We are anonymous, we are legion

Placements at NUJS: Class of 2017 Scores 100%

praskrishna — 2017-06-12T01:23:07Z

The Campus Recruitment Committee of the Class of 2017, NUJS is proud to confirm that NUJS has once again topped the placement tally among the premier national law schools, in terms of number of jobs, for the year 2016-17 with the graduating class having secured offers for all its 78 members who partook in the recruitment process.

The blog post by Simran Sahni was published in Livelaw on June 10, 2017.

The number of students hired by the domestic law firms on Day Zero with a tally totaling 57, inclusive of the 24 accepted pre-placement offers (PPOs).

The ‘Big 7’ firms contributed to 53 of these jobs and ICICI Bank recruited 4. New recruiters including Indus Partners and Singh & Associates hired from campus this year, picking three students each. Three students bagged offers from international law firms: Herbert Smith Freehills, Linklaters, and Allen & Overy respectively.

The salaries remain the same as last year with the average foreign firm package ranging from INR 38 lakhs to 44 lakhs for traineeships and the average domestic firm packages ranging from INR 8 lakhs to 18 lakhs. The firm with the highest domestic package was AZB and Partners, Mumbai.

Additionally, more than six students this year have decided to pursue higher education. Students have received admission offers in LLM from Harvard Law School, Cambridge Faculty of Law, NYU Faculty of Law, London School of Economics and Graduate Institute Geneva respectively. Charting new courses, while one student opting for a master’s in management has been offered admission at the renowned London Business School, another joined as a policy officer at the Centre for Internet and Society in Bangalore. Interestingly, even the topper of the class opted out of placements this year and set a new record by being the third in the line of scholars from NUJS to secure the prestigious Rhodes scholarship to Oxford University. Similarly, students have also decided to take up the meritorious one year Young India Fellowship program at Ashoka University.

With the current placement figures, NUJS beats all market trends to secure the highest number of job offers among premier law schools. The Class of 2017 also marginally trumps the record of the Class of 2016 in terms of total number of ‘Big 7’ jobs, even with a large chunk of the batch opting out of campus recruitment and pursing litigation, higher education, civil and judicial services and roles in think tanks and other non-profit organization's - the results of which shall be released by us as and when they come.

This entire feat would not have been possible without the support of the respected Vice Chancellor, Prof. P. Ishwara Bhat, CRC team and faculty advisor Ms. Vaneeta Patnaik, and all the faculty members at NUJS.

NUJS has built an exceedingly steady placement record for itself over the years. The placement figures for the Class of 2017 of NUJS are now live on the website here.

For more details visit https://cis-india.org/internet-governance/news/livelaw-june-10-2017-simran-sahni-placements-at-nujs

Place for a safety net

praskrishna — 2016-07-13T02:45:56Z

Vinupriya took her life last week, humiliated by the morphed images of her naked body posted on a social media site. Experts warn that the spike in Internet traffic brings with it an increase in online sexual crimes. Measures must be taken urgently to save lives, they tell T.V. Jayan.

The article was published in the Telegraph on July 10, 2016.

Sangeeta (not her name) was 25 and working for a private company in Mumbai when she suddenly told her family that she was going to quit her job and stay at home. Her parents were flummoxed, but questioning and coaxing yielded no answers. As the days rolled on, the management graduate slipped into depression. Her worried family took her to a counsellor. And it was only then that she came out with her story.

Soon after she joined the company, Sangeeta got romantically involved with her boss. By the time she learnt he was married, the involvement had taken a physical turn. And when she tried to put an end to it, the man, who had recorded their intimate moments, used the video clips to blackmail her for sexual favours. After Sangeeta's confession and a police complaint, the blackmailing boss was nabbed and put behind bars.

Vinupriya, an undergraduate student from Salem, Tamil Nadu, was not so lucky. She found that her morphed images had been uploaded on Facebook. She committed suicide last week after her parents refused to believe her story, and the police failed to act swiftly.

Cyber experts are alarmed by the increase in online crimes against women in India. According to them, what is more worrying is that though the risks are catastrophic, the issues are not being addressed at a larger level.

"Vinupriya's case is particularly frightening. I suspect this would be the first of many such tragedies. They might even result in honour killings, as such crimes can destroy the reputation of families," says American cyber lawyer Parry Aftab, executive director of the voluntary organisation, Wired Safety, which she founded 20 years ago, and which deals extensively with cyber stalking and other crimes.

Earlier this week, a man was arrested in Delhi for sending obscene messages to more than 1,500 women in the National Capital Region. According to the police, the miscreant would randomly dial any number and if the caller turned out to be a woman, he would save the number and later check out her WhatsApp profile picture. He would then send obscene clips to the woman. One news report said some of the marriages were in trouble because husbands had seen the messages and suspected that their wives were in a relationship with the man sending those explicit messages.

Aftab has been studying the dangers of online stalking for a while. There are no figures on this in India, but a top United Nations official, stationed in New Delhi and dealing with trafficking, told her that about 500 rape and sexual assault cases were recorded and shared over WhatsApp in India this year.

She referred to a study conducted in the US that said one in three girls and boys engaged in sexting. Children involved in sexting contemplated suicide three times more than others of the same age, she said.

According to her, Wired Safety volunteers come across five cases of sextortion and sexting every day from Asian countries, including India, and act upon them by red-flagging social media organisations where such images are posted.

Pavan Duggal, a cyber lawyer based in Delhi, feels that social media service providers are not doing enough to stop online sexual abuse. "They are hiding behind a 2015 Supreme Court judgment, which said content can be removed only on judicial orders or in response to government notifications," he says.

The verdict he refers to was delivered in a case filed by a student called Shreya Singhal. In 2012, two girls were arrested over their Facebook post questioning the Mumbai shutdown for Shiv Sena patriarch Bal Thackeray's funeral. The incident made an impression on Singhal, a student of astrophysics at the University of Bristol, who was in India at the time.

Upon research she discovered that Section 66(A) of India's IT Act was subjective and any seemingly offensive social media post could land anyone in jail. Singhal filed a writ petition in the Supreme Court protesting that the section violated the constitutional right to freedom of speech and expression, and in 2015, the apex court ruled in her favour.

This judgment, however, emboldened cyber miscreants. "All the cyber bullies and cyber stalkers now have a misplaced feeling that nothing can happen to them," says Duggal. He points out that while the delivery of justice takes time, the harassment happens 24x7.

"Who do the victims turn to for help? There are provisions in the 2011 IT rules that clearly say that social medial service providers should have rules and regulations in place to deal with objectionable content, but they do not act," he holds.

Aftab, however, believes that some efforts are in place. She cites the example of Microsoft's PhotoDNA technology, which is used by many social media and online search firms, including Facebook, Google and Twitter, to prevent child pornography on the Internet. PhotoDNA works by creating a number of mini hashes on a single image and combining them to have a full hash. If anything is changed, even a pixel, then the hash signature will not match.

But she holds that on a larger scale, it is difficult to technologically deal with revenge porn, sextortion (using a sexual or provocative image to blackmail people for sexual favours) and sexting (sharing sexually provocative images of people, especially women) with the intention of damaging reputation.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, hints at a lack of initiative on the part of the social media organisations. "When it comes to enforcing intellectual property, organisations like Facebook do an excellent job of keeping their platform free of copyright infringement," he says. "So, clearly these companies can police activities on their platform when it affects their bottom-line."

And while this debate continues, more and more Indians join the online experience, thereby increasing the chances of more such cases. Aftab, who plans to set up a voluntary organisation relating to cyber safety in India, says it is best to focus on proactive measures in the interim.

Last month, she addressed 1,200 teenage girls from a Bangalore college. "One of the first questions posed to me was from a young girl who said she was currently being blackmailed by someone who threatened to morph her pictures into sexually explicit images and send them to her family and others. Morphed image issue seems to be a lot more serious in India than in the West."

The problem, she stresses, is that such incidents can lead to self-harm. To counter this, the affected person needs to inform his or her family and enlist their support. Together, they should approach social media organisations to ensure that the objectionable content is removed in time. To prevent the offenders from doing further harm, they then need to take the help of law enforcement agencies.

"The government for its part must amplify the voices of women and hold these Internet corporations accountable for an information escrow. There should be an independent mechanism to monitor whether Internet platforms are taking complaints from women seriously," Abraham says. Only then can a young girl like Vinupriya pluck up the courage to fight online abuse.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-july-10-2016-place-for-a-safety-net

Pitroda seeks to put govt information in public domain

praskrishna — 2012-09-27T05:13:05Z

In the first-ever Indian government press conference on Twitter, Sam Pitroda, adviser to Prime Minister Manmohan Singh on public information infrastructure and innovations, championed the cause of putting government information in the public domain to usher in openness and empowerment.

Surabhi Agarwal's article was published in LiveMint on September 25, 2012. Sunil Abraham is quoted.

“In India, we have the Right to Information (Act) but the information is locked up in files,” he said in a video that was uploaded on YouTube before the conference started. Pitroda said the government has various plans to build robust information infrastructure on a scale that has never been done before.

“I firmly believe that information is the fourth pillar of democracy along with (the) legislature, executive and judiciary,” he tweeted as opening remarks during the press conference titled “Democratization of information”.

	Even though Pitroda largely reiterated the government’s already announced plans in the space of digitization, the move to hold a press conference over Twitter has been largely construed as as a sign that the administration, criticised for attempting to rein in social media, is trying to come to terms with it. Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society, said too much shouldn’t be read into Pitroda holding a press conference on Twitter. One government bureaucrat available on Twitter for a fixed period doesn’t make up for the non-existence of the government on social media, he said. “They (government) should be available all the time.”

Even though Pitroda largely reiterated the government’s already announced plans in the space of digitization, the move to hold a press conference over Twitter has been largely construed as as a sign that the administration, criticised for attempting to rein in social media, is trying to come to terms with it.

Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society, said too much shouldn’t be read into Pitroda holding a press conference on Twitter. One government bureaucrat available on Twitter for a fixed period doesn’t make up for the non-existence of the government on social media, he said. “They (government) should be available all the time.”

The department of electronics and information technology recently issued guidelines for government agencies on improved engagement with citizens through social media. Tuesday’s press conference may spark a trend of more such engagements on social media platforms by government agencies.

Pitroda said that the public information infrastructure (PII) will include a national knowledge network that will connect 1,500 nodes for universities, colleges, research labs and libraries along with connecting 250,000 panchayats in the country through fibre optics. The information network will be operational in the next two year, Pitroda said in the YouTube video.

The government’s open data platform (http://www.data.gov.in), the beta site for which was launched some time ago, will provide access to government data and documents, he said.

Even though the government’s battles with the Internet continue over issues of regulation, which have often been construed as censorship, an increasing number of political leaders and agencies have been using the route to get their message across.

Gujarat chief minister Narendra Modi has sought to engage with people through video chat on Google+ Hangout. West Bengal chief minister and Trinamool Congress (TMC) chief Mamata Banerjee has been using Facebook to make public her views on recent economic and political developments.

The Prime Minister’s Office (PMO) has also been communicating over Twitter in the recent past. The authorities have sought to block accounts that style themselves as belonging to the Prime Minister. Account holders have said that some of these are satirical in nature.

For more details visit https://cis-india.org/news/www-livemint-september-25-2012-surabhi-agarwal-pitroda-seeks-to-put-govt-information-in-public-domain

Picking ‘Wholes’ - Thinking in Systems Workshop

saumyaa — 2019-06-05T14:35:35Z

A System's Thinking masterclass was conducted by Dinesh Korjan on 27th and 28th May in the CIS Delhi office.

It was organised as part of the Digital Identity project to explore the use of system’s thinking approach in a digital identity system, and addressing questions of policy choices and uses, while creating such a system. The workshop was attended by Amber Sinha, Ambika Tandon, Anubha Sinha, Pooja Saxena, Radhika Radhakrishnan, Saumyaa Naidu, Shruti Trikanad, Shyam Ponappa, Sumandro Chattapadhyay, Sunil Abraham, Swati Gautam, and Yesha Paul.

Dinesh Korjan is a proponent of the strategic use of design for the larger good. He is a product designer and co-founder of Studio Korjan in Ahmedabad. He complements his practice with active engagement in academics and teaches at many leading design schools including NID, Ahmedabad, Indian Institute of Technology (IIT), Gandhinagar, Srishti School of Art Design & Technology, Bangalore, and CEPT University, Ahmedabad.

The masterclass was aimed at learning to address complex problems using systems thinking approach. It involved experiential and collaborative learning through discussions, and doing and making activities. The workshop began with identifying different actors, processes, institutions, and other entities involved in a complex problem. The method of role-playing was introduced to learn to detail out and map the problem. Concepts such as synergy/ emergence, relationships, and flows were introduced through examples and case studies. These concepts were applied while mapping complex problems to find insights such as patterns, purposes, feedback loops, and finally a leverage. The workshop also introduced the idea of ephemeralization. Participants were prompted to find solutions that require least input but have greatest impact.

For further reading click here

For more details visit https://cis-india.org/internet-governance/blog/picking-2018wholes2019-thinking-in-systems-workshop

PIB plans a fact-checking unit to counter fake news

Smriti Kak Ramachandran — 2019-07-05T02:31:49Z

The article by Smriti Kak Ramachandran was published in the Hindustan Times on July 3, 2019. Sunil Abraham was quoted.

The Press Information Bureau (PIB), the government’s nodal agency for dissemination of information, has decided to set up of a fact checking unit to identify and counter any fake news about the government and its policies circulating on social media platforms.

According to a senior functionary aware of the development, the ministry of information and broadcasting (MIB), under which PIB is a unit has approved a plan to counter fake news in real-time. No deadline has been set so far for the project to take off, but it is expected to pick pace over the coming weeks. Details of how the tracking will be done, and the kind of accounts that will be tracked, weren’t immediately available.

The fact check unit will have officials from the PIB as well as employees hired on contract to monitor platforms such as Twitter, Facebook and Youtube to flag news that is fake and has the potential for creating social unrest.

“We will monitor and detect anything related to the government that is blatantly wrong, and put out correct information to ensure that people do not fall for wrong news,” the functionary quoted above said on condition of anonymity. He added that the possibility of penal action against those accounts found circulating fake news has not been discussed.

“We had a training session with a Hyderabad-based organisation, which does work in fact checking and putting out data that is meant for the public. Their experts helped us brainstorm on how to proceed with it,” the official said.

Countering fake news has been high on the government’s agenda; in 2016; the MIB suggested expanding its analytics wing to monitor social media and set up an early warning system for possible flashpoints that the government may be unprepared for. The social media analytics wing of the ministry, which is now defunct, scrutinized posts on social media platforms to generate reports for the Prime Minister’s Office, the National Security Advisor’ s Office and various intelligence bureaus, aside from ministries including home affairs, external affairs and defence.

In 2018, the ministry constituted a committee to frame rules to regulate news portals and media websites. During the recently concluded Lok Sabha election, the election commission also worked with social media platforms to identify and pull down posts that were fake and could lead to vitiating the elections.
As per EC’s data, 650 posts were taken down by Facebook for voter misinformation, hate speech, violation of the model code of conduct and public morality and decency. Similarly, Twitter took down 220 posts, Sharechat 31, Google 5 and Whatsapp, three.

Commenting on the government’s move to set up the fact check unit, Sunil Abraham, of the Centre for Internet and Society, a research organisation said, “It is a good move; but what the government also needs to do is to have a policy in place which makes it necessary for social media companies to pay for the negative externalities being circulated. If they make a certain amount in revenue from advertising then on a similar scale they need to fund the fact checking ecosystem.”
On Monday Congress leader Digvijay Singh also demanded a policy to check fake news. Speaking during Zero Hour in the Rajya Sabha, Singh said fake news is more dangerous than terrorism.

He said fake news and unparliamentary language used on social media platforms trigger communal riots and create societal divide. “Many people (tweeting fake news) are followed by big people,” he said without naming anyone.

For more details visit https://cis-india.org/internet-governance/news/pibplans-a-fact-checking-unit-to-counter-fake-news

Phishing Attacks on the Rise

praskrishna — 2011-12-13T16:15:52Z

It is very difficult to spot a fake website from the real one these days...with all the new technologies to clearly deceive the eyes. However, there are some ways to make the real from the fake ones with the help of two visual cues. Sunil Abraham was on News 9 on December 2, 2011 speaking about two visual cues to distinguish between the fake and the real websites.

Speaking to Nolan Pinto, Sunil said that in the URL instead of "http" you will find an "https" and the second there will be a digital certificate that precedes the url which will give details about the authenticity of this particular website. The locket, the bottom of the browser is just a repetition of the same visual cue which is a difference between http and https, if there is encrypted traffic between you and the website then you are using a protocol called https and you can tell that https exists in the URL and there is also a lock at the bottom of the browser. If there is no encryption then "https" will be missing and also the lock icon will appear open.

The news was broadcasted on News 9. Watch the recorded video below:

VIDEO

For more details visit https://cis-india.org/news/phishing-attacks-on-rise

Perumal Murugan and the Law on Obscenity

Japreet Grewal — 2016-08-09T13:01:03Z

On July 5, 2016, the Madras High Court saved Perumal Murugan’s novel, Mathorubhagan from oblivion when it dismissed the claims against Murugan on the grounds of obscenity, spreading disharmony between communities, blasphemy, and defamation and upheld his freedom of expression in S. Tamilselvan & Perumal Murugan versus Government of Tamil Nadu. This judgment has received wide appreciation for its support for freedom of expression. What made it applause-worthy? Do we have reservations with the view of the High Court?

Murugan’s book is about a married couple, Kali and Ponna, who fail to have a child despite decades of their marriage. They succumb to social and familial pressures to allow Ponna (the wife) to participate in a sexual orgy (unrestrained sexual encounter involving many people) at a religious festival (the Vaikasi Car Festival) that takes place in Arthanareeswarar Temple, for begetting a child. The local community claimed that in the book, Murugan denigrated the Arthanareeswarar Temple, the deity, Lord Arthanareeswarar, festivities relating to Vaikasi Car Festival and the women of the Kongu Vellala Gounder community. Some sections of the community believed that the facts in the story were not true and found that the sexual mores associated with the community in the book were offensive.

The Court was required to evaluate, whether the novel was obscene (Section 292 of Indian Penal Code, 1860 (IPC)), offensive to the community (Section 153A of IPC) and the religion (Section 295 of IPC); and whether the State had the responsibility to protect the writer from mob violence on account of his controversial book. The Court held that the book was neither offensive nor did it hurt community or religious sentiments. The Court also held that the State had a positive obligation to protect Murugan against the mob. It would be useful to look at the analysis of the Court in drawing these conclusions and see if we completely agree with it.

The Court relied on the standard for determining obscenity in Aveek Sarkar v. State of West Bengal wherein, it was held that what is lascivious/appealing to the prurient interest/depraved or corrupt has to be tested using the contemporary ‘community standards. The Court was of the view that the novel was not offensive by the current mores (para 150 and 151). The Court further relied on MF Hussain v. Rajkumar Pandey, (also decided by Justice Sanjay Kishan Kaul) wherein it was held, that while evaluating obscenity in a work, “the judge has to place himself in the position of the author in order to appreciate what the author really wishes to convey and thereafter, placing himself in the position of the reader in every age group in whose hand the book is likely to fall, arrive at a dispassionate conclusion.”It is necessary to mention here that the community standards test has been criticised by scholars, worldwide, as it is difficult to divorce subjective morality of an individual and ascertain what those standards are. This indeterminacy interferes with the ability of judges to apply these standards. There is established scholarship that says that judges cannot divorce themselves from their subjectivities while evaluating obscenity in work of art or literature and may often reinforce the moral norms of the majority in the society thus crushing the moral standards of the minority. In India, we have a mixed bag of judgments that address the issue of obscenity. Seeing the difficulty in application of the community standards test, it is noteworthy that the ultimate fate of a book, painting or a film is dependent on the morality of an individual judge. In fact, the Court had asked a pertinent question in the judgment, “Would it be desirable for the Courts to intervene or should it be left to the readers to learn for themselves what they think and feel of the issue in question?” (para 136) However, it eventually reinforced these standards by applying the existing precedents on obscenity. The Court added thatunder Section 292, it was required to first prove whether the novel was obscene at all and only if it was found to be obscene it should be tested within the parameters of exceptionsit would fall under. The Court found that the novel was not obscene. There was no need to evaluate its social character to save it from a ban. While drawing this conclusion, the Court stated that, “sex, per se, was not treated as undesirable, but was an integral part right from the existence of civilization” (para 149) and that “in our society, we seem to be more bogged down by conservative Victorian philosophy rather than draw inspiration from our own literature and scriptures.”The Court also said, “there are different kinds of books available on the shelves of book stores to be read by different age groups from different strata. If you do not like a book, simply close it.”(para 148) While this reflects a progressive view of the judges on sexual morality, we have reservations on court’s reliance on ancient literature to justify why sex and its depiction in art or literature is not obscene.
We appreciate the observations that the Court has made while determining whether the novel hurt community or religious sentiments. The Court has acknowledged the declining tolerance level of the society (para 154) and stated that “any contra view or social thinking is met at times with threats or violent behaviour” (para 142).
The Court addressed the issue of harassment of writers and artists at the hands of a mob and held that there should “be a presumption in favour of free speech and expression as envisaged under Article 19(1)(a) of the Constitution of India” and emphasized the need for the State to protect those who suffer from hostility of several sections of a society as a consequence of holding a different view (para 175).Citing MF Hussain v. Rajkumar Pandey, the Court said “freedom of speech has no meaning if there is no freedom after speech.”The Court has identified the problematic sphere of mob violence and how it affects freedom of expression. However, we do not agree with what the Court held subsequently.

Reproducing an extract of the judgment here, “There is bound to be a presumption in favour of free speech and expression as envisaged under Article 19(1)(a) of the Constitution of India unless a court of law finds it otherwise as falling within the domain of a reasonable restriction under Article 19(2) of the Constitution of India.” (para 184) The words, “unless a court of law finds it otherwise as falling within the domain of a reasonable restriction under Article 19(2) of the Constitution of India.” indicate that the judiciary has the power to determine whether a certain type of speech could be restricted under Article 19 (2) of the Constitution of India. This understanding is incorrect. The language of Article 19 (2) makes it clear that speech could only be restricted by ‘law’ and judiciary cannot assume the authority to restrict speech. It has the authority to decide the applicability and the constitutionality of the law that restricts speech. The relevant part of Article 19 (2) is reproduced below for reference. “(2) Nothing in sub clause (a) of clause ( 1 ) shall affect the operation of any existing law, or prevent the State from making any law, in so far as such law imposes reasonable restrictions on the exercise of the right….” The Court further acknowledged that “the State and the police authorities would not be the best ones to judge such literary and cultural issues, which are best left to the wisdom of the specialists in the field and thereafter, if need be, the Courts” (para 181). The Court thus issued directions to the Government to constitute an expert body to deal with situations arising from such conflicts of views so that an independent opinion is forthcoming, keeping in mind the law evolved by the judiciary(para 181). There are concerns with this mandate of the Court; firstly, constituting an expert body to resolve conflict of views will not serve any purpose unless there are guidelines to evaluate work. It is difficult to dissociate subjectivity and ascertain objective standards for evaluating offensiveness of literary or artistic work. Secondly, reliance on expert opinion and then courts completely disregards existing law. Under Section 95 of the Code of Criminal Procedure,1973, the Government has the power to declare forfeiture of works which, it considers in violation of section 153A or section 153B or section 292 or section 293 or section 295A of the Indian Penal Code, 1860. The power to evaluate a piece of writing or other work has already been given to the government. The Court has created a parallel mechanism for evaluation by giving directions to constitute an expert panel. In the event this mechanism fails to resolve the conflict, it is suggested that courts would then be approached to address the matter. This is in complete disregard of the powers of the Government under Section 95.

In the Murugan judgment, the Court has attempted to provide a narrow interpretation of what is considered obscene, emphasized the need for the society to be more tolerant and for State to protect those members of the society who, on account of their views, suffer at the hands of an intolerant society. It is for these reasons, the judgment is, undoubtedly a sound precedent for protection of speech in India. However, it is concerning to see that in drawing these conclusions, the Court has reinforced vague legal standards of obscenity and in that regard, it remains yet another addition to the mixed bag of judgments.

For more details visit https://cis-india.org/internet-governance/perumal-murugan-and-the-law-on-obscenity

Personal Data, Public Profile

nishant — 2012-02-14T06:19:52Z

Whether we like it or not, we live in a world that is rapidly being Googlised, writes Nishant Shah in an article published by the Financial Express on February 13, 2012.

Apart from its core functions like search and email, we consume Google services and products around the clock and around the click—YouTube, Calendar, Docs, Google+, Google Reader, Google Analytics et al. On March 1, 2012, our increasingly co-dependent relationship with Google will reach a new stage of commitment as Google consolidates its privacy policies for the entire Google universe. If you are logged into your Google account, all your information across Google’s different platforms will be clubbed together to form a comprehensive profile of what you do online.

Google has suggested this will personalise your interactions with Google platforms. The videos you watch on YouTube might influence your search results; the links that you click on will affect the advertisements displayed to you; the mails that you read will establish proximity with your friends on Google+ ... A comprehensive profile of who you are, what you do, what you like, what you share and what you hide will be created. Google has shown unmatched commitment to transparency on user data retention, storage and usage over the years. However, a centralised profile on users rings a few alarm bells for me. There are three use-cases that immediately crop up with apocalyptic implications.

Death of anonymity: One of the biggest strengths of the internet, as a space for both political dissent and freedom of expression, is that it has allowed people to talk through their avatars without putting themselves in conditions of bodily harm. So, it was good to have a scenario where my activities on YouTube did not get mapped onto my more identifiable profile on Google+ and did not get correlated with my personal interactions on Gmail. Mapping all the actions of a user who might want a more distributed identity might lead to precarious conditions for users living in critical times.

Negotiation with governments: While Google claims that it is committed to protecting the safety of its users, we know that it is eventually subject to the rules of the countries that it operates in. In the past, say in skirmishes with China, we have seen that despite its powerful status, it is not exempt from the demands of different governments. Given the current state of negotiations around censorship that are ongoing in India, it is a little scary to think how users’ data can be abused by authoritative government officials. A multi-tiered, distributed system offers users safety which a consolidated one doesn’t.

Inter-platform repercussions: If something I do on a platform gets flagged as objectionable, does it mean that all my rights to Google World get revoked?

Hidden data collection: One of the things that a lot of people don’t realise is that Google, in its attempts at enriching our user experience, collects more data than you disclose. So, apart from the personal data that you have more control over, there is a range of other data—pages you visit, the time you spend there, links you click on, comments that you write, information you share, etc—which form a part of Google’s algorithms for you. Consolidation of this data through services like Ad Sense and Double Click might also expose you to third party advertisers who might abuse this information that is about you but not under your control.

Google’s consolidation of its privacy policies across platforms signal a new wave of information management on the web, where the earlier free-form distributed information practice is getting mapped on to the physical bodies of the users. While it might lead to better web services, it also means that we need to be more aware of our information practices and start preparing for a web that is going to demand more accountability from its users than ever before.

The author is a digital humanities scholar and Director-Research at the Bangalore-based Centre for Internet and Society.

The original article was published in the Financial Express

For more details visit https://cis-india.org/internet-governance/personal-data-public-profile

Personal Data Protection Bill must examine data collection practices that emerged during pandemic

Shweta Mohandas and Anamika Kundu — 2022-03-30T15:15:21Z

The PDP bill is speculated to be introduced during the winter session of the parliament soon. The PDP Bill in its current form provides wide-ranging exemptions which allow government agencies to process citizen’s data in order to fulfil its responsibilities. The bill could ensure that employers have some responsibility towards the data they collect from the employees.

The article by Shweta Mohandas and Anamika Kundu was originally published by news nine on November 29, 2021.

The Personal Data Protection Bill (PDP) is speculated to be introduced during the winter session of the parliament soon, and the report of the Joint Parliamentary Committee (JPC) has already been adopted by the committee on Monday. The Report of the JPC comes after almost two years of deliberation and secrecy over how the final version of the Personal Data Protection Bill will be. Since the publication of the 2019 version of the PDP Bill, the Covid 19 pandemic and the public safety measures have opened the way for a number of new organisations and reasons to collect personal data that was non-existent in 2019. Hence along with changes that have been suggested by multiple civil society organisations, the dissent notes submitted by the members of the JPC, the new version of the PDP Bill must also look at how data processing has changed over the span of two years.

Concerns with the bill

At the outset there are certain parts of the PDP Bill which need to be revised in order to uphold the spirit of privacy and individual autonomy laid out in the Puttaswamy judgement. The two sections that need to be in line with the privacy judgement are the ones that allow for non consensual processing of data by the government, and by employers. The PDP Bill in its current form provides wide-ranging exemptions which allow government agencies to process citizen's data in order to fulfil its responsibilities.

In the 2018 version of bill, drafted by the Justice Srikrishna Committee exemptions granted to the State with regard to processing of data was subject to a four pronged test which required the processing to be (i) authorised by law; (ii) in accordance with the procedure laid down by the law; (iii) necessary; and (iv) proportionate to the interests being achieved. This four pronged test was in line with the principles laid down by the Supreme Court in the Puttaswamy judgement. The 2019 version of the PDP Bill has diluted this principle by merely retaining the 'necessity principle' and removing the other requirements which is not in consonance with the test laid down by the Supreme Court in Puttaswamy.

Section 35 was also widely discussed in the panel meetings where members had argued the removal of 'public order' as a ground for exemption. The panel also insisted for 'judicial or parliamentary oversight' to grant such exemptions. The final report did not accept these suggestions stating a need to balance national security, liberty and privacy of an individual. There ought to be prior judicial review of the written order exempting the governmental agency from any provisions of the bill. Allowing the government to claim an exemption if it is satisfied to be "necessary or expedient" can be misused.

Another clause which gives the data principal a wide berth is with respect to employee data Section 13 of the current version of the bill provides the employer with a leeway into processing employee data (other than sensitive personal data) without consent based on two grounds: when consent is not appropriate, or when obtaining consent would involve disproportionate effort on the part of the employer.

The personal data so collected can only be collected for recruitment, termination, attendance, provision of any service or benefit, and assessing performance. This covers almost all of the activities that require data of the employee. Although the 2019 version of the bill excludes non-consensual collection of sensitive personal data (a provision that was missing in the 2018 version of the bill), there is still a lot of scope to improve this provision and provide employees further right to their data. At the outset the bill does not define employee and employer, which could result in confusion as there is no one definition of these terms across Indian Labour Laws.

Additionally, the bill distinguishes between employee and consumer, where the consumer of the same company or service has a greater right to their data than an employee. In the sense that the consumer as a data principal has the option to use any other product or service and also has the right to withdraw consent at any time, in the case of an employee the consequence of refusing consent or withdrawing consent would be being terminated from the employment. It is understood that there is a requirement for employee data to be collected, and that consent does not work the same way as it does in the case of a consumer.

The bill could ensure that employers have some responsibility towards the data they collect from the employees, such as ensuring that they are only used for the purpose for which they were collected, the employee knows how long their data will be retained, and know if the data is being processed by third parties. It is also worth mentioning that the Indian government is India's largest employer spanning a variety of agencies and public enterprises.

Concerns highlighted by JPC Members

Going back to the few members of the JPC who have moved dissent notes, specifically with regard to governmental exemptions. Jairam Ramesh filed a dissent note, to which many other opposition members followed suit. While Jairam Ramesh praised the JPC's functioning, he disagreed with certain aspects of the Report. According to him, the 2019 bill is designed in a manner where the right to privacy is given importance only in cases of private activities. He raised concerns regarding the unbridled powers given to the government to exempt itself from any of the provisions.

The amendment suggested by him would require parliamentary approval before exemption would take place. He also added that Section 12 of the bill which provided certain scenarios where consent was not needed for processing of personal data should have been made 'less sweeping'. Similarly, Gaurav Gogoi's note stated that the exemptions would create a surveillance state and similarly criticised Section 12 and 35 of the bill. He also mentioned that there ought to be parliamentary oversight for the exemptions provided in the bill.

On the same issue, Congress leader Manish Tiwari noted that the bill creates 'parallel universes' - one for the private sector which needs to be compliant and the other for the State which can exempt itself. He has opposed the entire bill stating there exists an "inherent design flaw". He has raised specific objections to 37 clauses and stated that any blanket exemptions to the state goes against the Puttaswamy Judgement.

In their joint dissent note, Derek O'Brien and Mahua Mitra have said that there is a lack of adequate safeguards to protect the data principals' privacy and the lack of time and opportunity for stakeholder consultations. They have also pointed out that the independence of the DPA will cease to exist with the present provision of allowing the government powers to choose members and the chairman. Amar Patnaik is to object to the lack of inclusion of state level authorities in the bill. Without such bodies, he says, there would be federal override.

Conclusion

While a number of issues were highlighted by civil society, the members of the JPC, and the media, the new version of the bill should also need to take into account the shifts that have taken place in view of the pandemic. The new version of the data protection bill should take into consideration the changes and new data collection practices that have emerged during the pandemic, be comprehensive and leave very little provisions to be decided later by the Rules.

For more details visit https://cis-india.org/internet-governance/blog/news-nine-shweta-mohandas-and-anamika-kundu-personal-data-protection-bill-must-examine-data-collection-practices-that-emerged-during-pandemic

Perché l'India ha tagliato internet al Kashmir

Raffaele Angius — 2019-08-22T01:31:46Z

Lo stato di isolamento imposto a più di 12,5 milioni di persone rischia di causare importanti disagi al Paese, nel quale è diventato praticamente impossibile comunicare con l’esterno. Problemi per ospedali e farmacie

The article by Raffaele Angius was published in WIRED.IT on August 19, 2019. Gurshabad Grover was quoted.

Dopo dodici giorni di blocco totale delle telecomunicazioni, l’India ha concesso il parziale ripristino delle linee telefoniche del Kashmir. Il 5 agosto il governo centrale di Nuova Delhi aveva sospeso lo statuto speciale di cui gode la regione, schierando decine di migliaia di soldati, arrestando diversi rappresentanti politici e sospendendone le linee telefoniche e iltraffico internet.

La decisione, presa unilateralmente dal primo ministro indiano Narendra Modi, mira a rimuovere i privilegi sanciti dalla costituzione del Kashmir, che settant’anni fa crearono le basi per l’unione dei due Paesi. Principale obiettivo di Nuova Delhi è l’abrogazione della legge che vieta l’acquisto di proprietà immobiliari ai cittadini non kashmiri, che secondo Modi impedirebbe la piena integrazione dell’area – l’unica a maggioranza musulmana – con l’India.

Blackout nelle comunicazioni

Ma lo stato di isolamento imposto a più di 12,5 milioni di persone rischia di causare importanti disagi al Paese confinante con il Pakistan, nel quale è diventato praticamente impossibile comunicare con l’esterno e in cui le infrastrutture critiche che fanno affidamento a Internet vivono profondi disagi. Come nel caso di ospedali e farmacie, che utilizzano la rete per ordinare nuovi medicinali.

“Le reti per le telecomunicazioni sono infrastrutture critiche e stavolta [il loro blocco] ha avuto un impatto decisivo sul funzionamento del Kashmir”, ha spiegato a Wired Gurshabad Grover, funzionario del Center for Internet and Society di Bangalore: “Alcuni report indicano che le linee di comunicazione non sono accessibili neanche per ospedali e cliniche: il risultato è che il personale si sta arrangiando per soddisfare le esigenze sanitarie”.

“Il governo indiano ha un record di sospensione delle telecomunicazioni e dei servizi internet nel Kashmir: secondo i dati rilevati dallo strumento di monitoraggio della rete del Software Freedom Law Center, questa è la sessantesima volta che succede solamente quest’anno”, ha spiegato Grover via mail.

Ma stavolta l’operazione di isolamento dell’area è stata più incisiva, con un blocco totale “di internet, reti mobili, linee terrestri, posta e televisione via cavo”, giustificate con l’esigenza di contenere la diffusione di informazioni false e gli episodi di violenza, come hanno spiegato gli stessi rappresentanti del governo. “Ma impedire ai giornalisti di fare il proprio lavoro, al contrario, favorisce la diffusione di notizie false -, ha obiettato Grover -. Inoltre, numerosi studi mostrano come lo spegnimento dei canali di comunicazione renda il coordinamento delle proteste pacifiche molto più difficili, con il rischio di portare a episodi di violenza”.

Dopo che per quasi due settimane anche le forze dell’ordine hanno dovuto utilizzare i telefoni satellitari per comunicare, parte delle linee telefoniche del Kashmir sono state ripristinate. Una ragione potrebbe essere che proprio il blackout informativo ha creato ulteriori allarmismi, avendo di fatto impedito a milioni di persone di comunicare con i propri familiari. “Ora i social network sono pieni di post allarmati provenienti da cittadini kashmiri che vivono in altri posti”, osserva Grover. Ma le contromisure non si sono fatte attendere, con la richiesta a Twitter da parte del governo indiano di rimuovere decine di account che scrivono della crisi, tra cui quelli di giornalisti e attivisti.

La crisi

Apparentemente lontana dal suo epilogo, l’ennesima crisi del Kashmir è approdata sul tavolo del Consiglio di sicurezza delle Nazioni Unite il 16 agosto, per la prima volta dal 1971. In una riunione a porte chiuse, come riporta la Cnn, sono intervenuti anche i diplomatici di Pakistan – il Paese musulmano direttamente confinante con la regione e che da anni sostiene segretamente i gruppi paramilitari dell’area – e Cina, che hanno chiesto all’India di garantire una risoluzione del conflitto. Così come negli ultimi settant’anni, gli emissari di Nuova Delhi hanno replicato che il Kashmir è una questione domestica che non riguarda la diplomazia internazionale. E per assicurarsi che la situazione rimanga tale, sembra che l’unica strategia sia quella di sottoporre a isolamento più di dodici milioni di persone.

For more details visit https://cis-india.org/internet-governance/news/raffaele-angius-august-19-2019-india-kashmir-internet

People voice their support for net neutrality, say Internet a utility not a luxury

praskrishna — 2015-05-08T01:56:28Z

As the campaign and support for net neutrality is picking up, Politicians, celebrities and a cross section of people are voicing their support for it. Net neutrality means all data and sites are treated and charged equally be it mobile app or any other app.

The blog post was published in IBN Live on April 13, 2015. Pranesh Prakash gave his inputs.

According to AIB whose video on net neutrality has gone viral, more than one lakh emails have been sent to the Telecom Regulatory Authority of India (TRAI) through the website savetheinternet.in. This is in response to the regulator's call for public consultation.

MK Stalin, DMK treasurer: The Internet is changing India. For the first time there is a platform that gives equal opportunity for everyone to gain knowledge and reap economic benefits. TRAI, the government telecom regulatory body is proposing to change this by allowing telecom companies to allow preferential access to websites. If this is allowed, companies will be allowed to charge extra for commonly used services like Whatsapp, YouTube, web based voice calling and many more. This will also allow telcos to allow preferential treatment of websites, allowing the big companies to destroy start-ups and internet based small business by blocking or slowing them down. This goes against the very concept of the Internet where every legal website or service is considered equal. This attempt to increase the profits of the telecom companies by surrendering social gains should be condemned. I request the TRAI to dismiss this proposal and let the Internet continue to be a neutral medium which serves our country and community instead of a select few companies.

Tathagata Satpathy, Dhenkanal MP: My concern was that why should TRAI get involved with private profit making companies and give them the facility to become a profiteering company. While saying this we must remember that Internet is not free anywhere in the world. That is accepted. My issue is with TRAI which has not even bothered to reply to my letter, I do not know why TRAI is getting involved and it has put itself in a situation where its interntions are suspect.

Nikhil Pahwa, Editor and publisher of Medianama: Startups may have to get license to provide services in India. Another outcome is communications firms will buy license. Third outcome is TRAI will allow ISP's to make some sites slow.

Pranesh Prakash, cyber security expert: So what the TRAI is proposing is something that should have every single Internet user very worried. There is some truth at least to what companies like Airtel etc. are saying which is that there is a difference in the regular trade standard for the Internet services and the telecom operators. But the correct solution for that is not to increase and sort a new license raj for Internet services but rather to decrease those over onerous burdens.

Riteish Deshmukh, actor: Net neutrality is as important as Freedom of Speech. Our Basic Right

Siddharth Malhotra, actor: Save The Internet push for net neutrality, Internet is a utility not a luxury.

Parineeti Chopra, actress: Save the Internet! Net neutrality is crucial! Proud of you boyses!

Shekhar Ravjiani, singer: Time to stand up and take a stand. Time to fight for what's right. Head to savetheinternet.in to make a difference.

Raghu Ram, Ex Roadies judge: PEOPLE!! Your internet and freedom are under attack in India! Listen to the AIB boys and join the fight.

For more details visit https://cis-india.org/internet-governance/news/ibn-live-april-13-2015-people-voice-their-support-for-net-neutrality-say-internet-a-utility-not-a-luxury

People should resist enforcement of UID scheme, say experts

praskrishna — 2013-03-11T06:45:23Z

Internationally recognized expert on law and poverty Dr. Usha Ramanathan Saturday urged citizens of the country to question the enforcement of the UID scheme that has no legitimacy.

This was published in newzfirst on March 3, 2013. CIS organized a workshop at the event.

Addressing the gathering of people from various sections of the society at a workshop- The Unique Identity Number (UID), National Population Register (NPR), and Governance - organized by the ‘Centre for Internet and Society’ and the ‘Say No to UID Campaign’ Ramanathan said that the enforcement of UID scheme is unconstitutional and a mere a experiment on the population.

The scheme is full of ambiguity, confusions and suspicions; while UIDAI says it as voluntary, other government agencies and enterprises have made them mandatory. Neither the government nor the UIDAI officials have the satisfactory answers for the concerns of citizens, she said.

Saying that the ‘Data’ is one of the important properties today, she elaborated that how the individual’s privacy and confidential data was breached after sharing with many companies and agencies, despite the assurances from the authorities.

Emphasizing the resistance against enforcement of UID scheme, another speaker Col. Mathew Thomas of Citizen Action Forum Bangalore, said “If we don’t resist this scheme now, we are putting pushing poor people of the country into more vulnerable situation. We need to fight it by protests and legal means.”

The workshop also discussed the National Population register (NPR), its impact on citizenship and the governance, and how they are linked with national security.

For more details visit https://cis-india.org/news/newzfirst-march-3-2013-people-should-resist-enforcement-of-uid-scheme-say-experts

People Should Have Right To Their Data, Not Companies, Says TRAI

Admin — 2018-07-29T05:44:51Z

Rules for protection of personal data in the telecom space are not sufficient, regulator TRAI said today while suggesting that consumers be given the right to choice, consent and to be forgotten to safeguard their privacy.

This was published by Bloomberg Quint on July 16, 2018. Pranesh Prakash was interviewed.

Recommending a series of measures of "privacy, security and ownership of data in telecom networks", the Telecom Regulatory Authority of India held that consumers are owners of their data and that entities controlling, processing their information are "mere custodians and do not have primary rights over this data".

"The Right to Choice, Notice, Consent, Data Portability, and Right to be Forgotten should be conferred upon the telecommunication consumers," TRAI recommended to the Department of Telecom. In order to ensure sufficient choices to the users of digital services, granularities in the consent mechanism should be built-in by the service providers, the regulator added.

TRAI has suggested that all entities in the digital ecosystem including telecom operators should transparently disclose the information about the privacy breaches on their websites along with the actions taken for mitigation, and preventing such breaches in future.

“This is the first time I’ve seen TRAI being bold enough to venture into this area,” said Pranesh Prakash, a policy director at the Centre for Internet Society. “There are many positives here in terms of the data protection regime that they want to set up,” he told BloombergQuint in an interview. “It talks about user choice, consent, about notice being mandatory and simplified in language that people understand rather than two hundred pages of legal forms.”

There are many things in it that law and technology nerds will rejoice over, for example, the need for greater amounts of encryption and asks DoT to revisit the limitations it has put on encryption because those limitations actually harm national security and user privacy.

Pranesh Prakash, Policy Director, Centre for Internet Society

Here are the highlights from the TRAI’s recommendation:

All entities in the digital ecosystem, which control or process the data, should be restrained from using meta-data to identify the individual users.
A study should be undertaken to formulate the standards for annonymisation/de-identification of personal data generated and collected in the digital eco-system.
Till such time a general data protection law is notified by the government, the existing rules/licence conditions applicable to TSPs for protection of users' privacy be made applicable to all the entities in the digital ecosystem.
The Right to Choice, Notice, Consent, Data Portability, and Right to be forgotten should be conferred upon the telecommunication consumers.
Data Controllers should be prohibited from using "preticked boxes" to gain users consent. Clauses for data collection and purpose limitation should be incorporated in the agreements.
Sharing of information concerning to data security breaches should be encouraged and incentivised to prevent/mitigate such occurrences in future.

The recommendations from TRAI come at a time when there are rising concerns around privacy and safety of user data, especially through mobile apps and social media platforms.

The regulator had issued a consultation paper entitled Privacy, Security and Ownership of Data in the Telecom Sector on Aug 9 last year and an open house discussion was held on Feb. 2. The TRAI had also invited comments and counter comments as part of the consultation.

(With inputs from PTI)

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-july-16-2018-people-should-have-right-to-their-data-not-companies-says-trai

People Driven and Tech Enabled – How AI and ML are Changing the Future of Cyber Security in India

Shweta Mohandas — 2018-03-11T15:30:50Z

On the 27th of February, Peter Sparkes the Senior Director, Cyber Security Services, Symantec conducted a webinar on the ‘5 Essentials of Every Next-Gen SOC’. In this webinar, he evaluated the problems that Security Operations Centers (SOCs) are currently facing, and explored possible solutions to these problems. The webinar also put emphasis on AI and ML as tools to improve cyber security. This blog draws key insights from the webinar, and explains how AI and ML can improve the cyber security process of Indian enterprises.

Introduction

In a study conducted by Cisco, it was found that in the past 12-18 months, cyber attacks have caused Indian companies to incur financial damages amounting to USD 500,000.

There is a need to strengthen the nodal agencies in an enterprise that can deal with these threats to prevent irreparable damage to enterprises and their customers. An SOC within any organization is the team responsible for detecting, monitoring, analyzing, communicating and remedying security threats. The SOC technicians employ a combination of technologies and processes to ensure that an enterprise’s security is not compromised. As instances of cyber attacks increase both in number and sophistication, SOCs need to use state of the art technologies to stay one step ahead of the attackers. Presently, SOCs face a number of infrastructural problems such as the low priority given to a cyber security budget, slower and passive response to threats, dearth of skilled technicians, and the absence of a global intelligence network for cyber-threats. This is where technologies such as Artificial Intelligence and Machine learning are helping, by monitoring the system to identify cyber attacks, and analyse the severity of the threat, and in some cases by blocking such threats.

Evolution of Security Operations Centers

In the same study, Cisco looked at the evolution of cyber threats and how companies were using technologies such as AI and ML to ameliorate those threats. Another key insight the study brought out was that 53 and 51 percent of the subject companies were reliant on ML and AI respectively. One of the reasons behind AI and ML’s effectiveness in cyber security is their capacity not only to detect known threats but also to use their learnings from data to detect unknown threats. In his webinar, Peter Sparkes also stated that SOCs were evolving into a ‘people driven and tech enabled’ system.

People Driven and Tech Enabled

In the case of cyber security, which in itself is a relatively new field, technologies such as AI and ML are helping companies to not only overcome infrastructural barriers but also to respond proactively to threats. A study conducted by the Enterprise Strategy Group, revealed that one-third of the respondents believed that ML technology could detect new and unknown malware.

The study also stated that the use of machine learning to detect and prevent threats from unknown malware reduced the number of cases the cyber security team had to investigate.

Similarly, the tasks of monitoring and blocking which were earlier conducted by entry level analysts were now done by systems, using machine learning. Typically, the AI acts as the first monitoring system after which the threat is examined by the company’s technicians who possess the requisite skill set and experience. By delegating the time consuming task of continuous monitoring to an ML system, the technicians now have time to look at serious threats. In this way AI and humans are working together to build a stronger and responsive security protocol.

Detecting the Unknown

Cyber criminals are becoming increasingly sophisticated, and in order to prevent attacks the monitoring systems (both human and automated) need to be able to detect them before the security is compromised. The detection of threats through AI and ML is done in a similar way as it is done for the identification of spam, where the system is trained on a large amount of data which teaches the algorithm to identify right from wrong.

There have been numerous cases of stealthy cyber attacks such as wannacry and ransomware, that have evaded detection by conventional security firewalls and caused crippling damage. There is also the need to use deception technology which involves automatic detection and analysis of attacks. This technology then tricks the attackers and defeats them to bring back normalcy to the system.

The systems that can handle threats by themselves do so by following a predetermined procedure, or playbook where the AI detects activities that go against the procedure/playbook. This is more effective compared to the earlier system where the technicians would analyse the attacks on a case by case basis.

AI and ML can help in reducing the time required to detect threats enabling technicians to act proactively and prevent damage. As AI and ML systems are less prone to make mistakes compared to human beings, each threat is dealt with in a prompt and accurate manner. AI systems also help by categorising attacks based on their propensity for damage. These systems can use the large volumes of data collected about previous attacks and adapt over time to give enterprises a strong line of defence against attacks.

Passive to Active Defense

Threat to cyber security can emerge even in seemingly safe departments, such as Human Resources. It is therefore important to proactively hunt for threats across all departments uniformly.

In order to detect an anomaly, the AI and ML system will require both large volumes of data as well as a significant amount of processing power, which is difficult for smaller companies to provide. A possible solution to improve defense is to have a system of sharing SOC data between companies, and thereby creating a global database of intelligence. A system of global intelligence and threat data sharing could help smaller companies combat cyber threats without having to compromise on core business development.

Use of AI in Cyber Security in India

In 2017, Indian enterprises were infected by two lethal cyber attacks called Nyetya that crept through a trusted software - Ccleaner and infected computers

. These attacks may just be the tip of the iceberg , since there may be many other attacks that might have gone unreported, or worse, undetected. Cisco reported that less than 55 per cent of the Indian enterprises were reliant on AI or ML for combating cyber threats. Although the current numbers seem bleak, there are a number of Indian enterprises that have recently begun using AI and ML in cyber security.

One such example is HDFC bank which is in the process of introducing an AI based Cyber Security Operations Centre (CSOC).

This CSOC is based on a four point approach to dealing with threats - prevent, detect, respond and recover. The government of India has also taken its first step towards the use of AI in cyber security through a project that aims to provide cyber forensic services to the various agencies of the government including law enforcement.

Indian intelligence agencies have also entered into an agreement with tech startup Innefu, which utilizes AI, to process data and decipher threats by looking at the patterns of past threats.

As India is increasingly becoming data dense both private and public organizations need to consider cyber security with utmost seriousness and protect the data from crippling attacks.

Conclusion

Enterprises have become storehouses of user data and the SOCs have a responsibility to protect this data. The companies’ SOCs have been plagued with several problems such as lack of skilled technicians, delay in response time and the inability to proactively respond to attacks. AI and ML can help in a system of continuous monitoring as well as take over the more repetitive and time consuming tasks, leaving the technicians with more time to work on damage control. Although it must be kept in mind that AI is not a silver bullet, since attackers will try their best to confuse the AI systems through evasion techniques such as adversarial AI (where the attackers design machine learning models that are intended to confuse the AI model into making a mistake).

Hence, human intervention and monitoring of AI and ML systems in cyber security is essential to maintain the defence and protection mechanisms of enterprises.

A few topics that Indian SOCs need to consider while using AI and ML :

1. The companies need to understand that AI and ML need human expertise and supervision to be effective and hence substituting people for AI is not ideal.

2. The companies need to give equal if not more importance to data security.

3. The companies need to constantly upgrade their systems and re-skill their technicians to combat cyber security threats.

4. The AI and ML systems need to be regularly audited to ensure that they are not compromised by cyber attacks and also to ensure that they are not generating false positives.

[]. Cisco, (2018, February). Annual Cybersecurity Report. Retrieved March 8, 2018, from https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/acr2018/acr2018final.pdf?dtid=odicdc000016&ccid=cc000160&oid=anrsc005679&ecid=8196&elqTrackId=686210143d34494fa27ff73da9690a5b&elqaid=9452&elqat=2

[]. Ibid.

[]. Enterprise Strategy Group (2017, March ). Top-of-mind Threats and Their Impact on Endpoint Security Decisions. Retrieved March 8, 2018 from https://www.cylance.com/content/dam/cylance/pdfs/reports/ESG-Research-Insights-Report-Summary-Cylance-Oct-2017.pdf

[]. Ibid.

[]. Vorobeychik,Y (2016). Adversarial AI. Retrieved March 8, 2018, from https://www.ijcai.org/Proceedings/16/Papers/609.pdf

[]. Quora. ( 2081, February 15). How Will Artificial Intelligence And Machine Learning Impact Cyber Security? Retrieved March 8, 2018, from https://www.forbes.com/sites/quora/2018/02/15/how-will-artificial-intelligence-and-machine-learning-impact-cyber-security/#569454786147

[]. Sparkes, P. (2018, February 27). The 5 Essentials of Every Next-Gen SOC. Retrieved March 8, 2018, from https://www.brighttalk.com/webcast/13389/303251/the-5-essentials-of-every-next-gen-soc

[]. PTI. ( 2018, February 21).Indian companies lost $500,000 to cyber.Retrieved March 8, 2018, from https://economictimes.indiatimes.com/tech/internet/indian-companies-lost-500000-to-cyber-attacks-in-1-5-years-cisco/articleshow/63019927.cms

[]. Raval, A. ( 2018,January 30). AI takes cyber security to a new level for HDFC Bank.Retrieved March 8, 2018, from http://computer.expressbpd.com/magazine/ai-takes-cyber-security-to-a-new-level-for-hdfc-bank/23580/

[]. “The Centre for Development of Advanced Computing (C-DAC) under the Ministry of Electronics and Information Technology (MeitY) is working on a project to provide cyber forensic services to law-enforcing and other government and non-government agencies.” Ohri, R. (2018, February 15. Government readies AI-muscled cyber security plan. Retrieved March 8, 2018, from https://economictimes.indiatimes.com/news/politics-and-nation/government-readies-ai-muscled-cyber-security-plan/articleshow/62922403.cms utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

[]. Chowdhury, P.A. (2017, January 30). Cyber Warfare at large in Southeast Asia, India leverages AI for the same cause Retrieved March 8, 2018, from https://analyticsindiamag.com/cyber-warfare-large-southeast-asia-india-leverages-ai-cause/

[]. Open AI.(2017 February 24). Attacking Machine Learning with Adversarial Examples. Retrieved March 8, 2018, from https://blog.openai.com/adversarial-example-research/

For more details visit https://cis-india.org/internet-governance/blog/people-driven-and-tech-enabled-2013-how-ai-and-ml-are-changing-the-future-of-cyber-security-in-india

Pension won’t be denied for want of Aadhaar, says EPFO

Admin — 2018-04-10T22:33:39Z

The move is aimed at ensuring that no retired government employee is deprived of pension for want of Aadhaar or failure of fingerprint authentication.

The article by Prashant K. Nanda and Komal Gupta published by Livemint on April 11, 2018 quoted Pranesh Prakash.

Tens of thousands of pensioners under the employees pension scheme will not be denied their monthly pension if their Aadhaar authentication fails or they do not have the 12-digit unique ID, the Employees Provident Fund Organisation (EPFO) has indicated.

The retirement fund manager has asked banks and post offices to facilitate pension disbursement without making senior citizens do the rounds.

The move comes after EPFO received several complaints of denial of pension by banks.

For paying pension to those whose fingerprint authentication fails, “banks may make provisions for iris scanner, along with the fingerprint scanner in bank branches. It has been observed that in many cases, iris authentication is successful even though fingerprint authentication may have failed. This is particularly true for many senior citizens. In such cases, digital life certificate may be generated on the basis of iris authentication and pension may be given,” the EPFO said in a circular on Monday.

And when both iris and fingerprint authentication are not feasible, “an entry should be made in the exception register with reasons and pension may be provided on the basis of paper life certificate and physical Aadhaar card or E-Aadhaar card of the pensioner after due verification as deemed fit by the bank,” the circular said.

The move is aimed at ensuring that no senior citizen is deprived of pension for want of Aadhaar or failure of fingerprint authentication.

Banks have been advised to ensure that benefits of the pension scheme reach the citizens and a proper mechanism for “handling exceptions” is put in place.

“Banks should make special arrangements for the bed-ridden, differently abled, or senior citizens who are unable to visit the Aadhaar enrolment centre,” the circular said.

EPFO has also instructed pension disbursing banks and post offices to make necessary arrangements for enrolling pensioners for Aadhaar and to carry out authentication through iris, especially for those who cannot be verified through fingerprints.

The Unique Identification Authority of India (UIDAI) has been under the scanner over the past few months over allegations of access to pension being denied as the fingerprints of the elderly do not match biometrics in the Aadhaar database.

So far, pensioners had to furnish a life certificate and needed to authenticate it using biometrics.

“The fact that it is coming now means that the Unique Identification Authority of India’s claim in the Supreme Court about no person having been denied any benefit due to the lack of Aadhaar is simply untrue,” said Bengaluru-based Pranesh Prakash, an affiliated fellow with the Yale Law School’s Information Society Project that works on issues related to the intersection of law, technology and society.

Prakash, however, welcomed EPFO’s move laying down “a procedure both for those who don’t have an Aadhaar number, as well as those whose biometrics fail for any reason”.

Prakash further said that “as per the UIDAI’s own data, failure rates for iris authentication are higher (8.54%) than for fingerprints (6%). So the utility of pushing for iris authentication is unclear.”

There are more than 1.2 billion Aadhaar holders in the country.

For more details visit https://cis-india.org/internet-governance/news/livemint-prashant-k-nanda-and-komal-gupta-pension-wont-be-denied-for-want-of-aadhaar-epfo