We are anonymous, we are legion

Should you worry about identity theft?

Admin — 2017-11-26T11:24:56Z

Laws in India regarding data protection may be weak, but following basic cyber hygiene rules can make your own defences stronger.

The article by Shaikh Zoaib Saleem was published in Livemint on September 20, 2017. Pranesh Prakash quoted.

Earlier this month, US-based credit information company Equifax Inc. said its systems had been struck by a cybersecurity incident that may have affected about 143 million US consumers. A report by Bloomberg said the incident could be ranked among one of the largest data breaches in history. The intruders accessed names, social security numbers, birth dates, addresses, driver’s licence numbers and also credit card numbers, Equifax said in a statement.

While this reiterates what cyber security professionals say, that nothing is hack proof, it does remind us of the range of cyber crimes, which revolve around identity theft and frauds. It gives us a chance to reflect upon how well prepared we are, if a cyber attack strikes us, or if our personally identifiable data gets leaked.

According to the Norton Cyber Security Insights Report 2016, 49% of India’s online population, or more than 115 million Indians, are affected by cybercrime at some point with the country ranking second in terms of highest number of victims. “No government or organisation creates something that is designed to fail deliberately. People find the gaps in that system and then try to misuse it,” said Ritesh Chopra, country manager, consumer business unit, Symantec India, a cyber security company.

While it can be debated as to who should take the blame in different instances, one underlying theme is following basic cyber hygiene. “There are several mobile apps that leak data. While downloading and installing an app, you may give out access to several other things in your device,” said Chopra.

Most cyber crimes involve leak or breach of public information, which leads to identity fraud. Let’s take a look at what an identity fraud could mean.

Identity theft and frauds

Everything that we do online is linked to a digital identity—an email ID, a phone number or even an IP address of a device. Harshil Doshi, strategy security consultant, Forcepoint India, a cyber security firm, said that as long as the leaked information is limited to names, email addresses, addresses and mobile numbers, there may not be a reason for worrying. “There needs to be a distinction between what information is publicly available and what can be used only privately. People also talk about Aadhaar leaks. As long as it is not my fingerprint and retina scan, there is no cause of concern, because information like name and address are anyway public,” he said.

However, not everyone agrees with this point of view. Pranesh Prakash, policy director at advocacy group Centre for Internet and Society, said email addresses, date of birth and mobile phone number of an individual are not necessarily public information. “Work-related email addresses may be publicly available online but personal ones are not,” he said. Prakash, however, added that our notion of public information keeps changing.

Identity fraud impact

The concept of identity theft has become complicated as our digital lives expand. “Everything about you as an individual is your identity, including something personal like blood group and medical history. Your social media profile, bank transactions, blogs or online comments are also a part of this. From a fraud perspective, it is equally complex,” said Chopra.

Your identity can be impersonated in several ways. “The most common methods of identity fraud all require collecting publicly-available information about you,” said Prakash. For example, celebrity leaks in the US (cloud storage was hacked) happened also because there is more information about celebrities publicly available than for an average individual, he said.

Another example could be misuse of information regarding foreign exchange. “In India, there is a limit of buying foreign exchange worth $30,000 for an individual in a year. If information on how many times you exhaust that limit falls in the wrong hands, it can be used for money laundering in your name. How many people think about how PAN and passport copy that one shares to buy foreign exchange, can be misused?” said Chopra.

Further, health insurance can be fudged and somebody can use the benefit under your name or buy restricted medicines misusing your medical prescription.

What the law says

There are provisions in the Indian Penal Code that deal with issues like cheating by impersonation to some extent. “There isn’t anything that adequately covers activities such as getting access to your personal data, which leads to identity fraud, or sufficiently penalizes things like data breaches or data leaks that facilitate identity fraud,” said Prakash.

The government is working towards data protection laws. A committee for data protection framework has been constituted under Justice B.N. Srikrishna, former judge of Supreme Court.

But it needs to be seen what comes out of these deliberations. “I am quite apprehensive, yet hopeful, about what the committee will produce, especially because they will need to deal with protection of biometric data, leaks of which will be far worse than any other leaks because biometrics is something that cannot be changed at will subsequent to a leak, unlike one’s phone number, email address or password,” said Prakash.

According to cyber security professionals, prevention seems the only way out. “We have forgotten the difference between the real and virtual worlds. In the real world, if somebody knocks at your door, you will check before opening the door ,” said Chopra. The problem for individuals starts when we click on a malicious link or download a file like a song or an image which could have a malware loaded on it. Once it enters our system, it immediately starts stealing information.

While the law may take some time to evolve and address the issues arising out of larger data breaches from corporate entities or even from the government, it is important to be vigilant, which includes having complex passwords, not sharing passwords, being aware of suspicious emails and messages and downloading files and software only from reputed sources. While this alone may not guarantee you protection online, it certainly minimises the risk.

For more details visit https://cis-india.org/internet-governance/news/livemint-shaikh-zoaib-saleem-september-20-2017-should-you-worry-about-identity-theft

Should online political advertising be regulated?

P.J. George — 2019-11-13T15:12:46Z

Micro-targeting could have potentially damaging results in the context of political advertising.

The article by P.J. George was published in the Hindu on November 8, 2019. Pranesh Prakash was interviewed.

On October 31, Twitter announced that it will no longer carry political advertisements as the power of Internet advertising “brings significant risks to politics, where it can be used to influence votes”. On the other hand, Facebook has said it will not fact-check political advertisements as it does not want to stifle free speech. In a conversation moderated by P.J. George, Pranesh Prakash (board member, The Centre for Internet and Society) and Kiran Chandra (General Secretary, Free Software Movement of India) discuss how platforms and constitutional authorities can deal with the challenges posed by online political advertising to democracies. Edited excerpts:

We have always had political advertising. What is it that makes online political advertisements different or maybe even problematic?

Pranesh Prakash: There are two things that make online political advertising different. One is targeting. Online advertising allows, especially on social networks, for a kind of targeting that wasn’t possible at the same level before. Earlier, if you wanted to target a particular segment of people for your political messaging, you could find out what kind of magazines they subscribe to and put fliers in those magazines. But you couldn’t engage in personalised targeting based on multiple attributes that is possible through platforms like Facebook and Twitter. The second is the invisibility of this kind of advertising. If there’s a billboard in the real world, everyone gets to see it. However, if there’s targeted advertising on a social media platform, not everyone gets to know of it.

Kiran Chandra: App-based organisations have designed advertisement models to specifically allow targeting. Facebook, for instance, allowed you to choose a person from a particular caste and also from a particular class in the same caste. If somebody wants to look at an advertisement for an Audi, they can go to one class of newspapers or look at billboards in some localities; the very existence of the product is not opaque to society. But targeted advertising makes it possible for two people connected to the Internet from the same source, using the same equipment, studying in the same school or college, working in the same workplace, and living in the same habitat to get two different advertisements. And micro-targeting has got potentially damaging results in the context of political advertising, particularly for elections. These platforms make it possible to go from manufacturing consent to manipulating consent. A person is continuously fed with information to vote for a particular party.

Twitter said it will no longer carry political advertisements, considering the repercussions seen in the U.S. in the past elections. On the contrary, Facebook says political advertisements are necessary and that people should see if their politicians are lying. How culpable is a platform in the case of a problematic online political advertisement?

KC: Platforms, particularly Facebook, have been washing their hands of the issue saying they are only intermediaries providing space; that the content is being generated by the people to be consumed by the people, and they have no role to play. But this is false. If you look at the complete business model of Facebook, Google, or any of the platforms, they clearly provide micro-targeting, or allow people to be manipulated for a particular purpose. So, these platforms can’t just wash their hands of the issue. In the Maharashtra election, you saw a lot of advertisements coming out which are untraceable. How can this happen without the platform itself allowing for such a possibility? The Election Commission (EC) needs to step in on all these issues. These corporations need to be very transparent in the context of elections. They need to bring out all the ways in which advertisements are displayed and also the money associated with it.

When somebody publishes it [an ad] on a Facebook wall, it is as good as publishing it in a newspaper. So, all the legislation that apply now for reasonable restrictions and freedom of speech and the freedom of press also apply to these platforms. These platforms are culpable when the very intent of their business model allows such subversion of the democratic process. They need to be brought in line to ensure that Indian democracy is safe.

PP: I completely disagree with Kiran on a number of points. For instance, those who are running a platform shouldn’t automatically be liable for what people are seeing on those platforms. The people who are actually saying things should be liable, not necessarily those who are carrying it without knowing what they’re carrying most of the time. Kiran also mentioned manipulation. The job of all advertising is to manipulate. The job of newspapers is to manipulate public opinion. And there’s always money associated with this. Newspapers carry advertisements as well. You don’t necessarily know who has paid for each ad in the newspaper. What online platforms are able to provide is actually greater transparency in this regard, at least based on what Facebook is attempting to do with its ad library. Calling this manipulation doesn’t quite work. Because then you have to specify why certain categories of things you think of as manipulating, while other categories you think of as influencing.

Second, as far as I know, Facebook does not ask for your caste. Nor does it actually allow advertisers to use caste as a category for advertising. To address the larger question of whether to carry political advertisements or not, I don’t think there are simple answers. For instance, in different jurisdictions there are different rules as to whether different kinds of media are allowed to carry political advertisements or not. In the U.S., all broadcasters are required by law not to censor on the basis of the content of political advertising. Which means that broadcasters in the U.S. cannot say to a candidate, ‘this advertisement that you’ve sent to us contains a lie and we’re not going to associate ourselves with the lie and we’re not going to carry it’. Now, when a platform like Facebook says that it will voluntarily adopt a similar standard as applies to broadcast organisations by law, all hell breaks loose. And again, there might be good reasons for it. But to say that political advertising should not contain lies, and hence should be censored, is not a viable opinion across the board.

KC: I would like to clarify one thing here. There is a clear distinction between Facebook asking your caste and Facebook allowing you to micro-target people based on their caste and class. In 2016, I created an advertisement with a tag called Brahmin bags and it allowed inclusion and exclusion based on caste and economic status. And now, after this had been made an issue for the last three years, Facebook says that advertisers can select topics that are specific to a particular caste. For instance, Dalit topics, Iyengar topics, etc. So Facebook, in its design, allows such kind of sensitivities to be used for micro-targeting. And one should not confuse general advertising with political advertising. If the advertisement is just about manipulating for buying a particular product, that has something to do with the business houses; even if one agrees with it or not. But when you speak about political advertising, when people come to participate and engage in a democratic process, the EC and The Representation of the People Act (RPA) mandate that people should be allowed to take a very clear stand, to look at what has happened in the last five years, and decide how to vote, freely and fairly. That is why the RPA clearly lists a certain set of things for free and fair elections, where even the use of money and manipulation should not be allowed to happen. Yes, the U.S. has a different context. American democracy is different from Indian democracy. We have got our own statute. This methodology in which these platforms have got their business models and are engaging deeply in subverting the Indian democratic process is a serious cause of concern. The EC should come up with new methodologies, if the existing ones are not sufficient.

Can you elaborate on how the EC can play a role in this?

KC: We brought these issues to the notice of the EC prior to the 2019 general election. The EC said it does not have enough manpower to deal with this situation for now. The EC does not have power over the police or the administration; but once the elections are on, it has the capability to take in different departments and ensure that such subversion of the democratic process does not happen. A fundamental problem with the EC’s method is that it said it was in discussion with the digital platforms to make more people vote in the election. And that itself is problematic. How is it going to be done? The EC should make public the way in which this advertising is being conducted, the money associated with it, and the people who are being reached with it. For instance, if we look at TV channels for ads during primetime, there is a mechanism, like TRP ratings, which allows them to understand and evaluate the target sections. If you look at the Maharashtra election, the advertiser itself is not known. Have people been sent communal messages? Have people been targeted based on caste, which can disqualify the contestant? The EC should reach out to the Government of India and look at the departments that are capable of handling this. If they don’t exist, it should start creating infrastructure that will be able to look into all these aspects. Also, concrete guidelines should be given to these digital platforms. And whatever comes in contradiction, or comes in the way of implementing the RPA, the EC should stop the platforms from doing it.

PP: For me, it’s not clear to what extent I would draw a distinction between advertising and other things which the EC has not been able to curtail, such as paid news and political ownership of media, which allow for very skewed viewpoints to be expressed. But insofar as what can be done about online platforms — and again, only online platforms which deal in advertising — the biggest source of online political messaging in India is WhatsApp. So, excluding the elephant in the room from this discussion, what the EC could do is bring the largest platforms together to get transparency commitments from them. Then this information needs to be made publicly available, so that the invisibility which happens with targeting gets countered. The second thing... Given that elections are geographical in nature in India, if you want to engage in advertising, you have to do it on the basis of geography, not on the basis of specific kinds of attributes of a person. And let’s also be aware that most of these attributes or guesses about people that these platforms are making are based on what people post on social media platforms, what they click. So, the one thing that can be done on a global level is transparency and restrictions on various targeting but anything else such as limitations on, say, lying in political advertising, I don't think that can or should be sold on a global level. It’s dependent far too much on each country and their models and how they interpret freedom of expression.

For more details visit https://cis-india.org/internet-governance/news/hindu-pj-george-november-8-2019-should-online-political-advertising-be-regulated

Should Nandan Nilekani's Aadhaar project, for identity proof and welfare delivery, exist at all?

praskrishna — 2014-04-14T10:27:57Z

The foundation of Aadhaar—a Congress flagship project to give every Indian a unique identity number and then use it to deliver services—has been under assault in the past three months.

The article by M. Rajshekhar was published in the Economic Times on April 3, 2014. Sunil Abraham is quoted.

Political, legal, reputational.

The political backlash is coming from leaders of BJP, the Congress' principal rival. Meenakshi Lekhi and Ananth Kumar are not, by any stretch of the imagination, the first or the last word on policy matters in the BJP, but they mince no words when they say that if their party forms a government, it will trash Aadhaar —a project that has delivered a unique ID to half of India and on which Rs 3,800 crore has been spent.

Even as BJP's loose cannons fired, the Supreme Court repeated on March 24 that the government cannot make Aadhaar mandatory to access welfare services like pensions and LPG subsidy. The same day, investigative journalism portal Cobrapost aired videos that allegedly showed agencies agreeing to enrol people from neighbouring countries for a bribe.

The BJP piled on. "It (Aadhaar) has served no purpose. They have issued cards to illegal migrants. We want citizenship cards," says Prakash Javadekar, spokesperson of BJP. His party does not have an official policy line on Aadhaar as yet, but another of its leaders, Yashwant Sinha, headed the Parliamentary panel that, in 2011, severely criticised and rejected the draft bill that provided the legal framework for Aadhaar. "We are for direct benefit transfer but not on the basis of Aadhaar, which is a very badly-designed scheme," Sinha told CNBC-TV18 on January 31. "We will give it to all citizens of India on the basis of NPR."

On the campaign trail in Bangalore, Nandan Nilekani, the chief architect and implementer of Aadhaar, defends his work as the chairman of Unique Identification Authority of India (UIDAI). "Aadhaar is a pro-development and an anti-corruption platform," says Nilekani, who was brought in by the Congress high command in 2009 and is contesting these elections on a party ticket against BJP's Kumar in Bangalore South. "It is a pity that some vested interests with narrow political and other motives are trying to stall the project."

Lost in those binaries are the objectives of Aadhaar, to universalise identity proof and to use it to plug leakages in delivery of welfare services. UIDAI, led by a hands-on Nilekani, pursued this agenda with a certain authority, great speed and an overriding emphasis on technology, all of which delivered outcomes.

But they also contributed to shortcomings that saw the project stumble on its way and for which it is now being critiqued. "This is the only way transformation takes place," says K Koshy, who was part of the team that conceptualised Aadhaar and is now with Ernst & Young. "When you know the ultimate system is workable, you sort out the problems as you go along."

Except, given the political winds blowing, it's anyone's guess what the new dispensation will feel about Aadhaar and UIDAI, from where Nilekani resigned on March 13 and which is seeing many officers who came from other parts of the government, on deputation, returning. Will the new dispensation see Aadhaar as an idea that is sound but with parts that need strengthening? Or, will they see it as an idea that is, by itself, fallacious? "I don't know where this is going," says Abhijit Sen, member, Planning Commission, under which UIDAI is housed.

At one level, it's a political question. "The next Parliament will have to decide what UIDAI can and cannot do," says Sen. At another level, even that political answer will stem from the answers to three questions that go to the core of what Aadhaar was meant to be and where it fell short.

1. Does Aadhaar Provide a Unique and Definitive Identity?

Yes and no. UIDAI collects two sets of information from an individual. The first is biometrics: prints of all 10 fingers and a scan of the iris in both eyes. Biometric data, which is supposed to be unique to every individual, is used to assign a unique number to the individual. The second set is basic personal information: name, address, father's name, date of birth and address. Individuals can show existing documents—like voter's I-card or passport —as verification. For those who did not have identification documents, UIDAI allowed certain people to attest for them.

Aadhaar is better at identifying individuals through their biometrics than ensuring the accuracy of their add-on data. This is partly due to its design. When Aadhaar was being conceptualised, says Shrikant Nadhamuni, who headed technology for UIDAI: "We wanted to move the ID game—from a state where some people had no ID and others had paper ID to something beyond even what Singapore had, in the form of smart cards, to online. Like biometric. Which is the future.

Here, your presence is enough to vet your ID." This is also partly due to how UIDAI did its enrolments. Shortly after taking charge, Nilekani announced UIDAI would issue 600 million Aadhaar numbers by March 2014. The initial plan was that the National Population Register (NPR), which conducts the decadal Census and which is housed under the ministry of home, would do the enrolments— capturing biometrics and information— and UIDAI would only issue the numbers.

Soon after, Nilekani decided he could not meet his 600 million target if he waited for NPR to give him biometric packets, and offered to do enrolments too. To meet the target, UIDAI wanted to outsource enrolment to multiple vendors. And compared to NPR, UIDAI collected very little demographic data. UIDAI appointed public and private companies as enrolment agencies. Quality issues arose. "90% of the larger enrolment agencies offloaded the work to local, small-time guys," says the head of a Gurgaon-based enrolment agency, not wanting to be named.

Instances of incomplete addresses, spelling mistakes, people bribing enrolment staff to obtain numbers, emerged. "There is always a trade off between inclusion and accuracy," says Nilekani. "And the fact that these errors happened only shows that the gates were kept wide enough to ensure there would be no exclusion." "The Aadhaar database is based on very weak data," says Sunil Abraham, the head of Bangalore-based Centre for Internet and Society, an Internet and governance think-tank. "It is basically linking biometrics to a person and the name/address he claims as his." This weakness started showing up as the government began to deliver welfare services by transferring money directly into bank accounts of beneficiaries, using Aadhaar. The first step was to add the Aadhaar number to the department and bank databases.

Reddy Subramanyam, joint secretary of NREGA, tried to seed Aadhaar numbers into his database of NREGA workers. "The current matching is just 25-30%." The mismatch arises because, say, the name will be S Kumar in one and Sunil Kumar in another. Aadhaar is "less ID project and more identification project," says legal researcher Usha Ramanathan. "The onus for ensuring the demographic information is correct falls on the number-holder."

2. Are Aadhaar-enabled Cash Transfers Delivering?

If giving every Indian a unique ID was Aadhaar's main mandate, revamping welfare delivery became its second. In 2011, Nilekani headed a committee to create a roadmap to move to a system of welfare delivery where money was transferred directly into bank accounts of beneficiaries—or direct benefit transfers (DBTs). The architectures it proposed pivoted around Aadhaar and online, realtime biometric authentication. This was to replace the existing smart-card architecture, which can work even in areas even without connectivity.

UIDAI saw the cloud as the future. "We were not very taken with the smart-card solution," says Nadhamuni. "Farmers have to carry multiple smart cards around. And then, there is the cost of the card." Smart-card companies, staring at the prospect of their investments going waste, protested. "Customers and service providers deserve the right to make a convenient choice. Can someone building a public highway insist that only a certain sort of a vehicle can ply on it?" Abhishek Sinha, CEO of Eko India, a mobile-banking start-up told ET in November 2011.

"The question is whether the model is working better now than what existed before," defends Koshy. It's a question that has not been answered conclusively and credibly: there have been no independent evaluations by the government of Aadhaarbased DBTs till now. "Aadhaar should not have been rolled out on a mission mode till it was tested on some scale," says MS Sriram, visiting faculty at IIM Bangalore's Centre for Public Policy. When asked about this, Sen says: "There was no independent evaluation. Everyone was rushing." From the field came reports about manual labourers and the aged struggling to authenticate using biometrics.

Nor were comparative studies conducted to check alternative ways to improve welfare delivery. Economist Reetika Khera argues that Chhattisgarh has removed corruption from its PDS programme through a mix of computerisation and community supervision. This echoes an observation made by the Parliamentary panel while rejecting the UIDAI bill: the government had not considered comparative costs of Aadhaar and other existing ID documents.

Yet, in November 2012, the Congress decided to make DBTs its calling card for the 2014 elections. At a rally in Dudu, Rajasthan, attended by Congress leaders and Nilekani, it announced DBT rollout in the state. A year later, after a patchy rollout, the Congress lost power in the state. And on January 30, the UPA pressed pause on DBTs for cooking gas.

3. Are there Strong Safeguards to Protect a Person's Privacy?

On February 26, the Mumbai High Court directed UIDAI to share its Goa biometrics with the CBI to help it solve a rape case in the state the agency was struggling to solve. UIDAI refused, saying this would violate the privacy of its number holders. The High Court agreed with the CBI. UIDAI went to the Supreme Court, which ruled that its biometric information cannot be shared with any government agency without the consent of number holders.

But the CBI request had shown what could go wrong. "Once you create an ID system, other things happen," says Sen. "The most inevitable one is that government departments—like the police—want to access it. A database exists and I want to use it." Says a Supreme Court lawyer, not wanting to be named: "You innocently give your fingerprints to UIDAI because you want your scholarship or gas subsidy or something. You volunteer this information and then you realise this can be used as evidence against you in a criminal trial?" In time, more agencies will use Aadhaar. "The moment you start putting the Aadhaar number into multiple databases, you make them comparable," says Abraham. "Land registry, tax records, etc, all become comparable." Adds Sen: "We need to think about who can use the authentication service."

He cites the example of banks using Aadhaar to judge a borrower's credit record as a good thing. Conversely, he adds, an insurer using a customer's Aadhaar to access hospital records, and take a call on premiums or policy issuance, is a bad outcome. "Insurance is supposed to work by pooling risk. Should they (insurers) even have the right to ask for authentication?" asks Sen. UIDAI officials say three things in their defence. One, they collect innocuous information, which they don't share. Two, for authentication queries, they only give 'yes/no' answers. Three, they have safeguards.

What is missing is a legal framework that governs collection, use and retention of biometrics. "India has not passed a data privacy law," says Nadhamuni. "This is a very important legislation we need to draft and enact for projects that use large-scale IT systems, be it Aadhaar, NREGA, voter card, income tax, etc. In the absence of such laws, UIDAI came up with rigorous data privacy and security policies to secure resident data." However, the Parliamentary panel, while rejecting the bill, noted that UIDAI began collecting biometric data even as the government worked on a privacy bill and a data protection bill. "The idea that databases can be used by anyone makes people vulnerable, especially in a state where there is neither law nor much respect for law," says Ramanathan.

Aadhaar stands at an uncomfortable junction. A new government, eager to ensure only citizens have unique numbers, could ask all Aadhaar holders to provide address proof and delete the others. Events of the past three months have framed the issues concerning Aadhaar, sometimes with a touch of rhetoric. "This is a good time to open the regulation issue," says Sen.

For more details visit https://cis-india.org/news/economic-times-april-3-2014-m-rajshekhar-should-nandan-nilekani-aadhar-project-for-identity-proof-and-welfare-delivery-exist

Should an Inability to Precisely Define Privacy Render It Untenable as a Right?

amber — 2017-08-04T01:49:56Z

The judges may still be able to articulate the manner in which limits for a right to privacy may be arrived at, without explicitly specifying them.

The article was published in the Wire on August 2, 2017.

Ludwig Wittgenstein wrote in his book, Philosophical Investigations, that things which we expect to be connected by one essential common feature, may be connected by a series of overlapping similarities, where no one feature is common. Instead of having one definition that works as a grand unification theory, concepts often draw from a common pool of characteristics. Drawing from overlapping characteristics that exist between family members, Wittgenstein uses the phrase ‘family resemblances’ to refer to such concepts.

In his book, Understanding Privacy, Daniel Solove makes a case for privacy being a family resemblance concept. Responding to the discontent in conceptualising privacy, Solove attempted to ground privacy not in a tightly defined idea, but around a web of diverse yet connected ideas. Some of the diverse human experiences that we instinctively associate with privacy are bodily privacy, relationships and family, home and private spaces, sexual identity, personal communications, ability to make decisions without intrusions and sharing of personal data. While these are widely diverse concepts, intrusions upon or interferences with these experiences are all understood as infringements of our privacy.

Other scholars too have recognised this dynamic, evolving and difficult to pinpoint nature of privacy. Robert Post described privacy as a concept “engorged with various and distinct meanings.” Helen Nissenbaum advocates a dynamic idea of privacy to be understood in terms of contextual norms.

The ongoing arguments in the Supreme Court on the existence of a constitutional right to privacy can also be viewed in the context of the idea of privacy as a family resemblance concept. In their arguments, the counsels for the petitioners have tried to make a case for privacy as a multi-dimensional fundamental right. Senior advocate Gopal Subramanium argued before the court that privacy inheres in the concept of liberty and dignity under Constitution of India, and is presupposed by various other rights such as freedom of speech, good conscience, and freedom to practice religion. He further goes on say that there are four aspects to privacy – spatial, decisional, informational and the right to develop personality. Shyam Divan, also arguing for the petitioners, further added that privacy includes the right to be left alone, freedom of thought, freedom to dissent, bodily integrity and informational self-determination.

When the chief justice brought up the need to define the extent of the right to privacy, the counsels raised concerns about the right being defined too specifically. This reluctance was borne out of the recognition that by its very nature, the right to privacy is a cluster of rights, with multiple dimensions manifesting themselves in different ways depending on the context. Both advocates, Subramaniam and Arvind Datar, argued that court must not engage in an exercise to definitively catalog all the different aspects of the right, foreclosing the future development of the law on point. This reluctance was also a result of the fact that the court has isolated the question of the existence of the right to privacy and how it may apply in the case of the Aadhaar project. Usually judges are able to ground legal principles in the relevant facts of the case while developing precedents. The referral to this bench is only on the limited question of the existence of a constitutional right to privacy. Therefore, any limits that are articulated by the court on the right exist without the benefit of a context.

On the other hand, the Attorney General (AG) argued that this very aspect of privacy was a rationale for not declaring it a fundamental right. At various points during the arguments, he indicated that the ambiguous and vague nature of the concept of privacy made it unsuitable as a fundamental right. Similarly, Tushar Mehta, arguing for Unique Identification Authority of India, also sought to deny privacy’s existence as a fundamental right as it is too subjective and vague.

The above argument assumes that the inability to precisely define privacy renders its untenable as a right. The key question is whether this lack of a common denominator makes privacy too vague a right, liable to expansive misinterpretations. Conceptions that do not have fixed and sharp boundaries, are not boundless. What it means is that the boundaries can often be fuzzy and in a state of constant evolution, but the limits and boundaries always exist.

At one point during the hearings, Justice Rohinton Nariman wanted the counsels to work on the parameters of challenge for state action with respect to privacy. As mentioned earlier, in the absence of facts to work with, such an exercise is fraught with risks. However, the judges may still be able to articulate the manner in which such limits may be arrived at, without specifying them. Justice Nariman himself later agrees that the judicial examination must proceed on a case by case basis, taking into account not only the tests under Article 14,19 and 21 under which petitioners have tried to locate privacy, but also under any other concurrent rights which may be infringed.

The AG also argued that the infringement of privacy in itself does not amount to a violation of the rights under Article 21, rather in some cases the transgressions on privacy may lead to an infringement of a person’s right to liberty and only in such cases should the fundamental rights be invoked. Thus, the argument made was that there was no need to declare privacy as a fundamental right but only to acknowledge that limiting privacy may sometimes lead to violations of the already existing rights. This argument may have been more cogent had he identified specific dimensions of privacy which, according to him, do not qualify as fundamental rights. However, this might have meant conceding that other dimensions of privacy, in fact do amount to fundamental rights.

It must be remembered that the problem of changing or multiple meanings is not limited to privacy. As the bench noted, drawing comparisons to the concepts of ‘liberty’ and ‘dignity’, these are constitutionally recognised values which equally suffer from a multitude of meanings based on context. The government’s position here is in line with critiques of privacy that Solove seeks to bust in his book. The idea of privacy evolves with time and people. And people, whether from a developed or developing polity, have an instinctive appreciation for it. The absence of a precise definition does not necessarily do great disservice to a concept, especially one that is fundamental to our freedoms.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-august-2-2017-should-an-inability-to-precisely-define-privacy-render-it-untenable-as-a-right

Should Aadhaar be mandatory?

amber — 2017-12-18T15:54:39Z

This week, a constitutional bench of the Supreme Court will adjudicate on limited questions of stay orders in the Aadhaar case. After numerous attempts by the petitioners in the Aadhaar case, the court has agreed to hear this matter, just shy of the looming deadline of December 31 for the linking of Aadhaar numbers to avail government services and benefits.

The article was published in Deccan Herald on December 9, 2017.

Getting their day in the court to hear interim matters is but a small victory in what has been a long and frustrating fight for the petitioners. In 2012, Justice K S Puttaswamy, a former Karnataka High Court judge, filed a petition before the Supreme Court questioning the validity of the Aadhaar project due its lack of legislative basis (the Aadhaar Act was passed by Parliament in 2016) and its transgressions on our fundamental rights.

Over time, a number of other petitions also made their way to the apex court challenging different aspects of the Aadhaar project. Since then, five different interim orders of the Supreme Court have stated that no person should suffer because they do not have an Aadhaar number.

Aadhaar, according to the Supreme Court, could not be made mandatory to avail benefits and services from government schemes. Further, the court has limited the use of Aadhaar to only specific schemes, namely LPG, PDS, MNREGA, National Social Assistance Program, the Pradhan Mantri Jan Dhan Yojna and EPFO.

The then Attorney General, Mukul Rohatgi, in a hearing before the court in July 2015 stated that there is no constitutionally guaranteed right to privacy. But the judgement by the nine-judge bench earlier this year was an emphatic endorsement of the constitutional right to privacy.

In the course of a 547-page judgement, the bench affirmed the fundamental nature of the right to privacy, reading it into the values of dignity and liberty.

Yet months after the judgement, the Supreme Court has failed to hear arguments in the Aadhaar matter. The reference to a larger bench and subsequent deferrals have since delayed the entire matter, even as the government has moved to make Aadhaar mandatory for a number of government schemes.

At this point, up to 140 government services have made linking with Aadhaar mandatory to avail these services. Chief Justice of India Dipak Misra has promised a constitution bench this week, likely to look only into interim matters of stay on the deadline of Aadhaar-linking. It is likely that the hearings for the final arguments are still some months away. The refusal of the court to adjudicate on this issue has been extremely disappointing, and a grave disservice to the court's intended role as the champion of individual rights.

It is worth noting that the interim orders by the Supreme Court that no person should suffer because they do not have an Aadhaar number, and limiting its use only to specified schemes, still stand.

However, since the passage of the Aadhaar Act, which allows the use of Aadhaar by both private and public parties, permits making it mandatory for availing any benefits, subsidies and services funded by the Consolidated Fund of India, the spate of services for which Aadhaar has been made mandatory suggests that as per the government, the Aadhaar Act has, in effect, nullified the orders by the Supreme Court.

This was stated in so many words by Union Law Minister Ravi Shankar Prasad in the Rajya Sabha in April. This view is an erroneous one. While acts of Parliament can supersede previous judicial orders, they must do so either through an express statement in the objects of the Act, or implied when the two are mutually incompatible. In this case, the Aadhaar Act, while permitting the government authorities to make Aadhaar mandatory, does not impose a clear duty to do so.

Therefore, reading the orders and the legislation together leads one to the conclusion that all instances of Aadhaar being made mandatory under the Aadhaar Act are void.

The question may be more complicated for cases where Aadhaar has been made mandatory through other legislations, such as Prevention of Money Laundering Act, as they clearly mandate the linking of Aadhaar numbers, rather than merely allowing it. However, despite repeated appeals of the petitioners, the court has so far refused to engage with the question of the legality of such instances.

How may the issues finally be resolved? When the court deigns to hear final arguments, the Aadhaar case will be instructive in how the court defines the contours of the right to privacy. The right to privacy judgement, while instructive in its exposition of the different aspects of privacy, does not delve deeply into the question of what may be legitimate limitations on this right.

In one of the passages of the judgement, "ensuring that scarce public resources are not dissipated by the diversion of resources to persons who do not qualify as recipients" is mentioned as an example of a legitimate incursion into the right to privacy. However, it must be remembered that none of the opinions in the privacy judgement were majority judgements.

Therefore, in future cases, lawyers and judges must parse through the various opinions to arrive at an understanding of the majority opinion, supported by five or more judges. While the privacy judgement was a landmark one, its actual impact on the rights discourse and on matters like Aadhaar will depend extensively on the how the judges choose to interpret it.

For more details visit https://cis-india.org/internet-governance/blog/should-aadhaar-be-mandatory

Short-term Consultant (IETF)

elonnai — 2018-04-21T15:44:49Z

The Centre for Internet & Society is seeking an individual with a strong understanding of IETF standards to work with us on writing 7 Human Rights Considerations for Internet standards and active drafts that are relevant to public interest. Additionally, the individual will help develop a longer term work-plan, expertise and approach for engagement in the IETF.

Note: This position is consultancy based on output.

Compensation: Based on experience and output.

Application requirements: two writing samples or other examples of technical work and CV

Contact: sunil@cis-india.org

For more details visit https://cis-india.org/jobs/vacancy-for-short-term-consultant-ietf

Short-term Consultant (Cyber Security)

elonnai — 2018-04-20T01:27:36Z

The Centre for Internet & Society is seeking an individual with strong understanding of cyber security to contribute research to its cyber security research under its Internet Governance programme.

Research topics include economic incentives for cyber security, cross border sharing of data, India’s cyber security framework, and cybersecurity dimensions of e-governance .

Note: This position is consultancy based on output.

Compensation: Based on experience and output.

Application requirements: two writing samples and CV

Contact: elonnai@cis-india.org

For more details visit https://cis-india.org/jobs/vacancy-for-short-term-consultant-cyber-security

Shopping on apps raise privacy and security concerns

praskrishna — 2017-03-21T14:56:26Z

The recently concluded online Diwali sales frequently offered consumers hefty discounts on merchandise if they shopped via store app, a move that experts say increases security risks for internet users.

The article by Vivek Ananth was published by the Softcopy, an IIJNM Web Publication on November 23, 2015. Sunil Abraham gave inputs.

“It makes the security much worse because of increased complexity from the user perspective,” said Sunil Abraham, executive director at Centre for Internet and Society.

“User will have to install multiple apps and then worry about the security implications arising from each app. From the e-commerce corporation perspective it might reduce effort but for users this is a nightmare.”

Do apps increase security risks?

The degree of risk depends on the specific app and can only be determined after a detailed security audit, Abraham said.

“Unfortunately there aren't many organisations doing such audits and making their results available to the public,” he added.

There are some users who say that privacy on the internet isn’t an option.

“Once you are online your privacy is kind of gone,” said Hasmit Trivedi of Mumbai. “I mean you are vulnerable.”

“That (browsing history being used to target advertisements) does concern me, but not to the extent that I'll stop using these websites,” said Sweta Rajan, a lawyer from Mumbai.

“Google has done this forever," said Dinoo Muthappa.“I don't even care if they use my search to place advertisements of what they think I need while browsing.”

Comfort and Convenience trumps privacy

“I don't really shop for things I'm not comfortable allowing the world to know. I'm ok with them using this (usage pattern and browsing information) for commercial reasons,” Rajan said.

“We live in a world where the cost of convenience is our privacy. Take my user preferences,” said Dinoo Muthappa, a lawyer from Delhi.“If it means you'll make money and somehow reflect as a discount to me later, that's fine,” she added.

“I frankly don't have a problem with it in principle,” said Akshara Kumar Chitoor, a lawyer from Bengaluru, about companies mining data to target advertisements at her. “I don't think it's very different from how certain TV channels carry certain advertisements because they know the audiences.I mean, you get Rin and Horlicks ads on Zee and Sony but not Romedy Now or Comedy Central.”

“The convenience of having it come home when I want and not having to face the guy who I know is ripping me off; these guys can use and sell my information,” Muthappa said.

“With my work timings I literally do not find time to go to a store and shop,”Rajan said. “I buy everything online. It's very convenient and time saving.”

“Personally, I think just browsing stuff to buy is much easier on your computer,” said Sreenath Unnikrishnan, a product developer from Singapore. “However, I do think apps are more convenient for payment. As in your card information is normally stored and can be accessed without having to log in and all. I can do that on a computer too, but it's less secure. At least that's what I think.”

Google and Facebook have their advertisement norms disclosed.

Twitter also follows a similar model using the email ids that their users have associated with their twitter handles.

“If the service is free - then as many have said before - you are the product, said Sunil Abraham executive director at Centre for Internet and Society. “Your personal information is being sold to marketers and advertisers. As Bruce Schneier puts it ‘surveillance is the business model of the Internet’".

The terms and conditions are sometimes very long and use difficult language.

“Transparency and Informed Consent are principles in most jurisdictions that have data protection law modelled on the EU Data Protection Directive,” Abraham said.“Part of the transparency principle is the accessibility of the language.”

The user though still has an option to opt out of the above process where their data is collected by these companies.
Privacy policies of internet companies are legal documents. These are required under data protection laws. This makes them complicated, said Abraham.

The users don’t care that their usage data is being mined by businesses till they have a bad experience, Abraham said.

For more details visit https://cis-india.org/internet-governance/news/the-soft-copy-vivek-ananth-november-23-2015-shopping-on-apps-raise-privacy-and-security-concerns

Shooting cyber cafes before they die

praskrishna — 2013-05-31T06:32:38Z

Working for an NGO, Christy Raj cans the history of city internet parlours through the eyes of a transgender.

Vandana Kamath's article was published in the Bangalore Mirror on May 31, 2013. The Centre for Internet and Society's film on Cyber Cafes is mentioned in this article.

At the turn of the century, when dotcoms were booming, cyber cafes were ubiquitous. But just as video killed the radio star, smartphones have been the slow death of cyber cafes. They may soon be history, but before internet parlours are wiped off the face of the city, Christy Raj, 26, a transgender, has ‘captured’ them for posterity.

Raj (female to male transgender) has single-handedly shot a film on cyber cafes, viewed from the eyes of a transgender. The film is part of a project by Video Volunteers,an NGO that promotes community media. Raj is a correspondent for the NGO.

“I wanted to capture what happens in a cyber café, especially from the point of view of a transgender,” Raj said. “I’ve captured why a transgender would go to a cyber café. It could be for various reasons like applying for a job. The film captures the difficulties a transgender faces etc. It’s a short film, but conveys a lot, especially for a viewer who sees it after cyber cafes have gone extinct in the city!”

Raj admits that he had a tough time while shooting the movie. “We (actor and I) went to several cyber cafes to shoot the film,” Raj said. “Since my actor and I are both transgender, many gave us suspicious looks. Most refused to allow us to even enter the place, forget about shooting the film. We had to show our identity cards at several places and finally we got the opportunity to shoot in a cyber cafe.”

The film, a joint venture of Centre for Internet and Society (CIS) and Video Volunteers, was completed in two weeks and the raw footage was sent to Video Volunteers based in Goa. The film was screened at their fifth anniversary celebrations recently. Raj, who has basic knowledge of camera handling, has been with the NGO since 2010 and has shot various short films on subjects like sexual minorities, the recent eviction of people in Ejipura and human rights.

“Being a correspondent with Video Volunteers has given me an opportunity to work on mainstream issues and work with people from the mainstream. Prior to joining Video Volunteers, I was associated with NGOs like Samara and Sangama. We were given training in camera handling. They give us an opportunity to work on several issues based on the community.”

Raj was born and brought up in Bangalore. His parents abandoned him after they learnt of his transsexual tendencies and he had to drop out of school in the ninth standard. He lives with his partner in Sanjay Nagar.When he left his home, Raj decided he had to make a name in the community.“Today,Icanhandleacamera with confidence and conceptualise and make the films on issues pertaining not only to sexual minorities but also on several other issues,” says Raj.

For more details visit https://cis-india.org/news/bangalore-mirror-vandana-kamath-may-31-2013-shooting-cyber-cafes-before-they-die

Shining light into darkness: Encouraging greater transparency of government offensive practices in cyberspace

Admin — 2019-06-05T06:53:31Z

RightsCon is organizing a summit on human rights in the digital age in Tunis in June 2019. Sunil Abraham will be attending a conversation on encouraging greater transparency of government offensive practices in cyberspace on June 12.

In the plethora of different cybersecurity benchmark reports today, one is conspicuously missing. No entity has so far found a way to highlight and measure the different cyber offensive and deterrence doctrines, policies, or capabilities on a country-by-country basis. Similarly, there have been limited attempts to not only map, but monitor adherence to, international law and emerging international norms of behaviour in cyberspace.

During this session, pulled together by Microsoft, the Hewlett Foundation and Mastercard, we will explore whether there is value in developing either one or the other product, and assess how difficult they would be to realize. Would such a report encourage greater transparency of these policies and as a result drive international discussion about responsible behaviour in cyberspace? What would data would be required for it to generate a meaningful impact?

We will also examine whether there are lessons that can be learnt on the development, use, and impact of seminal benchmarking reports, such as the Global Peace Index, the Nuclear Security Index, Human Rights Watch’s World Report, and others. This gap is being examined in the light of the potential creation of a CyberPeace Institute, an independent non-profit organization to empower the global community with the knowledge and capabilities to protect civilians in cyberspace from sophisticated systemic cyber-attacks. It is envisioned that the CyberPeace Institute would perform three key functions: a) increase transparency of information on cyberattacks that are perpetrated by sophisticated actors and have significant, direct harm on civilians and civilian infrastructure; b) advance the role of international law and norms in governing the behavior of states and other actors in cyberspace; and c) deliver assistance at scale to the most vulnerable victims of qualifying cyberattacks, accelerating victims’ recovery and increasing their resilience. More information on the proposed Institute can be find in the attached overview.

The conversation will take place at RightsCon, in the Erythrean room on Wednesday, June 12 from 4:30 p.m - 5:30 p.m.

For more details visit https://cis-india.org/internet-governance/news/shining-light-into-darkness-encouraging-greater-transparency-of-government-offensive-practices-in-cyberspace

Sharad Sharma's case shows how rampant troll culture has become under Modi

praskrishna — 2017-06-07T12:29:18Z

Sharad Sharma's case shows how rampant troll culture has become under Modi.

This was published by Catch News on May 25, 2017.

Noam Chomsky once said: “Propaganda is to a democracy what violence is to a dictatorship”.

This couldn't be more true than in the Indian context. Abusive right-wing trolls, in this sense, can be seen as stormtroopers of the Narendra Modi government.

They are no different from political goons, using every means at their disposal – intimidation, abuse, hacking attempts, sexual harassment – to silence voices that speak against the regime.

Try tweeting about human rights violations in Kashmir or police atrocities against in Bastar, invariably an anonymous troll will appear and call you “anti-national”. Even criticising government schemes or raising questions about industrial houses supposedly close to the government, can invite abuse.

Some of the trolls are paid, some are ideologically driven while many are just plain frustrated.

But what happens when you come to know that the anonymous troll calling you an ISI agent, is actually the high profile founder of a company working with the government?

Meet Sharad Sharma, co-founder of iSpirt, a think tank that closely worked with Aadhaar. Sharma has been exposed as the man behind the twitter-handle @confident_India- that used to troll all Aadhar critics on the micro-blogging website.

He has apologised from his original twitter account, calling it “a lapse of judgment” and that 'anonymity seemed easier than propriety'.

Through his anonymous twitter handle, Sharma constantly accused Center for Internet and Society (CIS), of being foreign-funded and violating the FCRA (Foreign Contribution Regulation Act) laws, without giving any proof.

In a recently published study, CIS had alleged that Aadhaar numbers of over 13 crore people and bank account details of about 10 crore people were leaked through government portals due to to poor security measures, putting them at risk of financial fraud and identity theft.

accepted the data breach in the Supreme Court." data-reactid="36">Later, the government accepted the data breach in the Supreme Court.

Given Sharma's proximity with the government, it is quite possible that he was aware of the leaks himself. Yet to defend the government on social media, he chose the FCRA card against CIS, providing a hint of what could be in store for the public advocacy group.

Kiran Jonnalagadda, founder of the Freedom Foundation, who first exposed that it was Sharad Sharma anonymously using the @Confident_ India handle, says that “FCRA threats are a way to stop people from questioning Aadhar".

FCRA seems to have been a useful tool for the NDA government against organisations that question government policies. In April this year, the government suspended registration of environmental advocacy NGO Greenpeace. While the government is well within its right to use the FCRA law against those who violate it, but if a law is used only against those who speak against the regime, questions are likely to be raised.

While Sharma has apologised for trolling the government's critics by accusing them of foreign exchange violations and being CIA stooges, there are several handles that go to the extent of giving giving rape and death threats to those who dare to speak against the establishment.

When PM follows trolls

Recently, Trinamool Congress MP, Derek O’Brien accused Prime Minister Narendra Modi of encouraging hatred by following people who run hate campaigns on social media.

“26 Twitter handles that give out rape threats, communal threats are followed by the Prime Minister (Narendra Modi),” O‘Brien said in the Rajya Sabha.

In a recently published book, “ I am a troll” journalist Swati Chaturvedi has given an account of a former BJP volunteer Sadhavi Khosla who alleged that the BJP's social media cell was responsible for putting pressure on e-commerce company Snapdeal to drop actor Aamir Khan as its brand ambassador after the latter made strong comments on the intolerance issue.

It would be wrong to say that only BJP and Modi have (mis)used social media trolls to harass their critics. Parties like AAP and Congress also have a significant presence of anonymous twitter handles as well. But pro-Modi trolls are unmatched in the kind of threats and abuse they indulge in.

Unfortunately, trolls aren't taken to task for their behaviour. Even Sharma, after being caught, received a pat on the back from none less than Nandan Nilekani, for coming clean.

For more details visit https://cis-india.org/internet-governance/news/catch-news-may-25-2017-sharad-sharma-apos-case-shows-how-rampant-troll-culture-has-become-under-modi

Sharad Sharma Apologises for Trolling Aadhaar Critics; Unmasking Ispirit's Controversial Trolling Program

praskrishna — 2017-05-26T01:08:09Z

Last weekend I was at Aditi Mittal’s standup comedy show in Mumbai where she made a cheeky remark that stayed with me – “Do you guys know what India’s soft power is today? It is trolling!”

The blog post by Shweta Modgil was published by Inc 42 on May 23, 2017.

While she was poking fun at the Snapchat-Snapdeal-Evan Spiegel controversy, in a bizarre coincidence those words came back to haunt me three days later. That was when one of biometric authentication system Aadhaar’s most vocal critics, Kiran Jonnalagadda, co-founder of Internet Freedom Foundation (IFF), an advocacy group, revealed in a series of tweets that @Confident_India, one of the anonymous accounts arguing in favour of Aadhaar and attacking its critics on Twitter, was being operated by none other than Sharad Sharma, the founder of software products think tank iSPIRT.

At the time, Sharad had completely denied that he was tweeting from an anonymous account. But today, on Twitter, Sharad apologised for the anonymous trolling on Twitter.

In a tweet, Sharad stated that “There was a lapse of judgement on my part. I condoned tweets with uncivil comments. So I’d like to unreservedly apologise to everybody who was hurt by them.”

He added that “Anonymity seemed easier than propriety, and tired as I was by personal events and attacks on iSPIRT’s reputation, I slipped.” Furthermore, he stated that he would not be part of anything like this again or allow such behaviour to continue. He also revealed that an iSPIRT Guidelines and Compliance Committee (IGCC) has been set up to investigate the matter and recommend corrective action.

On Catching a Troll

On 17 May, Kiran tweeted out a revelation, which shook a lot of people – “Have we caught an Aadhaar troll?” Kiran used Twitter’s account reset option on Confident_India with Sharad Sharma’s number to see if it is was accepted. And, as per a screenshot posted by him, it did.

This was further corroborated by many other Twitter users. Medianama’s Nikhil Pahwa (and co-founder of IFF) also confirmed the same, tweeting that the troll account does link to Sharad Sharma.

In a detailed Medium post, Kiran then revealed how he investigated the rise of anonymous Twitter accounts and trolls responding to critics of Aadhaar. But what he revealed next was the shocking part – that at the 27th Fellows meeting of the think tank, a plan was hatched to respond to critics of India Stack which involved the use of trolls. A group called Sudham, created earlier, divided people who were broadcasting different views on Aadhaar, into different categories and then underlined various proposals on dealing with them. One of the groups called “archers” was entrusted to carry out the mainstream debate, while another group of “swordsmen” was entrusted to challenge people who were categorised as informed yet “trolling.” Swordsmen would do this by coordinating on WhatsApp with quick responses and in numbers.

Kiran got a hold of the presentation and also shared how one controversial slide also showed a detractor matrix.

It is this slide which Kiran uses to illustrate the fact that: “ iSPIRT has an officially sanctioned trolling program where the trolls coordinate on WhatsApp and attack together on Twitter, exactly the behaviour seen in all the tweets above—and I’ve only covered the leader’s tweets. There are at least a dozen known troll accounts that attack in packs.”

First Denial

Back when the information was first revealed, Sharad Sharma responded by denying that he was tweeting from the @Confident_India Twitter account.

He further added that he was in for a family emergency in the US. And that he was clueless as to why his number was linked with that account.

But, interestingly, what roused the investigator’s suspicions was that Sharad shared the same denial from another troll account @indiaforward2 – which was captured by another Twitter user before it was deleted.

The denial from Sharad’s true account came half an hour later. But the damage had been done and all fingers pointed in the direction of Sharad Sharma engaging in trolling from those accounts. Kiran then wrote another damning post on Sharad’s dubious denial.

As can be guessed, all the tweets related to this matter from Sharad’s and Indiaforward’s accounts have been deleted. The last tweet from Confident India’s account on 17 May professed that he is not Sharad Sharma.

Meanwhile, iSPIRT finally responded to Kiran’s revelations on Medium –“We want to categorically state that the allegations against iSPIRT coordinating and/or promoting any troll campaign are false and the evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.”

The post further explained that in its Fellows meeting held in February and April 2017, it did address the issue of the chatter around India Stack. It says, “Our volunteer, Tanuj Bhojwani, led the discussion and we outlined our strategy for dealing with our detractors. The slide in question is clearly titled “Detractor Matrix.” The slide outlines how we classify those speaking against India Stack, and how we are engaging with them. We called one category of people “informed yet trolling (IYT),” a category of people deliberately misleading people, despite understanding the nuance behind the debate.”

The post admitted that the think tank encouraged volunteers to respond to these IYT Twitter handles directly from their own personal handles. However, at no point did it endorse or recommend anonymous trolling.

“We are aware that some volunteers and their friends have created an anonymous campaign to Support Aadhaar. This is not a troll campaign, but an informational one. It is also not an iSPIRT campaign.”

It concluded with: “Kiran’s motivated misrepresentation of the slides perhaps speaks to his biases against iSPIRT.” The post added that it plans to investigate the confusion around the alleged mobile number and account link and clarify all outstanding questions.

Meanwhile coming back to trolling from where we started. Though Sharad’s apology did not say directly whether he operated the two Twitter accounts — @Confident_ India and @Indiaforward2 — which he was suspected of using for trolling- he signs off by saying that he requests “those who I have disappointed to look at this as an exception.”

The Aadhaar Controversy

While the series of incidents raises many doubts over an esteemed organisation such as iSPIRT, the controversy over Aadhaar, India’s massive biometric identification programme, has been raging for many months now.

Over the last few months, it has come under fire for not addressing the privacy concerns of an individual and leaking individual data. Aadhaar critics have pointed out that it is more a mass surveillance tool, can lead to identity thefts, and linking basic services with it spells doom.

This month, a CIS (Centre for Internet and Society ) report revealed that Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals, due to lack of IT security practices. The report claimed that the absence of “proper controls” in populating the databases could have disastrous results as it may divulge sensitive information about individuals, including details about the address, photographs, and financial data. It also added that as many as 100 Mn bank account numbers could have been “leaked.”

However, on May 16, the CIS updated its report and clarified that although the term ‘leak’ was originally used 22 times in its report, it is at “best characterised as an illegal data disclosure or publication and not a breach or a leak.” It also claimed that some of its findings were “misunderstood or misinterpreted” by the media and that it never suggested that the biometric database had been breached.

Meanwhile, the Aadhaar-issuing authority UIDAI has asked CIS to explain its sensational claim that 13 crore Aadhaar numbers were “leaked” and provide details of servers where they are stored. The UIDAI also wants CIS to clarify what kind of “sensitive data” is still with the Centre or anyone else. The UIDAI has strongly denied any breach of its database and has asked CIS to provide details such as the servers where the downloaded “sensitive data” is stored.

While the security of the above-mentioned Aadhaar data is still being debated, the government’s push towards making it compulsory across industries has become a major topic of debate in India.

From linking bank accounts, to PAN numbers, to obtaining free gas connections under the Pradhan Mantri Ujjwala Yojana, to linking scholarships to linking Aadhaar numbers to social welfare schemes for electronically disbursing money to specific beneficiaries, or the Aadhaar-enabled Payment System (AEPS), the government has been pushing on with Aadhaar to make it a mandatory ID rather than the voluntary one it was envisaged to be originally. India still does not have a data protection and privacy law and making Aadhaar mandatory in such a country is not without risks.

Given the fact that the UIDAI cannot afford to carry out authentication-based rollouts across schemes in haste as the failure rate of AEPS can lead to denial of direct benefits, it makes more sense to retain Aadhaar as a voluntary authenticator, at least until the government solves on-ground issues around Aadhaar-based authentication. Because any failure can erode public faith in Aadhaar as the beneficiary would not get his rightful ration over authentication failure— and, to that extent, in the government itself. So, for beneficiaries who depend on public distribution systems (PDS) for rice, sugar, kerosene or oil, authentication failure is a serious problem.

It is to this effect that PILs (public interest litigation suits) have been filed in the Supreme Court stating that making Aadhaar compulsory is illegal and would virtually convert citizens into “slaves” as they would be under the government’s surveillance all the time. The Supreme Court had itself stated in August 2015 that Aadhaar cards will not be mandatory for availing benefits of government’s welfare schemes and had also barred authorities from sharing personal biometric data collected for enrollment under the scheme.

Last month too, it lambasted the Narendra Modi-led BJP government at the Centre for making Aadhaar card a mandatory prerequisite to avail government services. The court will examine all applications against Aadhaar on June 27 2017, while the government remains steadfast on not extending the deadline of June 30 by which various schemes such as the grant of scholarships, Sarva Shiksha Abhiyan and various other social welfare schemes were to seek mandatory Aadhaar number.

While the debate rages on, controversies keep on piling up. Recently, linking people living with HIV/ AIDS with Aadhaar cards has allegedly driven away patients from hospitals and antiretroviral therapy (ATR) centres in Madhya Pradesh. As per health department sources, the MP State AIDS Control Society made Aadhaar card number compulsory from February this year for those affected by the virus to get free medicines and treatment in accordance with the Central government’s policy making Aadhaar mandatory to avail benefits of any government scheme.

However, this led to negative fallout as many patients and suspected victims started avoiding ATR centres and district hospitals after the new rule came into effect. The patients feared that the compulsory submission of Aadhaar card to get free medicines and medical check-ups could lead to the disclosure of their identity, inviting social stigma.

While there is no denying the fact that, in a welfare state, technology can play a big role in enabling the state to hand out entitlements more efficiently and distribute public services at scale. But doing the same at the cost of an individual citizen’s privacy and resting it all on one mandatory number whose authentication is still not completely foolproof, is hardly the way a welfare state would like to operate.

For more details visit https://cis-india.org/internet-governance/news/inc42-may-23-2017-shweta-modgil-sharad-sharma-aplogises-for-trolling-aadhaar-critics

Shanty home

radha — 2011-04-04T06:53:08Z

A nationwide initiative is imploring that you look closely at the greyed-out areas on your GPS maps, says Jaideep Sen in an article in the Time Out Bengaluru Magazine, November 13-26 2009 [Vol 2 Issue 9]

Call up a map of Bangalore city on Google, key in the letters “HAL”, and hit the return key. When the squiggly lines demarcating the area show up, put down the end of your forefinger at the Marathahalli end of the Old Airport Road stretch, and begin tracing your way all the way up to MG Road. It’s an easy route to follow, if you’re merely looking to head from one end of the city to the other, but that isn’t the purpose of this particular exercise, which could well be tried out along all major roadways in any city across India.

As the two Bangalore-based groups Centre for Internet and Society, and Tactical Technology Collective describe it, the attempt of that lingering fingertip is to ascertain the possibilities of creating “maps from the margins and of margins”. While that wouldn’t make immediate sense to most GPS-impelled drivers, what they’re implying is that you look around that route to try and locate and identify the numerous slums, unauthorised settlements and illegal waterways that remain greyed-out along those delineated main roads and prominent residential areas. As co-hosts of a two-month-long nationwide project titled “Maps for Social Change”, the groups are also wagering that you most likely won’t find such expanses on a map. Although, if you were to explore the neighbourhoods of say, HAL, Indira Nagar and Ulsoor, you’d find at least 30 unmarked shanties along that stretch of Old Airport Road alone.

Official figures peg the city’s slum-dwelling population at roughly 10 per cent of an estimated total 5.3 million people, in a little over 200 slums as declared by the Karnataka Slum Clearance Board. While that figure would appear minor in comparison to that of a city like Mumbai, where 60 per cent of approximately 19 million people are said to live in slums, it’s precisely that kind of disparity that this project aims to pin down against latitudinal and longitudinal positions. The purpose, said a note from the groups, is to use “geographical mapping techniques to support struggles for social justice in India”. The end result, it added, could make maps as “tools to fight injustice in society”. To understand that intention, the activists and technology specialists of the two host groups are urging people, and groups involved in social projects especially, to revisit maps and identify possibilities relevant to local campaigns and movements.

“In other countries, there’s a lot of talk about social movements using technology, even in subversive ways, but in India, this hasn’t really taken off,” said Anja (pronounced Anya) Kovacs, a Belgian who has lived in India for eight years, is a member of various campaigns in New Delhi, and is a CIS member spearheading this project. While there are many reasons for Indians to be desisting from technological means, there are many practical applications where mapping techniques can benefit social causes, she insisted.

“One example is to do with people who face displacement caused due to upcoming Special Economic Zones,” explained Kovacs. “The media, at times, portrays people against such models of development as a minority. But if you count the number of people involved in these movements, you’d come up with a mad number, and there are a mad number of struggles going on.” The project, she added, could help place such information on a map, “so that different classes of people could see what the truth actually is”.

The application inviting proposals from groups, individuals and students, begins with an exhortation for people to rethink the concept of maps. “Most of us think of maps as representations of territory,” it states. “But have you wondered why poor people are rarely given prominence, or at times are absent altogether?”

The graphic representation of a map also presents a handy educational medium, added Kovacs. “People working on concerns of sexual harassment, or state repression, public health, water management issues… the possibilities are immense.” Allan Stanley, another CIS member working on the project’s technical aspects, said the aim was to facilitate training, and extend their expertise. “It’s easily doable even for people with little internet experience,” said Stanley. “Where you create mash-ups, with [online photo and video hosting services] Flickr and You Tube, and some overlaid locative work.” At advanced levels, Stanley said that open-map projects could serve to track things like education, and density of schools in areas. Kovacs also spoke of the recent “pink chaddi” campaign, against instances of violence inflicted upon women, where a simple Google map was used to mark locations that attacks were reported from, to highlight the possibility of indicating potentially unsafe urban regions.

Link to original article

For more details visit https://cis-india.org/news/shanty-home

SFLC Round Table Discussion on Personal Data Protection Bill

Admin — 2018-10-02T03:16:19Z

Shweta Mohandas participated in a Round Table Discussion on Personal Data Protection Bill, orgnanised by SFLC on September 25, 2018 in Bangalore. She also moderated the first session - Data Protection Principles (Rights and Obligations).

See the agenda of the event here.

For more details visit https://cis-india.org/internet-governance/news/sflc-round-table-discussion-on-personal-data-protection-bill

Sexual Harassment at ICANN

padmini — 2016-04-06T14:40:55Z

Padmini Baruah represented the Centre for Internet & Society at ICANN in the month of March 2016. In a submission to ICANN she is calling upon the ICANN board for implementing a system for investigating cases related to sexual harassments.

On the 6th of March, 2016, Sunday, at about 10 am in the gNSO working session being conducted at the room Diamant, I was sexually harassed by someone from the private sector constituency named Khaled Fattal. He approached me, pulled at my name tag, and passed inappropriate remarks. I felt like my space and safety as a young woman in the ICANN community was at stake.

I had incidentally been in discussion with the ICANN Ombudsman on developing a clear and coherent sexual harassment policy and procedure for the specific purposes of ICANN’s public meetings. Needless to say, this incident pushed me to take forward what had hitherto been a mere academic interest with increased vigour. I was amazed, firstly that the office of the ombudsman only had two white male members manning it. I was initially inhibited by that very fact, but made two points before them:

With respect to action on my individual case.
With respect to the development of policy in general.

I would like to put on record that the ombudsman office was extremely sympathetic and gave me a thorough hearing. They assured me that my individual complaint would be recorded, and sought to discuss the possibility of me raising a public statement with respect to policy, as they believed that the Board would be likely to take this suggestion up from a member of the community. I was also informed, astoundingly, that this was the first harassment case reported in the history of ICANN.

I then, as a newcomer to the community, ran this idea of making a public statement by no means an easy task at all, given the attached stigma that comes with being branded a victim of a sexual crime by certain senior people within ICANN who had assured me that they would take my side in this regard. To my dismay, there were two strong stands of victim blaming and intimidation that I faced I was told, in some cases by extremely senior and well respected, prominent women in the ICANN community, that raising this issue up would demean my credibility, status and legitimacy in ICANN, and that my work would lose importance, and I would “...forever be branded as THAT woman.” My incident was also trivialised in offhand casual remarks such as “This happened because you are so pretty”, “Oh you filed a complaint, not against me I hope, ha ha” which all came from people who are very high up in the ICANN heirarchy. I was also asked if I was looking for money out of this. Click to read the full statement made to ICANN here.

For more details visit https://cis-india.org/internet-governance/blog/sexual-harassment-at-icann