We are anonymous, we are legion

Why NPCI and Facebook need urgent regulatory attention

sunil — 2018-06-12T02:07:42Z

The world’s oldest networked infrastructure, money, is increasingly dematerialising and fusing with the world’s latest networked infrastructure, the Internet.

The article was published in the Economic Times on June 10, 2018.

As the network effects compound, disruptive acceleration hurtle us towards financial utopia, or dystopia. Our fate depends on what we get right and what we get wrong with the law, code and architecture, and the market.

The Internet, unfortunately, has completely transformed from how it was first architected. From a federated, generative network based on free software and open standards, into a centralised, environment with an increasing dependency on proprietary technologies.

In countries like Myanmar, some citizens misconstrue a single social media website, Facebook, for the internet, according to LirneAsia research. India is another market where Facebook could still get its brand mistaken for access itself by some users coming online. This is Facebook put so many resources into the battle over Basics, in the run-up to India’s network neutrality regulation. an odd corporation.

On hand, its business model is what some term surveillance capitalism. On the other hand, by acquiring WhatsApp and by keeping end-toend (E2E) encryption “on”, it has ensured that one and a half billion users can concretely exercise their right to privacy. At the time of the acquisition, WhatsApp founders believed Facebook’s promise that it would never compromise on their high standards of privacy and security. But 18 months later, Facebook started harvesting data and diluting E2E.

In April this year, my colleague Ayush Rathi and I wrote in Asia Times that WhatsApp no longer deletes multimedia on download but continues to store it on its servers. Theoretically, using the very same mechanism, Facebook could also be retaining encrypted text messages and comprehensive metadata from WhatsApp users indefinitely without making this obvious.

My friend, Srikanth Lakshmanan, founder of the CashlessConsumer collective, is a keen observer of this space. He says in India, “we are seeing an increasing push towards a bank-led model, thanks to National Payments Corporation of India (NPCI) and its control over Unified Payments Interface (UPI), which is also known as the cashless layer of the India Stack.”

NPCI is best understood as a shape shifter. Arundhati Ramanathan puts it best when she says “depending on the time and context, NPCI is a competitor. It is a platform. It is a regulator. It is an industry association. It is a profitable non-profit. It is a rule maker. It is a judge. It is a bystander.”

This results in UPI becoming, what Lakshmanan calls, a NPCI-club-good rather than a new generation digital public good. He also points out that NPCI has an additional challenge of opacity — “it doesn’t provide any metrics on transaction failures, and being a private body, is not subject to proactive or reactive disclosure requirements under the RTI.”

Technically, he says, UPI increases fragility in our financial ecosystem since it “is a centralised data maximisation network where NPCI will always have the superset of data.” Given that NPCI has opted for a bank-led model in India, it is very unlikely that Facebook able to leverage its monopoly the social media market duopoly it shares with in the digital advertising market to become a digital payments monopoly.

However, NCPI and Facebook both share the following traits — one, an insatiable appetite for personal information; two, a fetish for hypercentralisation; three, a marginal commitment to transparency, and four, poor track record as a custodian of consumer trust. The marriage between these like-minded entities has already had a dubious beginning.

Previously, every financial technology wanting direct access to the NPCI infrastructure had to have a tie-up with a bank. But for Facebook and Google, as they are large players, it was decided to introduce a multi-bank model. This was definitely the right thing to do from a competition perspective. But, unfortunately, the marriage between the banks and the internet giant was arranged by NPCI in an opaque process and WhatsApp was exempted from the full NPCI certification process for its beta launch.

Both NPCI and Facebook need urgent regulatory attention. A modern data protection law and a more proactive competition regulator is required for Facebook. The NPCI will hopefully also be subjected to the upcoming data protection law. But it also requires a range of design, policy and governance fixes to ensure greater privacy and security via data minimisation and decentralisation; greater accountability and transparency to the public; separation of powers for better governance and open access policies to prevent anti-competitive behaviour.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention

Network Disruptions Report by Global Network Initiative

akriti — 2018-06-12T01:31:40Z

Around 70% of all known shutdowns in the world took place in India in 2017. The same year Telecom Authority of India (TRAI) released the “Temporary Suspension of Internet Services” giving State and Central Government officials the power to terminate Internet services as per the guidelines.

The report by Global Network Initiative can be read here.

However S.144 of the Criminal Procedure Code as well Section 5 of the Telegraph Act are still used as legal grounds. The former targets unlawful assembly while the latter gives authorities the right to prevent transmission of messages, applicable to messages sent over the Internet as well. A case in the Gujarat High Court challenging the validity of using S.144 of the CrPC was dismissed essentially stating the Government could use the section to enforce shutdowns to maintain law and order.

The right to Internet has been accepted as a fundamental right by the United Nations and one which, cannot be disassociated from the exercise of freedom of expression and opinion and the right to peaceful assembly. These are rights guaranteed by the Constitution, affirmed in the Universal Declaration of Human Rights and thus should be provided, both, online and offline. Online movements are unpredictable and dynamic making Governments fearful of their lack of control over content hosting websites. Their fear becomes their de facto perception of online services resulting in network shutdowns regardless of the reality on ground.

Given the rising importance of this issue, Global Network Initiative has published a report on such Network Disruptions by Jan Rydzak . A former Google Policy fellow and now a PhD candidate at the University of Arizona, he, conducts research on the nexus between technology and protest. The report, which uses India as a case study calls for more attention on network disruptions, the 'new form of digital repression' and delves into its impact on human rights. Rydzak aims at widening the gambit of affected rights by discussing the civil and political rights of freedom of assembly, right to equality, religious belief and such. These are ramifications not widely discussed so far and helps shine a light on the collateral damage incurred due to these shutdowns. Through a multitude of interviews with various stakeholders, the author brings to forefront the human rights implications of network disruptions on different groups of individuals such as women, immigrants and certain ethnic groups. These dangers are even more when it comes to vulnerable populations and the report does a comprehensive analysis of all of the above.

For more details visit https://cis-india.org/internet-governance/blog/network-disruptions-report-by-global-network-initiative

Citizens’ Draft Privacy Bill Seeks To Revolutionise Data Collection, Storage In India

Admin — 2018-06-11T02:47:46Z

A draft privacy bill proposes sweeping reforms to the way personal data is collected, processed and stored in India.

The blog post by Arpan Chaturvedi was published in Bloomberg Quint on June 9, 2018. CIS research was quoted.

Titled Indian Privacy Code, 2018, the draft proposes that “all data collected, processed and stored by data controllers and data processors prior to the date on which this Act comes into force shall be destroyed within a period of two years from the date on which this Act comes into force”.

The draft has been put together by a group of lawyers and policy analysts and uploaded on the website of ‘Save our Privacy’ — a public initiative to put forth a model law on data protection. The initiative is backed by the India Privacy Foundation.

No person, including a data controller and data processor, shall collect any personal data without obtaining the consent of the data subject to whom it pertains, the draft bill says. Collection of personal data without consent can happen only when:

It’s necessary for the provision of an emergency medical service.
Prevent, investigate or prosecute a cognizable offence.
Exempted by a privacy commission that the draft seeks to institute

Also, the draft bill proposes that no person shall store any personal data for a period longer than is necessary to achieve the purpose for which it was collected or received. The same applies to the processing of personal data.

The draft bill has been submitted to the Justice Sri Krishna Committee — which will deliberate on a data-protection framework for the country. The committee’s first draft is likely to be submitted this month.

The bill prescribes punishment for offenses related to interception of communication, surveillance, abetment, repeat offenders and offenses by companies.

The bill, according to information on the website, is based on seven principles, foremost of which is the importance of individual rights. The others are:

A data protection law must be based on privacy principles and guidelines discussed in the report of Justice AP Shah Committee of Experts; the Supreme Court judgement on Right to Privacy and European Union’s General Data Protection Regulation.
A strong privacy commission must be created to enforce privacy principles. The commission should be granted wide powers of investigation, adjudication, rule-making and enforcement. The privacy commission must have jurisdiction over the government as well as private bodies.
The government must respect user privacy. The government cannot deny essential services to citizens if they choose not to share data with it. The draft says government withholding services on pretext of collection of information effectively amounts to “extortion of consent”.
A complete privacy code must come with surveillance reform. Even when individual interception and surveillance is carried out this should be severely limited in substance and practiced through procedural safeguards.
Strengthen the Right To Information Act and exempt information commissioners from interference or control by the privacy commissioner
International protection and harmonisation is a must to protect the open internet. The group suggests the law must have extraterritorial effect and apply to web services and platforms which are accessible in India and gather personal data of Indians.

The bill takes inspiration from the Privacy (Protection) Bill, 2013 which was drafted over a series of roundtable discussions and inputs conducted by the Centre for Internet and Society, Bengaluru.

The individuals who were involved in the drafting of the model law are Raman Jit Singh Cheema, Apar Gupta, Gautam Bhatia, Kritika Bhardwaj, Maansi Verma, Naman N Aggarwal, Praavita Kashyap, Prasanna S, Ujjwala Uppaluri, Vrinda Bhandari.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-june-9-2018-draft-bill-seeks-to-revolutionise-data-collection-storage-in-india

Comments on the Draft National Policy on Official Statistics

Gurshabad Grover and Sandeep Kumar — 2018-06-07T02:54:18Z

This submission presents comments by the Centre for Internet & Society, India (“CIS”) on the Draft National Policy on Official Statistics which was released to the public by the Ministry of Statistics and Programme Implementation on 17th May 2018 for comments and views.

Edited by Swaraj Barooah. Download a PDF of the submission here

Preliminary

CIS appreciates the Government’s efforts in realising the importance of the need for high quality statistical information enshrined in the Fundamental Principles of Official Statistics as adopted by the UN General Assembly in January 2014. CIS is grateful for the opportunity to put forth its views on the draft policy. This submission was made on 31st May, 2018.

First, this submission highlights some general defects in the draft policy: there is lack of principles guiding data dissemination policies; there are virtually no positive mandates set for Government bodies for secure storage and transmission of data; and while privacy is mentioned as a concern, it has been overlooked in designing the principles of the implementation of surveys. Then, this submission puts forward specific comments suggesting improvements to various sections in the draft policy.

CIS would also like to point out the short timeline between the publication of the draft policy (18th May, 2018), and the deadline set for the stakeholders to submit their comments (31st May, 2018). Considering that the policy has widespread implications for all Ministries, citizens, and State legislation rights (proposed changes include a Constitutional Amendment), it is necessary that such call-for-comments are publicised widely, and enough time is given to the public so that the Government can receive well-researched comments.

General Comments

Data dissemination

For data dissemination, the draft policy does not stress upon a general principle or set of principles, and often disregards principles specified in the Fundamental Principles of Official Statistics, which are the very principles the Government intends to draw its policies on official statistics from. Rather it relies on context-specific provisions that fail to summarise and articulate a general philosophy for the dissemination of official statistics, and fails to practically embody some stated goals. The first principle on Official Statistics, as realised by the United Nations General Assembly, clearly states that: “[...] official statistics that meet the test of practical utility are to be compiled and made available on an impartial basis by official statistical agencies to honour citizens’ entitlement to public information.”

Let us compare this with Section 5.1.7 (9) of the draft policy, which refers to policies regarding core statistics: it mentions a data “warehouse” to be maintained by the NSO which should be accessible to private and public bodies. While this does point towards an open data policy, such a vision has not been articulated in any part thereof.

The draft policy, at the outset, should have general guiding principles of publishing data openly and freely (once it meets the utility test, and it has been ensured that individual privacy will not be violated by the publishing of such statistics). This should serve well to inform further regulations and related policies governing the use and publishing of statistics, like the Statistical Disclosure Control Report.

A general commitment to a well-articulated policy on data dissemination will ensure easy-to-follow principles for the various Ministries that will refer to the document. The additional principles that come with open data principles should also be described by the policy document: a commitment to publishing data in a machine-readable format, making it available in multiple data formats (.txt, .csv, etc.), and including its metadata.

Data storage and usage

In the absence of a regime for data protection, it is absolutely necessary that a national policy on statistics provide positive mandates for the encryption of all digitally-stored personal and sensitive information collected through surveys. Even though the current draft of the policy mentions the need to protect confidential information, it sets no mandatory requirements on the Government to ensure the security of such information, especially on digital platforms.

Additionally, all transmission of potentially sensitive information should be done with the digital signatures of the employee/Department/Ministry authorising said transmission. This will ensure the integrity and authenticity of the information, and provide with an auditable trail of the information flowing between entities in the various bodies.

Data privacy

It is appreciable that Section 5.7.9 of the draft policy notes, “[a]ll statistical surveys represent a degree of privacy invasion, which is justified by the need for an alternative public good, namely information.” However, all statistical surveys may not be proportionate in their invasiveness, even if they might serve a legitimate public goal in the future.

The draft policy does not address how privacy concerns can be taken into account while designing the survey itself. A necessary outcome of the realisation of the possible privacy violations that may arise due to surveys is that all data collection be “minimally intrusive”, the data be securely stored (see previous comment section, ‘Data storage and usage’), and the surveyed users have control over the data even after they have parted with their information.

Since the policy deals extensively with the implementation of surveys, the following should details should be clearly laid out in the policy:

The extent to which an individual has control over the data they have provided to the surveying agency.
The means of redressal available to an individual who feels that his/her privacy has been violated through the publication of certain statistical information

Specific Comments

Section 5.1: Dichotomising official statistics as core statistics and other official statistics

Comments

The reasons for dichotomising official statistics has not been appropriately substantiated with evidence, considering the wide implications of policy proposals that arise from the definition of “core statistics.”

Firstly, the descriptions of what constitutes “core statistics” casts too wide a net by only having a single vague qualitative criterion, i.e. “national importance.” All the other characteristics of the “core statistics” are either recommendations or requirements as to how the data will be handled and thus, pose no filter to what can constitute “core statistics.” The wide net is apparent in the fact that even the initially-proposed list of “core statistics”, given in Annex-II of the policy, has 120 categories of statistics.

Secondly, the policy does not provide reasons for why the characteristics of “core statistics”, highlighted in Section 5.1.5, should not apply to all official statistics at the various levels of Government. Therefore, the utility of the proposed dichotomy has also not been appropriately substantiated with illustrative examples of how “core statistics” should be considered qualitatively different from all official statistics.

This definition may lead to widespread disagreement between the States and the Centre, because Section 5.2 proposes that “core statistics” be added to the Union List of the Seventh Schedule of the Constitution. How the proposal may affect Centre-State responsibilities and relations pertaining to the collection and dissemination of statistics is elaborated in the next section.

Recommendations

The policy should not make a forced dichotomy between “core” and (ipso facto) non-core statistics. If a distinction is to be made for any reason(s) (such as for the purposes of delineating administrative roles) then such reason must be clearly defined, along with a clear explanation for why such a dichotomy would alleviate the described problem. The definitions should have tangible and unambiguous qualitative criteria.

Section 5.2: Constitutional amendment in respect of core statistics

Comments

The main proposal in the section is that the Seventh Schedule of the Constitution be amended to include “core statistics” in the Union List. This would give the Parliament the legislative competence to regulate the collection, storage, publication and sharing of such statistics, and the Central Government the power to enforce such legislation. Annex-II provides a tentative list of what would constitute “core statistics”; as is apparent, this list is wide-ranging and consists over 120 items which span the gamut of administrative responsibilities.

The list includes items such as “Landholdings Number, area, tenancy, land utilisation [...]” (S. No. 21), and “Statistics on land records” (S. No. 111) while most responsibilities of land regulation currently lie with the States. Similarly, items in Annex-II venture into statistics related to petroleum, water, agriculture, electricity, and industry; some of which are in the Concurrent or State List.

Statistics are metadata. There is no reason for why the administration of a particular subject lie with the State, and the regulation of data about such subject should lie with solely with the Central Government. It is important to recognise that adding the vaguely defined “core statistics” to the Union List, while enabling the Central Government to execute and plan such statistical exercises, will also prevent the States from enacting any legislation that regulates the management of statistics regarding its own administrative responsibilities.

The regulation of State Government records in general has been a contentious issue, and its place in our federal structure has been debated several times in the Parliament: the enactment of Public Records Act, 1993; the Right to Information Act, 2005; and the Collection of Statistics Act, 2008 are predicated on an assumption of such competence lying with the Parliament. However, it is equally important to recognise the role States have played in advancing transparency of Government records. For example, State-level Acts analogous to the Right to Information Act existed in Tamil Nadu and Karnataka before the Central Government enactment.

Recommendations

We strongly recommend that “statistics” be included in the Concurrent List, so that States are free to enact progressive legislation which advances transparency and accountability, and is not in derogation of Parliamentary legislation.

The Ministry should view this statistical policy document as a venue to set the minimum standards for the collection, handling and publication of statistics regarding its various functions. If the item is added to the Concurrent List, the States, through local legislation, will only have the power to improve on the Central standards since in a case of conflict, State-levels laws will be superseded by Parliamentary ones.

Section 5.3: Mechanism for regulating core statistics including auditing

Comments

The draft policy in Section 5.3.2 says, “[...] The Committee will be assisted by a Search Committee headed by the Vice-Chairperson of the NITI Aayog, in which a few technical experts could be included as Members.” The non-commital nature of the word ‘could’ in this statement detracts from the importance of having technical experts on this committee, by making their inclusion optional. The policy also does not specify who has the power to include technical experts as Members in the Search Committee. The statement should include either a minimum number of a specific number or members, and not use the non-committal word “could”

The National Statistical Development Council, as mentioned in 5.3.9, is supposed to “handle Centre-State relations in the areas of official statistics, the Council should be represented by Chief Ministers of six States to be nominated by the Centre” (Section 5.3.10). The draft does not elaborate on the rationale behind including just six states in the Council. It does not recommend any mechanism on the basis of which Centre will nominate states in the council.

Recommendations

The policy should recommend a minimum number of technical experts who must be included in the search committee, along with a clear process for how such members are to be appointed.

Additionally, the policy appropriately recognises the great diversity in India and the unique challenges faced by each State. Thus, each State has its unique requirements. Since in Section 5.3.11, the policy recommends that council meet at a low frequency of at least once in a year, all States should be represented in the Council.

Section 5.4: Official Machinery to implement directions on core statistics

Comments

The functions of Statistics Wing in the MOSPI, laid out in Section 5.4.7, include advisory functions which overlap with functions of National Statistical Commission (NSC) mentioned in Section 5.3.5. Some regulatory functions of Statistics Wing, like “conducting quality checks and auditing of statistical surveys/data sets”, overlap with the regulatory functions of NSC mentioned in Section 5.3.7.

In section 5.3.1, the draft policy explicitly mentions that “what is feasible and desirable is that production of official statistics should continue with the Government, whereas the related regulatory and advisory functions could be kept outside the Government”. But Statistics Wing is a part of the government and it also has regulatory and advisory functions. It will adversely affect the power of NSC as an autonomous body.

There are inconsistencies in the draft-policy regarding the importance and need of a decentralized statistical system. In section 3 [Objectives], it has been emphasized that the Indian Statistical System shall function within decentralized structure of the system. But, in section 5.4.15, the draft says that decentralized statistical system poses a variety of problems, and advocates for a unified statistical system. Again, in section 5.15, draft emphasizes the development of sub-national statistical systems. These views are inconsistent and create confusion regarding the nature of statistical system that policy wants to pursue.

Recommendations

The functions of the NSC should be kept in its exclusive domain. Any such overlapping functions should be allocated to one agency taking into consideration the Fundamental Principles on Official Statistics.

The inconsistencies regarding the decentralisation philosophy of the statistical system should be addressed.

Section 5.5: Identifying statistical products required through committees

Comments

While Section 5.5.2 recognises data confidentiality as a goal for statistical coordination, it does not take into account the violation of privacy that might occur due to the sharing of data. For example, a certain individual might agree to share personal information with a particular Ministry, but have apprehensions about it being shared with other Ministries or private parties.

Recommendations

We recommend that point 4 in Section 5.5.2 be read as, “enabling sharing of data without compromising the privacy of individuals and the confidentiality/security of data.”The value of of the individual privacy stems from both the recent Supreme Court judgment that affirmed privacy as a Fundamental Right, and also Principle 6 of the of the Fundamental Principles of Official Statistics. Realising privacy as a goal in this section will add a realm of individual control that is already articulated in Section 5.7.9.

Annex-VII: Guidelines on Outsourcing statistical activities

Comments

Section 6 defines “sensitive information” in an all-inclusive manner and does not leave space for further inclusion of any information that may be interpreted as sensitive. For example, biometric data has not been listed as “sensitive information”.

Section 9.1, draft says, “[t]he identity of the Government agency and the Contractor may be made available to informants at the time of collection of data”. It is imperative that informants have the right to verify the identity of the Government agency and the Contractor before parting with their personal information.

Recommendations

The definition of “sensitive information” should be broad-based with scope for further inclusion of any kind of data that may be deemed “sensitive.”

Section 9.1 must mandate that the identity of the Government agency and the Contractor be made available to informants at the time of collection of data.

Section 9.6 can be redrafted to state that each informant must be informed of the manner in which the informant could access the data collected from the informant in a statistical project, as also of the measures taken to deny access on that information to others, except in the cases specified by the policy.

Section 10.2 can be improved to state that if information exists in a physical form that makes the removal of the identity of informants impracticable (e.g. on paper), the information should be recorded in another medium and the original records must be destroyed.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-draft-national-policy-on-official-statistics

Comments on Draft National Policy on Official Statistics

Gurshabad Grover — 2018-06-07T01:58:22Z

For more details visit https://cis-india.org/internet-governance/files/comments-on-draft-national-policy-on-official-statistics

EC disables easy access to electoral data across states

Admin — 2018-06-29T01:59:02Z

The recently-concluded Assembly elections may have set more than just one precedent with implications for the entire nation.

The article by Akshatha M was published in Economic Times on June 5, 2018. Sunil Abraham was quoted.

While the poll result led to what many see as the beginning of a national front comprising regional parties, the steps Karnataka’s chief electoral officer took to protect the privacy of its electoral rolls will be emulated across the country.

The Election Commission of India, in an internal circular issued in January, ordered the chief electoral officers of all states and union territories to publish electoral rolls only in image PDF and CAPTCHA formats. These formats ensure that no individual can access electoral data, except as readonly files. While the image PDF format disables the search option in the rolls, CAPTCHA does not allow visitors to either extract or download the rolls.

“It has been decided that electoral rolls should be published on (the) website in image PDF only. If presently-available PDF electoral rolls are not image PDF, then the same shall be done immediately,” the EC circular said.

It all started in the latter part of 2017 when Karnataka’s chief electoral officer published the draft electoral rolls as image PDF with CAPTCHA formats. Earlier, rolls were published in text PDF (minus CAPTCHA) format. Electoral analysts and citizen groups took exception to the new formats on the grounds that that did not allow them to analyse errors.

CEO Sanjiv Kumar’s contention was that analysts were seeking easy access to data. He defended his move on the grounds that the personal data of voters need to be protected. The tiff eventually reached the EC’s doorstep. It turns out that the chief election commissioner was convinced about Sanjiv Kumar’s intent.

Speaking to ET, CEC Om Prakash Rawat said: “After Cambridge Analytica and Facebook episodes, the EC has decided to protect voters’ data from data harvesting and data manipulation as a precautionary measure. We are also working towards adding special data security features in the electoral rolls.”

Electoral roll analysts continue to see the EC’s decision as a bid to cover up flaws in the rolls. “Their argument is self-defeating on two counts: One, an individual can still extract the data, though it is a little time-consuming. Two, voter data is sold in broad daylight for 7 paise per record and despite knowing this, the election authorities have not taken any action to prevent the same,” said Bengaluru-based electoral roll analyst PG Bhat.

Data security researchers say the EC decision to have the new formats is no long-term solution.

Sunil Abraham, executive director of the Centre for Internet and Society, said that the image PDF format would not be a longterm solution at a time when the optical character recognition software has become all-powerful. “The EC should first remove EPIC numbers from the public database as it allows people who are into data-mining exercise to combine data. The solution would be to have mandatory registration in order to access data, even for voters,” he said.

He said the EC should have a system that enables it to track those who access electoral data. “Mass export of data should be permitted only for those who are monitoring electoral rolls at the polling-station level,” he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-june-6-2018-akshatha-m-ec-disables-easy-access-to-electoral-data-across-states

Allow admins to add users to online group chats only after permission: SFLC.in

Admin — 2018-06-26T02:03:19Z

SFLC.in -- a donor supported legal services organisation -- has written an open letter to messaging service providers like WhatsApp, Facebook and others, urging them to modify their platforms to ensure that users are not added to group chats without their permission.

The article was published in the Times of India on June 1, 2018.

In its letter, Software Freedom Law Centre, India (SFLC.in) said any user with administrator rights can currently add another person to the group without the latter's permission.

In the absence of a mechanism to prevent themselves from being added to groups that they would not like to participate in, users have no option but to manually exit the groups.

"This is a troubling state of affairs because users may be forcefully exposed to a range of subjectively undesirable content that they would never have signed up for otherwise, which can be particularly damaging, especially in situations where malicious actors attempt to intimidate, disparage, harass or harm individuals in any way," the letter said.

The letter has also been co-signed by Digital Empowerment Foundation, Centre for Internet and Society and a few others.

Emails sent to Facebook, Tencent and others seeking their comments did not elicit any response.

SFLC.in argued that the current format is an issue for many, including those belonging to minority and vulnerable groups.

"While blocking malicious actors can usually help mitigate the damage to an extent, on online messaging services like yours, they are able to easily circumvent blocks by creating groups and adding their targets to these groups," it said.

The problem is only made worse when personal information like phone numbers, user IDs and photographs are shared with a large number of users, which could open the doors to even greater abuse, it added.

SFLC.in argued that there are no adequate safeguards to prevent infringement of user rights and therefore, these platforms should take immediate steps to address this issue.

"...implement measures to make it so that being added to group conversations without permission is no longer a possibility. Not only will this greatly help in limiting abusive uses of your services, but it will also make users less wary of using the services, making the Internet a safer space for us all," it added.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-june-1-2018-allow-admins-to-add-users-to-online-group-chats-only-after-permission-sflc-in

Patanjali's Kimbho swiftly retreats over security scare, ripped on Twitter

Admin — 2018-06-01T14:15:44Z

Swadeshi" messaging app targeted at WhatsApp taken off from app stores hours after launch.

The article by Alnoor Peermohamed and Manavi Kapur was published in the Business Standard on May 31, 2018. Gurshabad Grover was quoted.

The fate of Patanjali’s “swadeshi” instant messaging app Kimbho was sealed in the span of just a few hours, thanks to viral messages being shared on Facebook-owned WhatsApp, the app that the Baba Ramdev-promoted company was trying to combat.

Patanjali on Thursday launched Kimbho with the sole intent of checking the rise of messaging giant WhatsApp in India. However, after Kimbho’s various data vulnerabilities were exposed by the security expert and whistleblower who goes by the pseudonym Elliot Alderson on Twitter, the app made a quiet exit from Google’s Play Store.

Jokes surrounding the app’s quick retreat spread like wildfire on rival platform WhatsApp. It was perhaps the quickest rise and fall in the popularity of a mobile application.

Alderson, who has exposed data breaches in the UIDAI’s website, took to Twitter to rip apart the Kimbho app. “This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app,” he wrote. His next tweet sent alarm bells ringing among users: “The #Kimbho #android #app is a security disaster. I can access the messages of all the users...”

Kimbho, though, claims that every message on its platform is encrypted by the Advance Encryption Standard and that it saves “no data on our servers or cloud”. But Alderson pointed out that the one-time password security could be worked around. “It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice,” he tweeted. Kimbho, explained as a Sanskrit greeting by S K Tijarawala, Ramdev’s spokerperson, on Twitter, is also a patched-up application over the existing Bolo messaging app.

This is most likely the reason the app was taken off the Google Play Store. “There were basic authentication and authorisation related vulnerabilities where an end user can see the data of other users. These flaws may be the reason the developers took down the app. Google flags such things,” said Anand Prakash, a Bengaluru-based ethical hacker.

“WhatsApp uses end-to-end encryption that essentially means even they can’t access the messages you send. But Kimbho, on the other hand, was not using end-to-end security and probably even saving every message as plain text on its server,” adds Gurshabad Grover, policy officer at the Centre for Internet and Society.

Google did not respond to queries about whether the developer took the app down or Google flagged it as unsecure. Kimbho declared on its Twitter handle that its app was removed from the Play Store because of heavy traffic, claiming that it was downloaded 150,000 times in a mere three hours since its launch.

On Apple’s App Store, it was trending in the social networking category at the fourth position in India, just below WhatsApp, Facebook and Facebook’s Messenger, and above popular messaging apps such as Skype, LinkedIn and hike messenger.

Tijarawala had announced Kimbho’s launch on Twitter, calling it an app developed by the “shishyas” (disciples) and “navdikshit sadhus” (newly ordained priests) of Ramdev and Acharya Balkrishna, managing director, Patanjali Ayurved and co-founder, Patanjali Yogpeeth in Haridwar. Tijarawala’s tweet also claimed that this app was built using “swadeshi” techniques, though what these are remains a mystery. Emails, text messages and calls to Tijarawala went unanswered.

In keeping with an “Indian” aesthetic, the app’s logo has a “shankh” (conch shell), perhaps signifying a war cry against foreign-born WhatsApp, which has over 200 million active users in India. The conch shell also blends well with Kimbho’s tag line, “Ab Bharat Bolega” (now India will speak). But that is where its tenuous Indianness begins to crumble.

While the app was registered as a product of Patanjali Ayurved on the Play Store, the developer on Apple’s App Store is Appdios Inc, a San Francisco-based app development company. Aditi Kamal and Sumit Kumar are this company’s founders according to LinkedIn. The duo has worked with technology giants such as Google and Apple and hold masters degrees from University of Southern California in the US. A blonde man features on the screenshots that the app has featured on its landing page on the App Store.

Taking forward Bolo’s keyboard suggestions, cheekily called “Quickies”, Kimbho offers pre-typed messages such as “hugs and kisses”, “what the heck” and “parents are watching”. Whether these millennial-friendly features and Kimbho itself are an attempt to get young millennials in touch with their “swadeshi” roots remains to be seen.

For more details visit https://cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter

Don't blindly forward WhatsApp messages. You could be sued

Admin — 2018-05-31T23:49:19Z

Never before in Bengaluru has the Internet and social media taken such a vicious and violent turn as it did last week.

The article by Rajitha Menon and Surupasree Sarmmah was published in the Deccan Herald on May 29, 2018.

A fake Whatsapp message that went viral has led to the death of a man in Chamarajpet. But Bengaluru is not alone. In the recent past many have been lynched in Andhra Pradesh, Telangana, Tamil Nadu, Uttarakhand, Jharkhand and Hyderabad over rumours and fake videos.

In tech-savvy Bengaluru, a 26-year old man was beaten to death in Chamarajpet by a mob that mistook him for a kidnapper. "The big problem is that for a large part of India, WhatsApp is the first exposure to the Internet. What they see there becomes news; people don't do a critical analysis of what comes their way," says Swaraj Barooah, senior programme manager, Centre for Internet & Society, Bengaluru.

What are the legal implications of forwarding fake WhatsApp news? "It's a grey area in terms of current regulation," he says.

However, he advises caution: don't circulate messages you can't vouch for.

MT Nanaiah, senior advocate says, "If a message is intended to harm a person's reputation, it might come under the purview of the Indian Penal Code Section 499 A, which defines defamation and Section 500, which defines the punishment."

Defamation can attract a punishment of up to two years in jail and a fine. Victims of fake forwards can also sue for damage, he says.

In Varanasi, district officials are holding WhatsApp admins responsible for fake news, and issued guidelines.

"I think the courts have been doing a flip-flop on this. I am not sure but the legal validity is weak to hold admins responsible for what happens in the group," notes Barooah.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-rajitha-menon-surupasree-sarmmah-dont-blindly-forward-whatsapp-messages-you-could-be-sued

India Proposes Law to Give Indians Complete Control of their Digital Health Data

Admin — 2018-06-01T13:57:42Z

India’s health ministry has proposed a law to govern data security in the healthcare sector that would give individuals complete ownership of their health data.

The article by Madhur Singh was published as a cover story in IndiaSpend on May 31, 2018. Shweta Mohandas and Amber Sinha were quoted.

Individuals would have the absolute right to refuse or allow data to be generated, collected, accessed, transmitted or used. And data collectors such as hospitals would be prohibited from refusing treatment to those who do not want their data collected or used.

This would make India one of the world’s foremost jurisdictions in the regulation of healthcare data, at a time when governments around the world are scrambling to keep a check on who gets to generate and use data and how, especially as citizens do not completely understand the data privacy and security implications of the innumerable applications they wittingly or unwittingly use.

The draft Digital Information Security in Healthcare Act was proposed by the health ministry on March 11, 2018. The period for stakeholder comment ended April 21, and a bill is currently being finalised. Experts say the health ministry is possibly waiting for a final verdict from the Supreme Court on petitions challenging the constitutional validity of Aadhaar–on which it has just completed the second-longest oral hearing in the history of the court. The ruling is expected in July or August.

The verdict will guide India’s data privacy framework, which is already being prepared by the Committee of Experts on a Data Protection Framework for India being chaired by Justice B. N. Srikrishna. It will also have implications for the health ministry’s proposed law.

Use of data

Digital health data (DHD), or electronic health records of individuals or the public (when aggregated), typically comprise information such as a patient’s age, contact information, vital signs, lab reports, medical history including immunisations, allergies, and current and past medications.

The use of DHD promises to revolutionise healthcare services by providing more comprehensive care using the most accurate records possible, possibly reducing costs and timelines for all involved.

The law would allow anonymised health data, which cannot be traced to individuals, to be used for specified public health purposes, such as early detection and rapid response to public health emergencies such as bioterror events and infectious disease outbreaks.

However, for data in identifiable form, the draft stipulates that explicit prior permission would be needed from the digital data owner before each transmission or use. For instance, often companies offer free medical checkups to all employees. By revealing a pregnancy or a serious chronic condition, these tests could imperil an employee’s situation with their employer. With the proposed law, an employee could refuse to allow the pathology laboratory to share their data with the employer.

In recognition of the serious privacy and security concerns over uses and misuses of digital health data, the proposed law would completely prohibit use of digital health data for ‘commercial purposes’, whether in an identifiable or anonymised form.

This would mean that insurance companies, employers, human resource consultants and pharmaceutical companies would not be allowed to access or use health data, the law firm Trilegal said in an analysis posted on its website on April 11, 2018.

“Currently, employers can process health data for employee benefits, office records and insurance purposes under labour legislations like Maternity Benefits Act, Employee Compensation Act and Employee State Insurance Corporation Act and as part of their internal policies,” Trilegal said, adding that the proposed law would allow the use of digital data only to the extent required by these laws. “However, access, use or disclosure of [digital health data] to employers or human resource consultants for any other purpose is prohibited,” Trilegal noted.

Similarly, insurance companies and drug makers would not be allowed to access or use digital health data, although use for academic, clinical and public health research would be allowed.

The central government would be tasked with establishing ‘health information exchanges’ that would regulate the exchange of DHD between various clinical establishments–hospitals, clinics, diagnostic centres, pathology laboratories, etc.–for purposes and in manners allowed under the law.

Data breach

The responsibility for ensuring data security and privacy would lie with the entity that has custody of the data, which could be penalised for data breach.

Currently, under Indian law, companies in India are not obligated to inform individuals of data breach, with the exception of banks, which are obligated to inform the Reserve Bank of India within six hours. The result is that individuals are often not aware that their details may have been compromised.

The draft law proposes to make breach notification mandatory. Data breaches would be ranked by severity, and the more serious kind would be punishable with a fine of at least Rs 1 lakh and a jail term of up to five years.

Clinical establishments and health information exchanges would have to notify the owner in case of a breach within three days. Data owners could claim compensation from the person who breached the data, and no limit has been prescribed for the compensation amount.

The draft also specifies punishment for various other offences such as unauthorised access and data theft of up to five years’ imprisonment.

Some concerns

The stringent provisions of the proposed law, particularly the blanket ban on use of DHD by insurance and pharmaceutical companies, has raised concerns among these industries.

“Most data protection laws allow healthcare institutes to process data so long as there exists a legitimate interest in doing so,” Rahul Kumar, country manager and director with security solutions company WinMagic India said, adding that provisions debarring insurance and pharmaceutical companies, “while being protective in nature might be excessively harsh under certain circumstances”.

The stringent privacy provisions also put the future of wearable devices in doubt, Shweta Mohandas of The Centre for Internet and Society (CIS) told IndiaSpend, “Perhaps a revised draft of the law, or rules framed under the final law, would specify these details.”

The draft does not clearly define the security measures that must be followed to prevent data breach, Mohandas and Amber Sinha, also of the CIS, told IndiaSpend. However, a National Electronic Health Authority proposed to be set up under the law could possibly define a clear set standards for maintaining security, they said.

Also, the draft proposes to allow for the withdrawal of consent but does not say how data would be removed from the system, Sinha and Mohandas said, adding that the roles of the various bodies to be established must be clearly defined.

Most commentators expect the finalised bill, which will be drafted after taking into account stakeholder comment, will iron out these issues.

“This law in its current form and further in its revised version will go a long way to help the industry be more secure,” Kumar said, adding, “Compliance is known to bring in a level playing field for industries and also give the end user the confidence that the critical data is secure.”

Many commentators also have questioned the timing of the health ministry’s draft law, given that India is currently in the process of creating a framework and an overarching legislation on data privacy and security. “It is curious that the Ministry has chosen to not wait for the draft law, before framing and releasing their draft,” Sinha and Mohandas said, “This suggests a lack of coordination between the different ministries, and if due care is not taken, could lead to inconsistencies across sectoral regulations of data.”

However, they said, it is possible that the health ministry will wait for the Supreme Court verdict in the Aadhaar litigation before finalising the bill.

(Singh is a contributing editor with IndiaSpend.)

For more details visit https://cis-india.org/internet-governance/news/india-spend-madhur-singh-may-31-2018-india-proposes-law-to-give-indians-complete-control-of-their-digital-data

Election Experiment Proves Facebook Just Doesn't Care About Fake News In India

Admin — 2018-05-31T22:56:48Z

Much-hyped fact-checking initiative identified only 30 bits of fake news in month-long Karnataka campaign. Yup — 30!

The article by Visvak was published in Huffington Post on May 30, 2018. Pranesh Prakash was quoted.

On April 16, a little less than a month before Karnataka went to the polls, Facebook announced a partnership with Boom Live, an Indian fact-checking website, to fight fake news during the Karnataka assembly polls.

Five days before the partnership was announced, an embattled Mark Zuckerberg stood before the the US Congress. Under fire for having allowed his platform to be used to manipulate elections, he declared that his company would do everything it could to protect the integrity of elections in India and elsewhere.

Facebook's press-release promised as much:

We have learned that once a story is rated as false, we have been able to reduce its distribution by 80%, and thereby improve accuracy of information on Facebook and reduce misinformation.

Yet, the pilot project in Karnataka suggests Facebook has a long way to go to keep Zuckerberg's promise. In an election cycle widely acknowledged as rife with misinformation, fake polls and surveys, communally coloured rumours, and blatant lies peddled by campaigners, rating stories as "false" proved to be so difficult and time consuming that the Facebook partnership was only able to debunk 30 pieces of misinformation — 25 in the run-up to the polls, and 5 in the immediate aftermath — in the month long campaign.

The much-ballyhooed partnership added up to a small financial contribution from Facebook that allowed Boom to hire two fact-checkers, one in its offices in Mumbai and one based on the ground in Bengaluru, specifically to track the election. The fact-checkers were also given access to a Facebook dashboard that could be used to discover and counter misinformation on the platform.

Boom did not reveal the sum involved or allow HuffPost India access to the dashboard, citing a non-disclosure agreement. Facebook's representatives declined comment on a detailed questionnaire sent to them.

A Gushing Sewer of Fake News

Globally, Facebook's fact-checking initiative is a little over a year old, but the partnership with Boom marks its advent in India, the company's largest market.

"It's a late start, a very late start." says Pratik Sinha, co-founder of AltNews, another prominent fact-checking website. "But they're doing something now, which is good."

Yet Govindraj Ethiraj, Founder-Editor of Boom Live, said the social networking giant's contribution to their fact-checking efforts was of limited utility. "Facebook's involvement didn't really help us," he said. "This was more about us helping them."

Ethiraj identified Facebook-owned WhatsApp as the primary medium for the propagation of fake news during the Karnataka election. Each of the three major parties in the fray reportedly set up tens of thousands of groups on the platform in an effort to spread their message. Facebook is yet to figure out a way to allow fact-checkers into the platform without breaking the end-to-end encryption which makes it impossible for messages to be tracked.

But even on Facebook, which lends itself far more easily to tracking and monitoring, the tools that the company has built to track fake news are not particularly effective.

Facebook allows advertisers to micro-target content at users using specific attributes, and users are unlikely to report content that agrees with their ideological biases.

In his office in the aging Sun Mill Compound in Mumbai's Lower Parel, Jency Jacob, Managing Editor of Boom logged into the dashboard and scrolled through the gushing sewer of user-flagged content pouring in from around the world: stories about dinosaur remains and ancient caves, tales of celebrities battling mysterious diseases, and ordinary people undergoing plastic surgeries to look like celebrities, mixed in with news – both real and fake – that users found objectionable. There's one about the rise in fuel prices and there's even a Huffpost India story, about a Dalit being flogged to death in Gujarat. (The HuffPost India story, the editorial board can affirm, is true.)

"I can't claim that it doesn't affect me," admitted Jacob. "This morning, the first thing I saw after waking up was a video of a woman kicking a 3-year-old baby and slamming her on the ground. We are in the rush of it right now, but I don't think we will enjoy doing this all our lives."

"A lot of it is dependent on how users are reporting," Jacob continued, explaining that the dashboard tool relies on users to flag potentially "fake" news. "If the users aren't reporting it, it isn't going to come into the queue."

This is a blind spot as Facebook allows advertisers to micro-target content at users using specific attributes, and users are unlikely to report content that agrees with their ideological biases.

Everything But English

Facebook's dashboard cannot be used to report non-English content. In India, local language users outnumber English language users and more are coming online every day. The dashboard is also unable to filter stories relevant to a specific location, despite Facebook allowing advertisers to geo-target their advertisements with reasonable accuracy.

Jacob reckons the tool will get better at dealing with the Indian context over time. "This was always intended to be a pilot project. It will take them time to figure out how to get us more relevant leads," he said.

With not much help forthcoming from Facebook, Boom relied on its own tried and tested methods of tracking misinformation. Its fact-checkers monitored pages and websites known to be potential sources of fake news, told friends and family to forward anything suspicious they came across, and maintained their own reporting channel - a dedicated WhatsApp helpline for users to direct suspicious looking links.

These methods threw up about 4-5 actionable leads every day. To fact-check them, Boom deployed a combination of old school journalistic practices, such as getting fact-checkers to call sources, and tech tools like video and image matching software.

Fact-checking is a painstaking process that involves a great deal of manual effort.

"The way we measure virality is a bit of a crude method. We check whether several of us have received it or not, and whether it is being shared on all three platforms."

"Essentially, we are saying what we are saying is true, don't believe others," said Sinha. "That's a very arrogant position to take. To say that in a world full of information, there has to be a process where we take the audience from the claim to the truth. Gathering the information required to do that takes a lot of time."

According to Jacob, it sometimes takes 2-3 people working all day to fact-check a single video. And Boom only has 6 fact-checkers in all, including the two Facebook-funded hires. Given these constraints, they could act on only a fraction of the tip-offs.

"We were not looking at volume, but at impact," said Jacob, indicating that they focused their attention on misinformation that was going viral. "The way we measure virality is a bit of a crude method. We check whether several of us have received it or not, and whether it is being shared on all three platforms."

Jacob admits that there were many more stories that they could have tackled, but he says that it was impossible to address them all with the limited resources available to them.

Sinha reckons that Facebook already has the technology to significantly alleviate the manpower issue. "If you upload a video to Facebook and there's a copyright violation, they pull the video. So they know how to match videos. If they leverage that technology and apply it to fake news, it'll reduce the mundane work we have to do by half," he said.

While Facebook's contribution to Boom's sourcing and fact-checking processes was minimal, it does seem to have had a significant impact on how fact-checks were disseminated. The Facebook dashboard allows fact-checkers to tag content with ratings ranging from 'true' to 'false' with a few options in between and also attach their fact-check articles to the content. The platform then attempts to reduce distribution of the content and display the fact-check article to users whenever they encounter it on the news feed or attempt to share it.

Major Victory

This system claimed its first major victory within a week of the partnership being announced when several major media outlets including NDTV India, India Today and Republic published a list of purported star campaigners for the Congress party that turned out to be fabricated.

Boom rated the articles false and linked their fact-check. Jacob could not verify if this reduced the articles' distribution by the 80% figure touted by Facebook, but said there was a clear impact.

"NDTV India carried the story and we noticed that their traffic dropped after we linked our fact-check to their article," said Jacob. With traffic plummeting and users being shown fake news warnings when interacting with their content, most of the media houses that published the list either issued clarifications or took their articles down.

After the initial success, Boom quickly ran into the limitations of the ratings system. Fact-checks could only be done on links and not on image, video, or text posts. Facebook eventually granted Boom access to image and video posts, but text posts are still beyond the purview of fact-checkers.

While that change was likely a simple fix that only required a switch to be flipped, there are other restrictions on the ratings system that are unlikely to be lifted as easily.

From the beginning of the election cycle, false statements by prominent politicians - including the Prime Minister - were an everyday affair. As is the norm, they were faithfully reported by most media outlets without critique or context. Misinformation masquerading as opinion, wherein a set of legimitate facts are presented out of context to arrive at a blatantly false conclusion, was also a persistent feature during the polls. Such articles add to the whirlwind of campaign misinformation, but are exempted from the rating system.

"Facebook needs to figure out a more aggressive model of showing the explanatory article to the reader."

Sinha believes that misinformation that falls into these grey areas cannot be laid at Facebook's door.

But Pranesh Prakash, Fellow at the Centre for Internet and Society, said such restrictions were "extraordinarily stupid."

"As long as the distinction is made that the publication isn't msiquoting and the politician is saying something that is false - and that's easy enough to do - I can't think of a possible justification," he said, regarding false statements made by public figures.

As for misleading opinion pieces Prakash said, "Most falsehoods are not just statements that present incorrect facts, but that present facts in an incorrect context. It's clearly the context that speaks to how people interpret facts. Fact checkers can't be people who only look at facts as black and white things."

Facebook's suggested method of dealing with such articles is to attach fact-check articles to them while assigning them a 'not eligible' rating. Jacob reckons that this is yet another blind spot.

"Facebook needs to figure out a more aggressive model of showing the explanatory article to the reader. The way it is designed now, with the article showing up below as a related link, not many people will bother to go and click on that."

The Whatsapp Problem

For all its flaws, the fact-checking initiative appears to be making an attempt at solving the problem of misinformation on Facebook's news feed. But the company hasn't even begun to address the 800-pound gorilla that is WhatsApp.

While Facebook has been castigated for playing fast and loose with privacy on its primary platform, the inherently better privacy features of the fully-encrypted Whatsapp platform have made it lethal when it comes to fake news. The lack of third party access, which has prevented Facebook from monetising WhatsApp chats - thus far - and security agencies from spying on them, has also made Whatsapp messages impossible to fact-check.

In Karnataka, WhatsApp was the primary vector for the spread of a series of fake polls, some of which were eventually picked up and published by mainstream media outlets. Unlike fake news that emerges on the Facebook and Twitter, it is impossible to trace the source of misinformation on Whatsapp.

"Just as spam can be flagged and people can be barred if they're flagged as spammers, similarly, if people have been flagged as serial promoters of fake news, you can use that to nudge people's behaviour."

"If Whatsapp had a trending list, our jobs would've been a lot easier," lamented Jacob. "By and large, we have figured out what goes viral on Facebook and Twitter. It might take a day to reach us, but eventually we catch anything that's going viral on these platforms. But Whatsapp is a black box."

Prakash asserts that while encryption is a barrier, it does not make it impossible to police fake news on WhatApp. "Just as spam can be flagged and people can be barred if they're flagged as spammers, similarly, if people have been flagged as serial promoters of fake news, you can use that to nudge people's behaviour."

There are indications that WhatsApp is attempting to develop features to tackle fake news. The platform has beta-tested features that would clearly identifyforwarded messages and warn users if a message has been forwarded more than 25 times. Jacob said that Facebook was working on a product that would throw up fact-check articles when a user interacts with a fake news URL on WhatsApp. If or when any of these features actually make it to users is a matter of conjecture.

Prakash said the slow pace of progress on WhatsApp is just a reflection of the company's priorities. "It speaks to how American a company a Facebook is. Whatsapp is the real network for fake news in India, but it gets the least amount of attention."

For more details visit https://cis-india.org/internet-governance/news/huffington-post-visvak-may-30-2018-election-experiment-proves-facebook-just-doesnt-care-about-fake-news-in-india

CIS contributes to ABLI Compendium on Regulation of Cross-Border Transfers of Personal Data in Asia

Amber Sinha and Elonnai Hickok — 2018-06-03T15:10:11Z

The Asian Business Law Institute, based in Singapore published a compendium on “Regulation of cross-border transfer of personal data in Asia”. This was part of an exercise to explore legal convergence around issues such as data protection, enforcement of foreign judgments and principle of restructuring in Asia.

The compendium contains 14 detailed reports written by legal practitioners, legal scholars and researchers in their respective jurisdictions, on the regulation of cross-border data transfers in the wider Asian region (Australia, China, Hong Kong SAR, India, Indonesia, Japan, South Korea, Macau SAR, Malaysia, New Zealand, Philippines, Singapore, Thailand, and Vietnam).

The compendium is intended to act as a springboard for the next phase of ABLI's project, which will be devoted to the in-depth study of the differences and commonalities between Asian legal systems on these issues and – where feasible – the drafting of recommendations and/or policy options to achieve convergence in this area of law in Asia.

The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok. The compendium can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/regulation-of-cross-border-transfers-of-personal-data-in-asia

May 2018 Newsletter

praskrishna — 2018-06-12T14:03:24Z

CIS newsletter for the month of May 2018.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
The Centre for Internet & Society (CIS) has published a collection of stories of the impact of internet shutdowns on people's lives in the country. The stories were provided by 101 Reporters. The project was funded by Facebook and MacArthur Foundation. The report edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah can be accessed here. Anubha Sinha on behalf of CIS participated in the 36th Session of WIPO SCCR at Geneva from May 28 to June 1, 2018. CIS made statements on Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities, Draft Action Plan for Libraries, Archives and Museums, Limitations and Exceptions Agenda, and Proposed Treaty for the Protection of Broadcasting Organizations. CIS was one among the 14 NGOs which circulated a letter that raised concerns about the draft Broadcasting Treaty. India's Department of Telecommunications released a draft new telecom policy, titled ‘Draft National Digital Communications Policy 2018’. Anubha Sinha wrote an analysis on this in the Wire on May 6, 2018. Singapore based Asian Business Law Institute published a compendium on “Regulation of cross-border transfer of personal data in Asia”. The compendium contains 14 detailed reports. The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok. The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions, wrote Saumyaa Naidu in a blog post which was edited by Elonnai Hickok. Divij Joshi wrote a report that assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles. The report was edited by Elonnai Hickok and Swaraj Barooah. Data is potentially a toxic asset, if it is not collected, processed, secured and shared in the appropriate way wrote Amber Sinha in an article published in the Economic & Political Weekly. Saman Goudarzi, Elonnai Hickok and Amber Sinha wrote a report titled AI in the Banking and Finance Industry in India which seeks to map the present state of use of AI in the banking and financial sector in India. The report was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report. The National Register of Citizens (NRC) exercise in Assam focuses on updating the list of Indian citizens in the state. Khetrimayum Monish Singh and Nazifa Ahmed wrote a research paper that has provided a discourse analysis of media content and user opinions on Facebook, and media responses on the NRC official website. All posts related to this study can be found here.

Highlights

The Centre for Internet & Society (CIS) has published a collection of stories of the impact of internet shutdowns on people's lives in the country. The stories were provided by 101 Reporters. The project was funded by Facebook and MacArthur Foundation. The report edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah can be accessed here.
Anubha Sinha on behalf of CIS participated in the 36th Session of WIPO SCCR at Geneva from May 28 to June 1, 2018. CIS made statements on Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities, Draft Action Plan for Libraries, Archives and Museums, Limitations and Exceptions Agenda, and Proposed Treaty for the Protection of Broadcasting Organizations. CIS was one among the 14 NGOs which circulated a letter that raised concerns about the draft Broadcasting Treaty.
India's Department of Telecommunications released a draft new telecom policy, titled ‘Draft National Digital Communications Policy 2018’. Anubha Sinha wrote an analysis on this in the Wire on May 6, 2018.
Singapore based Asian Business Law Institute published a compendium on “Regulation of cross-border transfer of personal data in Asia”. The compendium contains 14 detailed reports. The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok.
The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions, wrote Saumyaa Naidu in a blog post which was edited by Elonnai Hickok.
Divij Joshi wrote a report that assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles. The report was edited by Elonnai Hickok and Swaraj Barooah.
Data is potentially a toxic asset, if it is not collected, processed, secured and shared in the appropriate way wrote Amber Sinha in an article published in the Economic & Political Weekly.
Saman Goudarzi, Elonnai Hickok and Amber Sinha wrote a report titled AI in the Banking and Finance Industry in India which seeks to map the present state of use of AI in the banking and financial sector in India. The report was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report.
The National Register of Citizens (NRC) exercise in Assam focuses on updating the list of Indian citizens in the state. Khetrimayum Monish Singh and Nazifa Ahmed wrote a research paper that has provided a discourse analysis of media content and user opinions on Facebook, and media responses on the NRC official website. All posts related to this study can be found here.

Articles:

The Huawei pointer (Shyam Ponappa; Business Standard and Organizing India Blogspot; May 3, 2018).

India's Draft Telecom Policy Needs to Bridge the Gap Between Intent and Execution (Anubha Sinha; Wire; May 6, 2018).
India's Data Protection Framework Will Need to Treat Privacy as a Social and Not Just an Individual Good (Amber Sinha; Economic & Political Weekly, Volume 53, Issue No. 18, 05 May, 2018).
Digital Native: Web of Wander (Nishant Shah; Indian Express; May 20, 2018).

CIS in the News:

India's National ID Project Brings Pain to Those it Aims to Help (Aayush Soni; Ozy.com; May 11, 2018).
Aadhaar Remains an Unending Security Nightmare for a Billion Indians (Karan Saini; Wire; May 11, 2018).
More errors in Aadhaar data in Andhra Pradesh than in voter database (U Sudhakar Reddy; Times of India; May 18, 2018).
Putting women human rights activists on the world map (Sarumathi K.; Hindu; May 19, 2018).
An open data ecosystem can boost India's GDP by $22 B and double farmer income (Sohini Mitter; Your Story; May 23, 2018).
Complying with Europe’s GDPR will be a “matter of survival” for Indian IT firms (Ananya Bhattacharya; Quartz India; May 24, 2018).
Don't blindly forward WhatsApp messages. You could be sued (Rajitha Menon and Surupasree Sarmmah; Deccan Herald; May 29, 2018).
Alexa’s recording leak in US ‘echoes’ privacy issues here (Mugdha Variyar; Economic Times; May 29, 2018).
Election Experiment Proves Facebook Just Doesn't Care About Fake News In India (Visvak; Huffington Post; May 30, 2018).
India Proposes Law to Give Indians Complete Control of their Digital Health Data (Madhur Singh; India Spend; May 31, 2018).
Patanjali's Kimbho swiftly retreats over security scare, ripped on Twitter (Alnoor Peermohamed and Manavi Kapur; Business Standard; May 31, 2018).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright and Patent

Blog Entries

CIS participated in the 36th SCCR held in Geneva from May 28 to June 1, 2018 and made the following statements:

Statement on the Proposed Treaty for the Protection of Broadcasting Organizations (Anubha Sinha; May 28, 2018).
NGOs circulate letter at WIPO SCCR/36 raising serious concerns about draft Broadcasting Treaty (Anubha Sinha; May 29, 2018).
Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities (Anubha Sinha; May 31, 2018).
Statement on the Draft Action Plan for Libraries, Archives and Museums (Anubha Sinha; May 31, 2018).
Statement on Limitations and Exceptions Agenda (Anubha Sinha; May 31, 2018).

Participation in Event

RightsCon Toronto 2018 (Organized by RightsCon; Beanfield Centre at Exhibition Place, Toronto; May 17, 2018). Maggie Huang, Amba Kak, Rohini Lakshané, Vidushi Marda, Elonnai Hickok and Anubha Sinha were among the speakers at the event. Amber Sinha remotely participated in a private meeting on 'Strategizing Civil Society Roles in the Artificial Intelligence Debate'. Anubha Sinha, Maggie Huang, Rohini Lakshané and Vidushi Marda presented their findings from the Pervasive Technologies project in a panel titled "Cheap and Chipper: IP in India's Affordable Smartphones". Prof Michael Geist moderated the session. Anubha Sinha and Vidushi Marda participated remotely. Elonnai Hickok participated in these sessions: IDRC cyber policy meeting; GNI board meeting; GNI learning session on MLATs; FOC-AN meeting; GNI session on Intermediary Liability.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Reports

Methods workshop on researching Future of Work in India (Natallia Khaniejo and Aayush Rathi; May 10, 2018).
AI in the Banking and Finance Industry in India (Saman Goudarzi, Elonnai Hickok and Amber Sinha; May 14, 2018)
Indian Intermediary Liability Regime: Compliance with the Manila Principles on Intermediary Liability (Divij Joshi; May 20, 2018). The report was edited by Elonnai Hickok and Swaraj Barooah.
Jurisdictional Report India (Compendium on Regulation of Cross-Border Transfers of Personal Data in Asia; Amber Sinha and Elonnai Hickok; May 31, 2018).

Blog Entry

Design Concerns in Creating Privacy Notices (Saumyaa Naidu; May 29, 2018). The blog post was edited by Elonnai Hickok.

Participation in Events

Meeting of Coalition for an Inclusive Approach on the Trafficking Bill (Organized by Alternative Law Forum; Bengaluru; May 3, 2018).
Fairness, Transparency and Accountable AI (Organized by DeepMind; London; May 10, 2018). Amber Sinha participated remotely in the inaugural meeting.
Rootconf 2018 (Organized by HasGeek; Bengaluru; May 11 - 12, 2018). Gurshabad Grover, Natallia Khaniejo and Aayush Rathi attended the event.
Inter Movements Open Forum: Trafficking Bill (Organized by Sangram, Naz Foundation, NNSW, Tarshi and VAMP; India International Centre, New Delhi; May 18, 2018).
IETF Indian Community Meetup: RFCs We Love (IoT edition) (Organized by Indian IETF Community; Zoomcar's office; Bengaluru; May 19, 2018). Gurshabad Grover and Sandeep Kumar attended 'RFCs We Love Meetup'.
Emerging Technologies: Issues & Way Forward (Organized by Technology Policy team at the National Institute of Public Finance and Policy; Bengaluru; May 23 - 24, 2018).
Privacy in the Digital Age: Addressing Common Challenges, Seizing Opportunities (Organized by DG Justice and Consumers and European Union; New Delhi; May 25, 2018).

►Free Speech and Expression

Report

Internet Shutdown Stories (Edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah; Foreword by Sunil Abraham; May 17, 2018). Case studies from the states of Jammu & Kashmir, Haryana, Rajasthan, Gujarat, Telangana, West Bengal, Tripura, Manipur, Nagaland, and Uttar Pradesh have been highlighted in this compilation.

Blog Entry

DIDP Request #30 - Enquiry about the employee pay structure at ICANN (Paul Kurian and Akriti Bopanna; May 26, 2018).

-----------------------------------
Telecom
-----------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Articles

The Huawei pointer (Shyam Ponappa; Business Standard and Organizing India Blogspot; May 3, 2018).
India's Draft Telecom Policy Needs to Bridge the Gap Between Intent and Execution (Anubha Sinha; Wire; May 6, 2018).

-----------------------------------
Researchers at Work
-----------------------------------

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Draft Research Paper

Infrastructure as Digital Politics: Media Practices and the Assam NRC Citizen Identification Project (Khetrimayum Monish Singh and Nafiza Ahmed; May 15, 2018).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/may-2018-newsletter-1

Alexa’s recording leak in US ‘echoes’ privacy issues here

Admin — 2018-05-30T00:49:26Z

Market analyst Sanjay Mehta (name changed) has been keeping his Amazon Echo smart speaker mostly unplugged since reports surfaced last week of the device’s voice assistant, Alexa, inadvertently recording and sending out conversations of a family in the US.

The article by Mugdha Variyar was published in the Economic Times on May 29, 2018. Sunil Abraham was quoted.

Digital rights activist Nikhil Pahwa keeps his Google Home smart speaker occasionally plugged out, citing the propensity of the device’s voice assistant to assume it is being queried even when it is not. In the Portland case involving Echo, Alexa had misinterpreted a family’s conversation to be a request to record and send the conversation to a person in the family’s contacts list.

In India, as internet consumers become comfortable using AI-powered voice assistants to play music, set tasks and seek information, they are also waking up to the fragility of data privacy, especially after the infamous Facebook-Cambridge Analytica episode. Indian laws, though, are yet to catch up with technology such as these, say privacy experts.

Globally too, governments are grappling with framing policy around data and privacy. That said, the European Union’s tough privacy laws on how companies can handle user data, introduced last week, are forcing companies to seek consent from customers globally to use their data.

According to Singapore-based market research firm Canalys, 108,000 units of Amazon Echo devices were shipped to sales channels in India in the first quarter of this year. As for Google Home, which was launched here in April, 25,000 devices have been shipped so far.

“It is always the company’s fault when such incidents (Alexa’s recording leak) happen. But if it does happen in India, it will also be the government’s fault since there is a big vacuum when it comes to protecting privacy in the digital age,” said Sunil Abraham, executive director of Centre for Internet and Society.

Abraham said a recording device in homes could open up the possibility of hacking or wiretapping. He, however, added that the Amazon incident would not necessarily create any panic. Amazon did not respond to specific queries about what steps it was taking to ensure such incidents do not occur again.

Google said it provides a Home user control through its activity control feature, ability to delete voice-recording history and control permissions to personal data on Gmail, as well as the option to mute the device.

Abraham cited the principles of data minimisation, that is, bare minimum collection of data, and minimal data retention policies with the user, as the main policy requirements, especially to prevent incidents such as the Alexa leak. “We are hopeful that the Srikrishna Committee will include this in the data privacy law,” he added.

While there needs to be a strong law, there also needs to be a strong citizen advocacy, where users take a company to court for privacy breach. Alexa users should also be sending queries to Amazon about what steps they are taking for privacy protection.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-29-mugdha-variyar-alexas-recording-leak-in-us-echoes-privacy-issues-here

Design Concerns in Creating Privacy Notices

saumyaa — 2018-06-06T13:45:40Z

The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions.

This blog post was edited by Elonnai Hickok.

The Role of Design in Enabling Informed Consent

Currently, privacy notices and choice mechanisms, are largely ineffective. Privacy and security researchers have concluded that privacy notices not only fail to help consumers make informed privacy decisions but are mostly ignored by them. [1] They have been reduced to being a mere necessity to ensure legal compliance for companies. The design of privacy systems has an essential role in determining whether the users read the notices and understand them. While it is important to assess the data practices of a company, the communication of privacy policies to users is also a key factor in ensuring that the users are protected from privacy threats. If they do not read or understand the privacy policy, they are not protected by it at all.

The visual communication of a privacy notice is determined by the User Interface (UI) and User Experience (UX) design of that online platform. User experience design is broadly about creating the logical flow from one step to the next in any digital system, and user interface design ensures that each screen or page that the user interacts with has a consistent visual language and styling. This compliments the path created by the user experience designer. [2] UI/UX design still follows the basic principles of visual communication where information is made understandable, usable and interesting with the use of elements such as colours, typography, scale, and spacing.

In order to facilitate informed consent, the design principles are to be applied to ensure that the privacy policy is presented clearly, and in the most accessible form. A paper by Batya Friedman, Peyina Lin, and Jessica K. Miller, ‘Informed Consent By Design’, presents a model of informed consent for information systems. [3] It mentions the six components of the model; Disclosure, Comprehension, Voluntariness, Competence, Agreement, Minimal Distraction. The design of a notice should achieve these components to enable informed consent. Disclosure and comprehension lead to the user being ‘informed’ while ‘consent’ encompasses voluntariness, competence, and agreement. Finally, The tasks of being informed and giving consentshould happen with minimal distraction, without diverting users from their primary taskor overwhelming them with unnecessary noise.[4]

UI/UX design builds upon user behaviour to anticipate their interaction with the platform. It has led to practices where the UI/UX design is directed at influencing the user to respond in a way that is desired by the system. For instance, the design of default options prompts users to allow the system to collect their data when the ‘Allow’ button is checked by default. Such practices where the interface design is used to push users in a particular direction are called “dark patterns”.[5] These are tricks used in websites and apps that make users buy or sign up for things that they did not intend to. [6] Dark patterns are often followed as UI/UX trends without the consequences on users being questioned. This has had implications on the design of privacy systems as well. Privacy notices are currently being designed to be invisible instead of drawing attention towards them.

Moreover, most communication designers believe that privacy notices are beyond their scope of expertise. They do not consider themselves accountable for how a notice comes across to the user. Designers also believe that they have limited agency when it comes to designing privacy notices as most of the decisions have been already taken by the company or the service. They can play a major role in communicating privacy concerns at an interface level, but the issues of privacy are much deeper. Designers tend to find ways of informing the user without compromising the user experience, and in the process choose aesthetic decisions over informed consent.

Issues with Visual Communication of Privacy Notices

The ineffectiveness of privacy notices can be attributed to several broad issues such as the complex language and length, their timing, and location. In 2015, the Center for Plain Language [7] published a privacy-policy analysis report [8] for TIME.com [9], evaluating internet-based companies’ privacy policies to determine how well they followed plain language guidelines. The report concluded that among the most popular companies, Google and Facebook had the more accessible notices, while Apple, Uber, and Twitter were ranked as less accessible. The timing of notices is also crucial in ensuring that it is read by the users. The primary task for the user is to avail the service being offered. The goals of security and privacy are valued but are only secondary in this process. [10] Notices are presented at a time when they are seen as a barrier between the user and the service. People thus, choose to ignore the notices and move on to their primary task. Another concern is disassociated notices or notices which are presented on a separate website or manual. The added effort of going to an external website also gets in the way of the users which leads to them not reading the notice. While most of these issues can be dealt with at the strategic level of designing the notice, there are also specific visual communication design issues that are required to be addressed.

Invisible Structure and Organisation of Information

Long spells of text with no visible structure or content organisation is the lowest form of privacy notices. These are the blocks of text where the information is flattened with no visual markers such as a section separator, or contrasting colour and typography to distinguish between the types of content. In such notices, the headings and subheadings are also not easy to locate and comprehend. For a user, the large block of text appears to be pointless and irrelevant, and they begin to dismiss or ignore it. Further, the amount of time it would take for the user to read the entire text and comprehend it successfully, is simply impractical, considering the number of websites they visit regularly.

The privacy policy notice by Apple [11] with no use of colours or visuals.

The privacy policy notice by Twitter [12] no visual segregator

Visual Contrast Between Front Interface and Privacy Notices

The front facing interface of an app or website is designed to be far more engaging than the privacy notice pages. There is a visible difference in the UI/UX design of the pages, almost as if the privacy notices were not designed at all. In case of Uber’s mobile app, the process of adding a destination, selecting the type of cab and confirming a ride has been made simple to do for any user. This interface has been thought through keeping in mind the users’ behaviour and needs. It allows for quick and efficient use of the service. As opposed to the process of buying into the service, the privacy notice on the app is complex and unclear.

Uber mobile app screenshots of the front interface (left) and the policy notice page (right)

Gaining Trust Through the Initial Pitch

A pattern in the privacy notices of most companies is that they attempt to establish credibility and gain confidence by stating that they respect the users’ privacy. This can be seen in the introductory text of the privacy notices of Apple and LinkedIn. The underlying intent seems to be that since the company understands that the users’ privacy is important, the users can rely on them and not read the full notice.

Introduction text to Apple’s privacy policy notice [13]

Introduction text to LinkedIn’s privacy policy notice [14]

Low Navigability

The text heavy notices need clear content pockets which can be navigated through easily using mechanisms such as menu bar. Navigability of a document allows for quick locating of sections, and moving between them. Several companies miss to follow this. Apple and Twitter privacy notices (shown above), have low navigability as the reader has no prior indication of how many sections there are in the notice. The reader could have summarised the content based on the titles of the sections if it were available in a table of contents or a menu. Lack of a navigation system leads to endless scrolling to reach the end of the page.

Facebook privacy notice, on the other hand is an example of good navigability. It uses typography and colour to build a clear structure of information that can be navigated through easily using the side menu. The menu doubles up as a table of contents for the reader. The side menu however, does not remain visible while scrolling down the page. This means while the user is reading through a section, they cannot switch to a different section from the menu directly. They will need to click on the ‘Return to top’ button and then select the section from the menu.

Navigation menu in the Facebook Data Policy page [15]

Lack of Visual Support

Privacy notices can rely heavily on visuals to convey the policies more efficiently. These could be visual summaries or supporting infographics. The data flow on the platform and how it would affect the users can be clearly visualised using infographics. But, most notices fail to adopt them. The Linkedin privacy notice [16] page shows a video at the beginning of its privacy policy. Although this could have been an opportunity to explain the policy in the video, LinkedIn only gives an introduction to the notice and follows it with a pitch to use the platform. The only visual used in notices currently are icons. Facebook uses icons to identify the different sections so that they can be located easily. But, apart from being identifiers of sections, these icons do not contribute to the communication of the policy. It does not make reading of the full policy any easier.

Icon Heavy ‘Visual’ Privacy Notices

The complexity of privacy notices has led to the advent of online tools and generators that create short notices or summaries for apps and websites to supplement the full text versions of policies. Most of these short notices use icons as a way of visually depicting the categories of data that is being collected and shared. iubenda [17], an online tool, generates policy notice summary and full text based on the inputs given by the client. It asks for the services offered by the site or app, and the type of data collection. Icons are used alongside the text headings to make the summary seem more ‘visual’ and hence more easily consumable. It makes the summary more inviting to read, but does not reduce the time for reading.

Another icon-based policy summary generator was created by KnowPrivacy. [18] They developed a policy coding methodology by creating icon sets for types of data collected, general data practices, and data sharing. The use of icons in these short notices is more meaningful as they show which type of data is collected or not collected, shared or not shared at a glance without any text. This facilitates comparison between data practices of different apps.

Icon based short policy notice created for Google by KnowPrivacy [19]

Initiatives to Counter Issues with the Design of Privacy Notices

Several initiatives have called out the issues with privacy notices and some have even countered them with tools and resources. The TIME.com ranking of internet-based companies’ privacy policies brought attention to the fact that some of the most popular platforms have ineffective policy notices. A user rights initiative called Terms of Services; Didn’t Read [20] rates and labels websites’ terms & privacy policies. There is also the Usable Privacy Policy Project which develops techniques to semi-automatically analyze privacy policies with crowdsourcing, natural language processing, and machine learning. [21] It uses artificial intelligence to sift through the most popular sites on the Internet, including Facebook, Reddit, and Twitter, and annotate their privacy policies. They realise that it is not practical for people to read privacy policies. Thus, their aim is to use technology to extract statements from the notices and match them with things that people care about. However, even AI has not been fully successful in making sense of the dense documents and missed out some important context. [22]

One of the more provocative initiatives is the Me and My Shadow ‘Lost in Small Print’ [23] project. It shows the text for the privacy notices of companies like LinkedIn, Facebook, WhatsApp, etc. and then ‘reveals’ the data collection and use information that would closely affect the users.

Issues with notices have also been addressed by standardising their format, so people can interpret the information faster. The Platform for Privacy Preferences Project (P3P) [24] was one of the initial efforts in enabling websites to share their privacy practices in a standard format. Similar to KnowPrivacy’s policy coding, there are more design initiatives that are focusing on short privacy notice design. An organisation offering services in Privacy Compliance and Risk Management Solutions called TrustArc, [25] is also in the process of designing an interactive icon-based privacy short notice.

TrustArc’s proposed design [26] for the short notice for a sample site

Most efforts have been done in simplifying the notices so as to decode the complex terminology. But, there have been very few evaluations and initiatives to improve the design of these notices.

Recommendations

Multilayered Privacy Notices

One of the existing suggestions on increasing usability of privacy notices are multilayered privacy notices. [27] Multilayered privacy notices comprise a very short notice designed for use on portable digital devices where there is limited space, condensed notice that contains all the key factors in an easy to understand way, and a complete notice with all the legal requirements. [28] Some of the examples above use this in the form of short notices and summaries. The very short notice layer consists of who is collecting the information, primary uses of information, and contact details of the organisation.[29] Condensed notice layer covers scope or who does the notice apply to, personal information collected, uses and sharing, choices, specific legal requirements if any, and contact information. [30] In order to maintain consistency, the sequence of topics in the condensed and the full notice must be same. Words and phrases should also be consistent in both layers. Although an effective way of simplifying information, multi-layered notices must be reconsidered along with the timing of notices. For instance, it could be more suitable to show very short notices at the time of collection or sharing of user data.

Supporting Infographics

Based on their visual design, the currently available privacy notices can be broadly classified into 4 categories; (i) the text only notices which do not have a clearly visible structure, (ii) the text notices with a contents menu that helps in informing of the structure and in navigating, (iii) the notices with basic use of visual elements such as icons used only to identify sections or headings, (iv) multilayered notices or notices with short summary before giving out the full text. There is still a lack of visual aid in all these formats. The use of visuals in the form of infographics to depict data flows could be more helpful for the users both in short summaries and complete text of policy notices.

Integrating the Privacy Notices with the Rest of the System

The design of privacy notices usually seems disconnected to the rest of the app or website. The UI/UX design of privacy notices requires as much attention as the consumer-facing interface of a system. The contribution of the designer has to be more than creating a clean layout for the text of the notice. The integration of privacy notices with the rest of the system is also related to the early involvement of the designer in the project. The designer needs to understand the information flows and data practices of a system in order to determine whether privacy notices are needed, who should be notified, and about what. This means that decisions such as selecting the categories to be represented in the short or condensed notice, the datasets within these categories, and the ways of representing them would all be part of the design process. The design interventions cannot be purely visual or UI/UX based. They need to be worked out keeping in mind the information architecture, content design, and research. By integrating the notices, strategic decisions on the timing and layering of content can be made as well, apart from the aesthetic decisions. Just as the aim of the front face of the interface in a system makes it easier for the user to avail the service, the policy notice should also help the user in understanding the consequences, by giving them clear notice of the unexpected collection or uses of their data.

Practice Based Frameworks on Designing Privacy Notices

There is little guidance available to communication designers for the actual design of privacy notices which is specific to the requirements and characteristics of a system. [31] The UI/UX practice needs to be expanded to include ethical ways of designing privacy notices online. The paper published by Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor, called, ‘A Design Space for Effective Privacy Notice’ in 2015 offers a comprehensive design framework and standardised vocabulary for describing privacy notice options. [32] The objective of the paper is to allow designers to use this framework and vocabulary in creating effective privacy notices. The design space suggested has four key dimensions, ‘timing’, ‘channel’, ‘modality’ and ‘control’. [33] It also provides options for each of these dimensions. For example, ‘timing’ options are ‘at setup’, ‘just in time’, ‘context-dependent’, ‘periodic’, ‘persistent’, and ‘on demand’. The dimensions and options in the design space can be expanded to accommodate new systems and interaction methods.

Considering the Diversity of Audiences

For the various mobile apps and services, there are multiple user groups who use them. The privacy notices are hence not targeted to one kind of an audience. There are diverse audiences who have different privacy preferences for the same system. [34] The privacy preferences of these diverse groups of users’ must be accommodated. In a typical design process for any system, multiple user personas are identified. The needs and behaviour of each persona is used to determine the design of the interface. Privacy preferences must also be observed as part of these considerations for personas, especially while designing the privacy notices. Different users may need different kinds of notices based on which data practices affect them.[35] Thus, rather than mandating a single mechanism for obtaining informed consent for all users in all situations, designers need to provide users with a range of mechanisms and levels of control. [36]

Ethical Framework for Design Practitioners

An ethical framework is required for design practitioners that can be followed at the level of both deciding the information flow and the experience design. With the prevalence of ‘dark patterns’, the visual design of notices is used to trick users into accepting it. Design ethics can play a huge role in countering such practices. Will Dayable, co-director at Squareweave, [37] a developer of web and mobile apps, suggests that UI/UX designers should “Design Like They’re (Users are) Drunk”. [38] He asks designers to imagine the user to be in a hurry and still allow them access to all the information necessary for making a decision. He concludes that good privacy UX and UI is about actually trying to communicate with users rather than trying to slip one past them. In principle, an ethical design practice would respect the rights of the users and proactively design to facilitate informed consent.

Reconceptualising Privacy Notices

Based on the above recommendations, a guiding sample for multilayered privacy notices has been created. Each system would need its own structure and mechanisms for notices, which are integrated with its data practice, audiences, and medium, but this sample notice provides basic guidelines for creating effective and accessible privacy notices. The aesthetic decisions would also vary based on the interface design of a system.

Sample Fixed Icon for Privacy Notifications

A fixed icon can appear along with all privacy notifications on the system, so that the users can immediately know that the notification is about a privacy concern. This icon should capture attention instantly and suggest a sense of caution. Besides its use as a call to attention, the icon can also lead to a side panel for privacy implications from all actions that the user takes.

Sample Very Short Notice on Desktop and Mobile Platforms

The very short notices can be shown when an action from the user would lead to data collection or sharing. The notice mechanism should be designed to provide notices at different times tailored to a user’s needs in that context. The styling and placement of the ‘Allow’ and ‘Don’t Allow’ buttons should not be biased towards the ‘Allow’ option. The text used in very short and condensed notice layers should be engaging yet honest in its communication.

Sample Summary Notice

The summary or the condensed notice layer should allow the user to gauge at a glance, how the data policy is going to affect them. This can be combined with a menu that lists the topics covered in the full notice. The menu would double up as a navigation mechanism for users. It should be visible to users even as they scroll down to the full notice. The condensed notice can also be supported by an infographic depicting the flow of data in the system.

Sample Navigation Menu

All the images in this section use sample text for the purpose of illustrating the structure and layout

The full notice can be made accessible by creating a clear information hierarchy in the text. The menu which is available on the side while scrolling down the text would facilitate navigation and familiarity with the structure of the notice.

Conclusion

The presentation of privacy notices directly influences the decisions of users online and ineffective notices make users vulnerable to their data being misused. But currently, there is little conversation about privacy and data protection among designers. Design practice has to become sensitive to privacy and security requirements. Designers need to take the accountability of creating accessible notices which are beneficial to the users, rather than to the companies issuing them. They must prioritise the well-being of users over aesthetics and user experience even. The aesthetics of a platform must be directed at achieving transparency in the privacy notice by making it easily readable.

The design community in India has a more urgent task at hand of building a design practice that is informed by privacy. Comparing the privacy notices of Indian and global companies, Indian companies have an even longer way to go in terms of communicating the notices effectively. Most Indian companies such as Swiggy, [39] 99acres, [40] and Paytm [41] have completely textual privacy policy notices with no clear information hierarchy or navigation. Ola Cabs [42] provides an external link to their privacy notice, which opens as a pdf, making it even more inaccessible. Thus, there is a complete lack of design input in the layout of these notices.

Designers must engage in conversations with technologists and researchers, and include privacy and other user rights in design education in order to prepare practitioners for creating more valuable digital platforms.

For more details visit https://cis-india.org/internet-governance/blog/design-concerns-in-creating-privacy-notices