in the Times of India on May 5, 2017.

"Over the last few weeks, we've seen people hurting themselves and others on Facebook, either live or in video posted later. It's heartbreaking, and I've been reflecting on how we can do better for our community," Facebook co-founder and CEO Mark Zuckerberg wrote in a status update and added, "Over the next year, we'll be adding 3,000 people to our community operations team around the world, on top of the 4,500 we have today, to review the millions of reports we get every week, and improve the process for doing it quickly."

"...we'll keep working with local community groups and law enforcement who are in the best position to help someone if they need it, either because they're about to harm themselves, or because they're in danger from someone else," Zuckerberg added announcing the move.

Over the last year, several violent incidents and suicides have been streamed live on Facebook. In India last April, a young student went live on Facebook minutes before he jumped off the 19th floor of Taj Lands End hotel in Mumbai. The same month saw similar news coming out of the US and Thailand as well. A 49-year-old from Alabama went live on Facebook before shooting himself in the head. Another man from Bangkok made a video of hanging his 11-month-old daughter, and uploaded it to Facebook. He was later discovered to have killed himself too.

"It's a positive development that Facebook is adding human power and tools for dealing with hate speech, child abuse and suicide attempts. It would be interesting to see how Facebook coordinates with the Indian police departments to get an emergency response to a potential suicide attempt or attempt to harm someone else," says Rohini Lakshane, program officer, Center for Internet and Society, though she warns against false reports clogging up reviewers' feeds and police notifications.

On Facebook, a video, picture or any other piece of content reaches the review team after it is reported by users for flouting its "community guidelines".

Chinmayi Arun, research director at the Centre for Communication Governance, National Law University, Delhi, says Facebook must be transparent about this process. "Facebook should also announce how it is keeping this process accountable. It is a public platform of great importance which has been guilty of over-censorship in the past. It should be responsive not just to government censorship requests but also to user requests to review and reconsider its blocking of legitimate content," she says.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-kim-arora-may-5-2017-suicide-videos-facebook-beefs-up-team-to-monitor-content

Suckfly Attacks National Stock Exchange Tech Vendor, Among Others

praskrishna — 2016-05-29T08:07:00Z

A cyber espionage group attacked an Indian IT firm that provides support to India’s largest stock exchange. It’s one of many attacks in the recent past.

The blog post by Rohit Pathak was published in the Quint on May 21, 2016. Pranesh Prakash was quoted.

For 24 months now, several Indian government and private organisations have been victims of highly-targeted and sustained cyberattacks by Suckfly. Cyber security firm Symantec has been tracking Suckfly since April 2014 and believes it is a Chinese cyber-espionage group. According to Symantec, Suckfly uses stolen digital certificates to breach the internal networks of Indian organisations.

While Symantec has declined to name any of the victims, it says the high-profile targets include one of India’s largest financial institutions, an e-commerce company and its primary shipping vendor, a leading Indian IT company, two government organisations, and an American health care provider’s Indian business unit.

So far, the highest infection rate has been at a government organisation responsible for implementing network software across various ministries and departments of the Indian central government. Symantec’s investigation report says Suckfly uses custom malware called Backdoor.Nidiran to orchestrate the attacks. While Suckfly had used the same backdoor in its previous campaigns in other countries, in India the post-infection activity was significantly higher.

“We should be aware that this attack isn’t yet over. Suckfly has been targeting organisations since at least May 2014, and it very likely continues to have access to governmental and corporate servers in India thanks to the Nidiran backdoor,” says Pranesh Prakash, Policy Director, Centre for Internet and Society.

He added that, “Depending on what access Suckfly got, the damage could be anything from them having conducted fraudulent financial transactions to obtaining classified governmental secrets.”

It is as yet unclear what data has been exfiltrated by Suckfly, but the fact that no organisations have reported this to their customers shows that the current laws with regard to data security and data breaches are inadequate.

Pranesh Prakash, Policy Director, Centre for Internet and Society

In a detailed email exchange with Bloomberg Quint, Symantec’s security experts describe how Suckfly operates, its motives, and what Indian entities can do to protect themselves.

Suckfly’s Modus Operandi

In 2015, between 22 April and 4 May, Suckfly conducted a multistage attack on an Indian e-commerce company.

It first identified a user – an employee of the e-commerce company – to attempt its initial breach into the e-commerce company’s internal network.

Symantec says, “We don’t have hard evidence of how Suckfly obtained information on the targeted user, but we did find a large open-source presence on the initial target. The target’s job function, corporate email address, information on work-related projects, and publicly accessible personal blog could all be freely found online.’

Suckfly then exploited a vulnerability in the employee’s operating system (Windows) that allowed it to bypass the User Account Control and install the malware. It’s likely that Suckfly used a spear-phishing email to gain entry.

Having entered the employee’s system, Suckfly gained access to the employee’s account credentials and then used them to access the victim’s account and navigate the e-commerce company’s internal corporate network as though it were the employee.

Suckfly’s final step was to exfiltrate data off the victim’s network and onto Suckfly’s infrastructure.

Weekends Off

The attack took place over 13 days, but Symantec discovered that Suckfly was active only Monday to Friday. There was no activity from the group on weekends. This could be because the attackers’ hacktools are command line driven and can provide insight into when operators are behind keyboards actively working.

Suckfly’s Motives?

According to Symantec, “Suckfly targeted one of India’s largest e-commerce companies, a major Indian shipping company, one of India’s largest financial organizations, and an IT firm that provides support for India’s largest stock exchange. All of these targets are large corporations that play a major role in India’s economy. By targeting all of these organisations together, Suckfly could have had a much larger impact on India and its economy. While we don’t know the motivations behind the attacks, the targeted commercial organisations, along with the targeted government organisations, may point in this direction. Symantec’s research shows that Suckfly is well-equipped to carry out targeted attacks for years while staying off the radar of security organisations.”

Symantec refused to name the victims and when contacted, the National Stock Exchange (NSE) said its systems were secure and that it had not heard of any such attack on any of its tech vendors.

In the last two years, from 2013 to 2015, the total number of reported cyber breaches worldwide have increased 25%. India is amongst the most vulnerable – ranking third on the list of countries that have faced financial intrusion.

Smokescreen is a cybersecurity firm and CEO Sahir Hidayatullah claims virtually every large company in India has been compromised to varying degrees already.

Strategic economic advantage and intellectual property theft are the primary motivators for nation state attackers targeting energy, pharma, and manufacturing. Attacks against the financial sector are more commonly done by financially-motivated cybercriminals, however, nation state attackers have an interest here as well – being deeply embedded into critical systems affords opportunities for both mass data collection as well as the ability to cripple financial systems if required. All major governments aspire to have this offensive capability and are in various stages of having developed it already.Sahir Hidayatullah, CEO, Smokescreen

Over the last few months, our decoy detection network in India has seen an up-tick in targeted attacks specifically aimed at companies in banking, energy, pharmaceuticals and manufacturing. Manufacturing has seen the single largest increase in targeted attempts to compromise infrastructure. We have seen a large increase in ‘malware-less’ attacks including the use of stolen credentials on VPN systems.

More worrisome is that over the last year, we have conducted breach-readiness assessments for many of the large names in these verticals, and in every instance, the internal controls were unable to detect and respond to our simulated attacks in time. According to our assessment, none of them are prepared to withstand a targeted attack.

According to a 2015 survey conducted by PWC spanning 250 Indian companies, 72% of the respondents claimed they faced some sort of cyberattack over the last year. 63% claimed intrusions lead to financial losses and 55% claimed there was loss of sensitive information. But the worrying number is this – 78% have no cyber incident response plan. That’s good news for Suckfly and its comrades.

For more details visit https://cis-india.org/internet-governance/news/the-quint-rohit-pathak-may-21-2016-suckly-attacks-national-stock-exchange-tech-vendor-among-others

Submitted Your Biometrics for Aadhaar? Here’s How You Can Lock/Unlock That Data

Admin — 2019-02-02T02:09:56Z

Did you know that UIDAI provides a facility that allows users to lock/unlock their Aadhaar biometric data online?

The blog post by Vidya Raja was published in the Better India on January 24, 2019. Pranesh Prakash was quoted.

Imagine someone hacking into your Netflix account – all you have to do is change the password. However, if there is a security breach with respect to your biometric details, there is no reversing it. So think carefully about how and where you submit your details. While the Supreme Court has said that it is no longer mandatory to link Aadhaar with your bank accounts or your telecom service provider, it does not lessen the importance of Aadhaar.

Pranesh Prakash, Policy Director, The Centre for Internet & Society, in a report published in The Mint, says, “Biometric devices are not hack-proof. It depends on the ease with which this can be done. In Malaysia, thieves who stole a car with a fingerprint-based ignition system simply chopped off the owner’s finger. When a biometric attendance system was introduced at the Institute of Chemical Technology (ICT) in Mumbai, students continued giving proxies by using moulds made from Fevicol.” Over the last year, there has been so much chatter about the Aadhaar number and how one can protect one’s information.

Did you know that UIDAI provides a facility that allows users to lock/unlock their Aadhaar biometric data online?

In this article, we explain how you can do that.

Locking biometrics online:

Visit UIDAI’s online portal to lock or unlock your biometrics
Once there, you will need to click on ‘My Aadhaar’ and under the Aadhaar Services tab, click on Lock/Unlock Biometrics
You will then be redirected to a new page and prompted to enter the 12-digit Aadhaar number and the security code
Once the details have been entered, click on ‘Send OTP’
You will receive an OTP on your registered mobile number
Enter this and click on the Login button
This feature will allow you to lock your biometrics
Enter the 4-digit security code mentioned on the screen and click on the ‘Enable’ button
Your biometrics will be locked, and you will have to unlock it in case you want to access it again

Unlocking biometrics online:

To unlock your biometrics, click on the ‘Login’ button
Enter your Aadhaar number and the security code in the designated spaces
Now click on ‘Send OTP’
An OTP will be sent to your registered mobile number
Enter it in the space provided and click on ‘Login’
In case you want to temporarily unlock the biometrics, enter the security code and click on the unlock button
Your biometrics will be unlocked for 10 minutes
The locking date and time is mentioned on the screen after which biometrics will be automatically locked
When you do not want to lock your biometrics, you can disable the lock permanently.

Using mAadhaar to lock/unlock biometrics:

mAadhaar is the official mobile application developed by the Unique Identification Authority of India (UIDAI). Presently, it is available on the Android platform.

Once the mAadhaar app has been downloaded, the user must use their Aadhaar card registered mobile number to login.
You will then be sent an OTP that you are required to enter for authentication. Do remember to change your password once registered.
On the top right side, tap on ‘Biometric lock’, and enter your password to lock the biometrics. Once locked, it will show a small lock icon next to your profile.
To unlock, tap on the same icon followed by your password. The information will unlock for 10 minutes. After that, it will be locked again.
Once you lock this information, it ensures that even the Aadhaar holder will not be able to use their biometric data (iris scan and fingerprints) for authentication, until unlocked.
If you try to use this information without unlocking, it will show you an error code 330.

Remember to lock and unlock your biometrics through a trusted channel. The fact that there is no fee involved in either exercise will make this easier. Also, even with the biometric locked, you can continue to use the OTP-based authentication process for transactions, where you will receive the OTP on your registered mobile number and e-mail address.

(Edited by Shruti Singhal)

For more details visit https://cis-india.org/internet-governance/news/the-better-india-vidya-raja-january-24-2019-aadhaar-biometric-privacy-safety-online-india

Submission to the Facebook Oversight Board: Policy on Cross-checks

2022-02-09T05:31:32Z

The Centre for Internet & Society (CIS) submitted public comments to the Facebook Oversight Board on a policy consultation.

Whether a cross-check system is needed?

Recommendation for the Board: The Board should investigate the cross-check system as part of Meta’s larger problems with algorithmically amplified speech, and how such speech gets moderated.

Explanation: The issues surrounding Meta’s cross-check system are not an isolated phenomena, but rather a reflection of the problems of algorithmically amplified speech, as well the lack of transparency in the company’s content moderation processes at large. At the outset, it must be stated that the majority of information on the cross-check system only became available after the media reports published by the Wall Street Journal. While these reports have been extensive in documenting various aspects of the system, there is no guarantee that the disclosures obtained by them provides the complete picture regarding the system. Further, given that Meta has been found to purposely mislead the Board and the public on how the cross-check system operates, it is worth investigating the incentives that necessitate the cross-check system in the first place.

Meta claims that the cross-check system works as a check for false positives: they “employ additional reviews for high-visibility content that may violate our policies.” Essentially they want to make sure that content that stays up on the platform and reaches a large audience, is following their content guidelines. However, previous disclosures have proven policy executives have prioritized the company’s ‘business interests’ over removing content that violates their policies; and have waited to act on known problematic content until significant external pressure was built up, including in India. In this context, the cross-check system seems less like a measure designed to protect users who might be exposed to problematic content, and more as a measure for managing public perception of the company.

Thus the Board should investigate both how content gains an audience on the platform, and how it gets moderated. Previous whistleblower disclosures have shown that the mechanics of algorithmically amplified speech, which prioritizes engagement and growth over safety, are easily taken advantage of by bad actors to promote their viewpoints through artificially induced virality. The cross-check system and other measures of content moderation at scale would not be needed if it was harder to spread problematic content on the platform in the first place. Instead of focusing only on one specific system, the Board needs to urge Meta to re-evaluate the incentives that drive content sharing on the platform and come up with ways that make the platform safer.

Meta’s Obligations under Human Rights Law

Recommendation for the Board: The Board must consider the cross-check system to be violative of Meta’s obligations under the International Covenant of Civil and Political Rights (ICCPR). Additionally, the cross-check ranker must be incorporated with Meta’s commitments towards human rights, as outlined in its Corporate Human Rights Policy.

Explanation: Meta’s content moderation, and by extension, its cross-check system, is bound by both international human rights law as well as the Board’s past decisions. At the outset, The system fails the three-pronged test of legality, legitimacy and necessity and proportionality, as delineated under Article 19(3) of the International Covenant of Civil and Political Rights (ICCPR). Firstly, this system has been “scattered throughout the company, without clear governance or ownership”, which violates the legality principle, since there is no clear guidance on what sort of speech, or which classes of users, would deserve the treatment of this system. Secondly, there is no understanding about the legitimacy of aims with which this system had been set up in the first place, beyond Meta’s own assertions, which have been countered by evidence to the contrary. Thirdly, the necessity and proportionality of the restriction has to be read along with the Rabat Plan of Action, which requires that for a statement to become a criminal offense, a six-pronged test of threshold is to be applied: a) the social and political context, b) the speaker’s position or status in the society, c) intent to incite the audience against a target group, d) content and form of the speech, e) extent of its dissemination and f) likelihood of harm. As news reports have indicated, Meta has been utilizing the cross-check system to privilege speech from influential users, and in the process, have shielded inflammatory, inciting speech that would have otherwise qualified the Rabat threshold. As such, the third requirement is not fulfilled either.

Additionally, Meta’s own Corporate Human Rights Policy commits to respecting human rights in line with the UN Guiding Principles on Business and Human Rights (UNGPs). Therefore, the cross-check ranker must incorporate these existing commitments to human rights, including:

The right to freedom of expression:, UN Special Rapporteur on freedom of opinion and expression report A/HRC/38/35 (2018); Joint Statement of international freedom of expression monitors on COVID-19 (March, 2020).

The Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression addresses the regulation of user-generated online content.

The Joint Statement issued regarding Governmental promotion and protection of access to and free flow of information during the pandemic.

The right to non-discrimination: International Convention on the Elimination of All Forms of Racial Discrimination (ICERD), Articles 1 and 4.

Article 1 of the ICERD defines racial discrimination.

Article 4 of the ICERD condemns propaganda and organisations that attempt to justify discrimination or are based on the idea of racial supremacism.

Participation in public affairs and the right to vote: ICCPR Article 25.
The right to remedy: General Comment No. 31, Human Rights Committee (2004) (General Comment 31); UNGPs, Principle 22.

The General Comment discusses the nature of the general legal obligation imposed on State Parties to the Covenant.

Guiding Principle 22 states that where business enterprises identify that they have caused or contributed to adverse impacts, they should provide for or cooperate in their remediation through legitimate processes.

Meta’s obligations to avoid political bias and false positives in its cross-check system

Recommendation for the Board: The Board must urge Meta to adopt and implement the Santa Clara Principles on Transparency and Accountability to ensure that it is open about risks to user rights when there is involvement from the State in content moderation. Additionally, the Board must ask Meta to undertake a diversity and human rights audit of its existing policy teams, and commit to regular cultural training for its staff. Finally, the Board must investigate the potential conflicts of interest that arise when Meta’s policy team has any sort of nexus with political parties, and how that might impact content moderation.

Explanation: For the cross-check system to be free from biases, it is important for Meta to come clear to the Board regarding the rationale, standards and processes of the cross check review, and report on the relative error rates of determinations made through cross check compared with ordinary enforcement procedures. It also needs to disclose to the Board in which particular situations it uses the system and in which it does not. Principle 4 under the Foundational Principles of the Santa Clara Principles on Transparency and Accountability in Content Moderation encourage companies to realize the risk to user rights when there is involvement from the State in processes of content moderation and asks companies to makes users aware that: a) a state actor has requested/participated in an action on their content/account, and b) the company believes that the action was needed as per the relevant law. Users should be allowed access to any rules or policies, formal or informal work relationships that the company holds with state actors in terms of content regulation, the process of flagging accounts/content and state requests to action.

The Board must consider that erroneous lack of action (false positives) might not always be a system's flaw, but a larger, structural issue regarding how policy teams at Meta functions. As previous disclosures have proven, the contours of what sort of violating content gets to stay up on the platform has been ideologically and politically coloured, as policy executives have prioritized the company’s ‘business interests’ over social harmony. In such light, it is not sufficient to simply propose better transparency and accountability measures for Meta to adopt within its content moderation processes to avoid political bias. Rather, the Board’s recommendations must focus on the structural aspect of the human moderator and policy team that is behind these processes. The Board must ask Meta to a) urgently undertake a diversity and human rights audit of its existing team and its hiring processes, b) commit to regular training to ensure that their policy staffs are culturally literate in the socio-political regions they work in. Further, the Board must seriously investigate the potential conflicts of interest that happen when regional policy teams of Meta, with nexus to political parties, are also tasked with regulating content from representatives of these parties, and how that impacts the moderation processes at large.

Finally, in case decision 2021-001-FB-FBR, the Board made a number of recommendations to Meta which must be implemented in the current situation, including: a) considering the political context while looking at potential risks, b) employment of specialized staff in content moderation while evaluating political speech from influential users, c) familiarity with the political and linguistic context d) absence of any interference and undue influence, e) public explanation regarding the rules Meta uses when imposing sanctions against influential users and f) the sanctions being time-bound.

Transparency of the cross-check system

Recommendation for the Board: The Board must urge Meta to adopt and implement the Santa Clara Principles on Transparency and Accountability to increase the transparency of its cross-check system.

Explanation: There are ways in which Meta can increase the transparency of not only the cross-check system, but the content moderation process in general. The following recommendations draw from The Santa Clara Principles and the Board’s own previous decisions:

Considering Principle 2 of the Santa Clara Principles: Understandable Rules and Policies, Meta should ensure that the policies and rules governing moderation of content and user behaviors on Facebook are clear, easily understandable, and available in the languages in which the user operates.

Drawing from Principle 5 on Integrity and Explainability and from the Board’s recommendations in case decision 2021-001-FB-FBR which advises Meta to“Provide users with accessible information on how many violations, strikes and penalties have been assessed against them, and the consequences that will follow future violations”, Meta should be able to explain the content moderation decisions to users in all cases: when under review, when the decision has been made to leave the content up, or take it down. We recommend that Meta keeps a publicly accessible running tally of the number of moderation decisions made on a piece of content till date with their explanations. This would allow third parties (like journalists, activists, researchers and the OSB) to keep Facebook accountable when it does not follow its own policies, as has previously been the case.

In the same case decision, the Board has also previously recommended that Meta “Produce more information to help users understand and evaluate the process and criteria for applying the newsworthiness allowance, including how it applies to influential accounts. The company should also clearly explain the rationale, standards and processes of the cross-check review, and report on the relative error rates of determinations made through cross-checking compared with ordinary enforcement procedures.” Thus, Meta should publicly explain the cross check system in detail with examples, and make public the list of attributes that qualify a piece of content for secondary review.

The Operational Principles further provide actionable steps that Meta can take to improve the transparency of their content moderation systems. Drawing from Principle 2: Notice and Principle 3: Appeals, Meta should make a satisfactory appeals process available to users - whether they be decisions to leave up or takedown content. The appeals process should be handled by context aware teams. Meta should then publish the results of the cross check system and the appeals processes as part of their transparency reports including data like total content actioned, rate of success in appeals and cross check process, decisions overturned and preserved etc, which would also satisfy the first Operational Principle: Numbers.

Resources needed to improve the system for users and entities who do not post in English

Recommendations for the Board: The Board must urge Meta to urgently invest in resources to expand Meta’s content moderation services into the local contexts in which the company operates and invest in training data for local languages.

Explanation: The cross-check system is not a fundamentally different problem than content moderation. It has been shown time and time again that Meta’s handling of content from non-Western, non-English language contexts is severely lacking. It has been shown how content hosted on the platform has been used to inflame existing tensions in developing countries, promote religious hatred in India, genocide in Mynmar, and continue to support human traffickers and drug cartels on the platform even when these issues have been identified.

There is an urgent need to invest resources to expand Meta’s content moderation services into the local contexts in which the company operates. The company should make all policies and rule documents available in the languages of its users; invest in creating automated tools that are capable of flagging content that is not posted in English; and add people familiar with the local contexts to provide context aware second level reviews. The Facebook Files show that even according to company engineering, automated content moderation is still not very effective in identifying hate speech and other harmful content. Meta should focus on hiring, training and retaining human moderators who have knowledge of local contexts. Bias training of all content moderators, but especially those who will participate in the second level reviews in the cross check system is also extremely important to ensure acceptable decisions.

Additionally, in keeping with Meta’s human rights commitments, the company should develop and publish a policy for responding to human rights violations when they are pointed out by activists, researchers, journalists and employees as a matter of due process. It should not wait for a negative news cycle to stir them into action as it seems to have done in previous cases.

Benefits and limitations of automated technologies

Meta recently changed its moderation practice wherein it uses technology to prioritize content for human reviewers based on their severity index. Facebook has not specified the technology it uses to prioritize high-severity content but its research record shows that it uses a host of automated frameworks and tools to detect violating content, including image recognition tools, object detection tools, natural language processing models, speech models and reasoning models. One such model is the Whole Post Integrity Embeddings (“WPIE”) which can judge various elements in a given post (caption, comments, OCR, image etc.) to work out the context and the content of the post. Facebook also uses image matching models (SimSearchNet++) that are trained to match variations of an image with a high degree of precision and improved recall; multi-lingual masked language models on cross-lingual understanding such as XLM-R that can accurately identify hate-speech and other policy-violating content across a wide range of languages. More recently, Facebook introduced its machine translation model called the M2M-100 whose goal is to perform bidirectional translation between 7000 languages.

Despite the advances in this field, there are inherent limitations of such automated tools. Experts have repeatedly maintained that AI will get better at understanding context but it will not replace human moderators for the foreseeable future. One such instance where these limitations were exposed was during the COVID-19 pandemic, when Facebook sent its human moderators home - the number of removals flagged as hate speech on its platform more than doubled to 22.5 million in the second quarter of 2020 but the number of successful content appeals was dropped to 12,600 from the 2.3 million figure for the first three months of 2020.

The Facebook Files show that Meta’s AI cannot consistently identify first-person shooting videos, racist rants and even the difference between cockfighting and car crashes. Its automated systems are only capable of removing posts that generate just 3% to 5% of the views of hate speech on the platform and 0.6% of all content that violates Meta’s policies against violence and incitement. As such, it is difficult to accept the company’s claim that nearly all of the hate speech it takes down was discovered by AI before it was reported by users.

However, the benefits of such technology cannot be discounted, especially when one considers automated technology as a way of reducing trauma for human moderators. Using AI for prioritizing content for review can turn out to be effective for human moderators as it can increase their efficiency and reduce harmful effects of content moderation on them. Additionally, it can also limit the exposure of harmful content to internet users. Moreover, AI can also reduce the impact of harmful content on human moderators by allocating content to moderators on the basis of their exposure history. Theoretically, if the company’s claims are to be believed, using automated technology for prioritizing content for review can help to improve the mental health of Facebook’s human moderators.

Click to download the file here.

For more details visit https://cis-india.org/internet-governance/blog/submission-to-the-facebook-oversight-board-policy-on-cross-checks

Submission to the Committee of Experts on a Data Protection Framework for India

amber — 2018-02-05T13:39:00Z

This submission presents comments by the Centre for Internet and Society, India (“CIS”) on the ‘White Paper of the Committee of Experts on a Data Protection Framework for India’ (“White Paper”) released by the Ministry of Electronics and Information Technology. The White paper was drafted by a Committee of Expert (“Committee”) constituted by the Ministry. CIS has conducted research on the issues of privacy, data protection and data security since 2010 and is thankful for the opportunity to put forth its views. The submission was made on January 31, 2018.

For more details visit https://cis-india.org/internet-governance/submission-to-the-committee-of-experts-on-a-data-protection-framework-for-india

Submission to IGF 2025 Call for Thematic Inputs

Amrita Sengupta, Yesha Tshering Paul, and Pallavi Bedi — 2025-03-06T06:36:10Z

Below are CIS's inputs submitted in response to the IGF 2025 Call for Thematic Inputs. They will inform the MAG’s discussions and assist them in determining the thematic priorities of the IGF 2025 programme.

On AI governance, AI risks and AI and data:
In the past many years, there has been rapid advances in the use of AI, most recently with the use of generative AI by end users and citizens. While questions of ethical use of AI, need for fairness, accountability and transparency are not new, the very rapid scale deployment of AI across different fields and also the easy use of AI across different users, have raised questions of exacerbated harms, infringement of copyright among others and a lot of focus currently is on developing governance for AI. Somewhere, there has been an acceptance of inevitability and almost omnipresence of AI across different contexts which has furthered deliberations around harnessing AI for good. We ask that while “AI for good” as an issue is being mainstreamed, it is most critical that there are avenues to discuss and understand areas where AI should not be used (because of the outsized harms as compared to its benefits) or can be used through limited use of resources (given the wide ranging environmental impacts associated with AI and the resource intensive areas of computational power and data centers) and mechanisms to actualize that. This means that not only do we discuss AI governance in the context of where it is already deployed but also discuss conditions in which it should not be deployed.
There also needs to be greater and more specific regional conversations around data use for AI, especially for developing predictive AI systems, in sensitive settings such as healthcare and financial services. The challenges of using different data for different geographical settings have been well documented (consider for example training data from global north to develop and deploy AI diagnostics for a country in global south). There needs to be more specific conversations and transparency around data sources that are being used and how they can be both ethically sourced but also made contextually relevant. IGF can support these conversations by inviting specific inputs from the multi-stakeholder community on these specific issues.

On digital identity:
There is growing interest in digital public infrastructure and its use for public service delivery and has potential to offer benefits and meaningful governance, if done well, as certain examples may suggest. However, the implementation of digital ID systems for example, particularly when they are the sole means of identification, raises critical questions. Such systems must have robust legislative backing, including privacy and data protection frameworks, if not regulations, along with sufficient legislative and judicial oversight to ensure accountability. Concerns about mission creep—where systems initially introduced for specific purposes gradually expand to other uses without adequate scrutiny—highlight the need for clearly defined objectives and legal safeguards. These systems should proactively assess and mitigate risks and harms before implementation. Furthermore, given that many of these systems rely heavily on private companies with limited oversight, it is crucial to ensure meaningful community participation and accountability throughout the entire process to prioritize public interest over private gains. As we think about DPIs, we urge that its applicability, necessary infrastructural availability, assessment of risks are adequately considered and detailed through the themes and sessions at IGF.

On data governance and youth engagement:
Personal data is being captured by different actors in an unprecedented manner, and at times without any legislative backing or grievance redressal mechanism. With the advent of generative AI- there are also concerns regarding the extent to which data which is publicly available is being used and for what purposes. These concerns are exacerbated when children’s data is being used for generative AI purposes; in most cases without the knowledge or consent of the children. In an increasingly digitised world, how should children navigate the digital world; what is the appropriate age for children to access the internet and should there be age-gating, and if yes, how should that be implemented? What are the mechanisms to determine parental verification? As we have more and more young people online, it will be essential to define and develop frameworks for children’s use and experience of the internet, including having young people participate in these discussions.

We request some steps to be taken at the IGF annual meeting and during its intersessional work:
-Reduce duplication of processes and efforts when it comes to implementation of GDC and continue to look at existing arenas like the WSIS+20 and IGF. Greater coordination and collaboration among various UN bodies.
-Robust support for civil society participation at the IGF and other internet governance processes, especially so from Global South.
-Creation of well resourced working groups that look through the GDC implementation work where relevant.

Given the diverse set of stakeholders and the wide ranging nature topics discussed, it is understandable that the IGF covers a lot of ground. It would be beneficial if there might be deeper reflections on fewer issues if possible, so that there is greater depth in conversations as opposed to a much wider coverage. We understand that this might be difficult given what IGF sets out to do, but a more focused approach might help stakeholders have a better understanding of priorities and areas of focus. It will also be very helpful if all sessions have space for Q&A, even if it is for 10 minutes. It allows for listeners to reflect and also ask questions, where possible.

For all inputs, please visit: https://intgovforum.org/en/igf-2025-proposed-issues (CIS's inputs are under ID322)

For more details visit https://cis-india.org/internet-governance/submission-to-igf-2025-call-for-thematic-inputs

Submission to Global Commission on Stability of Cyberspace on the definition of Cyber Stability

Arindrajit Basu and Elonnai Hickok — 2019-09-11T14:52:25Z

"The Global Commission on the Stability of Cyberspace released a public consultation process that sought to solicit comments and obtain feedback on the definition of “Stability of Cyberspace”, as developed by the Global Commission on the Stability of Cyberspace (GCSC).

The definition of cyberspace the GCSC provided was :

Stability of cyberspace is the condition where individuals and institutions can be reasonably confident in their ability to use cyberspace safely and securely, where the availability and integrity of services in cyberspace is generally assured, where change is managed in relative peace, and where tensions are resolved in a peaceful manner.

CIS gave detailed commentary on the definitions [attached] and suggested a new definition of cyber stability documented below:

Stability of cyberspace is the objective where individuals, institutions and communities are confident in the safety and security of cyberspace; the accessibility,availability and integrity of services in cyberspace can be relied upon and where change is managed and tensions ranging from external interference in sovereign processes to the use of force in cyberspace are resolved peacefully in line with the tenets of International Law,specifically the principles of the UN Charter and universally recognised human rights.

Cyber stability can only be fostered if key stakeholders in cyberspace conform to a due diligence obligation of not undertaking and preventing actions that may prevent cyber stability. The end goal of cyber stability must minimize or eliminate immaterial or peripheral incentives while preserving and potentially legitimizing those cyber offensive operations that can further effective deterrence and thereby foster stability, while also minimising any collateral damage to civilian life or property.

Click to view the detailed submission here

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-september-9-2019-submission-to-global-commission-on-stability-of-cyberspace

Submission on India's Draft Comments on Proposed Changes to the ITU's ITRs

pranesh — 2012-12-07T04:15:56Z

Given below are the responses from the representatives of civil society in India (The Society for Knowledge Commons, Centre for Internet & Society, The Delhi Science Forum, Free Software Movement of India, Internet Democracy Project and Media for Change) to the Government of India's proposals for the upcoming WCIT meeting, in December 2012, in Dubai.

Our detailed comments on India's draft proposals can be found here. Also read the final version of Indian Government's submission to ITU on November 3, 2012.

Background

We believe that, aspects of Internet governance that have been and are presently addressed by bodies other than ITU should not be brought under the mandate of the ITU through the ITRs.

Some of the proposed changes to the ITR's could have a significant negative impact on the openness of the Internet.

In addition, the processes related to the WCIT lack openness and transparency: the WCIT / ITU excludes civil society, academia and other stakeholders from participation in and access to most dialogues and documents, contrary to established principles of Internet governance as laid down in the Tunis Agenda and as supported by the Indian government at several national and international fora. The WCIT process needs to be improved both at the domestic and global level. We urge the Indian government to support a more open process in the future, with respect to deliberations that will have a significant impact on the people.

We recognise that concerns regarding cyber-security, spam, fraud, etc. are real and that some of these concerns require to be addressed at the global level. However, we believe that as a number of parallel processes are working on these specific issues, these need not be brought under the ITRs.

We therefore strongly recommend that the ITRs continue to be restricted to the infrastructure layer that has traditionally been the area of its focus and not the content or the application layer of the Internet. Any measure that impinges on these layers should be kept out of ITRs and taken up at other appropriate (multi-stakeholder) fora.

We note that the proposal ARB/7/24 defines an "operating agency" as "any individual, company, corporation or governmental agency which operates a telecommunication installation intended for an international telecommunication service or capable of causing harmful interference with such a service" and believe that this definition is too broad in scope and ambit. Inclusion of such a term would broaden the mandate of the ITU to regulate numerous actors in the Internet sphere who do not fall under the infrastructure layer of the Internet. We call on the Indian government to ensure that the term "operating agency" is defined in a narrower or more restrictive manner and only used in exceptional cases. Normally, the obligations of member states should be with respect to "recognised operating agencies" and not omnibus all "operating agencies".

Follow-up

We would like to note that we have never officially received this document directly from the Indian government. In view of the support the Indian government continually espouses for multi-stakeholder Internet governance, this is a matter of deep regret.

We are aware that the official closing date for proposals is early November. However, we also know that several governments intend to submit proposals right upto the beginning of the WCIT meeting. In addition, several governments have included civil society representatives on their official delegation.

We therefore call upon the Department of Telecommunications to organise an open consultation with civil society representatives, to discuss both India's proposals and the comments of various civil society representatives on them, in greater depth, as part of DoT’s preparation for the WCIT meeting and in line with India's espoused commitment to multi-stakeholderism. We look forward to discussing our inputs with the Government to make the decision making process on governance more participatory and inclusive.

For more details visit https://cis-india.org/internet-governance/blog/submission-on-indias-draft-comments-on-proposed-changes-to-itus-itrs

Submission by the Centre for Internet and Society on Revisions to ICANN Expected Standards of Behavior

vidushi — 2016-06-30T06:07:37Z

Prepared by Vidushi Marda, with inputs from Dr. Nirmita Narasimhan and Sunil Abraham.

We at the Centre for Internet and Society (“CIS”) are grateful for the opportunity to comment on the proposed revisions to ICANN’s Expected Standards of Behavior (“Standards”).

Before providing specific comments on the proposed revisions, CIS would like to state for the record our extreme disappointment while noting that there is no indication of the intention to draft and adopt a dedicated anti - harassment policy. We are of the firm opinion that harassment, and particularly sexual harassment, is not only a sensitive topic, but also a deeply complex one. Such a policy should consider scope, procedural questions, redressal and remedies in cases of harassment in general and sexual harassment in particular. A mere change in language to these Standards, however well intentioned, cannot go too far in preventing and dealing with cases of harassment in the absence of a framework within which such instances can be addressed.

Some of the issues that arose at ICANN55 were confusion surrounding the powers and limits of the Ombudsman’s office in dealing with cases of harassment, the exact procedure to be followed for redressal surrounding such incidents, and the appropriate conduct of parties to the matter. There will be no clarity in these respects, even if these proposed changes are to be adopted.

Specifically, the proposed language is problematic and completely inadequate for the following reasons:

Vague

Terms like “professional conduct” and “appropriate behavior” mean little in the absence of a definition that entails such conduct. These terms could mean vastly different things to each community member and such language will only encourage a misalignment of expectation of conduct between community members. The “general” definition of harassment is at best, an ineffective placeholder, as it does not encompass exactly what kind of behavior would fall under its definition.
Fails to consider important scenarios

The proposed language fails to consider situations where some attempts or advances at communication, sexual or otherwise, occur. For example, consider a situation in which one community member stalks another online, and catalogues his/her every move. This is most certainly foreseeable, but will not be adequately covered by the proposed language. Further, terms like “speech or behavior that is sexually aggressive or intimidates” could or could not include types of speech such as art, music, photography etc, depending on who you ask. It also does not explain the use of the word behavior - physical, emotional, professional, online behavior are all possible, but the scope of this term would depend on the interpretation one chooses to apply. In part 4 below, we will demonstrate how ICANN has applied a far more detailed framework for harassment elsewhere.
Ignores complexity

In discussions surrounding the incident at ICANN55, a number of issues of arose. These included, inter alia, the definition of harassment and sexual harassment, what constituted such conduct, the procedure to be followed in such cases, the appropriate forum to deal with such incidents and the conduct that both parties are expected to maintain. These questions cannot, and have not been answered or addressed in the proposed change to the Standards. CIS emphasizes the need to understand this issue as one that must imbibe differences in culture, expectation, power dynamics, and options for redressal. If ICANN is to truly be a safe space, such issues must be substantively and procedurally fair for both the accused and the victim. This proposed definition is woefully inadequate in this regard.
Superficial understanding of harassment, sexual harassment

The proposed changes do not define harassment, and sexual harassment in an adequate fashion. The change currently reads, “Generally, harassment is considered unwelcome hostile or intimidating behavior -- in particular, speech or behavior that is sexually aggressive or intimidates based on attributes such as race, gender, ethnicity, religion, age, color, national origin, ancestry, disability or medical condition, sexual orientation, or gender identity.” These are subject to broad interpretation, and we have already highlighted the issues that may arise due to this in 1, above. Here, we would like to point to a far more comprehensive definition.

ICANN’s own Employment Policy includes within the scope of sexual harassment “verbal, physical and visual conduct that creates an intimidating, offensive or hostile working environment, or interferes with work performance.” The policy also states:

Harassing conduct can take many forms and includes, but is not limited to, the following:

Slurs, jokes, epithets, derogatory comments, statements or gestures;

Assault, impeding or blocking another’s movement or otherwise physically interfering with normal work;

Pictures, posters, drawings or cartoons based upon the characteristics mentioned in the first paragraph of this policy.
Sexually harassing conduct includes all of the above prohibited actions, as well as other unwelcome conduct, such as requests for sexual favors, conversation containing sexual comments, and unwelcome sexual advances.”

This definition is not perfect, it does not comprehensively consider advances or attempts at communication, sexual or otherwise, which are unwelcome by the target. Nonetheless, CIS believes that this is a far more appropriate definition that does not include vague metrics that the proposed changes do. Since it is one ICANN has already adopted, it can act as an important stepping stone towards a comprehensive framework.

Like ICANN, UNESCO’s organisational approach has been to adopt a comprehensive Anti-Harassment Policy which lays down details of definition, prevention, complaint procedure, investigations, sanctions, managerial responsibility, etc. Acknowledging the cultural sensitivity of harassment particularly in international situations, the policy also recognizes advances or attempts at communication, sexual or otherwise. Most importantly, it states that for conduct to come within the definition of sexual harassment, it “must be unwelcome, i.e. unsolicited and regarded as offensive or undesirable by the victim.”

Conclusion

In conclusion, we would like to reiterate the importance of adopting and drafting a dedicated anti-harassment policy and framework. The benefits of safety, certainty and formal redressal mechanisms in cases of harassment cannot be over emphasized.

Importantly, such measures have already been taken elsewhere. The IETF has adopted an instrument to address issues of harassment that occur at meetings, mailing lists and social events. This instrument contemplates in detail, problematic behavior, unacceptable conduct, the scope of the term harassment, etc. It further envisages a framework for redressal of complaints, remediation, and even contemplates issues that may arise with such remediation. It is particularly important to note that while it provides a definition of harassment, it also states that "[a]ny definition of harassment prohibited by an applicable law can be subject to this set of procedures, recognising harassment as a deeply personal and subjective experience, and thus encouraging members to take up issues of harassment as per their cultural norms and national laws, which are then considered as per procedures laid down."

A similar effort within the ICANN community is critical.

For more details visit https://cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior