We are anonymous, we are legion

Aadhaar Body Talked About Virtual ID 7 Years Ago, Put It Off: UIDAI Chief

Admin — 2018-01-16T23:42:58Z

"And at that time, it was felt that let us first give Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced," Ajay Bhushan Pandey, the chief executive officer of UIDAI, or the Unique Identification Authority of India said in an interview to NDTV this week. He called it an "extra layer of security" for the 119 crore people issued Aadhaar numbers.

The blog post by Sukriti Dwivedi was published by NDTV on January 13, 2018.

Virtual ID, the 16-digit temporary number, announced by UIDAI this week had been suggested way back in 2009-10 when its architects were still designing the system. But the Aadhaar authority, which has called Virtual ID a unique innovation to enhance privacy and security, decided against rolling it out at that time.

It may be a step forward. But not everyone is as convinced.

Cyber security Jiten Jain is one of them. Mr Jain told NDTV that UIDAI should first of all decide if the Aadhaar number was confidential information or not because it had changed its stance on this aspect on more than one occasion.

Like when government departments put out lakhs of Aadhaar number, the government agency had insisted that there was nothing really confidential about the number which could not be misused. Or when The Tribune earlier this month claimed to have found gaps in UIDAI's security system that let the newspaper demographic details of an individual, UIDAI claimed that "the Aadhaar number is not a secret number" anyways.

Also, a point is being made that if hiding an Aadhaar number enhances privacy, then what about the crores of people who have been forced to share their Aadhaar numbers - and a copy of their Aadhaar cards - all these years.

Experts suggest the timing of the announcement may not have been a coincidence. The initiative came against the backdrop of mounting privacy concerns after the newspaper expose. The hearing by a five-judge Constitution Bench of the Supreme Court to decide if the Aadhaar project violates citizens' privacy is to start hearing from next week, January 17.

Srinivas Kodali, cyber security expert and an Aadhaar researcher, said it was clear that the UIDAI had brought it hurriedly. "They said they will release the codes by March 1. So it clearly looks like they haven't planned this thoroughly," he said.

There are also concerns about the ability of people living in remote areas to generate the Virtual IDs, in terms of connectivity and literacy. That means a large proportion of people would not be able to generate the Virtual IDs.

UIDAI chief Mr Pandey said there was nothing to prevent them from continuing to use their Aadhaar number. It is an option, he stressed.

This, experts at the Bengaluru-based research group, Centre for Internet and Society, which has long advocated for a token system such as the Virtual ID, said was a problem area.

UIDAI chief Mr Pandey said there was nothing to prevent them from continuing to use their Aadhaar number. It is an option, he stressed.

This, experts at the Bengaluru-based research group, Centre for Internet and Society, which has long advocated for a token system such as the Virtual ID, said was a problem area.

"Privacy can be protected by design and not by choice," said CIS executive director Sunil Abraham, who believes the biggest flaw with Aadhaar was its design.

"Since it is not mandatory most people will just use the Aadhaar number instead of getting into the hassle of generating a VID... This is privacy through hurdles instead of privacy by design. I suggest authorities should generate VIDs for people and ensure that third parties only use VID and not the Aadhaar number," Pranesh Prakash at the CIS' policy director told NDTV.

For more details visit https://cis-india.org/internet-governance/news/ndtv-sukriti-dwivedi-january-13-2018-aadhaar-body-talked-about-virtual-id-7-years-ago-put-it-off-uidai-chief

Hammered government offers Virtual ID firewall to protect your Aadhaar

Admin — 2018-01-16T23:34:12Z

Days after reports surfaced claiming security breaches, the Unique Identification Authority of India (UIDAI) on Wednesday announced the implementation of a new security protocol that would remove the need to divulge Aadhaar numbers during authentication processes and limit third-party access to KYC details.

The article was published in New Indian Express on January 11, 2018.

Admitting that the “collection and storage of Aadhaar numbers by various entities has heightened privacy concerns”, the UIDAI circular said Authentication User Agencies (AUAs) providing Aadhaar services have to be ready to implement the protocol from March 1, 2018. From June 1 use of Virtual ID for authentication would be mandatory.

The linchpin of the new protocol will be the virtual ID (VID) — a “temporary, revocable 16-digit random number” that can be used instead of Aadhaar to verify or link services. VIDs will have a limited validity and can be generated only by the Aadhaar holder. “UIDAI will provide various options to generate, retrieve and replace VIDs… these will be made available via UIDAI’s resident portal, Aadhaar Enrolment Centre, mAadhaar mobile application, etc.,” it said. While only one VID per Aadhaar number will be valid at a time, users can revoke and generate new VIDs as many times as desired.

UIDAI will also limit KYC details accessible by AUAs by classifying them as Global AUAs, which are required to use Aadhaar e-KYC by law, and Local AUAs. Only the former will have full access to e-KYC details and can store Aadhaar numbers. Local AUAs will only have access to limited KYC details and be prohibited from storing Aadhaar numbers. UIDAI will also generate UID tokens which will be used to identify customers within agencies’ systems, but these will not be usable by other AUAs.

However, cybersecurity experts say that even if the new “patch” is effective, verification processes will have to be redone to prevent misuse of already-leaked Aadhaar numbers. “The concept is attractive, but the devil is in the details,” observed Pavan Duggal, cyberlaw expert, adding that the new system does not address those who have already gained unauthorised access to Aadhaar numbers. Sunil Abraham, executive director, Centre for Internet and Society, was more categorical. “If it has to be effective, they will have to redo (Aadhaar-KYC) from scratch.”

For more details visit https://cis-india.org/internet-governance/news/indian-express-january-11-2018-

Bengaluru gives data safety tips to panel

Admin — 2018-01-16T23:19:00Z

A crucial consultation ahead of the framing of the country's data protection laws witnessed animated discussions here on Saturday.

The article was published in Deccan Herald on January 14, 2018

Participants raised a variety of concerns. Held on the IISc campus, it discussed everything from revenge porn and human genomics to artificial intelligence and the right to be forgotten.

Cybersecurity experts, academics, lawyers and others attended the day-long event.

They made their submissions to the Srikrishna Committee, formed on July 31 last year to frame principles for data protection laws.

The session was chaired by Justice B N Srikrishna, retired Supreme Court judge. Also on the panel were Rama Vedashree, CEO, Data Security Council of India, and Gopalakrishnan S.

The basis of the discussion was a 200-page document drafted by the nine members of the Srikrishna Committee. January 31 is the deadline to respond to the committee's white paper.

Classification of data

Several dystopian scenarios, such as profiling and discrimination with the help of behavioural and psychometric data, led to discussions on the need for classification of data types.

Darshana, a lawyer from the People's Union of Civil Liberties (PUCL), spoke about how people were being denied rations for not holding Aadhaar.

The collection of children's biometric data brought up the question of consent.

Srikrishna clarified the white paper contained a chapter on consent: it suggests an age limit below which parental consent will have to be mandatory.

A discussion on the right to be forgotten arose after some participants sought a provision to revoke consent already given.

Questions associated with genome sequencing were raised by Vijay Chandru, professor, IISc.

"We need to pay special attention to this type of information. The collection of DNA in the form of saliva, when, say, you make a visit to a weight loss clinic, has become the commercial norm. The Insurance Regulatory Act can have huge implications as genetic data can be used to discriminate and deny health coverage," Chandru said.

Sunil Abraham, head of the Centre for Internet and Society, said he was delighted with the quality of debate and discussion.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-january-14-2018-pranshu-rathee-bengaluru-gives-data-safety-tips-to-panel

UIDAI introduces new two-layer security system to improve Aadhaar privacy

Admin — 2018-01-16T23:08:34Z

The Unique Identification Authority of India (UIDAI) has introduced a system of virtual authentication for citizens enrolled on its database and limited the access available to service providers in a move aimed at allaying widespread concern over security breaches that have dogged the world's largest repository of citizen data.

The article was published in Economic Times on January 11, 2018.

In one of the most significant security upgrades by the eightyear old agency, the UIDAI announced the creation of a "virtual ID" which can be used in lieu of the 12-digit Aadhaar number at the time of authentication for any service.

The UIDAI has also limited access to stored personal information and mandated the use of unique tokens through which authenticating agencies can access required data. It claims that the measures will strengthen privacy and also prevent combining of databases linked to Aadhaar.

ET was the first to report about the UIDAI plan to introduce virtual numbers to address security concerns in its November 20 edition last year.

A top government official told ET that UIDAI has been working on this technology since July of 2016. "This is going to be one of the biggest innovations ever, people can change their virtual ID whenever they want or after every authentication or every 10 seconds." He added that this will silence most critics of Aadhaar.

"The Aadhaar number being the permanent ID for life, there is need to provide a mechanism to ensure its continued use while optimally protecting the collection and storage in many databases," the UIDAI said in a notification on Wednesday while announcing the new measures.

More Needed to be Done: Experts

"The collection and storage of Aadhaar number by various entities has heightened privacy concerns," it stated.

Under the new regime, for every Aadhaar number, the authority will issue a 16-digit virtual identity number which will be "temporary and revocable at any time."

This virtual ID can be generated only by the individual Aadhaar holder and can be replaced by a new one after a minimum validity period.

In addition, while some Authentication User Agencies (AUA) — categorised by the UIDAI as 'Global' — will have access to all the details or the e-KYC of a specific Aadhaar number, all other agencies will only have access to limited data through the virtual identity number.

"So this is a very very significant thing and I think this is a great step forward," said Nandan Nilekani, former chairman of UIDAI, in an interview to television channel ET Now on Wednesday.

Nilekani, widely regarded as the architect of Aadhaar, said that through these new security measures the possibility of the Aadhaar number being stored in many databases also goes away.

It will make a huge difference in allaying the concerns and it really "eliminates all the arguments against Aadhaar," he told ET Now.

Last week, Chandigarh-based daily The Tribune reported that demographic data from the Aadhaar database could be accessed for as little as Rs 500. The expose led to the UIDAI barring over 5,000 officials from accessing its portal through login ids and passwords. It also introduced biometric authentication for future access, as reported by ET on Tuesday.

The widespread fear of misuse of demographic data is heightened by the fact that India still does not have a data protection legislation. The country's apex court is scheduled to resume its hearing on the validity of the Aadhaar scheme next week on January 17.

Kamlesh Bajaj, former CEO of the Data Security Council of India said by limiting access to only those agencies mandated by law, the UIDAI has ensured that "someone will not be able to combine database. It's a positive development in my view and technologically feasible," he said

Expert Views

Privacy experts and activists were of the view that more needs to be done to ensure foolproof security for critical personal information.

The Bengaluru-based research organisation Centre for Internet and Society has suggested that all the Aadhaar seeding with all the existing databases should be revoked. "Until then, it is one step ahead and but not enough," said Sunil Abraham, executive director of CIS.

To enable a speedy rollout of the new safety standards, the UIDAI plans to release the required technical updates by March 1, 2018 and all the Authentication agencies using the Aadhaar database will need to upgrade their systems latest by June 1, 2018.

In its circular, UIDAI has also said that agencies not allowed to use or store the Aadhaar number should make changes inside their systems to replace Aadhaar number within their databases with UID Token.

"Unless there is complete revocation, some database with Aadhaar numbers will still float around and secondly there is no reason why some data controllers should be trusted, the tokenisation should be implemented for everyone," said CIS's Abraham.

The circular said that authentication using virtual ID will be performed in the same manner as the Aadhaar number and people can generate or retrieve their virtual numbers (in case they forget) at the UIDAI's resident portal, Aadhaar Enrolment Centers, or through the Aadhaar mobile application.

In addition to the virtual numbers, UIDAI will also provide "unique tokens" to each agency against an Aadhaar number to ensure that they are to establish the uniqueness of beneficiaries in their database such as for distributing government subsidies under cooking gas or scholarships.

Activists argue that most service providers — even digital ones — work with a paper ID card system. "They don't cross-check it with the UIDAI database. UIDAI is not issuing virtual ids for paper cards, and a new category of so called Global AUAs are exempted from using the virtual ids, so citizens are not protected almost anywhere that they need to use Aadhaar," said Kiran Jonnalagadda, co-founder of the Internet Freedom Foundation, who said the change doesn't help enough to secure the ecosystem.

For more details visit https://cis-india.org/internet-governance/news/economic-times-january-11-2018-uidai-introduces-new-two-layer-security-system-to-improve-aadhaar-privacy

Is your personal information under lock and key?

Admin — 2018-01-16T16:54:33Z

Customers, be more careful about how you log in and log off!

The article by Sravanthi Challapalli was published by Hindu Businessline on January 16, 2018.

We’re coming off a year that was highlighted by several data breaches around the world. In India, the Aadhaar debate continues to make headlines, with allegations about its data theft and Big Brother potential for surveillance. And for quite a while now, the marketing world has been suffused with mention of artificial intelligence, chatbots, big data, data-driven analytics, and other such buzzwords. The ultimate, stated aim is to make life simpler for the citizen/customer. But how secure is our data, which we put out there both voluntarily and by mandate, and what can we do to protect it?

Laziness will hurt

A study by security services provider Gemalto found that retailers (76 per cent), banks (74 per cent) and social media sites (71 per cent) operating in India have a lot of work to do on this front. Consumers would leave if their personal information suffered a breach, it said. Even as the majority of customers said businesses don’t treat their data with due respect, they did not take enough precautions themselves, it observed. Fifty-one per cent of the study’s respondents used the same password across several online accounts and many did not use even available solutions such as two-factor authentication to protect social media accounts, making them susceptible to data breaches. They also believed the onus of protecting data lay on the business.

Caveats of little help

The Government has set up a committee of experts headed by Justice BN Srikrishna to look into the issue, invite comments and propose a draft law. The objective is to “ensure growth of the digital economy while keeping personal data of citizens secure and protected.” As of now, there is no law that exclusively deals with data protection though there are some provisions in the Information Technology Act of 2011.

So, caveat emptor? “Caveat emptor has meaning only when the customer has enough knowledge to protect himself,” says Sunil Abraham, Executive Director of the Bangalore-based Centre for Internet and Society. Using the sausage factory analogy (no one knew what went into the products and how clean they were), he says few know how big data is used. Regulation can help in this regard. He expects India to have data protection rules in place in a couple of years.
The Government has set up a committee of experts headed by Justice BN Srikrishna to look into the issue, invite comments and propose a draft law. The objective is to “ensure growth of the digital economy while keeping personal data of citizens secure and protected.” As of now, there is no law that exclusively deals with data protection though there are some provisions in the Information Technology Act of 2011.

Efficiency all round

ICICI Prudential Life Insurance Executive Director Puneet Nanda says digital data storage has catalysed efficiency on several fronts. “Technology helps us swiftly identify the nominee and facilitates faster payouts as compared to the times when the information was stored physically. It has improved turnaround times and enabled delivery of superior service leading to higher customer satisfaction. Corporations can provide customers instant gratification. Today, we can issue a policy in minutes. Proliferation of technology has enabled corporations to identify customer needs and make offers best suited to their requirements.”

CIS will offer comments to the Srikrishna Committee. Abraham says such laws in other countries define what personal information is, establish the office of the regulator, have powers to receive and investigate complaints and ensure marketers fall in line. Regulators have punitive powers as well. In 2014, telecom major Verizon had to pay $7.4 million in the US to settle a Federal Communications Commission complaint about advertising to customers without letting them know they had an opt-out option. The privacy conditions one routinely “agrees” to online does not give the data controller a free ticket to do what they want with the information, he says.

Not much one can do

Abraham says there is very little the customer can do, other than “acts of civil disobedience, tell lies, fill out false information” when there’s little protection. Rana Gupta, Vice President – APAC, Identity and Data Protection, Gemalto, says one is not left with many choices in an increasingly digital world, not to mention the social pressure. Imagine asking for time off from work to withdraw some cash from your bank because you are suspicious of ATMs? “Users have to rely on organisations doing the right thing,” he says. Regulation making data encryption and second-factor authentication mandatory will help. Customers have begun to ask how data is being secured, and whether it is encrypted. Addressing such concerns would help businesses such as e-commerce and banks, which are increasingly dependent on an online presence.

Even though they’re painful to remember and key in, long passwords that include a capital letter, a special character and a number are deterrents to misuse, as are one-time passwords and messages that alert/ confirm users logging in to an account or transacting a deal. Rohan Bhargava, Co-founder of cashback and coupons site CashKaro.com, says businesses have to design the best methods to thwart the worst intentions. “Companies are vulnerable when they take short cuts at basic processes.”

Bhargava says his company prefers to build most of the technical products it needs, itself, rather than resort to third-party builders/providers. Marketers, he says, experiment with a lot of untested products and the scripts they use can be the root of the problem.

Checks and balances at every stage, running security reviews whenever something changes, effectively managing the life cycle of the encryption keys and limiting access to customer data are vital. The responsibility for securing data lies with both customer and marketer but the latter’s is the larger responsibility as it is they who implement and have the infrastructure that the user does not, says Gemalto’s Gupta.

For more details visit https://cis-india.org/internet-governance/news/hindu-businessline-january-16-2018-sravanthi-challapalli-is-your-personal-information-under-lock-and-key

Internet Governance Forum Report 2017

Shweta Mohandas — 2018-01-11T02:13:07Z

The twelfth annual meeting of the Internet Governance Forum (IGF) was held in Geneva, Switzerland, from 17 to 21 December 2017, on the theme, Shape Your Digital Future!

The Centre for Internet and Society was invited as one of the participating civil society organisations. The meeting was attended by Sunil Abraham (Executive Director), Elonnai Hickok (Director) - Internet Governance and Vidushi Marda (representing both CIS as Programme Manager and ARTICLE 19 as Policy Advisor).

CIS members participated as speaker / panelists in the following sessions:

Human Rights based Cyber Security Strategy
Body as Data: Dataveillance, the Informatisation of the Body and Citizenship
What digital future for vulnerable people?
Benchmarking ICT companies on digital rights: How-to and lessons learned
CyberBRICS: Building the Next Generation Internet, STEP by Step
State-led interference in encrypted systems: a public debate on different policy approaches
Artificial Intelligence in Asia: What’s Similar? What’s Different? Findings from our AI workshops
Datafication and Social Justice: What Challenges for Internet Governance?
Fake news, Content Regulation and Platformization of the Web: A Global South Perspective

Full report here

For more details visit https://cis-india.org/internet-governance/blog/internet-governance-forum-report-2017

Fixing Aadhaar: Security developers' task is to trim chances of data breach

sunil — 2018-01-10T16:47:59Z

The task before a security developer is not only to reduce the probability of identity breach but to eliminate certain occurrences.

The article was published in Business Standard on January 10, 2017

I feel no joy when my prophecies about digital identity systems come true. This is because from a Popperian perspective these are low-risk prophecies. I had said that that all centralised identity databases will be breached in the future. That may or may not happen within my lifetime so I can go to my grave without worries about being proven wrong. Therefore, the task before a security developer is not only to reduce the probability but more importantly to eliminate the possibility of certain occurrences.

The blame for fragility in digital identity systems today can be partially laid on a World Bank document titled “Ten Principles on Identification for Sustainable Development” which has contributed to the harmonisation of approaches across jurisdictions. Principle three says, “Establishing a robust — unique, secure, and accurate — identity”. The keyword here is “a”. Like The Lord of the Rings, the World Bank wants “one digital ID to rule them all”. For Indians, this approach must be epistemologically repugnant as ours is a land which has recognised the multiplicity of truth since ancient times.

In “Identities Research Project: Final Report” funded by Omidyar Network and published by Caribou Digital — the number one finding is “people have always had, and managed, multiple personal identities”. And the fourth finding is “people select and combine identity elements for transactions during the course of everyday life”. As researchers they have employed indirect language, for layman the key takeaway is a single national ID for all persons and all purposes is an ahistorical and unworkable solution.

Revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published or inadvertently disclosed and regenerate new global identifiers. Photo: Reuters

monoculture can be prevented. The traditional approach is followed in the US - you could have multiple documents that are accepted as valid ID. Or you could have multiple identity providers providing ID artifacts using an interoperable framework as they do in the UK. Another approach is tokenisation. The first time tokenisation was suggested in the Aadhaar context was in an academic paper published in August 2016 by Shweta Agrawal, Subhashis Banerjee and Subodh Sharma from IIT Delhi titled “Privacy and Security of Aadhaar: A Computer Science Perspective”.

Though I had spoken about tokenisation as a fix for Aadhaar earlier, I wrote about it for the first time on the 31st of March, 2017, in The Hindu. The steps would be required are as follows. First, revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published or inadvertently disclosed and regenerate new global identifiers aka Aadhaar Numbers. Second, reduce the number of KYC transactions by eliminating all use cases that don’t result in corresponding transparency or security benefits. For example, most developed economies don’t have KYC for mobile phone connections. Three, the UIDAI should issue only tokens to those government entities and private sector service providers that absolutely must have KYC. When the NATGRID wants to combine subsets of 20 different databases for up to 12 different intelligence/law enforcement agencies they will have to approach the UIDAI with the token or Aadhaar number of the suspect. The UIDAI will then be able to release corresponding tokens and/or the Aadhaar number to the NATGRID. Implementing tokenisation introduces both technical and institutional checks and balances in our surveillance systems.

On 25th of July 2017, UIDAI published the first document providing implementation details for tokenisation wherein KUAs and AUAs were asked to generate the tokens. But this approach assumed that KYC user agencies could be trusted. This is because the digital identity solution for the nation as conceived by Aadhaar architects is based on the problem statement of digital identity within a firm. Within a firm all internal entities can be trusted. But in a nation state you cannot make this assumption. Airtel, a KUA, diverted 190 crores of LPG subsidy to more than 30 lakh payment bank accounts that were opened without informed consent. Axis Bank Limited, Suvidha Infoserve (a business correspondent) and eMudhra (an e-sign provider or AUA) have been accused of using replay attacks to perform unauthorised transactions. In November last year, the UIDAI indicated to the media that they were working on the next version of tokenisation — this time called dummy numbers or virtual numbers. This work needs to be accelerated to mitigate some of the risks in the current system.

The paper in its fourth key recommendation says “cryptographically embed Aadhaar ID into Authentication User Agency (AUAs) and KYC User Agency (aka KUAs) — specific IDs making correlation impossible”. The paper considers several designs for such local identifier where — 1) no linking is possible, 2) only unidirectional linking is possible, and 3) bidirectional linking is possible referring to a similar scheme in the LSE identity report.Though I had spoken about tokenisation as a fix for Aadhaar earlier, I wrote about it for the first time on the 31st of March, 2017, in The Hindu. The steps would be required are as follows. First, revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published or inadvertently disclosed and regenerate new global identifiers aka Aadhaar Numbers. Second, reduce the number of KYC transactions by eliminating all use cases that don’t result in corresponding transparency or security benefits. For example, most developed economies don’t have KYC for mobile phone connections. Three, the UIDAI should issue only tokens to those government entities and private sector service providers that absolutely must have KYC. When the NATGRID wants to combine subsets of 20 different databases for up to 12 different intelligence/law enforcement agencies they will have to approach the UIDAI with the token or Aadhaar number of the suspect. The UIDAI will then be able to release corresponding tokens and/or the Aadhaar number to the NATGRID. Implementing tokenisation introduces both technical and institutional checks and balances in our surveillance systems.On 25th of July 2017, UIDAI published the first document providing implementation details for tokenisation wherein KUAs and AUAs were asked to generate the tokens. But this approach assumed that KYC user agencies could be trusted. This is because the digital identity solution for the nation as conceived by Aadhaar architects is based on the problem statement of digital identity within a firm. Within a firm all internal entities can be trusted. But in a nation state you cannot make this assumption. Airtel, a KUA, diverted 190 crores of LPG subsidy to more than 30 lakh payment bank accounts that were opened without informed consent. Axis Bank Limited, Suvidha Infoserve (a business correspondent) and eMudhra (an e-sign provider or AUA) have been accused of using replay attacks to perform unauthorised transactions. In November last year, the UIDAI indicated to the media that they were working on the next version of tokenisation — this time called dummy numbers or virtual numbers. This work needs to be accelerated to mitigate some of the risks in the current system.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-sunil-abraham-january-10-fixing-aadhaar

UIDAI denies any breach of Aadhaar database

Admin — 2018-01-07T12:03:13Z

Personal data, including biometric information, of citizens safe and secure, says UIDAI on Aadhaar data breach.

The article by Komal Gupta was published by Livemint on January 7, 2018

The Unique Identification Authority of India (UIDAI) on Thursday clarified that there has not been any breach in the Aadhaar database and the personal data of citizens, including biometric information, is safe and secure.

The clarification comes in response to a news report titled ‘Rs 500, 10 minutes, and you have access to a billion Aadhaar details’ published in The Tribune on Thursday. The report claims that a WhatsApp group sold all Aadhaar data available with UIDAI for a sum of Rs. 500.

UIDAI maintained that the reported case appeared to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains complete logs and traceability of the facility, legal action including lodging of FIR against the persons involved in the case is being undertaken. UIDAI maintained that the reported case appeared to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains complete logs and traceability of the facility, legal action including lodging of FIR against the persons involved in the case is being undertaken. UIDAI clarified in a press statement that displayed demographic information cannot be misused; it would need to be paired with an individual’s biometrics.

There are more than 1.19 billion Aadhaar card holders in the country.

“If it is not a data breach, then this means that some people who have legitimate access to the data are selling it illegitimately. This poses a greater problem,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-january-7-2018-uidai-denies-any-breach-of-aadhaar-database

From net neutrality to IBC & Aadhaar, how Vidhi is framing key government legislation

Admin — 2018-01-04T14:45:59Z

It's not every day that a 30-something former Oxford academic disrupts the plans of the world's biggest disruptor.

The article by Surabhi Agarwal and Samanwaya Rautray was published in Economic Times on January 4, 2018.

But Arghya Sengupta is no pushover — his boyish charm perfectly couches confidence, clarity and commitment towards translating law for the layman. That alone helped Sengupta and his team from the Vidhi Centre of Legal Policy to take on none other than Facebook's Mark Zukerberg and his army of public policy wonks and spin doctors during the fiery net neutrality debate, helping the telecom regulator draft guidelines. Vidhi's intervention had a huge impact and led to Facebook's Free Basics programme being called off, changing the global narrative on net neutrality forever. That zeal continues.

Walk into their office in a plush Defence Colony bungalow even at 7 pm and you will feel the fervour. The day ET did, two colleagues were discussing interference in appointments to tribunals.

Judicial reforms is one of the many independent research projects Vidhi has been pursuing since it came into existence in December 2013. It has since carved out a significant role for itself in framing key government legislations — perhaps more than any legal think tank in India. In fact, several of Vidhi's independent research projects on public policy have led to commissioned assignments from the government as well as the judiciary.

The Game Begins

Vidhi's first government assignment had to do with the ministry of finance's Public Procurement Bill. Since then, it has assisted in framing the Insolvency and Bankruptcy Code, the Aadhaar Act and amendments to the Companies Act. It has also helped in drafting differential pricing norms under net neutrality guidelines issued by Telecom Regulatory Authority of India. It is currently working on the Financial Resolution and Deposit Insurance (FRDI) and Data Protection Bills, and is also involved in deliberations over simplifying GST.

So how did this not-for-profit organisation manage such velocity? Sengupta, the 33-year-old founder of Vidhi, points to the void that exists between good legal research and framing of legislations in India. "A particular problem that exists within the governance framework is that good policy ideas don't often translate into good legislation because lawyers and policy makers don't talk to each other," he says to explain where Vidhi fits in. "There is nothing special about us...Policy and law is a new area and there are very few people doing high-quality work in it." Vidhi is mostly engaged directly by ministries or departments drafting a particular law, and not by the law ministry.

Sengupta, former faculty at Pembroke College in the UK, where he taught administrative law, emphasises that Vidhi does not draft laws, only assists in their drafting. "To some, we provide inputs and research, while for others we sit together to draft the legislation."

Their primary goal is to draft better law — and they have no competition. The only other organisation coming even close is NIPFP, providing sectorial services for government committees. In that sense, NIPFP doesn't have lawyers so they may not draft the law, says Sunil Abraham, executive director of Bengaluru-based think tank, Centre for Internet and Society (CIS). "Vidhi's efforts are pioneering and it's not surprising that they have become so successful. They are like that Mad Magazine tagline, number one in the field of one," he quips. "Other bodies such as Carnegie Mellon are vehicles for US MNCs to lobby but Vidhi doesn't have any foreign funding, so they are credible for the government," says Abraham, who was member of the Shah Committee when privacy principals were being drafted.

An Outsider Perspective

"Drafting of legislations requires a whole lot of research. Ten years ago, there weren't any institutions that did that kind of work," says Sumit Bose, Vidhi's current chairman. This retired bureaucrat was instrumental in getting Vidhi its first project as then finance secretary.

He was introduced to Sengupta through his daughter and son-in-law, a graduate of National Law School of India University (NLSIU), Bengaluru. Although things are better now, Bose says, many states still don't have enough capacity for the research behind laws. "You need one foot in the door, and then it's up to you," says Sengupta, son of a teacher and banker in Kolkata.

In a system where the legislative department is typically engaged to draft laws, Vidhi has emerged as the "new interface" between policy and law-making, says its board member Arvind Datar, a senior advocate in the Supreme Court. "They have the unique ability to give an outsider's perspective to any area of law." Datar says Vidhi did extensive research for former Attorney-General Mukul Rohatgi in debates on Aadhaar and the National Judicial Appointments Commission.

Other members on Vidhi's board include Star India chief executive Uday Shankar, strategic adviser Ireena Vittal and NLSIU associate professor Govindraj Hegde. A Union minister familiar with Vidhi's work offers an explanation as to why the government was roping it in. "It is about comfort as well as secrecy and they bring both," he says, asking not to be identified.

A top bureaucrat who has worked extensively with Vidhi says it is not a yes man, and this sets it apart. "Many times, they refuse to include our suggestions, telling us that it will not stand the scrutiny of court or it will not be proper from a legal standpoint," he explains, also requesting anonymity. "There is a lot of research that goes into drafting a legislation, be it pertaining to international best practices or previous judgements. Post a lot of internal discussions, these inputs are included."

Another government official says his department has a running advisory contract with Vidhi. "They are very young people with fresh ideas. They may not fight cases, but they do a lot of good table research, bringing up new legal points." Sengupta says not many organisations are doing similar work. "A lot of the work of this nature is done by universities."

Resistance to Change

Among the biggest reforms Vidhi has worked on are the Insolvency and Bankruptcy Code (IBC) and Aadhaar Act, with GST being an ongoing task. Vidhi helped translate Aadhaar from an executive order to a statutory body. As for the IBC, Sengupta's assessment is that it was a reform 50 years late and essential for entrepreneurship to grow.

But what remains " Vidhi's single-most rewarding experience" is shepherding the net neutrality guidelines. "I think this government is very keen on systemic reforms. They have the appetite to change status quo," says Sengupta. Even so, some legislations Vidhi has been involved with face stiff resistance from citizen-activists.

Sengupta isn't perturbed. He distinctly outlines Vidhi's purpose and role in policymaking — advise the government to ensure that a law being drafted is constitutional, clear, takes into account international best practices and can be implemented effectively. "I believe all opposition is good because it makes everybody think. A lot of the opposition—be it to Aadhaar or to payment-related clauses in IBC —is to the concept," he says. "We didn't come up with the concept so we don't see it as a criticism of our work."

Early Opportunities

Vidhi began as an idea when Sengupta was a graduate student at Oxford University. Along with a lawyer friend, he began sending unsolicited legal input to the parliamentary standing committee looking into the controversial Indo-US Nuclear Liability Bill. To the duo's surprise, it was called to depose before the committee; later, the Department of Atomic Energy sought help with some sections. "We drafted 17 sections and of those, two became law... It was a great opportunity for us," says Sengupta.

This was followed by solicited and unsolicited work during 2010-12 on eight projects, including the Judicial Standards and Accountability, Prevention of Torture and Public Procurement Bills.

The think tank currently has about 40 employees and opened a second office in Bengaluru in August.

Sengupta credits Vidhi's early success to Ashok Ganguly, former chairman of Hindustan Lever (now Unilever) who was also a member of Parliament. In 2011, Ganguly was putting together a representation on policy paralysis and wanted help with research. Ganguly, who would become Vidhi's first chairman, put Sengupta in touch with several people, some of whom provided grant funding to get the think tank going. That did raise some eyebrows.

Conflict of Interest

As they spread their wings, the think tank received funding from the Mahindra Group, Pirojsha Godrej Foundat ion, Vikram Sarabhai Foundation, Jamsetji Tata Trusts, Gourab Banerji, Mohandas Pai and Rohini Nilekani. Verticals within Vidhi have separate funding. For instance, the unit working on the Judicial Reforms Bill is funded by a group called Dasra, which is a collective of philanthropists. And yet, Sengupta says "fund-raising is a constant challenge."

While government work does cover costs, it is not enough to sustain the organisation. Sengupta did not divulge how much Vidhi earns from a typical government project. Over half of the work that Vidhi does is independent research on topics ranging from clean air in Delhi to euthanasia and judicial reform.

Vidhi's fundraising, though, brings up a serious issue of possible conflict of interest, given its work on key legislations such as the Aadhaar Act while being funded by entities that could be affected directly or indirectly by those legislations. For example, Rohini Nilekani, is the wife of Aadhaar architect Nandan Nilekani, who funds Vidhi which not only assisted in drafting the Aadhaar Act but is now also involved with the Data Protection Bill that has key implications on the unique identity number.

Sengupta has also been called to argue in the landmark debate on whether privacy is a fundamental right — ignited after the Supreme Court received scores of petitions against Aadhaar — on request of the government's top lawyers arguing against it. Sanjay Hegde, senior Supreme Court advocate, says, "I see credibility issues when Sengupta argues in favour of Aadhaar in court in the privacy debate and, at the same time, is nominated on the Dr Srikrishna Committee, which is drafting the Data Protection Bill."

He adds, "In a city replete with think tanks and law firms, it would be interesting to see what percentage of government advisory work in terms of billing is cornered by this think tank alone."

Sengupta's defence is that Vidhi believes in transparency and doesn't accept foreign or retail funding. All funding-related information is detailed on its website, he argues. "People are free to make whatever judgement they wish to because conflict is one thing that cannot be eliminated," he says. "The moment you take funding from anybody, there will always be conflict. My answer to that is transparency."

IVY League Talent

What matters is that till date, such issues have not deterred the flow of best Ivy League talent into Vidhi. The founding team included Dhyani Mehta, who heads its environmental vertical; Devanshu Mukherjee, who leads its financial sector work and Alok Prasanna, who heads its Bengaluru office.

Prasanna, had earlier worked with solicitor general Mohan Parasaran's office in Delhi in high profile cases such as the government versus Vodafone and the government versus Reliance Industries. A few "fellows"— Sriboni Sen, Rukhmini Das (pursuing a PhD now) and Ketan Paul (now litigating) — though have moved on.

Yet others like Nikita Khaitan, who graduated from Yale University in the summer of 2016, have stepped in since June last year. Khaitan, who comes from the family of the Khaitan and Co law firm, heard about Vidhi from her cousins who went to the same law school as Sengupta. "Vidhi is one of the few staples where you can do quality work that is not litigation or corporate law," she says, on what clinched the decision for her to join Vidhi after Yale. "A lot of young people today want to return to India and do work which is high-impact." Now that's an argument no one can disagree with.

For more details visit https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-and-samanwaya-rautray-from-net-neutrality-to-ibc-and-aadhaar-how-vidhi-is-framing-key-government-legislation

Roundtable on A.I. and Manufacturing and Services

Admin — 2018-01-18T13:44:15Z

The Centre for Internet and Society (CIS), Bangalore is organizing a roundtable on ‘A.I. and Manufacturing and Services’ on the 19th of January, 2018 from 2 to 5 pm at ‘The Energy and Resources Institute’ (TERI) Bangalore. The Roundtable seeks to discuss the various issues and challenges surrounding the implementation of AI and related technologies on manufacturing processes and services.

Since the Industrial Revolution machines have substituted human labour and helped industries save time and money. This was succeeded by the advent of computers and technology which helped in completing tasks with better speed and accuracy than the human brain. The emergence of machine-learning technology and artificial intelligence has now made machines capable of doing work that was earlier considered to be something that could only be done by humans. From the use of AI in understanding customer shopping trends to its use in making automobiles, AI is becoming more of a norm than an exception. The analytics of how customers shop is now helping companies forecast their manufacturing needs. The synergy of technology and machines i.e. smart manufacturing, not only changes manufacturing and shipping but also improves worker safety. Different forms of smart manufacturing are also starting to come up in India: Wipro and Infosys have launched AI platforms, and the Indian Institute of Science is developing a smart factory with support from Boeing Company and General Electric. Infosys has also released an AI platform, ‘Nia’, which is programmed to forecast revenue and understand customer behaviour.

The instances of use of machines to substitute human workforce, in some cases, has brought about a sense of worry. Recent trends in factory hiring show that jobs are being lost to automated forms of labour, further evidenced by a report from the research firm HorsesforSources, which predicts that India is set to lose 640,000 low-skilled job positions to automation by the year 2021.The IT sector in India is also under risk from the use of AI. Reports have also found that the rising unemployment in the IT sector has led to increased pressure on labour regulators.

Although there are some studies that state that the use of AI would bring about a market for people who would need to work along with AI, the FICCI and EY’s 2016 Report on the Future of jobs and its implication on Indian higher education suggests that one of the ways to combat the loss of jobs was reskilling and upskilling the labour force. India has taken the first step towards this by launching the National Skill Development Mission.

From the use of neural networks to monitor steel plants for packing and shipping groceries, the use of intelligent machines has begun disrupting traditional business models in the industry. However, these advancements raise questions around labour, ethics, liability, and machine-human cooperation. Dialogue and debate are needed to understand how AI is being used in manufacturing, the potential benefits, and challenges of the same, and a way forward that optimizes innovation and protects human rights.

Roundtable Agenda

Friday 19th January | 2:00 p.m - 5:00 p.m.

2:00 - 2:30 Introduction and setting the scene

2:30 - 3:30 Discussion on the AI landscape in the manufacturing and services industry:

Manner and extent of integration of AI into manufacturing and services
Relevant stakeholders and their roles in implementing AI in manufacturing and services
Future of AI and related technologies in AI in manufacturing and services
Impact on work and labour

3:30 - 4:30 Discussion on challenges and solutions towards regulating AI in India:

Challenges faced in the conception and implementation of the AI product/ service, and reasons for such challenges.
Regulatory provisions for implementation of AI in the manufacturing and services under the existing laws, and need for reforms.
Challenges posed by AI to existing policy and regulatory frameworks in the Indian as well as the global context, and possible solutions.

4.30 - 5.00 Conclusion and way forward

For more details visit https://cis-india.org/internet-governance/events/roundtable-on-ai-and-manufacturing-and-services

New Recommendations to Regulate Online Hate Speech Could Pose More Problems Than Solutions

amber — 2018-01-02T03:06:18Z

The T.K. Viswanathan committee’s recommendations could prove to be dangerous for free speech if acted upon without resolving its flaws.

The article was published by Wire on October 14, 2017

It was reported last week that an expert committee headed by T.K. Viswanathan, former secretary general of Lok Sabha, recommended that the Indian Penal Code (IPC), the Code of Criminal Procedure and the Information Technology Act be amended to include stringent penal provisions regarding online hate speech. While this report has not been made public, the Indian Express reported that the committee’s recommendations include, among other things, insertion and expansion of penal provisions in the IPC on ‘incitement to hatred’ (Section 153C) and ‘causing fear, alarm or provocation of violence’ (Section 505A) to include online speech, and creation of the offices of state cyber crime coordinator and district cyber crime cell.

Online hate speech has been among the more complex issues with regard to the regulation of technology. The complexity of restricting hate speech has to do with a number of factors, including the ubiquity of strong opinions in online speech, often offensive to certain groups, the interplay between individual and group rights, and the tensions between the values of dignity, liberty and equality. Siddharth Narrain has pointed out in his thesis on hate speech law that the use of law to curb offensive or hurtful speech has been done by religious groups, caste based groups, occupation based groups with strong caste associations, language groups and gender based groups. The range of actions arising from such uses of the law include the banning of books, criminal proceedings for political satire, or even ‘liking’ political posts on social media.

The relationship between speech acts and acts of violence is a complicated issue with little consensus on appropriate ways to regulate it. Scholars such as Jonathan Maynard have advocated greater reliance on non-legal responses such as counter speech, as the use of criminal law to tackle speech often has the effect of chilling forms of dissent. The formulation and application of legal tests in criminal law with respect to hate speech is also hard as hate speech has much to do with the content of speech as it has to do with the context, including factors such as power structures. Speech by a figure in a position of power also has a greater likelihood to result in a call for violence.

Before looking at the specific recommendations made by the T.K. Viswanathan committee, it would be worthwhile to also look at the background of this committee. The committee notes with approval the Law Commission of India’s 267th report on the issue of hate speech. The Law Commission, in turn, was acting at the behest of observations made by the Supreme Court in Pravasi Bhalai Sangathan v. Union of India in 2014. In this case, the Supreme Court exhibited judicial restraint and refused to frame guidelines prohibiting political hate speech, and had instead requested the Law Commission to look into it. However, the court noted with approval international case law on the issues, particularly the observations in the Canadian case Saskatchewan v. Whatcott. Relying on Whatcott, the Supreme Court provides a definition of hate speech that includes the following statements:

“Hate speech is an effort to marginalise individuals based on their membership in a group. Using expression that exposes the group to hatred, hate speech seeks to delegitimise group members in the eyes of the majority, reducing their social standing and acceptance within society. Hate speech, therefore, rises beyond causing distress to individual group members..[and] lays the groundwork for later, broad attacks on vulnerable that can range from discrimination, to ostracism, segregation, deportation, violence and, in the most extreme cases, to genocide. Hate speech also impacts a protected group’s ability to respond to the substantive ideas under debate, thereby placing a serious barrier to their full participation in our democracy.”

Thus, it is evident that the Supreme Court itself clearly states that hate speech must be viewed through the lens of the right to equality, and relates to speech not merely offensive or hurtful to specific individuals, but also inciting discrimination or violence on the basis of inclusion of individuals within certain groups. It is important to note that it is the consequence of speech that is the determinative factor in interpreting hate speech, more so than even perhaps the content of the speech. This is also broadly reflected in the Law Commission’s report that identifies the status of the author of the speech, the status of victims of the speech, the potential impact of the speech and whether it amounts to incitement as key identifying criteria of hate speech.

However, in the commission’s recommendations, these principles are not fairly represented in the suggested new Sections 153C and 505A, as per a draft released by the Internet Freedom Foundation. Section 505A, for instance, refers to “highly disparaging, indecent, abusive, inflammatory, false or grossly offensive information” and “derogatory information.” These are extremely broad terms, not having any guiding jurisprudence within Indian or international law, which may be helpful in restrictively interpreting them. It is important to note the similarities between this provision and the repealed Section 66A of the Information Technology Act, which sought to criminalise speech that was “grossly offensive,” having “menacing character,” or “causing annoyance..danger..insult..enmity, hatred or ill will.”

These terms in the recommended Section 505A also run foul of the observations of Justice Nariman in Shreya Singhal v. Union of India, where he took exception to the nature of the terms in Section 66A by stating that, “Information that may be grossly offensive or which causes annoyance or inconvenience are undefined terms which take into the net a very large amount of protected and innocent speech.” While these terms are somewhat tempered in this provision with a requirement to show intent to “cause fear of injury or alarm,” they remain exceedingly broad and contrary to the requirement that restrictions on speech must be couched in the narrowest possible terms.

The T.K. Viswanathan committee, in addition, seeks to bring, within the scope of the prospective Sections 153C and 505A, electronic speech. As per its recommendations, ‘means of communication’ would include “any words either spoken or written, signs, visible representations, information, audio, video or combination of both transmitted, retransmitted or sent through any telecommunication service, communication device or computer resource.” This could have the impact of bringing in a provision that has some similar effects as that of the now defunct Section 66A of the Information Technology Act. The lack of regard for the Supreme Court’s observations on hate speech, the need to look at it through the lens of equality and the over-broadness of restrictions on speech are likely to be dangerous for free speech if the recommendations of this committee are acted upon.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-

December 2017 Newsletter

praskrishna — 2018-03-17T11:12:26Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
Shruthi Anand wrote a report that seeks to map the development of Artificial Intelligence both generally and in specific sectors culminating in a stakeholder analysis and contributions to policy making. CIS made a submission to the Department of Industrial Planning and Promotion on December 7, 2017. CIS also offered its assistance on other matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards sustained innovation, manufacture and availability of mobile technologies in India. The Office of the Controller General of Patents, Designs and Trademarks held a meeting with IP stakeholders on December 7, 2017, chaired by the Secretary, DIPP, to take suggestions on improving procedures and functioning of the Office. Anubha Sinha attended the meeting and requested the DIPP to improve compliance of uploading Form 27s by patentees and ensure proper enforcement of related provisions within the Indian Patent Act, 1970. A Kannada Wikipedia orientation workshop was held at the Entrepreneurship Centre, SID, Indian Institute of Science, Bengaluru on 26 November, 2017. The day long event was aimed at adding content to Kannada Wikimedia projects on topics such as ecology, environment, wildlife and sciences of Karnataka. Shyam Ponappa wrote an article on the tragedy of commons in the Business Standard on December 6, 2017. Just like porn is not real life, all news is not real news. It’s time, therefore, to come of age in the 18th year of this century, wrote Nishant Shah in an article in the Indian Express on December 31, 2017.

Highlights

Shruthi Anand wrote a report that seeks to map the development of Artificial Intelligence both generally and in specific sectors culminating in a stakeholder analysis and contributions to policy making.
CIS made a submission to the Department of Industrial Planning and Promotion on December 7, 2017. CIS also offered its assistance on other matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards sustained innovation, manufacture and availability of mobile technologies in India.
The Office of the Controller General of Patents, Designs and Trademarks held a meeting with IP stakeholders on December 7, 2017, chaired by the Secretary, DIPP, to take suggestions on improving procedures and functioning of the Office. Anubha Sinha attended the meeting and requested the DIPP to improve compliance of uploading Form 27s by patentees and ensure proper enforcement of related provisions within the Indian Patent Act, 1970.
A Kannada Wikipedia orientation workshop was held at the Entrepreneurship Centre, SID, Indian Institute of Science, Bengaluru on 26 November, 2017. The day long event was aimed at adding content to Kannada Wikimedia projects on topics such as ecology, environment, wildlife and sciences of Karnataka.
Shyam Ponappa wrote an article on the tragedy of commons in the Business Standard on December 6, 2017.
Just like porn is not real life, all news is not real news. It’s time, therefore, to come of age in the 18th year of this century, wrote Nishant Shah in an article in the Indian Express on December 31, 2017.

CIS wrote the following articles:

New Recommendations to Regulate Online Hate Speech Could Pose More Problems Than Solutions (Amber Sinha; Wire; October 14, 2017). This was published in the month of December on the CIS website.
Breeding misinformation in virtual space (Amber Sinha; Asian Age; December 3, 2017).
India’s Data Protection Regime Must Be Built Through an Inclusive and Truly Co-Regulatory Approach (Amber Sinha; Wire; December 1, 2017).
Digital native: Memory card is full (Nishant Shah; Indian Express; December 3, 2017).
Should Aadhaar be mandatory? (Amber Sinha; Deccan Herald; December 9, 2017).
Digital native: The age of consent (Nishant Shah; Indian Express; December 31, 2017).

CIS in the News:

Aadhaar linking deadline approaches: Here are all the myths and facts (Business Today; December 7, 2017).
Checks and balances needed for mass surveillance of citizens, say experts (Hindu; December 9, 2017).
Masking personal data to protect privacy crucial for India, say experts (Deepti Govind; Livemint; December 11, 2017).
Paranoid about state surveillance? Here’s the FD Guide to living in the age of snoops (Sriram Sharma; Factor Daily; December 12, 2017).
Deadline For Linking Bank Accounts With Aadhaar To Be Extended To 31 March (Komal Gupta and Ramya Nair; Livemint; December 14, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright & Patent

Submission

Submission to DIPP at Meeting with IP Stakeholders (Anubha Sinha; December 12, 2017).
CIS' Submission to DIPP and CGPDTM at meeting with IP Stakeholders (Anubha Sinha; December 13, 2017).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

►Wikipedia

Blog Entries

Christ University Wikipedia Education Program Internship (Manasa Rao; December 11, 2017).
Wikipedia Orientation Program at Rotary Club of Salem (Manasa Rao; December 11, 2017).
Nichole Saad from the Wikimedia Foundation visits Christ University (Manasa Rao; December 17, 2017).
Kannada Wikipedia Orientation Workshop at IISc, Bengaluru (A. Gopalakrishna; December 19, 2017).
Wikimedia Technical Workshop at Savitribai Phule Pune University (Manasa Rao; December 19, 2017).
Marathi Wikipedia workshop for Sandarbh Science magazine writers (Manasa Rao; December 19, 2017).
Marathi Wikipedia - Vishwakosh Workshop for Science writers in IUCAA, Pune (Manasa Rao; December 20, 2017).

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Free Speech & Expression

Blog Entries

It Hurts Them Too (Mir Farhat; December 19, 2017).
Internet Shutdowns: A Modern-day Siege (Ayswarya Murthy; December 19, 2017).
Days to Derail Work of Two Generations? (Mahesh Kumar Shiva; December 19, 2017).
Sorry, Business Closed until Internet is Back On (Nalanda Tambe; December 19, 2017).
Stock Brokers Don't Love an Internet Shutdown (Binita Parikh; December 19, 2017).
Was there an Unofficial Internet Shutdown in BHU & NTPC? (Saurabh Sharma; December 19, 2017).
How Media beat the Shutdown in Darjeeling (Manish Adhikary; December 19, 2017).
Internet and the Police: Tool to Some, Trash to Others (Manoj Kumar; December 19, 2017).
Business Woes from Saharanpur's Internet Ban (Mahesh Kumar Shiva; December 19, 2017).
Amid Unrest in the Valley, Students See a Dark Wall (Aakash Hassan; December 19, 2017).
The Rising Stars in Music Loath Losing their Only Platform (Umar Shah and Mir Farhat; December 19, 2017).
Internet and Banking: A Trust Broken (Roshan Gupta; December 19, 2017).
Online or Offline, Protest Goes On (Junaid Nabi Bazaz; December 19, 2017).
Digital Banking Dreams: Interrupted (Safeena Wani; December 19, 2017).
Will Darjeeling Regain the Trust of Tourists? (Roshan Gupta; December 20, 2017).
Silence on the Dera Front (Sat Singh; December 20, 2017).
ISPs in Kashmir Grappling with Mounting Losses Amid Recurrent Shutdowns (Safina Wani; December 20, 2017).
Taxes in the Time of Internet Shutdown (Avijit Sarkar; December 20, 2017).
Every Town had its Jio Dara (Ayswarya Murthy; December 20, 2017).
Education and Employment Opportunities Tossed out of the Window (Roshan Gupta; December 20, 2017).
Darjeeling’s e-commerce Crumbles after 100 days sans Internet (Avijit Sarkar; December 20, 2017).
E-administration Efforts are Lame Ducks without Internet (Amit Kumar and Sat Singh; December 20, 2017).

►Privacy

Blog Entries

Artificial Intelligence - Literature Review (Shruthi Anand; edited by Amber Sinha and Udbhav Tiwari with research assistance by Sidharth Ray; December 16, 2017).
AI and Healthcare in India: Looking Forward (Shweta Mohandas; edited by Roshni Ranganathan; December 16, 2017).

Participation in Event

FIGI Symposium 2017 (Organized by Telecommunication Standardization Bureau (TSB) of the International Telecommunication Union (ITU), jointly with the Bill & Melinda Gates Foundation, the World Bank and the Committee on Payments and Market Infrastructure (CPMI) and support of the Government of India; November 29 - December 1, 2017; Bangalore). Elonnai Hickok participated in the symposium and spoke in the "Security, Infrastructure, and Trust" working group on big data and privacy in DFS.

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

The tragedy of the unused commons (Shyam Ponappa; Business Standard; December 6, 2017).

-----------------------------------
About CIS
-----------------------------------

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/december-2017-newsletter

E-administration Efforts are Lame Ducks without Internet

Amit Kumar & Sat Singh — 2017-12-20T16:05:44Z

Strap: How Haryana engages with the Digital India dream when one act of vandalism can invite a net ban.

Fatehabad, Haryana: It took Mahender Kumar a week to brush up his DJ-ing skills and understand what songs to play for crowds at different events. It wasn’t done out of some special love for music.

When he had to stop operations of his Common Service Center in Fatehabad district’s Badopal village for the third time in 18 months because of an internet shutdown “caused” by violence in his state, Mahender had to revisit his teenage hobby. He was more cautious about running a centre that depended on the internet. After all, the 31-year-old had to do something to feed a family of five. “Kuch to kaam karna tha. Parivar ko bhukhe to rakh nahi sakte."

Launched in 2015 as part of the central government’s ambitious Digital India programme, Common Service Centers or Atal Sewa Kendras (ASKs) are the “access points for delivery of various e-governance and business services to citizens in rural and remote areas of the country”. Sikander Kumar, in-charge of the Fatehabad District Informatics Center, informs that there are 14 such centers in urban areas and a whopping 223 in rural areas in his district alone.

These Kendras deal with banking, insurance, pension, health, and even railway ticketing, Aadhaar services, and electricity bill payment. The Haryana government claims to have integrated “around 170+ state government services of varied departments” with this scheme. More are in the pipeline.

Mahender, who undertook operations of the Kendra in December 2015, earns commissions ranging from Rs 10 to Rs 100 from his customers. A Rs 10 for paying electricity bills, another Rs 10 for correcting every mistake in Aadhar cards. He even fills up job applications and pension forms using the internet. His daily earning ranges from Rs 1000 to Rs 1200, and he provides food and pays Rs 1500 each to the two persons who assist him occasionally.

“Things were running in perfect order until February 2016. I had to incur losses after losses due to multiple internet bans since then," says Mahender. The Jat reservation stir of February 2016 had led to an internet ban when protests turned violent in various parts of Haryana. Internet service were suspended as a preventive measure a year later in March when the protests were brewing again. When Dera Sacha Sauda Chief Gurmeet Ram Rahim was convicted for rape in August 2017, Fatehabad faced internet shutdown for a week.

Mahender lost his bread and butter on these occasions, and being a part-time DJ was his way of minimising the risk. He continues to run the center though.

Rajesh Kumar too makes a living by running an ASK in Dhangar in Fatehabad. A graduate in arts from the National College in Sirsa, he started the Kendra in October 2015. Though he has reservations about the crawling pace of internet in his village, it doesn’t stop him from fulfilling the needs of customers who can be found “flooding the Kendra on any working day”.

He places great importance on the role of the center he runs. After the demonetisation of Rs 500 and Rs 1000 notes in November 2016, Rajesh says his Kendra “reduced the inconveniences caused to common people by the move”. When the cash lying around became of no use, the e-banking services his centre offered came to the rescue. This is why he doesn’t approve of the internet shutdowns. “Rural areas suffer the most. My friends in cities do not have to go through this.”

Even updating panchayat records on time is a hassle during shutdowns. Rajesh Koth, Fatehabad district development and panchayat officer, does not directly face the brunt of internet shutdowns since his office functions out of the mini-secretariat, which continues using internet through a lease line meant for such situations. But shutdowns do affect his department’s work as the 200 something panchayats with which emails are to be exchanged do not have the same luxury. “Village panchayats have been equipped with a computer and an internet connection, which are used to update the department on development works passed by the panchayat,” Rajesh says.

With villages losing access to whatever internet they had, panchayats have to send physical records to the Fatehabad district headquarters, thereby increasing the office’s burden.

Internet lost, grains lost

The impact of internet shutdowns on the administration’s e-governance schemes was felt even by fair price shops. Subhash Singh has been running a ration depot in the same village as Mahender’s, Badopal, for a decade now. It wasn’t just Subhash’s loss when he couldn’t disburse ration because of the internet shutdown in August 2017.

He says he was bound by authorities to not distribute ration without an Aadhar-enabled authentication using a thumbprint. “Several people came, but they had to return empty-handed due to failing biometric verification. I must’ve lost about Rs 2500 in that time.”

Fatehabad district food and supply controller Ashok Bansal confirmed that his department had indeed “issued clear instructions as mandated by the government to distribute ration only after Aadhar-enabled verification”. Strict action is taken on complaints for not complying this order, he says.

Being his only source of income, Subhash eventually "spent a lot of time and energy to persuade people to return” to his shop again. But he clearly remembers how he was accused of finding an excuse to not give people their lot of ration.

Amit Kumar and Sat Singh are Haryana-based members of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/e-administration-efforts-are-lame-ducks-without-internet

Will Darjeeling Regain the Trust of Tourists?

Roshan Gupta — 2017-12-20T16:01:33Z

An agitation coupled with an internet ban that left tourists stranded, it looks like a tough time ahead for tourism in the Hills.

Darjeeling, West Bengal: The tourism industry in Darjeeling proved to be as crippled as most businesses operating from the town due to the agitation for a separate state of Gorkhaland. With the scenic beauty of the hills and the spectacular views it affords, Darjeeling has always been a major tourist attraction. A substantial part of the town’s employment is attributed to the tourism industry, which took a bloody blow with the ban on internet services that eventually lasted a hundred days.

“The bookings for Darjeeling generally commence four months prior to the annual Hindu festival Durga Puja (usually in September or October), but this time most of the enquiries were for Sikkim. The Hills usually see huge footfall during Puja, but the unrest hit tourism badly and we incurred huge losses,” says Samrat Sanyal, a tour operator.

The tourist season generally starts around April and continues till late October. That the internet shutdown came right in the middle of this period — it was first announced on June 18 and lasted till late September — did not help matters. Sanyal says that in 2016 around 85% of the tourist footfall took place around the time of Durga Puja, but in 2017 it had fallen to around 5-10%. Though things have relatively calmed down, Sanyal believes the flow of international tourists will remain low for a while. Other tour operators this reporter spoke to also echoed Sanyal’s sentiments and said that the aftermath has left tourists with little confidence in the Hills.

Sources in the tourism department say that apart from the internet shutdown, a general response to the strikes and the violence attributed to the agitation played a major role in “maginalising tourist flow”. The tourists who came to the Hills around the time the agitation intensified could not even get in touch with their families as the mobile reception was poor for days, besides no web connectivity. Many who had already arrived at Darjeeling had to cut short their vacation.

One of them was Kartik Lodha. A tourist from Rajasthan, Lodha was caught unawares by the strike that came just as he prepared to go paragliding in Delo. He had no choice but to return to his hotel midway. With no internet to assist him in looking for a way out, Lodha left Kalimpong the next morning in a state bus with police escort. "It’s the locals who suffer the most during such situations. They are the ones who will have to deal with these problems and difficulties in the long run. Barring a missed vacation, we will be fine," said Lodha.

Blaming the state for imposing the shutdown and creating “unwanted problems” in the Hills, Tapash Mitra, a tourist from Kolkata, said that "the West Bengal government is hindering its own tourism industry”. He had planned a three-day trip with his family, but had to return on the day of his arrival. "I just want the people to have peace in the Hills."

Homestays were also badly hit and saw a spate of booking cancellations in the wake of the agitation and the subsequent network shutdown. Nimlamhu, the owner of Green-Hills homestay at Sangsay, said that more than the owners of hotels or homestays, tourists suffered as they were left stranded, unsure of what they would have to do. “Nothing works when the internet is banned. Even refunds cannot be processed.”

When asked about the arrangements that were eventually made to refund the tourists’ money, he said, "The amount was refunded because we were left with no option, and for those guests who were our regular customers, we adjusted the balance with their future bookings."

He said, however, that it was difficult to contact those who booked stays in advance but were hit with the news of the strike before they arrived there. "There was no way we could contact the guests as the internet was banned. About 50-60% of our bookings are done online and we couldn’t even refund their money through netbanking. We had to personally call them up and apologise for the unforeseen circumstance, and request hem to bear with us, not knowing that the strike would last as long as it did," said Nimlamhu.

Sweta Neriah, who is in charge of Palighar, a homestay in Ecchay, was preparing their promotions when the town was hit with the blanket-ban on internet. "For international guests we have a system where payment is done only during checkout. We did incur heavy losses this season and I’m sure we will feel the impact of this slump for some years. Incidentally, this happened just when the international tourist flow started to pick up in this part of the world."

Complaining that the internet ban cost them a year’s business, Kabir Pradhan, the owner of the homestay, said, "Internet is the only way to really promote a business these days. We need to keep updating out official pages on every social networking site to market it. Only then can we attract clients and agents."
He now looks forward to the spring season.

Meanwhile, many tour guides say they suffered huge losses with the internet ban and dip in the number of tourists. Manisha Sharma, who used to work as a tour guide, says she regrets being in the hills as the ban robbed her of three months’ income. “Had I not been here, I could have travelled to some other places with tourists, but the movement of vehicles was also restricted during the agitation, leaving me broke and with few options,” says Sharma.

Roshan Gupta is a Siliguri-based journalist and a member of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/will-darjeeling-regain-the-trust-of-tourists

Silence on the Dera Front

Sat Singh — 2017-12-20T15:58:44Z

Strap: How DSS followers, accused of violent protests after their leader was sentenced, manage without the internet.

Sirsa, Haryana: Raj Rani’s two expensive smartphones are her whole world. But the 32-year-old entrepreneur from Haryana’s Hisar district found them entirely useless when she needed them most – on August 25, during the violent protests by members of the spiritual group Dera Sacha Sauda (DSS) after their leader Gurmeet Ram Rahim was convicted of rape.

“My family follows DSS, and had gone to attend the monthly congregation on August 15 (which also happened to be Ram Rahim’s birthday), when were told that ‘Pitaji’ asked us to stay back in the premises, in case of an adverse verdict by the court in rape cases against him,” she says. This is understood to have been done as a show of support that could put pressure on the judiciary and state for a favourable verdict.

Along with lakhs of other followers, Rani was present in Dera’s Sirsa headquarters with her two children. She stayed in constant touch with her husband Sunny Kumar, a businessman based in New Delhi. "Every day, I showed him the Dera premises and religious activities through WhatsApp video calls,” she says.

She recalls “the nightmarish moment” on the night of August 24 when the Haryana police and the Indian army surrounded the Dera. They imposed a curfew in the town, and restricted people from coming in and going outside the premises spread over 700 acres.

Rani says that the government blocked the internet on August 24 – a day before the self-styled godman appeared in the Panchkula court. Service providers of different companies, including mobile phone and landline services, were also barred at the Dera Sacha Sauda headquarters. As a result, Rani lost all contact with her husband. “I was confident until I was connected with my family over WhatsApp call and video chat, but as soon as this went away, I started losing faith, and felt afraid,” she says.

After the curfew was imposed and internet was shut down, Rani says the devotees started to panic. They demanded that the DSS management permit them to go to their respective homes after Gurmeet’s arrest on August 25. After his conviction for rape, Rani says the politically influential and funds-flushed DSS fell like a house of cards. “There was chaos all around,” she says.

Fearing that Dera followers would vandalise public property to protest their leader’s conviction, the police had restricted public transport. Private vehicles were being allowed to move only after multiple security checks. On the morning of August 27, hundreds of devotees started to leave the Dera premises by foot. Rani walked about 50 kms along the national highway 10 (Hisar-Sirsa) up to Fatehabad district.

It was a coordination committee of police, legislators, and bureaucrats from Haryana, Punjab and Chandigarh, under the chairmanship of Punjab governor and union territory administrator VP Singh Badnore, that took the decision to ban the internet. After the order on August 24, all the SMSes, dongle, and data services provided on mobile network were suspended. The government only allowed phone calls during the internet shutdown in affected districts in these states.

Dissing the police’s claims that Dera followers started the violence first, provoking the cops to fire, 32-year-old shopkeeper Gaurav Soni, an ardent DSS follower for seven years, insists that things went out of control because the internet connection was snapped. He says that senior members in the Dera’s internal WhatsApp groups couldn’t send messages to calm angry followers. “Whatever happened was a result of a communication gap,” says Soni, who joined the protests. “No one asked the followers to get violent, and followers never attempt such things without proper instructions. But since there was a leadership gap, thanks to the break in communication, all this occurred.”

Vikas Kumar, an IT expert of the Dera Sacha Sauda agrees, "As soon as we came to know about the conviction, we tried to send a message from Dera chairperson Vipasana Insan, requesting followers to maintain peace, and keep faith in the judicial process. But we couldn’t upload this message because mobile internet and broadband services were banned." They also tried to call key Dera leaders. “But it was too late by then, and followers clashed with law enforcement agencies," Vikas adds.

The Dera’s protests, and the related internet and transport shutdown seemed to have impacted the group’s own followers too.

Those outside Haryana received misleading or panic-inducing forwards and videos, worrying them, but also worsening the anger against the state administration. Rajat Singh, a 65-year-old Dera follower from Mansa district, Punjab, says his son Rishipal Singh, had gone with several followers to the court in Panchkula, Haryana, where Gurmeet’s case was being heard. Rajat Singh says that since the internet was not banned at Punjab’s Mansa, he continuously received photographs of bullet-ridden bodies, charred cars, massive fires, and vandalism on WhatsApp. It’s unclear how Dera members from Haryana were able to send these pictures, overriding the blocked internet. “I was so disturbed,” he says. “As soon as we came to know that the Haryana police had opened fire on the followers, I started calling my son,” he says. But phone networks were constantly busy or spotty. “My son’s phone was not reachable. I asked relatives to send him text messages, or messages on WhatsApp, but the internet was not working.” It was much later, when Rishipal made a rushed call, that they were assured of his well-being.

Unaware of the violence at the Dera, 37-year-old Rakesh Kumar, a DSS follower from Ghaziabad, Uttar Pradesh, was visiting Sirsa on August 24. “I booked a hotel in Sirsa district through an app, and chose to pay at the hotel. When I reached Sirsa, the internet was off.” Kumar went to the Dera taking lifts from a few vehicles plying on the sly, but soon returned to his hotel after followers went on a rampage. He wanted to leave Sirsa, but “got stuck” because the hotel didn’t allow him to leave without paying. ATMs were closed, vandalised, or not working, and it was generally unsafe to go out. “I had some balance on PayTM, but that was also not working as there was no internet connection,” he says.

Without Facebook or Twitter accounts, the Sirsa police had no way to counter rumours, discourage violence, or call for peace, says additional deputy commissioner (ADC) Sirsa, Munish Nagpal. A ban, he says, was the only way for them to nip crowd mobilisation in the bud, and curb rumours from spreading to Dera followers in other states of north India.

“The ban controlled the situation to a certain extent, but it handicapped us, and slowed the process of our communication with seniors in Chandigarh,” admitted Ashwin Shenvi, the superintendent of police (SP).

The Haryana police, chief minister and health minister are usually active on social media, and the government too prides itself on being digitally savvy, but during the ban, every account was inactive. This despite the state offices having broadband.

It is worth pointing out that DSS is credited for the Bharatiya Janata Party’s first ever win in Haryana in the 2014 state elections. Gurmeet Ram Rahim and CM Manohar Lal Khattar have even shared stages multiple times for photo-ops. Many believe this to be the reason behind the state government not being very vocal, online or offline, in condemning the violence by Gurmeet’s followers. It could have ticked off DSS’s over 50 million followers, a large votebank. The political dynamics, hence, were also responsible for internet becoming a victim of the violence unleashed.

Sat Singh is a Rohtak-based journalist and a member of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/silence-on-the-dera-front