We are anonymous, we are legion

Checks and balances needed for mass surveillance of citizens, say experts

Admin — 2017-12-16T14:32:23Z

A number of measures are required to protect law-abiding citizens from mass surveillance and misuse of their personal data, according to top technology and legal experts.

The article by Peerzada Abrar was published in the Hindu on December 9, 2017

The measures include issuing of tokens by the Unique Identification Authority of India (UIDAI) instead of Aadhaar numbers and having an official in the judiciary give permission to vigilance.

The experts were participating in a panel discussion on ‘Navigating Big Data Challenges’ at Carnegie India’s Global Technology Summit here. They also said there was a need to implement ‘de-identification of data’ or preventing a person’s identity from being connected with information.

The moderator of the discussion was Justice B.N. Srikrishna, a former Supreme Court judge, who was also heading a government-appointed committee of experts to identify “key data protection issues” and recommend methods to address them. Justice Srikrishna told the panellists that Aadhaar or the unique identification number had empowered the people. But in situations where the State wants all the information about citizens from different service providers because of its suspicions related to terrorism or criminal activity, he asked, what is the method to create a balance?

“Surveillance is like salt in cooking which is essential in tiny quantities, but counterproductive even if slightly in excess,” responded Sunil Abraham, executive director of Bengaluru-based think tank, Centre for Internet and Society. He said there was a need to make a surveillance system which had privacy by design built into it.

Mr. Abraham said that his organisation had proposed to the UIDAI that it used ‘tokenisation,’ which meant that whenever there was a ‘know your customer’ requirement, the Aadhaar number was not accessed by organisations like telecom firms or the banks. Instead, when the citizens used various services via smart cards or pins, a token got generated, which was controlled by the UIDAI. Organisations like banks and telecom firms can store those token numbers in their database. He said this would make it harder for unauthorised parties to combine databases. But at the same time would enable law enforcement agencies to combine database using the appropriate authorizations and infrastructure.

“UIDAI is considering this, they call it the dummy Aadhaar numbers. We need technical as well as institutional checks and balances,” said Mr. Abraham.

Countries like the U.S also have processes like Foreign Intelligence Surveillance Court (FISA court) which entertains applications made by the U.S Government for approval of electronic surveillance, physical search, and certain other forms of investigative actions for foreign intelligence purposes.

“My concern is that in the current system, surveillance can be done by the State machinery. I don’t necessarily suggest FISA court.... but some kind of mechanism where (one can’t) be held at the mercy of incestuous State machinery,” said Rahul Matthan, a partner at law firm Trilegal. “But have some second person who is outside the influence of this system (and) who actually says ‘yes this is a terrorist which requires us to do mass surveillance,” he said.

Artificial Intelligence

A large amount of information or Big data ranging from financial, health to political insights of people is being collected by different organisations and service providers which is sitting in different silos. All of this is likely going to be linked through Aadhaar. Mr. Srikrishna asked what if a situation arises where all of this data is aggregated and using artificial intelligence and machine learning, one is able to analyse it and profile individuals. He said “would that be not a terrifying scenario” where the State can act super-monitor for citizens. He asked how can citizens be guarded against it?

Mr.Srikrishna was referring to the ‘Social Credit System’ proposed by the Chinese government for creating a national reputation system to rate the trustworthiness of its citizens including their economic and social status. It works as a mass surveillance tool and uses big data analysis technology.

“It is a possibility. What stands in the way of it becoming a reality (in India) is a robust law,” said Mr.Matthan. “Technology is so powerful that it could equally be used for good as well as bad.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-peerzada-abrar-december-9-2017-checks-and-balances-needed-to-mass-surveillance-of-citizens-say-experts

Masking personal data to protect privacy crucial for India, say experts

Admin — 2017-12-16T14:27:34Z

Finding a way to protect privacy is critical, with the Supreme Court hearing petitions challenging the mandatory linking of Aadhaar to avail various social and welfare benefits.

The article by Deepti Govind was published in Livemint on December 11, 2017

Using the concept of de-identification to protect an individual’s right to privacy and creating laws that constantly re-evaluates the difference between harmful and good use of data is crucial for India, according to an expert panel on data privacy.

That could mean developing a token system that lets the Unique Identification Authority of India (UIDAI) hold a master-list of data through Aadhaar, while generating token numbers for all other Know Your Customer (KYC) requirements, suggested the panel at the Global Technology Summit hosted by think-tank Carnegie India.

“If we can implement de-identification principles in government collection and storage of data, even if that data is displayed on the website it cannot be correlated to an individual. And if it can’t be correlated to an individual then immediately that data is not as dangerous as it could be,” said Rahul Matthan, partner at Trilegal and a Mint columnist.

In theory, de-identification could include anything from deleting or masking personal identifiers, like names, to generalizing or suppressing others, like an individual’s pin code.

Finding a way to protect privacy is critical for India, with the Supreme Court hearing petitions challenging the mandatory linking of Aadhaar to avail various social and welfare benefits.

One of the grounds for challenge is that the use of biometric information of an individual encroaches upon the individual’s privacy.

The Centre for Internet and Society, a Bengaluru-based research organisation, proposed that the UIDAI use tokens for KYC requirements. Under this method an individual can use a smart card and a personal identification number (PIN), rather than biometrics, at a UIDAI-controlled booth and generate a token number. That token number can be submitted to a telephone operator or a bank.

“UIDAI is currently considering this. They call it the dummy or virtual Aadhaar numbers. Under this a single agency cannot pull off the surveillance completely by themselves. So there is both a technical and institutional check,” said Sunil Abraham, executive director of the Centre for Internet and Society.

Another method could be shifting the emphasis to revoking consent rather than grant of consent to collect and store data.

This could be done using the same method that currently exists to filter unwanted calls and messages on phones via the do-not-disturb registry. But over and above these, creating the right regulatory framework is important.

“It has become absolutely necessary to have in place a law which governs the usage of misuse of data,” said former Supreme Court justice B.N. Srikrishna.

Srikrishna used to head a 10-member committee of experts constituted by the government to study various issues related to data protection, make specific suggestions on the principles to be considered and suggest a draft data protection bill.

The data protection law must balance the interests of all three stakeholders—the common citizens, data collectors and the state—and not focus on just one or two, Srikrishna said on Friday. There should also be methods in place to penalize or impose fines on companies or agencies in case of data breaches or misuses, he added. But imposing fines is not the ideal solution, according to experts.

“It’s really critical that we think about building in incentives to do better. If every violation results in a huge penalty, for instance, then the posture of companies will be a secretive, protective, legal defence posture rather than one that strives to constantly improve practices and technologies,” said Facebook Inc.’s global deputy chief privacy officer, Stephen Deadman.

For more details visit https://cis-india.org/internet-governance/news/masking-personal-data-to-protect-privacy-crucial-for-india-say-experts

Paranoid about state surveillance? Here’s the FD Guide to living in the age of snoops

Admin — 2017-12-16T13:38:46Z

The US does it, so does China. Ever since Edward Snowden’s revelations back in 2013, which exposed the extent of the US’s global surveillance apparatus, the public has been fairly clued into the extent of mass surveillance.

The blog post by Sriram Sharma was published in Factor Daily on December 12, 2017

It doesn’t take a conspiracy theorist to worry that India does it (or wants to), too, especially with the high decibel campaigns by banks, telecom service providers and others to have Indians link Aadhaar, the unique citizen ID, to multiple services.

If you want a dystopian picture of the future of surveillance, look no further than China, considered the world’s worst abuser of internet freedom for the third year in a row, according to the new Freedom House, a US-based NGO that conducts research and analysis on the internet. With a score of 87/100 (higher is worse), the Chinese state is renowned for its Great Firewall, which filters access to the wider internet. “Digital activism has declined amid growing legal and technical restrictions as well as heavy prison sentences against prominent civil society figures,” the latest Freedom House report notes.

India is rated “Partly Free” with a score of 41/100 (lower is better) in Freedom House’s 2017 report on internet freedom

While it’s a long way away from China, India scores 41/100 on Internet Freedom in 2017 but is still considered only ‘partly free’ owing to blocking of internet and telecom service providers in Kashmir and detainment of citizens for expressing their views online. The India report from Freedom House highlights Aadhaar’s mandatory linking for a wide range of schemes and records concerns regarding its privacy and security implications.

In this guide, we take a look at the why, what and how of India’s surveillance apparatus, the legal provisions in the Indian constitution that enables them, ask domain experts to provide us with tips on living in an age of state surveillance. We also take a look at a variety of widely used tools and apps that help you countering state surveillance or tracking of any kind.

Know your Big Brother: India’s State Surveillance Programs

Right to privacy organisation Privacy International has a detailed dossier on the state of privacy in India, which examines India’s surveillance schemes, laws around interception and access, and central intelligence agencies that carry out surveillance. Apart from the state police and the army, surveillance is carried out at least 16 different intelligence agencies, it notes.

The Centre for Internet and Society (CIS) and Software Freedom Law Centre (SFLC) have done extensive research in the past on India’s surveillance apparatus. Earlier this year, CIS reported on the various programs and tech infrastructure behind India’s surveillance state: these include Central Monitoring System (CMS), National Intelligence Grid (NATGRID), Network Traffic Analysis System (NETRA), etc. An earlier CIS report highlights a boom in surveillance tech in India following the 26/11 terror attacks in Mumbai.

Based on an RTI (Right to Information) filing, SFLC’s 2014 report on India’s Surveillance State reveals that around 7,500 to 9,000 telephone interception orders are issued by the central government alone each month. State surveillance of citizens’ private communications is authorised by laws that let them monitor phone calls, texts, e-mails and Internet activity on a number of broadly worded grounds such as such as ‘security of the state’, ‘defence of India’, and ‘public safety’.

The Government of India is also known to said to work with private third parties, some of which go so far as to infect target devices using malicious software to extract information on the subject. A 2013 Citizen Lab report titled ‘The Commercialisation of Digital Spying’ found command and control servers (used to control the host system) for FinFisher (a remote computer monitoring software suite) in India. A Wikileaks expose in 2015 dumped over a million emails belonging to Italian surveillance malware vendor HackingTeam. The emails revealed how India’s top intelligence agencies and the government expressed interest in buying Hacking Team’s malware interception tools.

Fears of an Aadhaar Surveillance State

Thejesh G N, an infoactivist wrote in FactorDaily about Hyderabad’s surveillance hub, which wants to collect all manner of details. Aadhaar is one of the primary keys to matching profiles with external data sources, he notes.

A look at data points gathered by Hyderabad’s Integrated Information Hub

“The end product shows on a map where you live, what you consume, did you take PDS, move to some other place, your mobile number, gender… there’s a lot of data in the hands of the very lowest level of government, which doesn’t have any protection as by a parliamentary committee or anything like that. It’s run by bureaucrats, so that has huge implications,” he says. “If you see Citizen Four (a 2014 documentary about Edward Snowden), it shows a similar system, where you enter one’s SSN, and it shows everything you have done, and are planning to do. We are building the same system…Governments change, today we might have a good government, tomorrow we might have the worst possible government on the planet.”

Pranesh Prakash, Policy Director of CIS says he doesn’t regard Aadhaar as a surveillance project. “I see Aadhaar as something that can facilitate surveillance, but by and of itself, it isn’t surveillance,” he says, adding that it does so in a non-consensual manner. “By having Aadhaar numbers across multiple databases, you make surveillance easier. But you need to tie it up to a surveillance system. For instance, Aadhaar without NATGRID isn’t surveillance, but Aadhaar with NATGRID can be helpful for surveillance.” NATGRID (National Intelligence Grid) was first proposed in late 2009 following 26/11 attacks by the Union Home Minister, to enhance India’s counter-terror capabilities. It links 21 citizen databases for access to intelligence/enforcement agencies.

Ongrid’s website earlier had this visualisation depicting its verification service, which made privacy advocates cringe. Source: Twitter.

We discussed some worst-case scenarios around the commercial use of Aadhaar and India Stack companies with Thejesh. “Let’s say there’s a screening company and they have your Aadhaar ID. They will send it to Airtel, or Vodafone, and ask for a list of all the websites you have viewed. Maybe you’ve watched porn or something, at some point in your life, and that could hurt your employment,” he says.

Curbing your data exhaust

The EFF (Electronic Frontier Foundation) has published a number of useful articles and resources for countering internet surveillance. Recommendations include using end-to-end encryption through tools such as OTR (a messaging protocol available on Adium), PGP (to exchange secure emails), and Signal (messenger).

Other useful tips:

Use VPNs

VPNs (virtual private networks) use encryption protocols and secure tunneling techniques to keep your internet activity impervious to snooping. With a VPN, you can bypass ISP restrictions on blocked websites or access services (Spotify) not available in your country, making it appear that you are browsing from another part of the world. Keep in mind that you can still be outed by your VPN provider, so it’s important to choose one that respects your privacy. There are hundreds of VPN service providers to choose from, That One Privacy Guy maintains a detailed comparison chart of over a hundred VPN providers, with details on jurisdiction, price, ethics, logging policies, VPN protocols supported, and more. Out of these, the country that the VPN provider is based in is a key filter: you don’t want to choose a VPN service based out of the ‘14 eyes‘, as they are known to do mass surveillance.

Use TOR

Tor, an acronym for ‘The Onion Router’, is a free app that lets you anonymise your online communication by directing a web browser’s traffic through a volunteer-run network of thousands of servers. It is funded by the US-based National Science Foundation, Mozilla, and Open Technology Fund, among others. Tor is available for download on Windows, Mac, Linux, and Android.

Browsing on Tor can be far slower than a regular web browser, but it keeps you anonymous.

Encrypt your storage

It’s now a default feature on your phone, or computer, so there’s no reason why you shouldn’t make use of it. To check if it is turned on in Windows 10, Go to Settings > System > About, and look for a “Device encryption” setting at the bottom of the About tab. Keep in mind that you need to sign into Windows with a Microsoft account to enable this setting, so it’s likely that the NSA or FBI might be able to bypass it.

On a Mac, you turn on full-disk encryption through FileVault, accessible in > System Preferences > Security & Privacy.

On an iPhone, data protection is enabled once you set up a passcode on your device.

Android 5.0 and above devices support full-disk encryption. If it isn’t turned on by default on your device, you can turn on encryption under the Security menu.

Sensitive documents can also be encrypted using TrueCrypt. Though you must keep in mind that key disclosure laws apply in India, under the Section 69 of the Information Technology Act, which states that there’s a seven-year prison sentence for failing to assist the central and state governments in decrypting information on a computer resource.

Use an air-gapped PC

An air-gapped PC is one that is not connected to the internet or to any computers that are connected to the internet. Air-gapped PCs are typically used when handling critical infrastructure, and this is an extreme measure one can take when working with sensitive data that you don’t want to be leaked.

Use HTTPS everywhere

HTTPS Everywhere offers plugins for Firefox, Chrome, and Opera, and turns every link you open or key in, to a secure version of the HTTP protocol, which is encrypted by Transport Layer Security (TLS). The tool protects you from eavesdropping or tampering with the site you are visiting, but only works on sites that support HTTPS. Keep in mind that this tool won’t conceal the sites you have accessed from eavesdroppers but it won’t reveal the specific URL that you visited.

Turn on Advanced Protection in Gmail

If you trust Gmail with your data, take the relationship to the next level with Advanced Protection, which safeguards your account against phishing attacks, limits access to trusted apps, and adds extra verification features to block fraudulent account access. You will need a Bluetooth key and a USB key to turn this feature on.

Some other don’ts

Don’t leave any cameras open. Tape them up if you are a potential surveillance target.
Don’t use freemium apps, which trade in your privacy. A recent example of a worst-case scenario.
Don’t send any data via free email services that you would like to keep private.
Don’t use Google or Facebook, as Snowden says, if you value your privacy. Don’t take our word for it.

As for Aadhaar, Thejesh says that there isn’t much one can do as it is forcibly linked to many essential services. He recommends using different email ids for official work and unofficial work. “Use one email ID for Aadhaar and mobile related accounts, and use the other one for regular communication. It separates the accounts from surveillance and adds a layer of security,” he says. “Don’t use Aadhaar until is necessary. If you use Aadhaar and you are not in a mood to resist everything, then don’t use it where it is not required. Don’t use it like a regular address proof,” he adds.

If you are already an Aadhaar holder, it makes sense to use the biometric locking system provided by UIDAI on its website to protect against identity theft and unauthorised access. The biometric locking feature sends an OTP code to your registered mobile number to unlock or disable the locking system.

If someone is concerned about surveillance, CIS’s Prakash recommends not having a cell phone. “The cellphone is the single largest means of data gathering about you,” he says.

Surveillance can take many forms: it can be physical or off-the-air surveillance (an interception technique used to snoop on phone calls), he points out.

A CCTV camera fitted on top of a Hyderabad Police vehicle

Surveillance is not always bad: medical surveillance, for instance, an entire field around the spread of diseases, is necessary, Prakash clarifies. “Even state surveillance for national security purposes is absolutely necessary. A nation-state can’t survive without surveillance so I am quite clear that those who oppose all forms of surveillance are opposing all kinds of rights – because you can’t have rights without security. And indeed, individual security is a human right guaranteed under the Universal Declaration of Human Rights and guaranteed in Article 21 of the Indian Constitution. Without security of the person, you can’t have the right to freedom of speech, you can’t enjoy the right to privacy… If you’re in a state of war or in a state of terror, then you can’t enjoy rights – so clearly for me, surveillance is necessary,” he says.

That said, surveillance in India is highly problematic as the laws and the democratic framework for surveillance is very weak, and enforcement of that framework is even worse, Prakash adds. “One of the best ways of countering surveillance, I would suggest, is to actually demand a democratic framework for surveillance in India. Demand that your MLA and MP take up this issue at the state and central level… and that we have a democratic framework for both our intelligence agencies and for all the surveillance that is conducted by the state in India,” he says.

He calls everything else – “the technological stuff, using anonymising networks, end-to-end encryption” – a second order issue. “It can help you as an individual, but it doesn’t help us as a society.”

For more details visit https://cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops

Deadline For Linking Bank Accounts With Aadhaar To Be Extended To 31 March

Admin — 2017-12-16T13:24:59Z

The government does away with the existing deadline of 31 December for linking of bank accounts with Aadhaar and PAN

The article by Komal Gupta and Ramya Nair was published in Livemint on December 14, 2017

The government on Wednesday extended the deadline for linking of bank accounts with Aadhaar to 31 March, in line with its submission to the Supreme Court.

The earlier deadline was 31 December.

Bank account holders will have to furnish their 12-digit unique biometric identity number and Permanent account number or PAN by 31 March or within six months of opening the account, whichever is earlier, said a statement from the finance ministry.

This will provide temporary relief to crores of bank account holders who had not linked their bank accounts with the 12-digit unique identity number.

Last week, the income tax department had extended the deadline for linking of Aadhaar with the permanent account number to 31 March from 31 December.

The move comes a day before a Constitution bench of the Supreme Court starts hearing the issue of stay against mandatory linking of Aadhaar with bank accounts and mobile phone numbers.

The statement added that the bank account will cease to be operational in case of failure to furnish Aadhaar and PAN as on 31 March or at the end of six months. The account will become operational again only after the furnishing of documents.

“This is just a gesture from the government, seeking to avoid the court granting an interim stay against the mandatory linkage of Aadhaar with bank accounts. This apparent extension won’t truly help ordinary people, who will continue being harassed through constant messages urging them to provide their Aadhaar number to continue receiving entitlements, services, and for access to one’s own money,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

For more details visit https://cis-india.org/internet-governance/news/deadline-for-linking-bank-accounts-with-aadhaar-to-be-extended-to-31-march

Artificial Intelligence - Literature Review

Shruthi Anand — 2017-12-18T15:12:52Z

With origins dating back to the 1950s Artificial Intelligence (AI) is not necessarily new. However, interest in AI has been rekindled over the last few years, in no small measure due to the rapid advancement of the technology and its applications to real- world scenarios. In order to create policy in the field, understanding the literature regarding existing legal and regulatory parameters is necessary. This Literature Review is the first in a series of reports that seeks to map the development of AI, both generally and in specific sectors, culminating in a stakeholder analysis and contributions to policy-making. This Review analyses literature on the historical development of the technology, its compositional makeup, sector- specific impacts and solutions and finally, overarching regulatory solutions.

Edited by Amber Sinha and Udbhav Tiwari; Research Assistance by Sidharth Ray

With origins dating back to the 1950s Artificial Intelligence (AI) is not necessarily new. With an increasing number of real-world implications over the last few years, however, interest in AI has been reignited over the last few years.

The rapid and dynamic pace of development of AI have made it difficult to predict its future path and is enabling it to alter our world in ways we have yet to comprehend. This has resulted in law and policy having stayed one step behind the development of the technology.

Understanding and analyzing existing literature on AI is a necessary precursor to subsequently recommending policy on the matter. By examining academic articles, policy papers, news articles, and position papers from across the globe, this literature review aims to provide an overview of AI from multiple perspectives.

The structure taken by the literature review is as follows:

Overview of historical development
Definitional and compositional analysis
Ethical & Social, Legal, Economic and Political impact and sector-specific solutions
The regulatory way forward

This literature review is a first step in understanding the existing paradigms and debates around AI before narrowing the focus to more specific applications and subsequently, policy-recommendations.

Download the full literature review

For more details visit https://cis-india.org/internet-governance/blog/artificial-intelligence-literature-review

Breeding misinformation in virtual space

amber — 2017-12-08T02:24:29Z

A well-informed citizenry and institutions that provide good information are fundamental to a functional democracy.

The phenomenon of fake news has rece-ived significant sc-holarly and media attention over the last few years. In March, Sir Tim Berners Lee, inventor of the World Wide Web, has called for a crackdown on fake news, stating in an open letter that “misinformation, or fake news, which is surprising, shocking, or designed to appeal to our biases, can spread like wildfire.”

Gartner, which annually predicts what the next year in technology will look like, highlighted ‘increased fake news’ as one of its predictions.

The report states that by 2022, “majority of individuals in mature economies will consume more false information than true information. Due to its wide popularity and reach, social media has come to play a central role in the fake news debate.”

Researchers have suggested that rumours penetrate deeper within a social network than outside, indicating the susceptibility of this medium. Social networks such as Facebook and communities on messaging services such as Whats-App groups provide the perfect environment for spreading rumours. Information received via friends tends to be trusted, and online networks allow in-dividuals to transmit information to many friends at once.

In order to understand the recent phenomenon of fake news, it is important to recognise that the problem of misinformation and propaganda has existed for a long time. The historical examples of fake news go back centuries where, prior to his coronation as Roman Emperor, Octavian ran a disinformation campaign against Marcus Antonius to turn the Roman populace against him.

The advent of the printing press in the 15th century led to widespread publication; however, there were no standards of verification and journalistic ethics. Andrew Pettigrew wri-tes in his The Invention of News, that news reporting in the 16th and 17th centuries was full of portents about “comets, celestial apparitions, freaks of nature and natural disasters.”

In India, the immediate cause for the 1857 War of Indepen-dence was rumours that the bones of cows and pigs were mixed with flour and used to grease the cartridges used by the sepoys.

Leading up to the Second World War, the radio emerged as a strong medium for dissemination of disinformation, used by the Nazis and other Axis powers. More recently, the milk miracle in the mid-1990s consisting of stories of the idol of Ganesha drinking milk was a popular fake news phenomenon. In 2008, rumours about the popular snack, Kurkure, being made out of plastic became so widespread that Pepsi, its holding company, had to publicly rebut them.

A quick survey by us at the Centre of Internet and Society, for a forthcoming report, of the different kinds of misinformation being circulated in India, suggested four different kinds of fake news.

The first is a case of manufactured primary content. This includes instances where the entire premise on which an argument is based is patently false. In August 2017, a leading TV channel reported that electricity had been cut to the Jama Masjid in New Delhi for non-payment of bills. This was based on a false report carried by a news portal.

The second kind of fake news involves manipulation or editing of primary content so as to misrepresent it as something else. This form of fake news is often seen with respect to multimedia content such as images, pictures, audios and videos. These two forms of fake news tend to originate outside traditional media such as newspapers and television channels, and can be often sourced back to social media and WhatsApp forwards.

However, we see such unverified stories being picked up by traditional media. Further, there are instances where genuine content such as text and pictures are shared with fallacious contexts and descriptions. Earlier this year, several dailies pointed out that an image shared by the ministry of home affairs, purportedly of the floodlit India-Pakistan border, was actually an image of the Spain-Morocco border. In this case, the image was not doctored but the accompanying information was false.

Third, more complicated cases of misinformation involve the primary content itself not being false or manipulated, but the facts when they are reported may be quoted out of context. Most examples of misinformation spread by mainstream media, which has more evolved systems of fact checking and verification, and editorial controls, would tend to fall under this.

Finally, there are instances of lack of diligence in fully understanding the issues before reporting. Such misrepresentations are often encountered while reporting in fields that require specialised knowledge, such as science and technology, law, finance etc. Such forms of misinformation, while not suggestive of malafide intent can still prove to be quite dangerous in shaping erroneous opinions.

While the widespread dissemination of fake news contributes greatly to its effectiveness, it also has a lot to do with the manner in which it is designed to pander to our cognitive biases. Directionally motivated reasoning prompts people confronted with political information to process it with an intention to reach a certain pre-decided conclusion, and not with the intention to assess it in a dispassionate manner. This further results in greater susceptibility to confirmation bias, disconfirmation bias and prior attitude effect.

Fake news is also linked to the idea of “naïve realism,” the belief people have that their perception of reality is the only accurate view, and those in disagreement are necessarily uninformed, irrational, or biased. This also explains why so much fake news simply does not engage with alternative points of view.

A well-informed citizenry and institutions that provide good information are fundamental to a functional democracy. The use of the digital medium for fast, unhindered and unchecked spread of information presents a fertile ground for those seeking to spread misinformation. How we respond to this issue will be vital for democratic societies in our immediate future. Fake news presents a complex regulatory challenge that requires the participation of different stakeholders such as the content disseminators, platforms, norm guardians which include institutional fact checkers, trade organisations, and “name-and-shaming” watchdogs, regulators and consumers.

For more details visit https://cis-india.org/internet-governance/blog/asian-age-amber-sinha-december-3-2017-

Aadhaar linking deadline approaches: Here are all the myths and facts

Admin — 2018-01-01T16:04:25Z

Love it or hate it, you just can't escape it. We're talking about Aadhaar, which is a bigger buzzword than usual in the face of the looming end-December deadline for linkages with bank accounts, PPF, insurance policies, ration card and perhaps even PAN. As India rushes to comply, there are a number of myths and half-truth making the rounds.

The article was published by Business Today on December 7, 2017.

The official website of the Unique Identification Authority of India (UIDAI), the body issuing the biometrics-based Aadhaar number, helpfully lists out some of them, while others came to light when activists took up cudgels on behalf of Aadhaar-harassed citizens. But, either ways, you need to know the hard truth behind them.

Myth: Aadhaar-linkage is not only mandatory for every Indian citizen but also every person residing in the country.
Fact: In a notification dated May 11, 2017, the Central Board of Direct Taxes exempted the following categories from mandatory Aadhaar enrolment:
Those who are not citizens of India, non-resident Indians as per Income Tax Laws, those aged over 80 years at any time during the tax year, and the residents of Assam, Meghalaya and Jammu & Kashmir.

The UIDAI has also made it clear that NRIs and those holding the Overseas Citizen of India (OCI) card are not eligible to obtain Aadhaar as per the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. "NRI/OCI need not verify their bank account or SIM or PAN with Aadhaar. If required, they may inform the service provider(s) that they being NRI/OCI are exempted from Aadhaar verification," the UIDAI had said on Twitter way back in October, and followed it up with a circular in mid-November.

As per the Aadhaar Act, only a "resident" is entitled to obtain Aadhaar, which refers to an individual, irrespective of nationality, who has resided in India for a period aggregating 182 days or more in the year immediately preceding the date of application for enrolment. So, this means that even NRIs and expats fulfilling the above criteria can apply for Aadhaar, but they cannot be forced to link their Indian bank accounts with it.

Myth: I had to give my fingerprints to get a SIM card and now the telecom company will keep my biometrics for future use

Fact: According to UIDAI, a telecom company cannot store your biometrics at its end. All the biometrics collected should be encrypted by the service provider and sent to UIDAI at that instant itself. Any storage of biometric by any agency is a serious crime punishable with up to three years of imprisonment under the Aadhaar Act.

Myth: Aadhaar is prone to data breaches and leaks
Fact: Yes, there have been at least two serious leaks reported in the media, but the UIDAI has denied both of them.

In May 2017, The Centre for Internet and Society, a Bangalore-based non-profit research organisation, had reportedly investigated three government portals linked with social welfare schemes that together leaked Aadhaar information of around 1.3 crore people. Then, two months later, came news about over 200 government websites Aadhaar information public. This raised a lot of concerns and detractors cried themselves hoarse.

According to the UIDAI, some agencies of central or state governments had been proactively putting up details of their beneficiaries as required under the RTI Act. While the said information was promptly removed from the offending websites, the authority points out that no biometrics were displaced.

"Therefore to say that Aadhaar has been breached, data has been leaked, is completely incorrect and misleading," it says.

Moreover, the Aadhaar Act and IT Act are now in place, which impose restrictions on publication of Aadhaar numbers, bank account, and other personal details.

Myth: Aadhaar has a poorly verified database.
Fact: Several security measures are in place to ensure that Aadhaar enrolment system is secure. It is done through registrars-credible institutions like state government, banks, Common Service Centres which employ enrolment agencies empanelled by UIDAI. The latter, in turn, employ operators certified by the authority. Aadhaar enrolments are done only through customized software developed and provided by UIDAI. Every day, the operators have to log into the enrolment machine through their Aadhaar number and fingerprints. Once an enrolment is done, the operator is required to sign through his/ her biometrics. Moreover, at the time of enrolment itself, the captured data is encrypted and can't be read by anyone other than the UIDAI server.

Myth: People are being denied benefits and rations because they don't have Aadhaar or because of biometrics issues
Fact: UIDAI CEO Ajay Bhushan Pandey has clarified to the media that though Section 7 of the Aadhaar Act stipulates that benefits and subsidies from the Consolidated Fund of India shall be given on the basis of Aadhaar or proof of possession of an Aadhaar number, the lack of it cannot be grounds for denial. "Section 7 specifies that till Aadhaar number is prescribed, the benefits should be given through alternate means of identification," Pandey said to The Hindu.

The Act also provides for statutory protection to those who are unable to authenticate because of worn-out fingerprints, medical conditions like leprosy or other reasons such as technical faults. "The field agencies have been accordingly instructed through the notifications issued by the government. In spite of this, if a person is denied because he does not have Aadhaar or he is unable to biometrically authenticate, it is undisputedly a violation of instructions issued by the government and such violators have to be punished," added Pandey.

Myth: Publicly sharing the Aadhaar number, to track a lost Amazon package, for instance, makes one susceptible to identity fraud
Fact: Your Aadhaar number, just like your mobile phone number or bank account number, is not a secret though it is certainly sensitive personal information. Just as no one can hack into your bank account using just the account number, identity theft is impossible using the Aadhaar number alone.

What you need to assiduously protect are things like passwords, including OTPs, and PINs. A prudent practice would be to never put up any sensitive personal information on websites or social media platforms.

For more details visit https://cis-india.org/internet-governance/news/aadhaar-linking-deadline-approaches-here-are-all-the-myths-and-facts

Twitter India Workshop

Admin — 2018-01-01T16:10:28Z

Manasa Rao attended a workshop organized by Twitter titled "The Network Effort". It was an effort by the Public Policy and Government team at Twitter to enable NGOs and non-profits to conduct successful Twitter campaigns and teach them best practices.

The handbook for the workshop is here.

For more details visit https://cis-india.org/internet-governance/news/twitter-india-workshop

State-led interference in encrypted systems: A public debate on different policy approaches

Admin — 2017-12-05T14:03:09Z

State-led interference in encrypted systems. Sunil Abraham is a speaker for this event.

Proposer's Name: Mr. Carlos Alberto Afonso
Proposer's Organization: Instituto Nupef
Co-Proposer's Name: Mr. Hartmut Glaser
Co-Proposer's Organization: CGI.br

Co-Organizers:

Mr., Carlos, AFONSO,Civil Society, Instituto Nupef
Mr. Hartmut, GLASER, Technical Community, CGI.br
Ms. Jamila, VENTURINI,Technical Community, NIC.br
Mr. Diego, CANABARRO, Technical Community, NIC.br

Session Format: Other - 90 Min
Format description: The session is designed to host a dialectic debate segment followed by a traditional round-table segment structured around a Q&A format.

Proposer:
Country: Brazil
Stakeholder Group: Civil Society

Co-Proposer:
Country: Brazil
Stakeholder Group: Technical Community

Speakers

Christoph Steck (Telefonica, Spain)
Riana Pfefferkorn (Stanford CIS, EUA)
Cristine Hoepers (CERT.br, Brazil)
Carlos A. Afonso (Nupef Institute, Brazil)
Neide Oliveira (Federal Prosecution Service, Brazil)
Sunil Abraham (CIS India)
Monica Guise Rosina (Facebook Brazil)
Jonah F. Hill (NTIA, EUA)
Nina Leemhuis Janssen (Govt of The Netherlands)

Content of the Session

The workshop is built around a policy question that approaches some historical controversies inherent to the widespread use and availability of encryption in the Internet, with a special focus on the tension between the increasing use of cryptography after Snowden and the supposed challenges it poses to public and national security in a digital era. The session promotes a space for multistakeholder debate on: the state of the art in the development and employment of cryptography; different attitudes towards the freedom to use encryption in different jurisdictions; modes of state-led interference in/with encrypted systems; and the limits posed by national and international law to such interference, as well as the impacts it might have to the protection and promotion fundamental human rights and shared values, to permission-less innovation on the Internet and the open architecture of the network. The session will host two segments: one will consist of two presentations made by government officials from the UK and the Netherlands that will detail different policy approaches for dealing with the use of encryption. The second comprises a multistakeholder round-table that gathers comments and questions about the previous presentations. In the end, moderators will summarize discussions and an overarching and documented report of the session will be made available for the session. The unorthodox format chosen for this session allows public scrutiny over some very practical policy-oriented approaches. The bulk of discussions registered during the workshop can provide dialogued feedback into policy development processes elsewhere.

Relevance of the Session

The development and use of encryption to protect information and communication dates back to ancient times. Encryption has been mainly employed over the centuries to protect personal data, business information, governmental classified information, etc. Attempts to break encryption in general as well as the notion of inserting vulnerabilities (such as backdoors) in systems that rely on encryption have been a parallel phenomenon to (and also an integral part of) the longstanding efforts of cryptography. One might even say that those two processes function as the two different sides of the same coin.

The advent and the great pace of development of computing and networking technologies boosted the science behind cryptography to unprecedented levels of relevance for society in general. More recently, after the Snowden affairs, cryptography has been perceived as a necessary condition (not a sufficient one though) for Internet users to curb the abuses entailed by massive digital surveillance and espionage by an ever growing number of countries. In parallel, together with other measures, the deployment of encryption to commercial applications seems to have become a, somehow, sine qua non condition for some Internet companies to regain consumer trust and retain competitive advantages in relation to other players in the market.

The widespread use and availability of encryption tools however refueled tensions and entailed policy responses in a myriad of countries (e.g.: the Apple vs FBI case in the context of the San Bernadino Shooting; the announcement made by some European countries of their willingness to outlaw some uses of encryption as well as the public commitment of the Netherlands government to support encryption and oppose the development of backdoors; and the successive orders by Brazilian courts that aimed at blocking Whatsapp in the country due to the company’s denial to delivery communication records from some of its users). Those tensions generally revolve around the fact that as general-purpose technology, encryption can be also employed to conceal irregular and/or illicit activities, which would justify the creation of some narrow but allegedly needed exceptions to the constitutional limits built over the last century in several countries to impose limits to criminal investigation in order to uphold privacy and personal data protection.

The cases mentioned above gave rise to fierce discussions on whether or not the use of encryption increases by itself the likelihood of and facilitate the occurrence of crime and other illicit activities (most notably organized crime of all sorts and terrorism). Some law enforcement agencies and security forces have argued that encryption impairs crime investigation and the prosecution of criminals, and therefore the development of technology with embedded backdoors might be needed. Other actors, including representatives from the technical community, however, argue that such interference might disrupt regularly protected flows of information and communication as well as compromise privacy and the protection of other fundamental human rights. At this point, we are in a stage in which the trade-off between those two perspectives have to be settled through democratic means and public participation and that is why this workshop was submitted for the IGF 2017.

Besides dealing with several different topics that comprise the overarching agenda of Internet governance (human rights, cybersecurity, openness and permission-less innovation, economic development, infrastructure governance, etc), the topic of this workshop is directly connected to two different goals comprised in the UN SDGs: sound institutions and innovation. Discussions on the contours of sound political institutions and on challenges and incentives for innovation are integral components of any sort of political agenda that aims at reflecting upon the “digital future”, which is the case of the 2017 IGF and highlight the importance of adding this proposal to the overall agenda of the event.

For more details visit https://cis-india.org/internet-governance/news/state-led-interference-in-encrypted-systems-a-public-debate-on-different-policy-approaches

India’s Data Protection Regime Must Be Built Through an Inclusive and Truly Co-Regulatory Approach

amber — 2018-01-01T16:18:54Z

We must move India past its existing consultative processes for rule-making, which often prompts stakeholders to take adversarial and extremely one-sided positions.

The article was published in the Wire on December 1, 2017.

Earlier this week, the Ministry of Electronics and Information Technology released a white paper by a “committee of experts” appointed a few months back led by former Supreme Court judge, Justice B.N. Srikrishna, on a data protection framework for India. The other members of the committee are Aruna Sundararajan, Ajay Bhushan Pandey, Ajay Kumar, Rajat Moona, Gulshan Rai, Rishikesha Krishnan, Arghya Sengupta and Rama Vedashree.

With the exception of Justice Srikrishna and Krishnan, the rest of the committee members are either part of the government or part of organisations that have worked closely with the government on separate issues relating to technology, with some of them also having taken positions against the fundamental right to privacy.

Refreshingly, the committee and the ministry has opted for a consultative process outlining the issues they felt relevant to a data protection law, and espousing provisional views on each of the issues and seeking public responses on them. The paper states that on the basis of the response received, the committee will conduct public consultations with citizens and stakeholders. Legitimate concerns were raised earlier about the constitution of the committee and the lack of inclusion of different voices on it. However, if the committee follows an inclusive, transparent and consultative process in the drafting of the data protection legislation, it would go a long way in addressing these concerns.

The paper seeks response to as many as 231 questions covering a broad spectrum of issues relating to data protection – including definitions of terms such as personal data, sensitive personal data, processing, data controller and processor – the purposes for which exemptions should be available, cross border flow of data, data localisation and the right to be forgotten.

While a thorough analysis of all the issues up for discussion would require a more detailed evaluation, at this point, the process of rule-making and the kind of governance model envisaged in this paper are extremely important issues to consider.

In part IV of the paper on ‘Regulation and Enforcement’, there is a discussion on a co-regulatory approach for the governance of data protection in India. The paper goes so far as to provisionally take a view that it may be appropriate to pursue a co-regulatory approach which involves “a spectrum of frameworks involving varying levels of government involvement and industry participation”.

However, the discussion on co-regulation in the white paper is limited to the section on regulation and enforcement. A truly inclusive and co-regulatory approach ought to involve active participation from non-governmental stakeholders in the rule-making process itself. In India, unfortunately, we lack a strong tradition of lawmakers engaging in public consultations and participation of other stakeholders in the process of drafting laws and regulation. One notable exception has been the Telecom Regulatory Authority of India (TRAI), which periodically seeks public responses on consultation papers it releases and also holds open houses occasionally. It is heartening to see the committee of experts and the ministry follow a similar process in this case.

However, these are essentially examples of ‘notice and comment’ rulemaking where the government actors stand as neutral arbiters who must decide on written briefs submitted to it in response to consultation papers or draft regulations that it notifies to the public.

This process is, by its very nature, adversarial, and often means that different stakeholders do not reveal their true priorities but must take extreme one-sided positions, as parties tend to at the beginning of a negotiation.This also prevents the stakeholders from sharing an honest assessment of the actual regulatory challenge they may face, lest it undermine their position.

This often pits industry and public interest proponents against each other, sometimes also leading to different kinds of industry actors in adversarial positions. An excellent example of this kind of posturing, also relevant to this paper, is visible in the responses submitted to the TRAI on the its recent consultation paper on ‘Privacy, Security and Ownership of data in Telecom Sector’. One of the more contentious issue raised by the TRAI was about the adequacy of the existing data protection framework under the license agreement with telecom companies, and if there was a need to bring about greater parity in regulation between telecom companies and over-the-top (OTT) service providers. Rather than facilitating an actual discussion on what is a complex regulatory issues, and the real practical challenges it poses for the stakeholders, this form of consultation simply led to the telecom companies and OTT services providers submitting contrasting extreme positions without much scope for engagement between two polar arguments.

A truly co-regulatory approach which also extends to rulemaking would involve collaborative processes which are far less adversarial in their design and facilitate joint problem solving through multiple face to face meetings. Such processes are also more likely to lead to better rule making by using the more specialised knowledge of the different stakeholders about technology, domain-specific issues, industry realities and low cost solutions. Further, by bringing the regulated parties into the rulemaking process, the ownership of the policy is shared, often leading to better compliance.

Within the domain of data protection law itself, we have a few existing models of robust co-regulation which entail the involvement of stakeholders not just at the level of enforcement but also at the level of drafting. The oldest and most developed form of this kind of privacy governance can be seen in the study of the Dutch privacy statute. It involved a central privacy legislations with broad principles, sectoral industry-drafted “codes of conduct”, government evaluations and certifications of these codes; and a legal safe harbour for those companies that follow the approved code for their sector. Over a period of 20 years, the Dutch experience saw the approval of 20 sectoral codes across a variety of sectors such as banking, insurance, pharmaceuticals, recruitment and medical research.

Other examples of policies espousing this approach include two documents from the US – first, a draft bill titled ‘Commercial Privacy Bill of Rights Act of 2011’ introduced before the Congress by John McCain and John Kerry, and second, a White House Paper titled ‘Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy And Promoting Innovation In The Global Digital Economy’ released by the Obama administration. Neither of these documents have so far led to a concrete policy. Both of these policies envisioned broadly worded privacy requirements to be passed by the Congress, followed by the detailed rules to be drafted. The Obama administration white paper is more inclusive in mandating that ‘multi-stakeholder groups’ draft the codes that include not only industry representatives but also privacy advocates, consumer groups, crime victims, academics, international partners, federal and state civil and criminal law enforcement representatives and other relevant groups.

The principles that emerge out this consultative process are likely to guide the data protection law in India for a long time to come. Among democratic regimes with a significant data-driven market, India is extremely late in arriving at a data protection law. The least that it can do at this point is to learn from the international experience and scholarship which has shown that merits of a co-regulatory approach which entails active participation of the government, industry, civil society and academia in the drafting and enforcement of a robust data protection law.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime

November 2017 Newsletter

praskrishna — 2018-01-10T01:57:29Z

November 2017 Newsletter

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. She posed a question on the agenda 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on Limitations and Exceptions for Libraries and Archives and GRULAC Proposal for Analysis of Copyright in the Digital Environment. CIS-A2K signed a Memorandum of Understanding with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu. The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society gave comments on GIGW. The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in an article in the Business Standard on November 1, 2017. DataMeet and CIS have collaborated on identifying and addressing the challenges to open up and integrate data and information in the water sector. CIS commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector published by the Telecom Regulatory Authority of India on August 9, 2017. CIS published a report that compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them. CIS sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing. The submission drew on research primarily done in the Pervasive Technologies project.

Highlights

Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. She posed a question on the agenda 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on Limitations and Exceptions for Libraries and Archives and GRULAC Proposal for Analysis of Copyright in the Digital Environment.
CIS-A2K signed a Memorandum of Understanding with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu.
The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society gave comments on GIGW.
The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in an article in the Business Standard on November 1, 2017.
DataMeet and CIS have collaborated on identifying and addressing the challenges to open up and integrate data and information in the water sector.
CIS commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector published by the Telecom Regulatory Authority of India on August 9, 2017.
CIS published a report that compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them.
CIS sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing. The submission drew on research primarily done in the Pervasive Technologies project.

CIS in the News:

Big Data for governance (Alekhya Hanumanthu; Telangana Today; November 4, 2017).
How tech is making life easier for differently-abled (Shalini Umachandrani; November 7, 2017).
India Today Conclave Next 2017: Aadhaar was rushed, says MP Rajeev Chandrashekhar (Priya Pathak; India Today; November 8, 2017).
What You Need To Worry About Before Linking Your Mobile Number With Aadhaar (Roopa Raju and Shekhar Rai; Youth Ki Awaaz; November 8, 2017).
OPINION | Data is New Oil and Human Mind the New Battlefield. India Must Wake Up Now (Lt. General (Retd.) D. S. Hooda; News18.com; November 11, 2017).
Aadhaar seeding: benefits and concerns (Shaikh Zoaib Saleem; Livemint; November 14, 2017).
Privacy issues exist even without Aadhaar (Ronald Abraham; November 15, 2017).
Advocating for Openness: Nine Ways Civil Society Groups Have Mobilized to Defend Internet Freedom (Centre for International Media Assistance; November 15, 2017).
Govt working to set up financial CERT to tackle cyber threats (Komal Gupta; Livemint; November 16, 2017).
Financial CERT to combat cyber threats, says MoS home affairs (CISO MAG; November 17, 2017).
UIDAI admits 210 government websites made Aadhaar details public (Financial Express; November 20, 2017).
India’s internet missionaries: The women Google is relying on to spread its Next Billion message (Sunny Sen; Livemint; November 21, 2017).
FCC’s plan to repeal net neutrality may not impact India (Surabhi Agarwal; Economic Times; November 23, 2017).
Indian activists slam FCC decision to ditch net neutrality (Kul Bhushan; Hindustan Times; November 23, 2017).
FCC’s plan to repeal net neutrality may not impact India (Surabhi Agarwal; Economic Times; November 23, 2017).
Why should you keep a close eye on the net neutrality debate in the US (Subhrojit Mallick; Digit; November 24, 2017).
Cyberattacks a significant threat to democracy: Modi (Komal Gupta; Livemint; November 24, 2017).
Aadhaar verification at airports raises need for stricter data privacy regulations (Aman Sethi; Hindustan Times, November 27, 2017).
IDAP Interview Series: Interview with Nirmita Narasimhan (IDIA Law; November 27, 2017).
Govt releases white paper on data protection framework (Komal Gupta; Livemint; November 28, 2017).
Bengalureans to receive Helen Keller award (Deccan Herald; November 30, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Submission

Comments on Guidelines for Indian Government Websites (Nirmita Narasimhan; November 26, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright & Patent

35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; November 15, 2017).
35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; November 17, 2017).
35th SCCR: CIS' Question to Dr. Rostama on her Study on the Impact of the Digital Environment on Copyright Legislation (Anubha Sinha; November 19, 2017).

►Wikipedia

Blog Entry

CIS-A2K signs MoU with Telangana Government (Manasa Rao; November 8, 2017).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entries

A Comparison of Legal and Regulatory Approaches to Cyber Security in India and the United Kingdom (Divij Joshi; edited by Elonnai Hickok; November 12, 2017).
Counter Comments on TRAI's Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector (Amber Sinha; November 23, 2017).

Participation in Event

BIS International Seminar on Internet of Things (Organized by BIS; November 15, 2017; India Habitat Centre, New Delhi). Amber Sinha attended the event.
Internet Universality Indicators for a Safe, Secure and Inclusive Cyberspace for Sustainable Development (Organized by UNESCO in collaboration with the Ministry of Electronics and IT, Government of India; UNESCO Conference Room, Chanakyapuri, New Delhi; November 17, 2017). Amber Sinha attended the event.

Roundtable on Data Integrity and Privacy (Organized by Observer Research Foundation; November 18, 2017). The round table discussion was chaired by Shri Baijayant Panda, Hon'ble Member of Parliament.

►Cyber Security

Blog Entry

Breach Notifications: A Step towards Cyber Security for Consumers and Citizens (Amelia Andersdotter; November 14, 2017).

Event Organized

Roundtable on Enhancing Indian Cyber Security through Multi-Stakeholder Cooperation (Indian Islamic Centre; Lodhi Road; New Delhi; November 4, 2017).
Open House on Security Practices in FinTech (Organized by CIS and Has Geek; November 17, 2017).

Participation in Event

Multinational Cyber Security Forum at University of Haifa (Organized by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative; November 5 - 7, 2017). Sunil Abraham participated in the meeting held in Israel.
Global Commission on the Stability of Cyberspace (GCSC) (Organized by GCSC; November 21, 2017; New Delhi). Pranesh Prakash participated in the event.

-----------------------------------
Telecom
-----------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Nobel Laureate Richard Thaler's Views On Auctions (Shyam Ponappa; Business Standard; November 1, 2017).

Submission

Comments on TRAI Consultation Paper on Promoting Local Telecom Equipment Manufacturing (Anubha Sinha; November 26, 2017).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Articles

Digital native: Rebellion by Google Doc (Nishant Shah; Indian Express; November 4, 2017)
Digital native: Let there be life (Nishant Shah; Indian Express; November 19, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/november-2017-newsletter

FIGI Symposium 2017

Admin — 2018-01-01T16:29:42Z

Innovative Approaches to Digital Financial Inclusion Challenges.

The first edition of the Financial Inclusion Global Initiative (FIGI) Symposium was held in Bangalore, India, from 29 November to 1 December 2017. The Symposium was organized jointly by the Telecommunication Standardization Bureau (TSB) of the International Telecommunication Union (ITU), jointly with the Bill & Melinda Gates Foundation, the World Bank and the Committee on Payments and Market Infrastructure (CPMI) and the kind support of the Government of India.

Elonnai Hickok participated in the symposium and spoke in the "Security, Infrastructure, and Trust" working group on big data and privacy in DFS. For more info on the symposium, see here.

For more details visit https://cis-india.org/internet-governance/news/figi-symposium-2017

Govt releases white paper on data protection framework

Admin — 2017-11-28T14:34:09Z

Public comments are welcome till 31 December on the data protection white paper, which is aimed at securing digital transactions and addressing privacy issues.

The article by Komal Gupta was published in Livemint on November 28, 2017

A nuanced approach towards data protection will have to be followed in India, keeping in mind the fact that individual privacy is a fundamental right limited by reasonable restrictions, according to a white paper issued by the government on a data protection framework.

The government has sought public comments till 31 December on the white paper, which is aimed at securing digital transactions and addressing customer and privacy protection issues.

The white paper, drafted by the committee of experts on data protection framework, was released by the ministry of electronics and information technology on Monday.

On 31 July, the government constituted a 10-member committee of experts headed by former Supreme Court justice B.N. Srikrishna to study various issues relating to data protection and make specific suggestions on the principles to be considered for data protection as well as suggest a draft Data Protection bill.

Other members of the committee include telecom secretary Aruna Sundararajan, Unique Identification Authority of India chief executive Ajay Bhushan Pandey, and additional secretary in the information technology ministry Ajay Kumar.

The committee seeks to put the onus on stakeholders and the public through a questionnaire on issues such as collection of personal data, consent of consumers, penalties and compensation, code of conduct and an enforcement model that should be set up.

“The sensitivity of the data could also develop based on its combination with other types of information. For example, an email address taken in isolation, is not sensitive. However, if it is combined with a password, then it could become sensitive as it opens access to many other websites and systems, which may expose the individual to harm such as cyberattacks and phishing frauds,” the white paper said.

It is also possible that personal or even non-personal data, when processed using big data analytics, could be transformed into sensitive personal data. Therefore, there may be a need to create safeguards which will prevent misuse of personal information in these contexts of use, it added.

The white paper also seeks “to designate certain lawful grounds under which data can be processed, even in the absence of consent.”

In some situations, seeking consent prior to a data processing activity would not be possible, or it may defeat the purpose of the processing. For instance, where law enforcement officials need to apprehend a criminal, seeking the consent of the criminal prior to processing would defeat the purpose of the investigation, it said.

“It seems to be an eminently reasonable white paper which raises the right questions. However, it lacks analysis of data protection vis-a-vis Aadhaar,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

Safeguarding privacy rights needs much more than a data protection law; it needs a larger consultation that includes issues like surveillance as well, added Prakash.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-28-2017-komal-gupta-govt-releases-white-paper-on-data-protection-framework

Multinational Cyber Security Forum at University of Haifa

Admin — 2017-11-27T14:34:59Z

Sunil Abraham participated in a meeting in Israel on Multinational Cyber Security Forum hosted by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative.

The workshop was held from November 5 to 7, 2017. The objective of the workshop was to facilitate a free and open exchange among participants under the Chatham House Rules. The workshop sought to identify areas of agreement and dissent pertaining to cyber security regulation and to explore issues that require further research, clarification and development.

For more details visit https://cis-india.org/internet-governance/news/multinational-cyber-security-forum-at-university-of-haifa

Data Protection and Privacy in India: The (Fundamental) Right Way

Admin — 2017-11-27T14:01:02Z

Amber Sinha attended a roundtable conference on data protection and privacy on October 30, 2017 at India Habitat Centre in New Delhi. The close-door event was organised by the Indian Council for Research on International Economic Relations.

Participants at the conference discussed:

Role of consent in data protection, how it should be configured in India
Conflicts between the data minimization principle and big data
Governance approaches to data protection
Propertarian view of data
Need for capacity building in India and institutions who should be involved in the data protection regime, and
Cross border data flows and data localisation

For more details visit https://cis-india.org/internet-governance/news/data-protection-and-privacy-in-india-the-fundamental-right-way