We are anonymous, we are legion

It’s the technology, stupid

sunil — 2017-04-07T12:53:21Z

Eleven reasons why the Aadhaar is not just non-smart but also insecure.

The article was published in Hindu Businessline on March 31, 2017.

Aadhaar is insecure because it is based on biometrics. Biometrics is surveillance technology, a necessity for any State. However, surveillance is much like salt in cooking: essential in tiny quantities, but counterproductive even if slightly in excess. Biometrics should be used for targeted surveillance, but this technology should not be used in e-governance for the following reasons:

One, biometrics is becoming a remote technology. High-resolution cameras allow malicious actors to steal fingerprints and iris images from unsuspecting people. In a couple of years, governments will be able to identify citizens more accurately in a crowd with iris recognition than the current generation of facial recognition technology.

Two, biometrics is covert technology. Thanks to sophisticated remote sensors, biometrics can be harvested without the knowledge of the citizen. This increases effectiveness from a surveillance perspective, but diminishes it from an e-governance perspective.

Three, biometrics is non-consensual technology. There is a big difference between the State identifying citizens and citizens identifying themselves to the state. With biometrics, the State can identify citizens without seeking their consent. With a smart card, the citizen has to allow the State to identify them. Once you discard your smart card the State cannot easily identify you, but you cannot discard your biometrics.

Four, biometrics is very similar to symmetric cryptography. Modern cryptography is asymmetric. Where there is both a public and a private key, the user always has the private key, which is never in transit and, therefore, intermediaries cannot intercept it. Biometrics, on the other hand, needs to be secured during transit. The UIDAI’s (Unique Identification Authority of India overseeing the rollout of Aadhaar) current fix for its erroneous choice of technology is the use of “registered devices”; but, unfortunately, the encryption is only at the software layer and cannot prevent hardware interception.

Five, biometrics requires a centralised network; in contrast, cryptography for smart cards does not require a centralised store for all private keys. All centralised stores are honey pots — targeted by criminals, foreign States and terrorists.

Six, biometrics is irrevocable. Once compromised, it cannot be secured again. Smart cards are based on asymmetric cryptography, which even the UIDAI uses to secure its servers from attacks. If cryptography is good for the State, then surely it is good for the citizen too.

Seven, biometrics is based on probability. Cryptography in smart cards, on the other hand, allows for exact matching. Every biometric device comes with ratios for false positives and false negatives. These ratios are determined in near-perfect lab conditions. Going by press reports and even UIDAI’s claims, the field reality is unsurprisingly different from the lab. Imagine going to an ATM and not being sure if your debit card will match your bank’s records.

Eight, biometric technology is proprietary and opaque. You cannot independently audit the proprietary technology used by the UIDAI for effectiveness and security. On the other hand, open smart card standards like SCOSTA (Smart Card Operating System for Transport Applications) are based on globally accepted cryptographic standards and allow researchers, scientists and mathematicians to independently confirm the claims of the government.

Nine, biometrics is cheap and easy to defeat. Any Indian citizen, even children, can make gummy fingers at home using Fevicol and wax. You can buy fingerprint lifting kits from a toystore. To clone a smart card, on the other hand, you need a skimmer, a printer and knowledge of cryptography.

Ten, biometrics undermines human dignity. In many media photographs — even on the @UIDAI’s Twitter stream — you can see the biometric device operator pressing the applicant’s fingers, especially in the case of underprivileged citizens, against the reader. Imagine service providers — say, a shopkeeper or a restaurant waiter — having to touch you every time you want to pay. Smart cards offer a more dignified user experience.

Eleven, biometrics enables the shirking of responsibility, while cryptography requires a chain of trust.

Each legitimate transaction has repudiable signatures of all parties responsible. With biometrics, the buck will be passed to an inscrutable black box every time things go wrong. The citizens or courts will have nobody to hold to account.

The precursor to Aadhaar was called MNIC (Multipurpose National Identification Card). Initiated by the NDA government headed by Atal Bihari Vajpayee, it was based on the open SCOSTA standard. This was the correct technological choice.

Unfortunately, the promoters of Aadhaar chose biometrics in their belief that newer, costlier and complex technology is superior to an older, cheaper and simpler alternative.

This erroneous technological choice is not a glitch or teething problem that can be dealt with legislative fixes such as an improved Aadhaar Act or an omnibus Privacy Act. It can only be fixed by destroying the centralised biometric database, like the UK did, and shifting to smart cards.

In other words, you cannot fix using the law what you have broken using technology.

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-businessline-march-31-2017-sunil-abraham-its-the-technology-stupid

How Aadhaar compromises privacy? And how to fix it?

sunil — 2017-04-01T07:00:06Z

Aadhaar is mass surveillance technology. Unlike targeted surveillance which is a good thing, and essential for national security and public order – mass surveillance undermines security. And while biometrics is appropriate for targeted surveillance by the state – it is wholly inappropriate for everyday transactions between the state and law abiding citizens.

The op-ed was published in the Hindu on March 31, 2017.

When assessing a technology, don't ask - “what use is it being put to today?”. Instead, ask “what use can it be put to tomorrow and by whom?”. The original noble intentions of the Aadhaar project will not constrain those in the future that want to take full advantage of its technological possibilities. However, rather than frame the surveillance potential of Aadhaar in a negative tone as three problem statements - I will propose three modifications to the project that will reduce but not eliminate its surveillance potential.

Shift from biometrics to smart cards: In January 2011, the Centre for Internet and Society had written to the parliamentary finance committee that was reviewing what was then called the “National Identification Authority of India Bill 2010”. We provided nine reasons for the government to stop using biometrics and instead use an open smart card standard. Biometrics allows for identification of citizens even when they don't want to be identified. Even unconscious and dead citizens can be identified using biometrics. Smart cards, on the other hand, require pins and thus citizens' conscious cooperation during the identification process. Once you flush your smart cards down the toilet nobody can use them to identify you. Consent is baked into the design of the technology. If the UIDAI adopts smart cards, we can destroy the centralized database of biometrics just like the UK government did in 2010 under Theresa May's tenure as Home Secretary. This would completely eliminate the risk of foreign governments, criminals and terrorists using the biometric database to remotely, covertly and non-consensually identify Indians.

Destroy the authentication transaction database: The Aadhaar Authentication Regulations 2016 specifies that transaction data will be archived for five years after the date of the transaction. Even though the UIDAI claims that this is a zero knowledge database from the perspective of “reasons for authentication”, any big data expert will tell you that it is trivial to guess what is going on using the unique identifiers for the registered devices and time stamps that are used for authentication. That is how they put Rajat Gupta and Raj Rajratnam in prison. There was nothing in the payload ie. voice recordings of the tapped telephone conversations – the conviction was based on meta-data. Smart cards based on open standards allow for decentralized authentication by multiple entities and therefore eliminate the need for a centralized transaction database.

Prohibit the use of Aadhaar number in other databases: We must, as a nation, get over our obsession with Know Your Customer [KYC] requirements. For example, for SIM cards there is no KYC requirement is most developed countries. Our insistence on KYC has only resulted in retardation of Internet adoption, a black market for ID documents and unnecessary wastage of resources by telecom companies. It has not prevented criminals and terrorists from using phones. Where we must absolutely have KYC for the purposes of security, elimination of ghosts and regulatory compliance – we must use a token issued by UIDAI instead of the Aadhaar number itself. This would make it harder for unauthorized parties to combine databases while at the same time, enabling law enforcement agencies to combine databases using the appropriate authorizations and infrastructure like NATGRID. The NATGRID, unlike Aadhaar, is not a centralized database. It is a standard and platform for the express assembly of sub-sets of up to 20 databases which is then accessed by up to 12 law enforcement and intelligence agencies.

To conclude, even as a surveillance project – Aadhaar is very poorly designed. The technology needs fixing today, the law can wait for tomorrow.

For more details visit https://cis-india.org/internet-governance/blog/hindu-op-ed-sunil-abraham-march-31-2017-how-aadhaar-compromises-privacy-and-how-to-fix-it

March 2017 Newsletter

praskrishna — 2017-05-20T12:47:11Z

Welcome to March 2017 newsletter of the Centre for Internet & Society (CIS).

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS submitted comments on the draft Rights of Persons with Disabilities Rules for the consideration of the Department of Empowerment of Persons with Disabilities, Government of India. Anubha Sinha in a blog post has identified the various kinds of IP in an app and explained the protections available under Indian IPR law. CIS-A2K is conducting a Wiki internship project for students of New Law College, Pune under the guidance of Prof.Dr.Mukund Sarda, Dean and Principal of New Law College. In an Op-ed published in the Hindu, Sunil Abraham has stated that though biometrics may be appropriate for targeted surveillance by the state, it is wholly inappropriate for everyday transactions between state and law abiding citizens. CIS has published a survey that draws upon a range of literature including news articles, academic articles, and presentations and seeks to disaggregate the potential benefits and harms of big data, organising them into several broad categories that reflect the existing scholarly literature. CIS submitted comments on the Information Technology (Security of Prepaid Payment Instruments) Rules, 2017. The comments were in response to the Information Technology (Security of Prepaid Payment Instruments) Rules 2017. The Ministry of Electronics and Information Technology issued a consultation paper which called for developing a framework for security of digital wallets operating in the country. Ritam Sengupta, Dr. Richard Heeks, Sumandro Chattapadhyay, and Dr. Christopher Foster have co-authored a paper that presents exploratory research into “data-intensive development” that seeks to inductively identify issues and conceptual frameworks of relevance to big data in developing countries.

CIS in the news:

The 12-digit conundrum (Richa Mishra; Hindu Businessline; March 13, 2017)
EVMs: How transparent is the Indian election process? (Smriti Sharma Vasudeva; The Statesman; March 14, 2017).
Nasscom chief saying full data protection isn’t possible should wake us from our digital slumber (First Post; March 16, 2017).
Privacy concerns multiply for Aadhaar, India’s national biometric identity registry (One World Identity; March 17, 2017).
No ID, no benefits: thousands could lose lifeline under India’s biometric scheme (Guardian; March 21, 2017).
Why We Should All Worry About The Mandatory Imposition Of Aadhaar (Rimin Dutt and Ivan Mehta; Huffington Post; March 24, 2017).
India’s biometric ID scans make sci-fi a reality (Amy Kazmin; Financial Times; March 27, 2017).
क्‍या आधार पर जल्दबाज़ी में है सरकार? (NDTV; March 27, 2017).
Get an Aadhaar card if you don't have one (Priya Nair and Sanjay Kumar Singh; Business Standard; March 27, 2017).
The Aadhaar of all things (Shriya Mohan; Hindu Businessline; March 31, 2017).

CIS members wrote the following articles

Digital native: Lie Me a River (Nishant Shah; Indian Express; March 19, 2017).
It’s the technology, stupid (Sunil Abraham; Hindu Businessline; March 31, 2017).
How Aadhaar compromises privacy? And how to fix it? (Sunil Abraham; Hindu; March 31, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Submission

Comments on the draft Rights of Persons with Disabilities Rules (Nirmita Narasimhan; March 29, 2017).

-----------------------------------

Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

Blog Entry

Intellectual Property Rights and Mobile Apps (Anubha Sinha; March 6, 2017).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

"Marathi Bhasha Gaurav Din" celebrations in Maharashtra (Manasa Rao; March 7, 2017).
Women’s History Month: Sambad collaborates with Odia Wikipedia for a Two Day Edit-a-thon (Sailesh Patnaik; March 16, 2017).
Wikisource:Internship Project at New Law College, Pune (Subodh Kulkarni; March 28, 2017).

Events Organized

Women's Day Edit-a-thon (Co-organized by Sterlite Tech Foundation, Jnana Prabhodhini, and CIS-A2K; Pune; March 10, 2017). Subodh Kulkarni was one of the trainers.
Marathi Wikipedia Edit-a-thon on Environment Management (Organized by CSIBER College and CIS-A2K; Kolhapur; March 30, 2017). Subodh Kulkarni was a trainer.

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Participation in Events

National Consultation on OER for Higher Education (Organized by Commonwealth Educational Media Centre for Asia; New Delhi; March 3, 2017). Anubha Sinha attended the event.
Open Development Book - Authors' Workshop (Organized by International Development Research Centre and Centre for Innovation in Learning and Teaching; University of Cape Town, South Africa; March 11 - 12, 2017). The workshop gathered the contributers to an upcoming book by IDRC on open development. Elonnai Hickok, Gus Hosein from Privacy International and Sumandro Chattapadhyay are writing a chapter for this book.
Indo - French Perspectives on Digital Studies (Organized by Digital Studies Group; Jawaharlal Nehru University, New Delhi; March 15, 2017). Anubha Sinha was a speaker.

Blog Entries

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Submission

Comments on Information Technology (Security of Prepaid Payment Instruments) Rules, 2017 (Udbhav Tiwari, Pranesh Prakash, Abhay Rana, Amber Sinha and Sunil Abraham; March 23, 2017).

Participation in Events

WISER Lecture : Sumandro Chattapadhyay on Deregulation by Code (Organized by the University of the Witwatersrand; Johannesburg; March 8, 2017). Sumandro Chattapadhyay gave a talk.
Conference on Safety Against Online Child Sexual Abuse (Organized by CID, Telangana and the Department for Women Development and Child Welfare, Telangana; March 16 - 17, 2017). Japreet Grewal was a speaker.
State of Digital Rights in India (Organized by Centre for Communication Governance at National Law University, Delhi and the Internet Freedom Foundation, in association with Access Now; India International Centre, New Delhi; March 24, 2017). Japreet Grewal and Sumandro Chattapadhyay took part in panel discussions.
Hangout on Technology and Jobs (Organized by Google; March 24, 2017). Vanya Rakesh was a speaker.

Blog Entry

Analysis of Key Provisions of the Aadhaar Act Regulations (Amber Sinha and edited by Elonnai Hickok; March 31, 2017).

►Cyber Security

Upcoming Event

Digital Forensics and Cyber Investigations (CIS; New Delhi; April 7, 2017). IPS officer Dr. Madan M. Oberoi will give a talk.

►Big Data

Blog Entry

Benefits, Harms, Rights and Regulation: A Survey of Literature on Big Data (Amber Sinha, Vanya Rakesh, Vidushi Marda and Geethanjali Jujjavarapu; edited by Sunil Abraham, Elonnai Hickok and Leilah Elmokadem; March 23, 2017).

Participation in Event

The Fintech Disruption - Innovation, Regulation, and Transformation (Organized by Carnegie India; March 28, 2017). Sumandro Chattapadhyay attended the event.

►Freedom of Expression

Event Organized

Essentials of building internet tools for inclusion (Valencia, Spain; March 6, 2017). A talk jointly proposed by Chinmayi SK and Rohini Lakshané was selected for the Internet Freedom Festival.

Participation in Events

From Virtual to Reliable: Exploring Freedom and Facts in the World of WWW (World Wide Web) (Organized by Embassy of the Kingdom of Netherlands and Adaan Foundation; March 21, 2017). Saikat Datta and Amber Sinha were panelists.
Internet Freedom Festival 2017 (Organized by IFF; Valencia, Spain; March 6 - 10, 2017). Vidushi Marda participated in the event. Vidushi also attended these sessions: Data Protection Law and its Different Manifestations; Using the Ranking Digital Rights Corporate Accountability Index for Advocacy & Research; The identity we can't change: a new wave of biometric policies around the world and Enabling free speech online by legal defence: the need for skilled lawyers to secure the free flow of information online: Vidushi channeled a discussion about Shreya Singhal v. Union of India as an important case study in understanding how legal defence has been used to secure rights online.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Organisational Hurdles in Telecom (Shyam Ponappa; Business Standard; March 1, 2017 and Organizing India Blogspot; March 2, 2017)

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Research Paper

Exploring Big Data for Development: An Electricity Sector Case Study from India (Ritam Sengupta, Dr. Richard Heeks, Sumandro Chattapadhyay, and Dr. Christopher Foster; Global Development Institute, University of Manchester; March 29, 2017).

Blog Entry

Evaluating Safety Buttons on Mobile Devices: Preview (Rohini Lakshané and Chinmayi S.K.; March 27, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/march-2017-newsletter

WISER Lecture : Sumandro Chattapadhyay on Deregulation by Code

praskrishna — 2017-03-29T11:48:08Z

University of the Witwatersrand organized a talk by Sumandro Chattapadhyay on Derugulation by Code on March 8, 2017 in Johannesburg.

On November 08, 2017, the Government of India initiated a demonetisation process. It involved cancellation of Rs. 500 and Rs. 1,000 currency notes as legal tender, establishing of a time bound process for the notes to be returned to the banks, announcement of specific emergency services (such as hospitals and utilities) for which the canceled notes could still be used, and introduction of a new Rs. 2,000 note. While the purpose of the demonetisation move was publicly articulated in terms of removal of unaccounted wealth held in cash form, the state narrative quickly moved to being primarily focused on promotion of various forms of digital payments, especially mobile-based payments. The notion of a "WhatsApp moment" in Indian banking in particular, and in Asian banking in general, has been in circulation since 2015. Nandan Nilekani, a significant technocrat politician of India who has been CEO of Infosys (a major Indian IT company) and the Chairman of the UID/Aadhaar project, was one of the first persons to take note of this upcoming "revolution". In a lecture given by him on August 21, 2015, he described the technological and market forces, enabled by policy decision, that are going to disrupt the Indian banking landscape.

Sumandro's lecture discussed the linkages between this WhatsApp moment and the demonetisation move, and locate them in the context of institutional and technological changes happening in the Indian banking sector since 2008. The talk focused on the development and proliferation of the Unified Payments Interface - an universal, private-owned, government-backed, mobile-to-mobile payment infrastructure - as the key instrument through which the ongoing deregulation of banking in India is being driven.

For more details visit https://cis-india.org/internet-governance/news/wiser-lecture-sumandro-chattapadhyay-on-deregulation-by-code

Internet Freedom Festival 2017

praskrishna — 2017-03-29T11:24:38Z

The Global Unconference of the Internet Freedom Communities took place at Valencia in Spain from March 6 to 10, 2017. The event was organized by the IFF. Vidushi Marda on behalf of CIS took part in the event.

Vidushi as part of her work with Working Group 1 (WG1) of the Freedom Online Coalition (FOC), organised a workshop along with Mallory Knodel from APC. This workshop was titled "Practical implementations of human rights respecting cybersecurity policy". Participants in the workshop were divided into groups to evaluate the recommendations developed by WG1 in light of existing cyber security policies from around the world. The recommendations can be found here and the accompanying narrative document can be found here.

The session ended up being productive - we received feedback from participants about the effectiveness of the recommendations, and also about aspects of these recommendations that needed revisiting/more work. A more detailed account of the session can be found at the Wiki page.

Vidushi also attended the following sessions:

Data Protection Law and its Different Manifestations
Using the Ranking Digital Rights Corporate Accountability Index for Advocacy & Research
The identity we can't change: a new wave of biometric policies around the world
Enabling free speech online by legal defence: the need for skilled lawyers to secure the free flow of information online: Vidushi channeled a discussion about Shreya Singhal v. Union of India as an important case study in understanding how legal defence has been used to secure rights online. She specifically spoke about the distinction made in the judgment b/w communications on the internet vs. communications elsewhere.

For more info see here.

For more details visit https://cis-india.org/internet-governance/news/internet-freedom-festival-2017

Google Hangout on Technology and Jobs

praskrishna — 2017-03-29T10:38:42Z

Vanya Rakesh was a speaker at a Google hangout discussion held on Friday, March 24th, 2017 on "Technology and Jobs" as part of a project that ICRIER is doing with World Bank headquarters and several institutions across the world, titled “Jobs for Development”.

Video

For more details visit https://cis-india.org/internet-governance/news/google-hangout-on-technology-and-jobs

Net Neutrality Resources

praskrishna — 2017-04-22T09:11:21Z

Submissions by the Centre for Internet and Society to TRAI and DoT, 2015-2017.

Submission for TRAI Consultation on Regulatory Framework for Over-the-Top Services (June 29, 2015)
Submission to TRAI Consultation on Differential Pricing (January 7, 2016)
Counter Comments to TRAI on Differential Pricing (January 14, 2016)
TRAI Consultation on Differential Pricing for Data Services: Post-Open House Discussion Submission (January 25, 2016)
Submission to TRAI Consultation on Free Data (June 30, 2016)
Submission to TRAI Consultation on Proliferation of Broadband through Public WiFi Networks (August 28, 2016)
Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks (December 12, 2016)
Submission to TRAI Consultation on Net Neutrality (April 18, 2017)

For more details visit https://cis-india.org/internet-governance/resources/net-neutrality-resources

Conference on Safety Against Online Child Sexual Abuse

praskrishna — 2017-03-29T04:10:16Z

Japreet Grewal was a speaker at a conference on safety against online child sexual abuse which was jointly organized by CID, Telangana and the Department for Women Development and Child Welfare, Telangana on March 16 and 17, 2017 in Hyderabad.

Japreet spoke about the existing legal framework in India on online child sexual abuse and the challenges in implementing the preventive and response mechanisms to address this problem. Various stakeholders including media, police, school educators and child protection organisations attended this event.

Read the agenda here

For more details visit https://cis-india.org/internet-governance/news/conference-on-safety-against-online-child-sexual-abuse

From Virtual to Reliable: Exploring Freedom and Facts in the World of WWW (World Wide Web)

praskrishna — 2017-03-29T04:01:25Z

An interactive seminar on internet freedom was organized by the Embassy of the Kingdom of Netherlands and Adaan Foundation on March 21, 2017 at the India International Centre in New Delhi. Saikat Dutta and Amber Sinha were panelists.

The seminar was coincident with the inauguration of the World Press Photo Exhibition 2016. In total there were four panelists. Read the agenda here.

For more details visit https://cis-india.org/internet-governance/news/from-virtual-to-reliable-exploring-freedom-and-facts-in-the-world-of-www-world-wide-web

क्‍या आधार पर जल्दबाज़ी में है सरकार?

praskrishna — 2017-03-29T03:52:08Z

Amber Sinha took part in a discussion on Aadhaar aired by NDTV on March 27, 2017.

एक जुलाई 2017 से आयकर रिटर्न भरने और पैन नंबर के लिए आधार नंबर देना अनिवार्य हो जाएगा. बिना आधार के अब आयकर रिटर्न नहीं भरा जा सकेगा. जिस किसी के पास पैन कार्ड है उसे एक जुलाई तक आधार नंबर देना होगा. अगर ऐसा नहीं करेंगे तो पैन कार्ड अवैध हो जाएगा. माना जाएगा कि आपके पास पैन कार्ड या पैन नंबर नहीं है. आयकर फार्म और पैन नंबर में आधार को अनिवार्य किये जाने से कई सवाल फिर से उठे हैं. 2009 से लेकर 2017 के बीच आधार के इस्तमाल को लेकर, इसके लीक होने से लेकर अनिवार्य किये जाने के ख़तरे को लेकर कई बहसें सुनी, पचासों लेख पढ़े. दूसरी तरफ हमने समाज में देखा कि आधार को लेकर ग़ज़ब का उत्साह है.

Watch the Video on NDTV

For more details visit https://cis-india.org/internet-governance/news/ndtv-march-27-2017-discussion-on-aadhaar

The Fintech Disruption - Innovation, Regulation, and Transformation

praskrishna — 2017-03-29T02:10:49Z

Sumandro Chattapadhyay attended an event organized by Carnegie India on March 28, 2017. The aim of the initiative was that inclusive and sustainable regulations require constant interaction between policy makers and industry.

Select senior level policymakers, leaders from the banking industry and dynamic start-up founders and innovators gathered for the meet-up. The intention is to follow up on the discussions and debates from the round-table and come out with a detailed report on Fintech Regulations based on the research and conversations with start-ups and other valuable stakeholders.

See the conference agenda

For more details visit https://cis-india.org/internet-governance/news/the-fintech-disruption-innovation-regulation-and-transformation

Debate on Cyber Crime in TV9

praskrishna — 2017-03-28T15:25:40Z

Vidushi Marda took part in a debate on cyber crime which was aired on TV9 on January 13, 2017.

Vidushi spoke about the the definition of "cyber crime" within the IT Act, and also on proportionality of punishment/the best way to deal with such incidents. This programme was aired after a few college websites had been hacked to display false notices from deans, registrars, etc.

For more details visit https://cis-india.org/internet-governance/news/debate-on-cyber-crime-in-tv9

Democracy and the Internet in 2017

praskrishna — 2017-03-28T15:19:14Z

Vidushi Marda gave a talk at St. Joseph's College of Commerce in Bengaluru on January 25, 2017. Vidushi spoke about democracy and the internet. The 50 minute talk was followed by 20 minutes of questions/comments.

Undergraduate students from a variety of disciplines such as social science, engineering, business, etc. attended the lecture. The talk broadly focused on:

The relationship between democracy and the internet. Why/how are they are closely related.
The internet's role in changing information exchange and communication. I drew on examples like the Arab Spring/Elections/Political change.
The growing usage of internet platforms for elections and also governance. Problematising the fact that these few private platforms seem to monopolise the internet, are only restricted to a certain elite audience, cannot be conflated with actual governance etc.
Fake News.
Algorithmic curation and filter bubbles.

For more details visit https://cis-india.org/internet-governance/news/democracy-and-the-internet-in-2017

CIS representation at ICANN 58

praskrishna — 2017-03-28T14:22:22Z

The Internet Corporation for Assigned Names and Numbers (ICANN) organized ICANN 58 at Copenhagen from March 9 to March 16, 2017. On behalf of the Centre for Internet & Society (CIS), Vidushi Marda participated in the event and made a presentation.

CIS' focus at ICANN can broadly be divided into four heads: human rights, jurisdiction, transparency and accountability. Since March last year, we have also been pushing for changes in ICANN's expected standards of behavior, along with adoption of an anti harassment policy. After the IANA transition in September last year, the community is now divided into sub groups (SGs) that look into different issues for ICANN post transition, including the 4 that CIS works on. More information on ICANN 58 can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/cis-representation-at-icann-58

India’s biometric ID scans make sci-fi a reality

praskrishna — 2017-03-28T02:45:28Z

I have been thinking about my fingerprints and the secrets that may lie within my eyes — and whether I want to share them with the Indian government. I may not however have a choice.

The article by Amy Kazmin was published in the Financial Times on March 27, 2017. Sunil Abraham was quoted.

India has the world’s largest domestic biometric identification system, known as Aadhaar. Since 2010, the government has collected fingerprints and iris scans from more than 1bn residents, and each has been assigned a 12-digit identification number.

The scheme is championed by Nandan Nilekani, the billionaire co-founder of IT company Infosys. It was initially conceived to ensure poor Indians received subsidised food entitlements and other welfare benefits that were previously siphoned off by unscrupulous intermediaries. It was also seen as offering poor Indians, many of whom lack birth certificates, with a portable ID that can be used anywhere in the country.

Until now, obtaining an Aadhaar number was voluntary, though most Indians enrolled without hesitation as they see its potential benefits. But New Delhi is now enlisting Aadhaar, which means “foundation” or “base” in Hindi, in more than just welfare schemes. This would mean sharing one’s biometric details isn’t really optional any more despite a Supreme Court ruling that it should be “purely voluntary”.

Last week, the government issued a rule requiring an Aadhaar number for filing tax returns, ostensibly to improve tax compliance. It has also decided that all cell phone numbers must be linked to an Aadhaar number by 2018. Even Indian Railways has plans to demand Aadhaar from those booking train tickets online.

What was once touted as an initiative to improve delivery of welfare suddenly now seems like the foundation of a surveillance state — and I admit the prospect of putting my own biometrics in the database leaves me uneasy.

As a US citizen, I’ve never had to give my biometric data to my government. Domestically, fingerprints are only taken from criminal suspects, or applicants for government jobs, though I know foreign citizens are fingerprinted on arrival.

To me, the idea of sharing eye scans evokes the dystopian Hollywood film, Minority Report, which depicts a near future in which optical-recognition cameras allow the authorities to identify anyone in any public place. The hero on the run, played by Tom Cruise, has an illegal eye transplant to avoid detection.

In recent days, many Indian academics and activists have raised concerns about Aadhaar data security, the lack of privacy rules and the absence of any accountability structure if data are misused.

"Biometrics is being weaponised," says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society. "What you need to be worried about is that someone will clean out your bank account or frame you in a crime," he says.

Pratap Bhanu Mehta, director of the Centre for Policy Research, has written of the “conversion of Aadhaar from a tool of citizen empowerment to a tool of state surveillance and citizen vulnerability”.

I call Mr Nilekani, of whose honourable intentions I have no doubt. After leaving Infosys in 2009, he spent five years in government, working to get Aadhaar off the ground. He says he is “extremely offended” when his project is accused of being part of a surveillance society, a narrative he says is “completely misrepresenting” the project. “I can steal your fingerprint off your glass. I don’t need this fancy technology,” he says. “Surveillance is far better done by following my phone, or when I use a map to order a taxi: the map knows where I am. Our internet companies know where you are.”

But in a society known for ingenious means of bypassing rules, such as having multiple taxpayer ID cards to aid evasion, Mr Nilekani says biometric authentication of individuals can bring discipline and reduce cheating. “It’s like you are creating a rule-based society,” he says, “it’s the transition that is going on right now.” I hang up, hardly reassured. To me, it seems clear that in India, as in so many places these days, Big Brother is increasingly watching.

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-27-2017-amy-kazmin-indias-biometric-id-scans-make-sci-fi-a-reality