We are anonymous, we are legion

Proxies and VPNs: Why govt can't ban porn websites?

pranesh — 2015-09-13T08:26:17Z

The government's move to block more than 800 pornographic websites has led experts to question whether this latest attempt to police the internet is even feasible.

The article by Siladitya Ray was published in the Hindustan Times on August 3, 2015. Pranesh Prakash was quoted.

Internet service providers (ISPs) have confirmed they received letters from the Department of Telecommunications (DoT) on Saturday that directed them to block certain websites. But can the government stop users from visiting porn sites?

The answer seems to be no.

"It is extremely easy to circumvent these blocks, using virtual private networks (VPNs) and proxies that anonymise your traffic," said Pranesh Prakash, policy director at the Centre for Internet and Society in Bengaluru.

A cursory Google search on how to unblock porn websites throws up millions of how-tos and guides on using proxies and VPNs to get around restrictions set by authorities. All these services anonymise users’ web traffic by routing them through foreign servers.

According to data from Pornhub, one of the world's biggest porn sites, India ranks fifth for the most daily visitors to the website. Pornhub saw a total of 78.9 billion video views globally in 2014.

The government can try to keep up with proxies and block them too. But as proxies change on a daily basis and there are always dozens of functioning proxies to choose from across, blocking all of them will be a near impossible task.

Tor, an anonymity network, is also a popular way to surf blocked sites.

But is it legal to circumvent blocks put in place by authorities by using VPNs and proxies?

There is no law in India that prohibits viewing pornography, experts say. Section 67 of the Information Technology Act only deals with "publishing obscene information in electronic form".

This provision has been interpreted as a measure to criminalise the posting of pornographic content online. However, accessing "obscene" content privately – such as within the four walls of a person’s home – is not illegal, say experts.

In July, while hearing a petition seeking the blocking of pornographic websites, Supreme Court Chief Justice HL Dattu wondered whether the court could restrain an adult from watching pornography within his home and described such a ban as a violation of Article 21 of the Constitution, which grants the right to personal liberty to its citizens.

But what about the legality of using VPNs and proxies? “There are no laws preventing the use of VPNs and proxies in India," said Prakash.

Are proxies and VPNs safe?

While the use of proxies and VPNs is very simple, they do come with their own set of problems. These services have access to all your browsing data and may push adware and other forms of malware.

Prakash advised that users should only choose services that are well known and have a good reputation.

"Sites like TorrentFreak put out annual lists of the top VPNs available," he said. These can be used as a guide to determine what services are safe.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-august-3-2015-siladitya-ray-proxies-and-vpns

Provide hacker details, outfit that claimed data leak told

praskrishna — 2017-06-07T12:14:13Z

The Unique Identification Authority of India (UIDAI), the regulatory authority for Aadhaar, has written to a Bengaluru-based research organisation, Centre for Internet & Society (CIS), seeking details about a suspected hack attack on government websites that led to the leak of information about 13 crore users.

The article by Mahendra Singh was published in the Times of India on May 18, 2017.

In a recent report, CIS had highlighted that websites run by various government departments, owing to a poor security framework, had publicly displayed sensitive personal financial information and Aadhaar numbers of beneficiaries of certainprojects.

In its letter, UIDAI argued that the data downloaded from one of the websites could not have been accessed unless the website was hacked. As hacking is a grave offence under the law, the UIDAI has asked CIS to provide details of the persons involved in the data theft.

According to a source, the UIDAI said that access to data on the website for the 'National Social Assistance Program' was only possible for someone in possession of authorised login details, or if the site (http://nsap.nic.in) was hacked or breached. The UIDAI said in its letter that such illegal access was against the provisions of the Aadhaar Act, 2016, and the IT Act, 2000, and that the persons involved had committed a grave offence.

Asking the CIS to reply before May 30, the UIDAI also said, "Aadhaar system is a protected system under Section 70 of the IT Act, 2000, the violation of which is punishable with rigorous imprisonment for a period up to 10 years." It added that the penalty clauses for violations are also provided in Section 36, Section 38 and Section 39 of the Aadhaar Act.

The UIDAI, however, maintained that even if the Aadhaar details were known to someone it did not pose a real threat to the people whose information was publicly available because the Aadhaar number could not be misused without biometrics.

The UIDAI letter said, "While, as your report suggests, there is a need to strengthen IT security of government websites, it is also important that the persons involved in hacking such sensitive information are brought to justice for which your assistance is required under the law."

"Your report mentions 13 crore people's data has been 'leaked'. Please specify how much of this data had been downloaded by you or are in your possession or in the possession of any other persons that you know. Please provide the details," the UIDAI added in its letter. The UIDAI also urged CIS to provide the details of the persons/organisations with whom it shared the data, if it did.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-mahendra-singh-may-18-2017-provide-hacker-details-outfit-that-claimed-data-leak-told

Protest@ censorship.com

praskrishna — 2012-06-05T04:23:19Z

Activism goes online as more angry young citizens decide to make their voices heard, writes Sandhya Soman in an article published in the Times of India. Pranesh Prakash is quoted in the article.

If there was a software code to ‘Invite All’, then Ashish D and friends would’ve called the world to land up at Gateway of India on June 9. The next best option for this netizen from Mumbai was to go online.

Hacktivism –– a form of activism for social change that uses computers and electronic networks –– is back. And the most recent protest is from hacker group Anonymous, which is trying to gather public support to stem internet censorship and blocking of websites in India by service providers and the government recently.

Since showing up in front of the town hall is not enough, Ashish has set up a Facebook page. Fellow netizens, irritated by the arbitrary blocking of sites and impressed by Anonymous OpIndia’s jabs at websites of political parties and corporates, are signing up to discuss the best possible venues to protest from.

Is there a better place than Marina beach in Chennai to make the maximum impact, wonders one user while another says it would be better to split up to cover more area in Mumbai. According to Pranesh Prakash, lawyer and programme manager at The Centre for Internet and Society, a Bangalore-based research organisation, a strong online presence helps protests to get publicity. A lot of the Jan Lokpal agitation happened online, he says.

“It is not enough to fast at Jantar Mantar. If you get 1,000 people to click ‘like’ or 40 people to retweet your tweet, then the site becomes the default area of protest,” he says. If those petitioners are 10 influential people, then it carries more weight with the media than a few hundred shouting slogans on the street.

“Also called electronic civil disobedience, hacktivism is geared to political ends,” writes Pramod K Nayar in his book ‘An Introduction to New Media and Cybercultures.’ Virtual sit-ins involving intellectuals and ordinary citizens and bombarding authorities with emails have been used by Mexican revolutionaries, Tamil separatists and protesters in Iran and the Middle East. “Hacktivism is clearly here to stay,” writes Nayar.

But it is not enough to collect a few digital signatures, says Nithin Manayath, one of the people behind the 2009 ‘Pink Chaddi’ campaign, which sought to protest in an irreverent manner the attacks against women by the radical Sri Ram Sena. Manayath and his friends sustained the campaign through a Facebook group, which saw thousands of pairs of pink underwear being sent to the office of the group that attacked women for what it considered ‘violations of Indian culture’.

“Marches, candlelight vigils and dharnas are something we do regularly. By the tenth dharna you will be so jaded that you go to the protest venue to meet friends,” says Manayath. After a while, this happens to online petitions also if you are not thinking about what you are doing. “What I liked about the ‘Pink Chaddi’ campaign was that we were responding to violence with a shameless act. It made me aware about many things and the novelty of the protest resonated with many people,” he says.

Though the current campaign is going the offline way on June 9, the hacking and denial of service attacks on websites by Anonymous have ensured that issue of blocking got publicity. “There is corporate and private censorship of internet and it is being done without enough proof of who is violating the copyrights of moviemakers. If these protests create awareness about the larger issues and developments in the areas of e-governance, IT Act and copyright law, then they could be helpful,” says Pranesh Prakash.

Meanwhile, Anonymous OpIndia, which is hoping for lifting of ban on websites, is already getting feelers from eager citizens on future issues. “Many people have requested us to protest other issues such gasoline price hike,” says a member. “And we always tell them that there are no strict rules, they can protest as per their needs.”

NET ANGST

Through Facebook, the ‘Pink Chaddi’ campaign of 2009 encouraged women to send undergarments to Sri Ram Sena. The right-wing group had attacked women for ‘violations of Indian culture’

Jan Lokpal campaign in 2011 had support from various online forums. They sent petitions to political parties and inundated a government website with e-mails.

Following the blocking of websites due to a court order to prevent copyright violations.

Anonymous OpIndia targeted government and corporate websites. It is mobilising people for protests in nearly 11 cities on June 9.

Read the original here

For more details visit https://cis-india.org/news/protest-at-censorship

Protection of Privacy in Mobile Phone Apps

Hitabhilash Mohanty and Edited by Leilah Elmokadem — 2016-12-15T14:18:43Z

The term “Fintech” refers to technology-based businesses that compete against, enable and/or collaborate with financial institutions. The year 2015 was a critical year for the Indian fintech industry, which saw the rise of numerous fintech start-ups, incubators and investments from the public and private sector.

According to NASSCOM, the Indian fintech market is worth an estimated USD 1.2 billion, and is predicted to reach USD 2.4 billion by 2020.[1] The services brought forth by Fintech, such as digital wallets, lending, and insurance, have transformed the ways in which businesses and institutions execute dayto-day transactions. The rise of fintech in India has rendered the nation’s market a point of attraction for global investment.[2] Fintech in India is perceived both as a catalyst for economic growth and innovation, as well as a means of financial inclusion for the millions of unbanked individuals and businesses. The government of India, along with regulators such as SEBI (Securities and Exchange Board of India) and RBI (Reserve Bank India), has consistently supported the digitalization of the nation’s economy and the formation of a strong fintech ecosystem through funding and promotional initiatives.[3]

The RBI has been pivotal in enabling the development of India’s fintech sector and adopting a cautious approach in addressing concerns around consumer protection and law enforcement. Its key objective as a regulator has been to create an environment for unimpeded innovations by fintech, expanding the reach of banking services for unbanked populations, regulating an efficient electronic payment system and providing alternative options for consumers. The RBI’s prime focus areas for enabling fintech have been around payment, lending, security/biometrics and wealth management. For example, the RBI has introduced “Unified Payment Interface” with the NPCI (National Payments Corporation of India), which has been critical in revolutionizing digital payments and pushing India closer to the objective of a cash-less society. It has also released a consultation paper on regulating Peer 2 Peer (P2P) lending market in India, highlighting the advantages and disadvantages of regulating the sector.[4]

The consultation paper offers a definition of P2P lending as well as a general explanation of the activity and the digital platforms that facilitate transactions between lenders and borrowers. It also provides a set of arguments for and against regulating P2P lending. The arguments against regulating the sector mainly pertain to the risk of stifling the growth of an innovative, efficient and accessible avenue for borrowers who either lack access to formal financial channels or are denied loans by them.[5]

This is the general consensus around the positive impact of the Fintech sector in India: its facilitation of financial inclusion and economic opportunity. However, the paper lists many more arguments for regulation than against. One of the main points made is with regards to P2P lending’s potential to disrupt the financial sector by challenging traditional banking channels. There is also the argument that, if properly regulated, the P2P lending platforms can more efficiently and effectively exercise their potential of promoting alternative forms of finance.[6]

The paper concludes that the balance of advantage would lie in developing an appropriate regulatory and supervisory toolkit that facilitates the orderly growth of the P2P lending sector in order to harness its ability to provide an alternative avenue for credit for the right borrowers[7]

The RBI’s regulatory framework for P2P lending platforms encompasses the permitted activity, prudential regulations on capital, governance, business continuity plan (BCP) and customer interface, apart from regulatory reporting.[8]

The Securities and Exchange Board of India (SEBI) is also a prominent regulator of the Indian fintech sector. They issued a consultation paper on “crowdfunding”, which is defined as the solicitation of funds (small amounts) from multiple investors through a web-based platform or social networking site for a specific project, business venture or social cause. P2P lending is then a form of crowdfunding, which can be understood as an umbrella term that covers fintech lending practices. SEBI’s paper aimed to provide a brief overview of the global scenario of crowdfunding including the various prevalent models under it, the associated benefits and risks, the regulatory approaches in different jurisdictions, etc. It also discusses the legal and regulatory challenges in implementing the framework for crowdfunding. The paper proposes a framework for ushering in crowdfunding by giving access to capital markets to provide an additional channel of early stage funding to Start-ups and SME’s and seeks to balance the same with investor protection.[9] Unlike RBI’s consultation paper on P2P lending, SEBI’s paper on crowdfunding was intended mainly to invite discussion and not necessarily to implement a framework for regulation.

Some of the benefits cited in SEBI’s crowdfunding paper pertain to the commonly mentioned advantages of fintech: economic opportunity for the SME sector and start-ups, alternative lending systems to keep SMEs alive when traditional banks crash, new investment avenues for the local economy and increased competition in the financial sector.[10]

The paper also lists a set of risks that suggest the need for a regulatory framework for crowdfunding. For example, it mentions the “substitution of institutional risk by retail risk”, meaning that individual lenders, who’s risk tolerance may be low, bear the risk of low/no return investors when they lend to SMEs without adequate assessment of credit worthiness. Also, there is the risk that the digital platform that facilitates lending and issues all the transactions, may not conduct proper due diligence. If the platform is temporarily shut down or closed permanently, no recourse is available to the investors.[11]

The SEBI paper mentions a long list of other risks associated with crowdfunding, mostly associated with systemic failures, loan defaults, fraud practices, and information asymmetry. Information asymmetry refers partially to the chance that lending decisions are made based on incomplete data sets that are based on social networking platforms. There is a lack of transparency and reporting obligations in issuers including with respect to the use of funds raised.[12]

Similar to the RBI consultation paper, SEBI makes a decent effort to weigh the costs and benefits of crowdfunding practices but only does this from an economic/financial perspective. Most of the cited risks, benefits and concerns tend to overlook information security and risks of privacy breaches of the implicated borrowers.

India Stack is a paperless and cashless service delivery system that has been supported by the Indian government as part of the fintech sector. It is a new technology paradigm that is designed to handle massive data inflows, and is poised to enable entrepreneurs, citizens and governments to interact with one another transparently. It is intended to be an open system to electronically verify businesses, people and services. It allows the smartphone to become the delivery platform for services such as digital payments, identification and digital lockers. The vision of India Stack is to shift India towards a paperless economy.[13]

The central government, based on its experience with the Aadhaar project, decided to launch the opendata initiative in 2012 supported by an open API policy, which would pave the way for private technology solutions to build services on top of Aadhaar and to make India a digital cash economy. Unified Payments Interface (UPI), which will make mobile payments card-less and completely digital, allows consumers to transact directly through their bank account with a unique UPI identity that syncs to Aadhaar’s verification and connects to the merchant, the settlement and the issuing bank to close transactions.[14]

It is suspected that India Stack will shift in business models in banking from low-volume, high-value, high-cost and high fees to high-volume, low-value, low cost and no fees. This well lead to a drastic increase in accessibility and affordability, and the market force of consumer acquisition and the social purpose of mass inclusion will converge.[15]

India Stack serves as an example of how the Government of India has supported initiatives that would promote the fintech sector while facilitating economic growth and financial opportunity for unbanked individuals. However, there is continuous discussion around India Stack’s attachment to the Aadhaar system, which can lead to the exclusion of unregistered individuals from the benefits that would otherwise be reaped from the open-data initiative. It can also result in many privacy and security breaches when records of individuals’ daily transactions are attached to their Aadhaar numbers, which carry their biometric information and is linked to other personal data that is held by the government such as health records.

Download the Full Report

[1]. KPMG: https://assets.kpmg.com/content/dam/kpmg/pdf/2016/06/FinTech-new.pdf

[2]. Id.

[3]. Id.

[4]. Id.

[5]. RBI 2P2 Consultation Paper, https://rbidocs.rbi.org.in/rdocs/content/pdfs/CPERR280416.pdf

[6]. Id.

[7]. Id.

[8]. Id.

[9]. SEBI Crowdfunding consultation paper, http://www.sebi.gov.in/cms/sebi_data/attachdocs/1403005615257.pdf

[10]. Id.

[11]. Id.

[12]. Id.

[13]. Krishna, https://yourstory.com/2016/07/india-stack/

[14]. Id.

[15]. Nilekani, http://indianexpress.com/article/opinion/columns/the-coming-revolution-in-indian-banking-2924534/

For more details visit https://cis-india.org/internet-governance/blog/protection-of-privacy-in-mobile-phone-apps

Proposed Intermediary Liability Rules threat to privacy and free speech, global coalition tells MeitY

Zaheer Merchant — 2019-03-20T15:56:51Z

“We respectfully call on you to withdraw the draft amendments proposed to the Information Technology (Intermediary Guidelines) Rules in December. As published, the draft amendments would erode digital security and undermine the exercise of human rights globally.”

The blog post by Zaheer Merchant was published by Medianama on March 18, 2019.

A global coalition of 31 civil society organizations and technology experts has called on MeitY to reconsider the proposed amendments to the Intermediary Liability Rules, terming them a threat to privacy and free speech. In a letter to the ministry dated March 15, the coalition said that the proposed amendments “would harm fundamental rights and the space for a free internet, without necessarily addressing the problems that the ministry aims to resolve.” Some of the signatories are Centre for Internet and Society, SFLC.in, Internet Freedom Foundation, Government Accountability Project and Human Rights Watch, among others (A copy of the letter is attached at the bottom). The letter breaks down its reasons for opposing the proposed amendments:

1. Traceability would undermine security, lead to surveillance

Under the proposed guidelines, intermediaries would have to ensure ‘traceability’ of messages by providing information related to its originator and receivers. This, the letter argues, would force intermediaries to undermine the security of of their platforms and create a surveillance regime. “Undermining security features to ensure traceability would affect all users of that platform, not just those that are the subjects of the information request,” the letter reads. “… such wide and ambiguous powers… on interception of communications would directly harm the fundamental right to privacy of Indians and facilitate unchecked surveillance.”

2. Data retention antithetical to privacy, must go

The letter also states that the data retention mandate included in the draft guidelines is antithetical to privacy. The guidelines state that intermediaries must preserve content requested by law enforcement for 180 days or longer. This open-ended data retention, the letter argues, contradicts the principle of ‘Storage Limitation’ recommended by the Srikrishna Committee. “Provisions regarding storage limitation and data retention must not be included within the fold of the Intermediary Guidelines, and should be subject to parliamentary law-making,” the letter reads.

3. Proactive monitoring contradicts SC’s Shreya Singhal judgment, would result in censorship

The letter also criticizes the requirement that intermediaries proactively monitor and automatically delete ‘unlawful content’. “[This] would directly conflict with the legal standard laid down by the Supreme Court of India in the Shreya Singhal judgment, which holds that intermediaries should only be legally compelled to take down content on the basis of court orders or legally empowered government agencies,” the letter reads. It could also cause intermediaries to err in favor of takedowns, resulting in unnecessary censorship.

“With the upcoming General Elections in India and the imposition of the Model Code of Conduct on new policy decisions in place, we urge the government to not push through these amended regulations given their impact on fundamental rights and secure communications,” the letter concludes.

The proposed amendments to Intermediary Liability Rules

Released at the end of December 2018, the proposed amendments to the Intermediary Guidelines would modify guidelines under the Information Technology Act concerning intermediaries, ostensibly to prevent misuse of social media platforms and check the spread of fake news. Under India’s Information Technology Act, any entity, person or platform that receives, stores, processes, or transmits electronic information on behalf of another is considered an intermediary. These include social media platforms, cloud services, internet service providers, email service providers and more. For an intermediary to avoid liability for its users’ actions, it must comply with the proposed guidelines which are being amended to the following:

Traceability, and information within 72 hours: The new rules require platforms to introduce traceability to find where a piece of information originated. For this, platforms may have to break end-to-end encryption. The rules require the intermediary to hand over information or assistance to government bodies in 72 hours, including in matters of security or cybersecurity, and for investigative purposes. [Rule 3(5)]
Platforms with more than 50 lakh users are required to be registered under the Companies Act, have a physical address in the country, have a nodal officer who will cooperate with law enforcement agencies, etc. [Rule 3(7)]
Platforms have to pull down unlawful content within a shorter duration of 24 hours from the earlier 36 hours. They also have to keep records of the “unlawful activity” for 180 days – double the period of 90 days in the 2011 rules – as required by the court or government agencies [Rule 3(8)]
Platforms have to deploy tools to proactively identify, remove and disable public access to unlawful information or content. [Rule 3(9)]
The new rules insert a monthly requirement on platforms to inform users of the platforms’ right to terminate usage rights and to remove non-compliant information at their own discretion. [Rule 3(4)]

For more details visit https://cis-india.org/internet-governance/news/medianama-march-18-2019-zaheer-merchant-proposed-intermediary-liability-rules-threat-privacy-and-free-speech

Proposals to regulate social media run into multiple roadblocks

Saumya Tewari and Abhijit Ahaskar — 2019-11-28T14:16:25Z

The Cambridge Analytica scandal, the Pegasus spyware attack on WhatsApp and the growing misuse of social media platforms to spread misinformation have made governments world over, including in India, realise the limitations of existing laws in dealing with the misuse of these platforms.

The article by Saumya Tewari and Abhijit Ahaskar was published by Livemint on November 27, 2019. Gurshabad Grover was quoted.

“The draft guidelines are already in place and we have invited comments from all stakeholders across the country for the same. We have already conducted nationwide discussion with social activists, platforms and states and committed to the court that we will submit the intermediary guidelines by 15 January," said N.N. Kaul, media adviser to electronics and information technology minister Ravi Shankar Prasad.

The need for greater regulation of social media companies stems from the growing feeling that they are not doing enough to curb the misuse of their platforms. In recent times, many of them have been involved in brushes with the government and courts. For instance, short-video app TikTok was accused of promoting pornography among teens and temporarily banned from app stores following a Madras high court order; WhatsApp was slammed for not being able to curb fake messages which led to several cases of mob lynchings in 2018 and, more recently, for the Pegasus spyware attack. Twitter too has been criticised for failing to curb hate speech.

While the draft talks about intermediaries as a whole and doesn’t specify any particular segment, the proposals that apply to social media companies include setting up an India office and having a nodal officer for liaising with the government, furnishing information within 24 hours and tracing the source of a post or information. While forcing companies to have a nodal officer in the country can make these platforms more accountable to legal requests, it also makes them vulnerable to government pressure.

“Having offices in India allows the government to exert extralegal pressure on the company officials by forcing them to comply with informal requests. It is only useful if the intermediaries are willing to push back on the pressure and not entertain any informal request from the government," said Gurshabad Grover, research manager at the Centre for Internet and Society.

China-based TikTok, in a statement, emphasised that it is committed to respecting local laws and actively coordinates with law enforcement agencies through an India-based grievance officer. TikTok claims to have removed six million videos between July 2018 and April 2019 for violation of its guidelines.

Some of these proposals have been flagged on grounds of privacy. For instance, the traceability clause is going to have a huge impact on specific platforms such as WhatsApp and Telegram that encrypt all messages and calls. Enforcing traceability and deploying technology-based automated tools to proactively identify and disable public access to malicious content will force them to break or lower the encryption as has been pointed out by industry in the past.

WhatsApp maintained its official stance from February and reiterated that what is contemplated by the rules is not possible today given the end-to-end encryption that it provides. The rules would require the company to re-architect WhatsApp, which would lead to a different product, one that would not be fundamentally private.

“The fact that India doesn’t have an encryption law per say also complicates the scenario. In fact, section 84A (introduced after an amendment in 2008) of IT Act 2000 has specific provisions authorizing central government for coming up with a policy on encryption. It has been 11 years but there is still no law on it," said Pavan Duggal, a cyberlaw expert.

Further, to ensure that companies abide by the proposed rules and furnish information within 24 hours, the government will have to address hurdles in mutual legal assistance treaty between India and the US, which is why many of these requests take a lot of time to process. “The target of the government should be having an executive agreement with the US under the Cloud Act. The US has significant stakes in the data localization debate as many of the companies are based in the US, and that can be used as leverage to negotiate such an agreement. That will allow law enforcement agencies in India to have expedited access to information held by platforms which are based outside the country," Grover said.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-27-2019-saumya-tewari-and-abhijit-ahaskar-proposals-to-regulate-social-media-run-into-multiple-roadblocks

Prometheus bound and gagged

praskrishna — 2012-02-14T04:47:46Z

Funny how a healthy person like me can collapse one day and end up in the hospital. The doctor who made me go through every lab test available, finally diagnosed the cause after a chat with me. Apparently, I collapsed because I’m getting angry, increasing my blood pressure. The only solution he said is to stop reading newspapers, as I’m getting agitated by headlines like ‘India can go the China way and block sites’, or by how the government says there’s no Internet censorship while all it’s actions point the other way.

The article by Adarsh Matham was published in the New Indian Express on 20 January 2012. Pranesh Prakash is quoted in this article.

Censorship is a word that is particularly abhorrent for someone like me, who grew up listening to tales of how people like Ramnath Goenka fought the censors during the Emergency. And to say that we’ll start blocking websites in India like China is doing, the most heart wrenching moment I’ve ever heard. While researching for this piece, I came across some information that is out in the open on the Internet, but which is not generating the level of debate it deserves. We seem to be immersed in discussing Kolaveri, while slowly sliding into an Orwellian nightmare. As an example, I didn’t know there are rules called ‘Intermediary Guidelines’ and ‘Cyber cafe rules’, and I bet you didn’t either. As Pranesh Prakash of Centre for Internet and Society (CIS) has pointed out in a blog post, these two rules alone, made up by the Department of IT in April 2011, give the government and citizens of India great powers at censoring the web by allowing them to get Internet firms to remove content that is ‘disparaging’, ‘doesn’t have rights to’, etc.

Killing freedom of speech is only the first crime of these rules as proved by the good people at CIS. To test these rules, they complained against some frivolous content to ISPs and Internet companies, which resulted in six out of seven listings being removed without informing posters or users. More alarmingly, of the 358 items the Government of India (and some states) has requested Google to remove, only eight were for hate speech, one for national security, and an astounding 255 for ‘government criticism’.

Since introducing these draconian rules, the tale only gets murkier. Not content with asking Internet firms to self-regulate, Kapil Sibal has introduced an amendment to the Copyright Act, which introduces section 52(1)(C ), that allows anyone to send a notice complaining about infringement of his copyright. While this sounds normal, the catch is that ‘the Internet company has to remove the content immediately without question, even if the notice is false or malicious’. This amendment is before Rajya Sabha, and considering how our Parliament passes bills without a debate, it’ll become a law very soon.

Baleful rules and people behind them fail to realise that such efforts will lead to the Streisand effect, whereby attempts to hide any information will lead to it being publicised more widely. Yes more widely, because you can take out some content, but India’s youth will re-post it in a million places within minutes, like they do with pirated movies. We play a lot of cunning games just to live peacefully in India already. Please don’t let us play them online too.

The writer is a tech geek.
Email: articles@theadarsh.net

For more details visit https://cis-india.org/news/prometheus-bound-and-gagged

Project on Gender, Health Communications and Online Activism with City University

ambika — 2019-12-02T09:38:21Z

CIS is a partner on the project 'Gender, Health Communications and Online Activism in the Digital Age'. The project is lead by Dr. Carolina Matos, Senior Lecturer in Sociology and Media in the Department of Sociology at City University.

It is funded by the Global Challenges Research Fund. Ambika Tandon, Policy Officer at CIS, conducted fieldwork for the project in May and June 2019 as a research assistant.

The goal of the project is to advance research on how new communication technologies (ICTs) can be used to create awareness of gender equality and sexual and reproductive rights. It aims to assess how the use of technologies, by women's groups and feminist NGOs can empower women in developing countries to advance citizen and human rights with the intent to influence policy at the global and local level. More information on the preliminary findings of the project can be found in the downloadable presentation."

You may find Dr. Carolina Matos's presentation here.

For more details visit https://cis-india.org/internet-governance/blog/project-on-gender-health-communications-and-online-activism-with-city-university

Programme Officer - Privacy

amber — 2019-04-15T06:53:44Z

The Centre for Internet and Society (CIS) is seeking applications for the position of Programme Officer, to undertake public policy research on privacy and related themes. For this position, we will hire one full time researcher, to be based in the Delhi office of CIS, for the duration of one year.

To apply for this position please write to amber@cis-india.org along with a CV, two writing samples and contact details of two references, Interested candidates are invited to send their applications at the earliest — latest by April 30th.

Organisation Profile

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa. Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and practices around internet, technology and society in India, and elsewhere.

Privacy Research at CIS

While privacy has been a key subject of study for digital rights and development organisations in India for the last decade, recent and ongoing legal and policy developments have placed this issue at the forefront of human rights and regulatory research. CIS has conducted extensive research into the areas of privacy, data protection, data security, and was also a member of the Committee of Experts constituted under Justice A P Shah. CIS has also been cited multiple times in the Report of the Committee of Experts led by Justice Srikrishna. CIS values the fundamental principles of justice, equality, freedom and economic development and strongly advocates the right to privacy.

Over the next year, CIS intends to look at several research questions on data protection which may include the global experience with privacy enforcement, need for effective redressal mechanisms, documenting the design of business models and data flows, regulation of social media big data, how data of disadvantaged groups including children may be protected. Additionally, while we now have the Supreme Court’s unanimous and emphatic recognition of the fundamental right to privacy, there is a need for research enquiry into several issues such as a clarification of the scope of the Puttaswamy judgment, unpacking the different dimensions of privacy, how state actions interact with privacy.

The Role

Research and analysis: Literature review, policy design, detailed analysis of research topics
Knowledge management: Staying up-to-date on developments of interest to the project, and sharing/debating these with the team. Contributing to documentary and knowledge management processes
Policy outreach and stakeholder engagement: Supporting the project manager in the dissemination of research findings in innovative formats. Attending, planning and executing events
Writing op-eds, short notes, policy briefs and longer form academic writing for a range of audiences
Presentations and formal discussions: Preparing and delivering presentations to various audiences
Helping manage communications with stakeholders including international experts, regulators and policy makers
Managing interns and team: Managing work outputs with our interns; coordinating research with team members and the project manager

Qualifications and Skills

We are looking for professionals from law, regulatory theory and public policy backgrounds.

We are looking for candidates who are interested in studying the regulatory challenges of notice and consent, state capacity, how business models thwart privacy and the future of privacy post Puttaswamy.

This is a full-time position based out of Delhi. The position is for a duration of one year. Salary will be commensurate with qualifications and experience.

For more details visit https://cis-india.org/jobs/programme-officer-privacy-2019

Private-public partnership for cyber security

basu — 2018-12-26T15:02:21Z

Given the decentralised nature of cyberspace, the private sector will have to play a vital role in enforcing rules for security.

The article by Arindrajit Basu was published in Hindu Businessline on December 24, 2018.

On November 11, 2018, as 70 world leaders gathered in Paris to commemorate the countless lives lost in World War I, French President Emmanuel Macron inaugurated the Paris Peace Forum with a fiery speech denouncing nationalism and urging global leaders to pursue peace and stability through multilateral initiatives.

In many ways, it echoed US President Woodrow Wilson’s monumental speech delivered at the US Senate a century ago in which he outlined 14 points on the principles for peace post World War I. As history unkindly reminds us through the catastrophic realities of World War II, Wilson’s principles went on to be sacrificed at the altar of national self-interest and inadequate multilateral enforcement.

President Macron’s first initiative for global peace — the Paris Call for Trust and Security in Cyber Space was unveiled on November 12 — at the UNESCO Internet Governance Forum — also taking place in Paris. The call was endorsed by over 50 states, 200 private sector entities, including Indian business guilds such as FICCI and the Mobile Association of India and over 100 organisations from civil society and academia from all over the globe. The text essentially comprises a set of high-level principles that seeks to prevent the weaponisation of cyberspace and promote existing institutional mechanisms to “limit hacking and destabilising activities” in cyberspace.

Need for private participation

Given the increasing exploitation of the internet for reaping offensive dividends by state and non-state actors alike and the prevailing roadblocks in the multilateral cyber norms formulation process, Macron’s efforts are perhaps of Wilsonian proportions.

A key difference, however, was that Macron’s efforts were devised hand-in-glove with Microsoft — one of the most powerful and influential private sector actors of our time. Microsoft’s involvement is unsurprising given that private entities have become a critical component of the global cybersecurity landscape and governments need to start thinking about how to optimise their participation in this process.

Indeed, one of the defining features of cyberspace is its incompatibility with state-centric ‘command and control’ formulae that lead to the ordering of other global security regimes — such as nuclear non-proliferation. The decentralised nature of cyberspace means that private sector actors play a vital role in implementing the rules designed to secure cyberspace.

Simultaneously, private actors such as Microsoft have recognised the utility of clearly defined ‘rules of the road’ which ensure certainty and stability in cyberspace and ensure its trustworthiness among global customers.

Normative deadlock

There have been multiple gambits to develop universal norms of responsible state behaviour to foster cyber stability. The United Nations-Group of Governmental Experts (UN-GGE) has been constituted five times now and will meet again in January 2019.

While the third and fourth GGEs in 2013 and 2015 respectively made some progress towards agreeing on some baseline principles, the fifth GGE broke down due to opposition from states including Russia, China and Cuba on the application of specific principles of international law to cyberspace.

This was an extension of a long-running ‘Cold War’ like divide among states at the United Nations. The US along with its NATO allies believe in creating voluntary non-binding norms for cybersecurity through the application of international law in its entirety while Russia, China and its allies in the Shanghai Co-operation Organization (SCO) reject the premise that international law applies in its entirety and call for the negotiation of an independent treaty for cyberspace that lays down binding obligations on states.

Critical role

The private sector has begun to play a critical role in breaking this deadlock. Recent history is testament to catalytic roles played by non-state actors in cementing global co-operative regimes.

For example, Dupont — the world’s leading ChloroFluoroCarbon (CFC) producer — played a leading role in the 1970s and 1980s towards the development of The Montreal Protocol on Substances that Deplete the Ozone Layer and gained positive recognition for its efforts.

Another example is the International Committee of the Red Cross (ICRC) — a non-governmental organisation that played a crucial role in the development of the Geneva Conventions and its Additional Protocols, which regulate the conduct of atrocities in warfare by preparing initial drafts of the treaties and circulating them to key government players.

Similarly, in cyberspace, Microsoft’s Digital Geneva Convention which devised a set of rules to protect civilian use of the internet was put forward by Chief Legal Officer, Brad Smith two months before the fifth GGE met in 2017.

Despite the breakdown at the UN-GGE, Microsoft pushed on with the Tech Accords — a public commitment made by (as of today) 69 companies “agreeing to defend all customers everywhere from malicious attacks by cyber-criminal enterprises and nation-states.”

Much like the ICRC, Microsoft leads commendable diplomatic efforts with the Paris Call as they reached out to states, civil society actors and corporations for their endorsement.

Looking Forward

Private sector-led normative efforts towards securing cyberspace are redundant in the absence of three key recommendations. First, is the implementation of best practices at the organisational level through the implementation of robust cyber defense mechanisms, the detection and mitigation of vulnerabilities and breach notifications — both to consumer and the government.

Second, is the development of mechanisms that enables direct co-operation between governments and private actors at the domestic level. In India, a Joint Working Group between the Data Security Council of India (DSCI) and the National Security Council Secretariat (NSCS) was set up in 2012 to explore a Private Public Partnership on cyber-security in India , which has great potential but is yet to report any tangible outcomes.

The third and final point is the recognition that their efforts need to result in a plurality of states coming to the negotiating table. The absence of the US, China and Russia in the Paris Call are eerily reminiscent of the lack of US participation in Woodrow Wilson’s League of Nations, which was one of the reasons for its ultimate failure.

Microsoft needs to keep on calling with Paris but Beijing, Washington and Alibaba need to pick up.

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-hindu-businessline-december-24-2018-private-public-partnership-for-cyber-security

Private sector censors

praskrishna — 2012-04-26T13:30:47Z

If business decides what’s ‘good’ and ‘bad’ speech, it can lead to multiple interpretations and arbitrary decisions. The article by Salil Tripathi was published in LiveMint on April 25, 2012.

In Milan Kundera’s 1967 Czech novel, Žert (The Joke), Ludvik Jahn sends a postcard to an intense classmate who takes herself too seriously. In the card, he makes sarcastic comments against the Communist Party. Unsurprisingly, others don’t see the joke. He gets expelled from the party, conscripted and has to work in mines.

While The Joke was a work of fiction, in the real Soviet era as punishment for such actions, many people lost jobs, sometimes their homes; some went to jail, often betrayed by those they trusted. In Czechoslovakia (as the country was then known), the state ran the postal service and those who read the postcard were party members. In India, the private sector provides Internet access and others don’t have the legal right to see what’s being transmitted, unless they are intended recipients, or if the material is broadcast publicly. The state now wants the private sector to police and censor the Internet.

Under the draconian Information Technology (Intermediaries Guidelines) Rules, 2011, any intermediary (a search engine, a website, a domain name registry, a service provider, or a cyber café) must take down the “offending” material from its website within 36 hours. The intermediary need not inform the person who posted the material, nor would the creator get the right to respond. As Apar Gupta points out on the Indian Law and Technology Blog, in one recent case, based on these rules, an injunction has been granted.

These rules go significantly beyond the existing restraints on speech. The Constitution limits speech and sections of the criminal code impose further restrictions. To that, add the IT rules’ vaguely defined terms of what can’t be said—content which is “grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libelous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling or otherwise unlawful in any manner whatever, harms minors in any way, or infringes any patent, trademark, copyright, or other proprietary right”. Who decides that? The intermediaries.

These rules make the private sector act like the state. Nobody elected business to play such a role; it does not have the expertise, capacity, legal training, or authority to act as the state. Censorship is bad; whether in state or private hands. If business decides what’s “good” and “bad” speech, it can lead to multiple interpretations and arbitrary decisions, without recourse to appeal. In a country where those who feel offended have often threatened violence, businesses will understandably take the cautious approach and not allow anyone to say anything that’s remotely controversial, even if it is an opinion about a film.

Decisions will be made on opaque criteria. Apple and Amazon have arbitrarily stopped some products from being sold on their electronic stores, citing “community standards”. Amazon stopped providing server space to WikiLeaks, even though no government had asked it to do so. Credit card companies stopped processing donations going to WikiLeaks, without any legal order. Even Google, which has admirably stood up to China’s bullying, has had to take down content when governments have required that it does so through proper legal channels. India’s record is poor: of the 358 complaints India lodged with Google, 255 were about content that was controversial or political, but not illegal.

To demonstrate the reach of the rules, the Centre for Internet and Society in Bangalore sent random notices to seven companies, asking them to take down content. Of them, six complied beyond what they were called upon to do—instead of the three pages that the centre asked for, one company blocked an entire website. A few legally worded letters were enough to get compliance from companies. The centre’s executive director, Sunil Abraham, told me recently: “Companies which have no interest in free speech are now taking these decisions. They have the power to do so and they are using it without any sense of responsibility.”

Aseem Trivedi knows this well. The cartoonist who ran a website called cartoonistsagainstcorruption.com, found that his site had disappeared after a complaint from an individual that the cartoons violated laws. Since then he has been campaigning for freedom on the Internet. Everyone’s freedom is at stake—whether you want to see cartoons of Sonia Gandhi, Narendra Modi, Ramdev, Kisan Hazare, Binayak Sen, Arundhati Roy, Sachin Tendulkar, Poonam Pandey and even Mamata Banerjee. And yet look at what happened to Ambikesh Mahapatra, the professor who sent a cartoon mocking Banerjee to some friends via the Internet. He was arrested and later roughed up. These rules chill speech.

Last year, Kapil Sibal, minister for information technology, asked companies to screen content manually and censor the Web. The demand was audacious. It showed lack of understanding of how the Internet works and revealed fundamental ignorance of the state’s role: it has to protect the rights of the one who wishes to express and not the one who claims offence.

In Parliament, P. Rajeev, member of Parliament (Rajya Sabha), wants to annul those rules. Everyone should support him.

Read the original in LiveMint here

For more details visit https://cis-india.org/news/private-sector-censors

Private Sector and the cultivation of cyber norms in India

basu — 2019-08-07T15:18:27Z

Information Communication Technologies (ICTs) have become a regular facet of modern existence. The growth of cyberspace has challenged traditional notions of global order and uprooted the notion of governance itself. All over the world, the private sector has become a critical player, both in framing cyber regulations and in implementing them.

The article by Arindrajit Basu was published by Nextrends India on August 5, 2019.

While the United Nations ‘Group of Governmental experts’ (GGE), tried and failed to establish a common law for governing the behavior of states in cyberspace, it is Big Tech who led the discussions on cyberspace regulations. Microsoft’s Digital Geneva Convention which devised a set of rules to protect civilian use of the internet was a notable initiative on that front. Microsoft was also a major driver of the Tech Accords — a public commitment made by over 100 companies “agreeing to defend all customers everywhere from malicious attacks by cyber-criminal enterprises and nation-states.” The Paris Call for Trust and Security in Cyberspace was a joint effort between the French government and Microsoft that brought in (as of today) 66 states, 347 private sector entities, including Indian business guilds such as FICCI and the Mobile Association of India and 139 organisations from civil society and academia from all over the globe.

However, the entry of Big tech into the business of framing regulation has raised eyeballs across jurisdictions. In India, the government has attempted to push back on the global private sector due to arguably extractive economic policies adopted by them, alongside the threats they pose to India’s democratic fabric. The Indian government has taken various steps to constrain Big Tech, although some of these policies have been hastily rolled out and fail to address the root of the problem.

I have identified two regulatory interventions that illustrate this trend. First, on intermediary liability, Rule 3(9) of the Draft of the Information Technology 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December. The rule follows the footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.” These regulations have resulted in criticism from both the private sector and civil society as they fail to address concerns around algorithmic discrimination, excessive censorship and gives the government undue power. Further, the regulations paint all the intermediaries with the same brush, thus not differentiating between platforms such as Whatsapp who thrive on end-to-end encryption and public platforms like Facebook.

Another source of discord between the government and the private sector has been the government’s localisation mandate, featuring in a slew of policies. Over the past year, the Indian government has introduced a range of policy instruments which
demand that certain kinds of data must be stored in servers located physically within India — termed “data localization.”

While this serves a number of policy objectives, the two which stand out are (1) the presently complex process for Indian law enforcement agencies to access data stored in the U.S. during criminal investigations, and (2) extractive economic models used by U.S. companies operating in India.

A study I co-authored earlier this year on the issue found that foreign players and smaller Indian private sector players were against this move due to the high compliance costs in setting up data centres.

On this question, we recommended a dual approach that involves mandatory sectoral localisation for critical sectors such as defense or payments data while adopting ‘conditional’ localisation for all other data. Under ‘conditional localisation,’
data should only be transferred to countries that (1)Agree to share the personal data of Indian citizens with law enforcement authorities based on Indian criminal procedure laws and (2) Have equivalent privacy and security safeguards.

These two instances demonstrate that it is important for the Indian government to engage with both the domestic and foreign private sector to carve out optimal regulatory interventions that benefit the Indian consumer and the private sector as a whole rather than a few select big players. At the same time, it is important for the private sector to be a responsible stakeholder and comply both with existing laws and accepted norms of ‘good behaviour.’

Going forward, there is no denying the role of the private sector in the development of emerging technologies. However, a balance must be struck through continued engagement and mutual respect to create a regulatory ecosystem that fosters innovation while respecting the rule of law with every stakeholder – government, private sector and civil society. India’s position could set the trend for other emerging economies coming online and foster a strategic digital ecosystem that works for all
stakeholders.

For more details visit https://cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india

Private Censorship and the Right to Hear

chinmayi — 2014-07-22T05:57:09Z

Very little recourse is available against publishers or intermediaries if these private parties censor an author’s content unreasonably.

The article was published in the Hoot on July 17, 2014 and also mirrored on the website of Centre for Communication Governance.

DNA newspaper's removal of Rana Ayyub's brave piece on Amit Shah, with no explanation, is shocking. It is reminiscent of the role that media owners played in censoring journalists during the Emergency, prompting L.K. Advani to say, "You were asked to bend, but you crawled."

The promptitude with which some media houses are weeding out political writing that might get them into trouble should make us reconsider the way we think about the freedom of the press. Discussions of press freedom often concentrate on the individual's right to speak, but may be more effective if they also accommodated another perspective - the audience's right to hear.

It is fortunate that Ayyub's piece was printed and reached its audience before attempts were made to bury it. Its removal was counterproductive, making DNA's decision a good example of what is popularly known as the Streisand Effect (when an attempt to censor or remove infor-mation has the unintended consequence of publicising the information even more widely).

The controversy that has emerged from DNA removing the article has generated much wider attention for it now that it has appeared on multiple websites, its readership expanding as outrage at its removal ricochets around the Internet.

This incident is hardly the first of its kind. Just weeks ago, news surfaced of Rajdeep Sardesai being pressurised to alter his news channel's political coverage before the national election. The Mint reported that the people pressurising Sardesai wanted a complete blackout of Kejriwal and the Aam Admi party from CNN-IBN. Had he capitulated, significant news of great public interest would have been lost to a large audience. CNN-IBN's decision would have been put down to editorial discretion, and we the public would have been none the wiser.

Luckily for their audience, Sardesai and Sagarika Ghose quit the channel that they built from scratch instead of compromising their journalistic integrity. However, the league of editors who choose to crawl remains large, their decisions protected by the Indian constitution.

The freedom of the press in India only protects the press from the government's direct attempts to influence it. Both big business and the state have far more instruments at their disposal than just direct ownership or censorship diktats. These include withdrawal of lucrative advertisements, defamation notices threatening journalists with enormous fines and imprisonment, and sometimes even physical violence. Who can forget how Tehelka magazine's exposure of largescale government wrongdoing resulted in its financiers being persecuted by the Enforcement Directorate, with one of them even being jailed for some time.

The instruments of harassment work best when the legal notices are sent to third party publishers or intermediaries. Unlike the authors who may wish to defend their work or modify it a little to make it suitable for publication, a publishing house or web platform would usually prefer to avoid expensive litigation. Third party publishers will often remove legitimate con-tent to avoid spending time and money fighting for it. Pressurising them is a fairly effective way to silence authors and journalists.

Consider the different news outlets and publishing houses that control what reaches us as news or commentary. If they can be forced to bury content, citing editorial discretion, consider what this means for the quality of news that reaches the Indian public. Indira Gandhi understood this weakness of the press, and successfully controlled the Indian media by managing the proprietors.

Although media ownership still remains concentrated in a few hands, the disruptive element that still offers some hope of free public dialogue is the Internet where, through blogs, small websites and social media, journalists can still get access to the public sphere. This means that when DNA deletes Rana Ayyub's article, copies of it are immediately posted in other places.

However, online journalism is also vulnerable. Online intermediaries which receive content blocking and take down orders tend to over-comply rather than risk litigation. Like publishers, these intermediaries can easily prevent speakers from reaching their audiences. Just look at the volume of information online that is dependent on third party intermediaries such as Rediff, Facebook, WordPress or Twitter. The only thing that keeps the state and big business from easily controlling the flow of information on the Internet is that it is difficult to exert cross-border pressure on online intermediaries located outside India.

However, the ease with which most of the mainstream media is controlled makes it easy to construct a bubble of fiction around audiences, leaving them in blissful ignorance of how little they really know. Very little recourse is available against publishers or intermediaries if these private parties censor an author's content unreasonably. Unlike state censorship, private censorship is invisible, and is protected by the online and offline intermediaries' right to their editorial choices.

Ordinarily, there is nothing wrong with editorial discretion or even with a media house choosing a particular slant to its stories. However, it is important for the public to have access to a healthy range of perspectives and interests, with a diversity of content. If news of public significance is regularly filtered out, it affects the state of our democracy. Citizens cannot participate in governance without access to important information.

It is, therefore, vital to acknowledge the harm caused by private censorship. A democracy is endangered when a few parties disproportionately control access to the public sphere. We need to think of how to ensure that the voices of journalists and scholars reach their audience. Media freedom should be seen in the context of the right of the audience, the Indian public, to receive information.

For more details visit https://cis-india.org/internet-governance/blog/the-hoot-july-17-2014-chinmayi-arun-private-censorship-and-the-right-to-hear

Privacy: from regional regulations to global connections ?

praskrishna — 2013-10-21T08:18:56Z

This workshop is being organised by Internet Society at Bali on October 24. Sunil Abraham is one of the panelists for this.

The Internet Governance Forum 2013 is being held at Bali from October 22 to 25. The overarching theme for the 2013 IGF meeting is: "Building Bridges"- Enhancing Multistakeholder Cooperation for Growth and Sustainable Development".

Read the original published on the IGF website.

Theme: Internet Governance Principles

The Internet dissolves geographical boundaries on a greater scale than any prior invention. It allows data, personal and otherwise, to flow across borders, supporting social and economic interactions. However, there is a complex mix of factors at play: multiple policy objectives that are sometimes in conflict; individuals’ rights; the interests of the communities; “monetization” of personal data for short-term and long-term commercial gain; different historical cultural and regulatory approaches to privacy; etc.

Across a diverse, global Internet, how can we best deal with the tensions that naturally result from differences in personal privacy expectations, economic aspirations, and regulatory regimes, particularly when it comes to online data protection?

This workshop will explore what core principles and strategies are needed to achieve a balanced and fair approach to data protection that is effective internationally and regionally. In the process, we will examine the possible paths to a global solution, together with impediments, and explore how successful local and regional approaches could be leveraged at the international level.

We will also strive to articulate lessons learned from recent initiatives such as the modernisation of the Council of Europe Convention 108, the revision of the OECD Privacy Guidelines, the APEC Cross Border Privacy Rules System, and the proposed revisions to the EU data protection framework, etc. in tackling these challenging issues.

Has the proponent organised a workshop with a similar subject during past IGF meetings?
Yes

Indication of how the workshop will build on but go beyond the outcomes previously reached

The submitter has not previously organised a workshop at the IGF. However, his colleague has co-organised the following workshops on related issues: 2012: ICC BASIS and ISOC - Solutions for enabling cross-border data flows – http://wsms1.intgovforum.org/sites/default/files/IGF%202012%20ws86%20report_10%2012%2012%20final.doc 2012: CoE and ISOC – Who is following me: tracking the trackers – http://wsms1.intgovforum.org/content/no181-who-following-me-tracking-trackers#report 2010: ISOC and EFF – The Future of Privacy – http://www.internetsociety.org/sites/default/files/future-privacy%2020100914.pdf Background papers: Report from a WSIS Forum 2012 thematic workshop entitled: “Data Privacy on a global scale: keeping pace with an evolving environment” – http://www.internetsociety.org/sites/default/files/Data%20Privacy%20on%20a%20global%20scale_0.pdf Report from a IGF2012 workshop entitled “Solutions for enabling cross-border data flows - https://www.internetsociety.org/sites/default/files/IGF%202012%20cross-border%20data%20flows.pdf

Background Paper

Download background paper

Co-organisers

Ms. Sophie Kwasny, Head of the Data Protection Unit, Council of Europe , Intergovernmental Organizations, FRANCE, Western Europe and Others Group - WEOG
Mr. Frederic Donck, Internet Society, Technical Community, BELGIUM, Western Europe and Others Group - WEOG

Have the Proponent or any of the co-organisers organised an IGF workshop before?
Yes

The link(s) to the workshop report(s)

Panelists

Please click on Biography to view the biography of panelist

Sophie Kwasny, Head of the Data Protection Unit, Council of Europe , Female, Intergovernmental Organizations, FRANCE, Western Europe and Others Group – WEOG
Nigel Waters, Public Officer, Australian Privacy Foundation , Male, Civil Society, Australia, Asia-Pacific Group
Wendy Seltzer, Policy Counsel, World Wide Web Consortium (W3C) , Female, Technical Community, United States, Western Europe and Others Group – WEOG
Biography
Joseph Alhadeff, Vice President for Global Public Policy, Chief Privacy Officer, Oracle Corporation, Male, Private Sector, United States, Western Europe and Others Group – WEOG
Biography
Sunil Abraham, Executive Director, Centre for Internet and Society (CIS), Bangalore, Male, Civil Society, India, Asia-Pacific Group
Biography

Moderator

Frederic Donck, Internet Society, Director European Regional Bureau

Remote Moderator

Luca Belli, CERSA,Université Panthéon-Assas Sorbonne University

Agenda

Moderator will briefly introduce the session as well as the different panellists. Each panellist will have 2 minutes (maximum) to introduce his/her own perspective on the general issues addressed by the moderator.

No powerpoints allowed. Very dynamic session with regular interventions from remote participants and audience, as well as between panellists is sought.

Moderator will work out questions (including through a coordinated approach before the session with panellists) and will organise the session in a way that allows a balanced conversation between all stakeholders (on-site/remotely).

Inclusiveness of the Session

Suitability for Remote Participation

Dynamic interaction with remote participants (ISOC community and chapters, technical community, Businesses, etc.) will be ensured through social medias, jabber, webex, and twitter (hashtag will be provided) etc.

Coordinated approach with remote moderator will be ensured as well as the necessary communication and information to remote participants in advance of and during the session.

For more details visit https://cis-india.org/news/igf-2013-workshop-335-privacy-from-regional-regulations-to-global-connections

Privacy, what? Bengaluru police leaks 46,000 phone numbers on Twitter

praskrishna — 2017-04-07T02:57:49Z

Bengaluru police made the biggest goof up of all time by releasing private information of people who called 100 to complain since April 2015 and was seemingly unapologetic about the breach of privacy.

The article by Neha Vashishth was published by India Today on April 6, 2017. Pranesh Prakash was quoted.

We all love our privacy, don't we?

We put various locking apps and hide our private pictures on Facebook, Twitter etc and only share what we want the world to see. But sometimes even after our countless efforts, we end up losing our information on the internet. After all, a breach of privacy is the greatest nightmare one can have.

Bengaluru police goofed up too when it came to handling privacy concerns of Bengaluru citizens. The police department posted phone numbers of thousands of citizens on their Twitter handle (@BCPCR) who called 100 and complained against harassment, quarrels, and gambling etc.

The police posted over 46,000 tweets online since April 2015 sharing information of people who called on 100 along with the app known as 'Suraksha' to lodge complaints. The account was made private as soon as the matter escalated.

The police was unapologetic regarding the matter and said that the tweets were auto-generated from their twitter handle @BCPCR.

Pranesh Prakash, Policy Director at the Centre for Internet and Society said the "police officer who ordered to create such an account should be held responsible if any harm comes to a complainant."

This not only created a major breach of privacy of complainants but also risked their lives. This incident only proves that privacy and sensitivity of the matter has vanished in today's time.

For more details visit https://cis-india.org/internet-governance/news/india-today-neha-vashishth-april-6-2017-privacy-what-bengaluru-police-leaks-phone-numbers-on-twitter