We are anonymous, we are legion

People voice their support for net neutrality, say Internet a utility not a luxury

praskrishna — 2015-05-08T01:56:28Z

As the campaign and support for net neutrality is picking up, Politicians, celebrities and a cross section of people are voicing their support for it. Net neutrality means all data and sites are treated and charged equally be it mobile app or any other app.

The blog post was published in IBN Live on April 13, 2015. Pranesh Prakash gave his inputs.

According to AIB whose video on net neutrality has gone viral, more than one lakh emails have been sent to the Telecom Regulatory Authority of India (TRAI) through the website savetheinternet.in. This is in response to the regulator's call for public consultation.

MK Stalin, DMK treasurer: The Internet is changing India. For the first time there is a platform that gives equal opportunity for everyone to gain knowledge and reap economic benefits. TRAI, the government telecom regulatory body is proposing to change this by allowing telecom companies to allow preferential access to websites. If this is allowed, companies will be allowed to charge extra for commonly used services like Whatsapp, YouTube, web based voice calling and many more. This will also allow telcos to allow preferential treatment of websites, allowing the big companies to destroy start-ups and internet based small business by blocking or slowing them down. This goes against the very concept of the Internet where every legal website or service is considered equal. This attempt to increase the profits of the telecom companies by surrendering social gains should be condemned. I request the TRAI to dismiss this proposal and let the Internet continue to be a neutral medium which serves our country and community instead of a select few companies.

Tathagata Satpathy, Dhenkanal MP: My concern was that why should TRAI get involved with private profit making companies and give them the facility to become a profiteering company. While saying this we must remember that Internet is not free anywhere in the world. That is accepted. My issue is with TRAI which has not even bothered to reply to my letter, I do not know why TRAI is getting involved and it has put itself in a situation where its interntions are suspect.

Nikhil Pahwa, Editor and publisher of Medianama: Startups may have to get license to provide services in India. Another outcome is communications firms will buy license. Third outcome is TRAI will allow ISP's to make some sites slow.

Pranesh Prakash, cyber security expert: So what the TRAI is proposing is something that should have every single Internet user very worried. There is some truth at least to what companies like Airtel etc. are saying which is that there is a difference in the regular trade standard for the Internet services and the telecom operators. But the correct solution for that is not to increase and sort a new license raj for Internet services but rather to decrease those over onerous burdens.

Riteish Deshmukh, actor: Net neutrality is as important as Freedom of Speech. Our Basic Right

Siddharth Malhotra, actor: Save The Internet push for net neutrality, Internet is a utility not a luxury.

Parineeti Chopra, actress: Save the Internet! Net neutrality is crucial! Proud of you boyses!

Shekhar Ravjiani, singer: Time to stand up and take a stand. Time to fight for what's right. Head to savetheinternet.in to make a difference.

Raghu Ram, Ex Roadies judge: PEOPLE!! Your internet and freedom are under attack in India! Listen to the AIB boys and join the fight.

For more details visit https://cis-india.org/internet-governance/news/ibn-live-april-13-2015-people-voice-their-support-for-net-neutrality-say-internet-a-utility-not-a-luxury

People should resist enforcement of UID scheme, say experts

praskrishna — 2013-03-11T06:45:23Z

Internationally recognized expert on law and poverty Dr. Usha Ramanathan Saturday urged citizens of the country to question the enforcement of the UID scheme that has no legitimacy.

This was published in newzfirst on March 3, 2013. CIS organized a workshop at the event.

Addressing the gathering of people from various sections of the society at a workshop- The Unique Identity Number (UID), National Population Register (NPR), and Governance - organized by the ‘Centre for Internet and Society’ and the ‘Say No to UID Campaign’ Ramanathan said that the enforcement of UID scheme is unconstitutional and a mere a experiment on the population.

The scheme is full of ambiguity, confusions and suspicions; while UIDAI says it as voluntary, other government agencies and enterprises have made them mandatory. Neither the government nor the UIDAI officials have the satisfactory answers for the concerns of citizens, she said.

Saying that the ‘Data’ is one of the important properties today, she elaborated that how the individual’s privacy and confidential data was breached after sharing with many companies and agencies, despite the assurances from the authorities.

Emphasizing the resistance against enforcement of UID scheme, another speaker Col. Mathew Thomas of Citizen Action Forum Bangalore, said “If we don’t resist this scheme now, we are putting pushing poor people of the country into more vulnerable situation. We need to fight it by protests and legal means.”

The workshop also discussed the National Population register (NPR), its impact on citizenship and the governance, and how they are linked with national security.

For more details visit https://cis-india.org/news/newzfirst-march-3-2013-people-should-resist-enforcement-of-uid-scheme-say-experts

People Should Have Right To Their Data, Not Companies, Says TRAI

Admin — 2018-07-29T05:44:51Z

Rules for protection of personal data in the telecom space are not sufficient, regulator TRAI said today while suggesting that consumers be given the right to choice, consent and to be forgotten to safeguard their privacy.

This was published by Bloomberg Quint on July 16, 2018. Pranesh Prakash was interviewed.

Recommending a series of measures of "privacy, security and ownership of data in telecom networks", the Telecom Regulatory Authority of India held that consumers are owners of their data and that entities controlling, processing their information are "mere custodians and do not have primary rights over this data".

"The Right to Choice, Notice, Consent, Data Portability, and Right to be Forgotten should be conferred upon the telecommunication consumers," TRAI recommended to the Department of Telecom. In order to ensure sufficient choices to the users of digital services, granularities in the consent mechanism should be built-in by the service providers, the regulator added.

TRAI has suggested that all entities in the digital ecosystem including telecom operators should transparently disclose the information about the privacy breaches on their websites along with the actions taken for mitigation, and preventing such breaches in future.

“This is the first time I’ve seen TRAI being bold enough to venture into this area,” said Pranesh Prakash, a policy director at the Centre for Internet Society. “There are many positives here in terms of the data protection regime that they want to set up,” he told BloombergQuint in an interview. “It talks about user choice, consent, about notice being mandatory and simplified in language that people understand rather than two hundred pages of legal forms.”

There are many things in it that law and technology nerds will rejoice over, for example, the need for greater amounts of encryption and asks DoT to revisit the limitations it has put on encryption because those limitations actually harm national security and user privacy.

Pranesh Prakash, Policy Director, Centre for Internet Society

Here are the highlights from the TRAI’s recommendation:

All entities in the digital ecosystem, which control or process the data, should be restrained from using meta-data to identify the individual users.
A study should be undertaken to formulate the standards for annonymisation/de-identification of personal data generated and collected in the digital eco-system.
Till such time a general data protection law is notified by the government, the existing rules/licence conditions applicable to TSPs for protection of users' privacy be made applicable to all the entities in the digital ecosystem.
The Right to Choice, Notice, Consent, Data Portability, and Right to be forgotten should be conferred upon the telecommunication consumers.
Data Controllers should be prohibited from using "preticked boxes" to gain users consent. Clauses for data collection and purpose limitation should be incorporated in the agreements.
Sharing of information concerning to data security breaches should be encouraged and incentivised to prevent/mitigate such occurrences in future.

The recommendations from TRAI come at a time when there are rising concerns around privacy and safety of user data, especially through mobile apps and social media platforms.

The regulator had issued a consultation paper entitled Privacy, Security and Ownership of Data in the Telecom Sector on Aug 9 last year and an open house discussion was held on Feb. 2. The TRAI had also invited comments and counter comments as part of the consultation.

(With inputs from PTI)

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-july-16-2018-people-should-have-right-to-their-data-not-companies-says-trai

People Driven and Tech Enabled – How AI and ML are Changing the Future of Cyber Security in India

Shweta Mohandas — 2018-03-11T15:30:50Z

On the 27th of February, Peter Sparkes the Senior Director, Cyber Security Services, Symantec conducted a webinar on the ‘5 Essentials of Every Next-Gen SOC’. In this webinar, he evaluated the problems that Security Operations Centers (SOCs) are currently facing, and explored possible solutions to these problems. The webinar also put emphasis on AI and ML as tools to improve cyber security. This blog draws key insights from the webinar, and explains how AI and ML can improve the cyber security process of Indian enterprises.

Introduction

In a study conducted by Cisco, it was found that in the past 12-18 months, cyber attacks have caused Indian companies to incur financial damages amounting to USD 500,000.

There is a need to strengthen the nodal agencies in an enterprise that can deal with these threats to prevent irreparable damage to enterprises and their customers. An SOC within any organization is the team responsible for detecting, monitoring, analyzing, communicating and remedying security threats. The SOC technicians employ a combination of technologies and processes to ensure that an enterprise’s security is not compromised. As instances of cyber attacks increase both in number and sophistication, SOCs need to use state of the art technologies to stay one step ahead of the attackers. Presently, SOCs face a number of infrastructural problems such as the low priority given to a cyber security budget, slower and passive response to threats, dearth of skilled technicians, and the absence of a global intelligence network for cyber-threats. This is where technologies such as Artificial Intelligence and Machine learning are helping, by monitoring the system to identify cyber attacks, and analyse the severity of the threat, and in some cases by blocking such threats.

Evolution of Security Operations Centers

In the same study, Cisco looked at the evolution of cyber threats and how companies were using technologies such as AI and ML to ameliorate those threats. Another key insight the study brought out was that 53 and 51 percent of the subject companies were reliant on ML and AI respectively. One of the reasons behind AI and ML’s effectiveness in cyber security is their capacity not only to detect known threats but also to use their learnings from data to detect unknown threats. In his webinar, Peter Sparkes also stated that SOCs were evolving into a ‘people driven and tech enabled’ system.

People Driven and Tech Enabled

In the case of cyber security, which in itself is a relatively new field, technologies such as AI and ML are helping companies to not only overcome infrastructural barriers but also to respond proactively to threats. A study conducted by the Enterprise Strategy Group, revealed that one-third of the respondents believed that ML technology could detect new and unknown malware.

The study also stated that the use of machine learning to detect and prevent threats from unknown malware reduced the number of cases the cyber security team had to investigate.

Similarly, the tasks of monitoring and blocking which were earlier conducted by entry level analysts were now done by systems, using machine learning. Typically, the AI acts as the first monitoring system after which the threat is examined by the company’s technicians who possess the requisite skill set and experience. By delegating the time consuming task of continuous monitoring to an ML system, the technicians now have time to look at serious threats. In this way AI and humans are working together to build a stronger and responsive security protocol.

Detecting the Unknown

Cyber criminals are becoming increasingly sophisticated, and in order to prevent attacks the monitoring systems (both human and automated) need to be able to detect them before the security is compromised. The detection of threats through AI and ML is done in a similar way as it is done for the identification of spam, where the system is trained on a large amount of data which teaches the algorithm to identify right from wrong.

There have been numerous cases of stealthy cyber attacks such as wannacry and ransomware, that have evaded detection by conventional security firewalls and caused crippling damage. There is also the need to use deception technology which involves automatic detection and analysis of attacks. This technology then tricks the attackers and defeats them to bring back normalcy to the system.

The systems that can handle threats by themselves do so by following a predetermined procedure, or playbook where the AI detects activities that go against the procedure/playbook. This is more effective compared to the earlier system where the technicians would analyse the attacks on a case by case basis.

AI and ML can help in reducing the time required to detect threats enabling technicians to act proactively and prevent damage. As AI and ML systems are less prone to make mistakes compared to human beings, each threat is dealt with in a prompt and accurate manner. AI systems also help by categorising attacks based on their propensity for damage. These systems can use the large volumes of data collected about previous attacks and adapt over time to give enterprises a strong line of defence against attacks.

Passive to Active Defense

Threat to cyber security can emerge even in seemingly safe departments, such as Human Resources. It is therefore important to proactively hunt for threats across all departments uniformly.

In order to detect an anomaly, the AI and ML system will require both large volumes of data as well as a significant amount of processing power, which is difficult for smaller companies to provide. A possible solution to improve defense is to have a system of sharing SOC data between companies, and thereby creating a global database of intelligence. A system of global intelligence and threat data sharing could help smaller companies combat cyber threats without having to compromise on core business development.

Use of AI in Cyber Security in India

In 2017, Indian enterprises were infected by two lethal cyber attacks called Nyetya that crept through a trusted software - Ccleaner and infected computers

. These attacks may just be the tip of the iceberg , since there may be many other attacks that might have gone unreported, or worse, undetected. Cisco reported that less than 55 per cent of the Indian enterprises were reliant on AI or ML for combating cyber threats. Although the current numbers seem bleak, there are a number of Indian enterprises that have recently begun using AI and ML in cyber security.

One such example is HDFC bank which is in the process of introducing an AI based Cyber Security Operations Centre (CSOC).

This CSOC is based on a four point approach to dealing with threats - prevent, detect, respond and recover. The government of India has also taken its first step towards the use of AI in cyber security through a project that aims to provide cyber forensic services to the various agencies of the government including law enforcement.

Indian intelligence agencies have also entered into an agreement with tech startup Innefu, which utilizes AI, to process data and decipher threats by looking at the patterns of past threats.

As India is increasingly becoming data dense both private and public organizations need to consider cyber security with utmost seriousness and protect the data from crippling attacks.

Conclusion

Enterprises have become storehouses of user data and the SOCs have a responsibility to protect this data. The companies’ SOCs have been plagued with several problems such as lack of skilled technicians, delay in response time and the inability to proactively respond to attacks. AI and ML can help in a system of continuous monitoring as well as take over the more repetitive and time consuming tasks, leaving the technicians with more time to work on damage control. Although it must be kept in mind that AI is not a silver bullet, since attackers will try their best to confuse the AI systems through evasion techniques such as adversarial AI (where the attackers design machine learning models that are intended to confuse the AI model into making a mistake).

Hence, human intervention and monitoring of AI and ML systems in cyber security is essential to maintain the defence and protection mechanisms of enterprises.

A few topics that Indian SOCs need to consider while using AI and ML :

1. The companies need to understand that AI and ML need human expertise and supervision to be effective and hence substituting people for AI is not ideal.

2. The companies need to give equal if not more importance to data security.

3. The companies need to constantly upgrade their systems and re-skill their technicians to combat cyber security threats.

4. The AI and ML systems need to be regularly audited to ensure that they are not compromised by cyber attacks and also to ensure that they are not generating false positives.

[]. Cisco, (2018, February). Annual Cybersecurity Report. Retrieved March 8, 2018, from https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/acr2018/acr2018final.pdf?dtid=odicdc000016&ccid=cc000160&oid=anrsc005679&ecid=8196&elqTrackId=686210143d34494fa27ff73da9690a5b&elqaid=9452&elqat=2

[]. Ibid.

[]. Enterprise Strategy Group (2017, March ). Top-of-mind Threats and Their Impact on Endpoint Security Decisions. Retrieved March 8, 2018 from https://www.cylance.com/content/dam/cylance/pdfs/reports/ESG-Research-Insights-Report-Summary-Cylance-Oct-2017.pdf

[]. Ibid.

[]. Vorobeychik,Y (2016). Adversarial AI. Retrieved March 8, 2018, from https://www.ijcai.org/Proceedings/16/Papers/609.pdf

[]. Quora. ( 2081, February 15). How Will Artificial Intelligence And Machine Learning Impact Cyber Security? Retrieved March 8, 2018, from https://www.forbes.com/sites/quora/2018/02/15/how-will-artificial-intelligence-and-machine-learning-impact-cyber-security/#569454786147

[]. Sparkes, P. (2018, February 27). The 5 Essentials of Every Next-Gen SOC. Retrieved March 8, 2018, from https://www.brighttalk.com/webcast/13389/303251/the-5-essentials-of-every-next-gen-soc

[]. PTI. ( 2018, February 21).Indian companies lost $500,000 to cyber.Retrieved March 8, 2018, from https://economictimes.indiatimes.com/tech/internet/indian-companies-lost-500000-to-cyber-attacks-in-1-5-years-cisco/articleshow/63019927.cms

[]. Raval, A. ( 2018,January 30). AI takes cyber security to a new level for HDFC Bank.Retrieved March 8, 2018, from http://computer.expressbpd.com/magazine/ai-takes-cyber-security-to-a-new-level-for-hdfc-bank/23580/

[]. “The Centre for Development of Advanced Computing (C-DAC) under the Ministry of Electronics and Information Technology (MeitY) is working on a project to provide cyber forensic services to law-enforcing and other government and non-government agencies.” Ohri, R. (2018, February 15. Government readies AI-muscled cyber security plan. Retrieved March 8, 2018, from https://economictimes.indiatimes.com/news/politics-and-nation/government-readies-ai-muscled-cyber-security-plan/articleshow/62922403.cms utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

[]. Chowdhury, P.A. (2017, January 30). Cyber Warfare at large in Southeast Asia, India leverages AI for the same cause Retrieved March 8, 2018, from https://analyticsindiamag.com/cyber-warfare-large-southeast-asia-india-leverages-ai-cause/

[]. Open AI.(2017 February 24). Attacking Machine Learning with Adversarial Examples. Retrieved March 8, 2018, from https://blog.openai.com/adversarial-example-research/

For more details visit https://cis-india.org/internet-governance/blog/people-driven-and-tech-enabled-2013-how-ai-and-ml-are-changing-the-future-of-cyber-security-in-india

Pension won’t be denied for want of Aadhaar, says EPFO

Admin — 2018-04-10T22:33:39Z

The move is aimed at ensuring that no retired government employee is deprived of pension for want of Aadhaar or failure of fingerprint authentication.

The article by Prashant K. Nanda and Komal Gupta published by Livemint on April 11, 2018 quoted Pranesh Prakash.

Tens of thousands of pensioners under the employees pension scheme will not be denied their monthly pension if their Aadhaar authentication fails or they do not have the 12-digit unique ID, the Employees Provident Fund Organisation (EPFO) has indicated.

The retirement fund manager has asked banks and post offices to facilitate pension disbursement without making senior citizens do the rounds.

The move comes after EPFO received several complaints of denial of pension by banks.

For paying pension to those whose fingerprint authentication fails, “banks may make provisions for iris scanner, along with the fingerprint scanner in bank branches. It has been observed that in many cases, iris authentication is successful even though fingerprint authentication may have failed. This is particularly true for many senior citizens. In such cases, digital life certificate may be generated on the basis of iris authentication and pension may be given,” the EPFO said in a circular on Monday.

And when both iris and fingerprint authentication are not feasible, “an entry should be made in the exception register with reasons and pension may be provided on the basis of paper life certificate and physical Aadhaar card or E-Aadhaar card of the pensioner after due verification as deemed fit by the bank,” the circular said.

The move is aimed at ensuring that no senior citizen is deprived of pension for want of Aadhaar or failure of fingerprint authentication.

Banks have been advised to ensure that benefits of the pension scheme reach the citizens and a proper mechanism for “handling exceptions” is put in place.

“Banks should make special arrangements for the bed-ridden, differently abled, or senior citizens who are unable to visit the Aadhaar enrolment centre,” the circular said.

EPFO has also instructed pension disbursing banks and post offices to make necessary arrangements for enrolling pensioners for Aadhaar and to carry out authentication through iris, especially for those who cannot be verified through fingerprints.

The Unique Identification Authority of India (UIDAI) has been under the scanner over the past few months over allegations of access to pension being denied as the fingerprints of the elderly do not match biometrics in the Aadhaar database.

So far, pensioners had to furnish a life certificate and needed to authenticate it using biometrics.

“The fact that it is coming now means that the Unique Identification Authority of India’s claim in the Supreme Court about no person having been denied any benefit due to the lack of Aadhaar is simply untrue,” said Bengaluru-based Pranesh Prakash, an affiliated fellow with the Yale Law School’s Information Society Project that works on issues related to the intersection of law, technology and society.

Prakash, however, welcomed EPFO’s move laying down “a procedure both for those who don’t have an Aadhaar number, as well as those whose biometrics fail for any reason”.

Prakash further said that “as per the UIDAI’s own data, failure rates for iris authentication are higher (8.54%) than for fingerprints (6%). So the utility of pushing for iris authentication is unclear.”

There are more than 1.2 billion Aadhaar holders in the country.

For more details visit https://cis-india.org/internet-governance/news/livemint-prashant-k-nanda-and-komal-gupta-pension-wont-be-denied-for-want-of-aadhaar-epfo

Peering behind the veil of ICANN’s DIDP (I)

Padmini Baruah — 2015-10-15T02:42:14Z

One of the key elements of the process of enhancing democracy and furthering transparency in any institution which holds power is open access to information for all the stakeholders. This is critical to ensure that there is accountability for the actions of those in charge of a body which utilises public funds and carries out functions in the public interest.

As the body which “...coordinates the Internet Assigned Numbers Authority (IANA) functions, which are key technical services critical to the continued operations of the Internet's underlying address book, the Domain Name System (DNS)”^{^[1]}, the centrality of ICANN in regulating the Internet (a public good if there ever was one) makes it vital that ICANN’s decision-making processes, financial flows, and operations are open to public scrutiny. ICANN itself echoes the same belief, and upholds “...a proven commitment to accountability and transparency in all of its practices”^{^[2]}, which is captured in their By-Laws and Affirmation of Commitments. In furtherance of this, ICANN has created its own Documentary Information Disclosure Policy, where it promises to “...ensure that information contained in documents concerning ICANN's operational activities, and within ICANN's possession, custody, or control, is made available to the public unless there is a compelling reason for confidentiality.”^{^[3]}

ICANN has a vast array of documents that are already in the public domain, listed here. These include annual reports, budgets, registry reports, speeches, operating plans, correspondence, etc. However, their Documentary Information Disclosure Policy falls short of meeting international standards for information disclosure. In this piece, I have focused on an examination of their defined conditions for non-disclosure of information, which seem to undercut the entire process of transparency that the DIDP process aims towards upholding. The obvious comparison that comes to mind is with the right to information laws that governments the world over have enacted in furtherance of democracy. While ICANN cannot be equated to a democratically elected government, it nonetheless does exercise sufficient regulatory power of the functioning of the Internet for it to owe a similar degree of information to all the stakeholders in the internet community. In this piece, I have made an examination of ICANN’s conditions for non-disclosure, and compared it to the analogous exclusions in India’s Right to Information Act, 2005

ICANN’ꜱ Defined Conditions for Non-Disclosure versus Exclusions in Indian Law :

ICANN, in its DIDP policy identifies a lengthy list of conditions as being sufficient grounds for non-disclosure of information. One of the most important indicators of a strong transparency law is said to be minimum exclusions.^{^[4]} However, as seen from the table below, ICANN’s exclusions are extensive and vast, and this has been a barrier in the way of free flow of information. An analysis of their responses to various DIDP requests (available here) shows that the conditions for non-disclosure have been invoked in over 50 of the 85 requests responded to (as of 11.09.2015); i.e., over two-thirds of the requests that ICANN receives are subjected to the non-disclosure policies.

In contrast, an analysis of India’s Right to Information Act, considered to be among the better drafted transparency laws of the world, reveals a much narrower list of exclusions that come in the way of a citizen obtaining any kind of information sought. The table below compares the two lists:

No.	ICANN^{^[5]}	India	Analysis
1.	Information provided by or to a government or international organization which was to be kept confidential or would materially affect ICANN’s equation with the concerned body.	Information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, "strategic, scientific or economic" interests of the State, relation with foreign State or lead to incitement of an offense^{^[6]}/ information received in confidence from foreign government^{^[7]}	The threshold for both the bodies is fairly similar for this exclusion.
2.	Internal (staff/Board) information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process	Cabinet papers including records of deliberations of the Council of Ministers, Secretaries and other officers, provided that such decisions the reasons thereof, and the material on the basis of which the decisions were taken shall be made public after the decision has been taken, and the matter is complete, or over (unless subject to these exemptions)^{^[8]}	The Indian law is far more transparent as it ultimately allows for the records of internal deliberation to be made public after the decision is taken.
3.	Information related to the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process	No similar provision in Indian Law.	This is an additional restriction that ICANN introduces in addition to the one above, which in itself is quite broad.
4.	Records relating to an individual's personal information	Information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual (but it is also provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied by this exemption);^{^[9]}	Again, the Indian law contains a proviso for information with “relationship to any public activity or interest”
5.	Proceedings of internal appeal mechanisms and investigations.	Information which has been expressly forbidden to be published by any court of law or tribunal or the disclosure of which may constitute contempt of court;^{^[10]}	While ICANN prohibits the disclosure of all proceedings, in India, the exemption is only to the limited extent of information that the court prohibits from being made public.
6.	Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement.	Information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information;^{^[11]}	This is fairly similar for both lists.
7.	Confidential business information and/or internal policies and procedures.	No similar provision in Indian Law. This is encapsulated in the abovementioned provision	This is fairly similar in both lists.
8.	Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice.	Information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes;^{^[12]}	This is fairly similar for both lists.
9.	Information subject to any kind of privilege, which might prejudice any investigation	Information, the disclosure of which would cause a breach of privilege of Parliament or the State Legislature^{^[13]}/Information which would impede the process of investigation or apprehension or prosecution of offenders;^{^[14]}	This is fairly similar in both lists.
10.	Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication.	No similar provision in Indian Law	This exclusion is not present in Indian law, and it is extremely broadly worded, coming in the way of full transparency.
11.	Information that relates in any way to the security and stability of the Internet	No similar provision in Indian Law	This is perhaps necessary to ICANN’s role as the IANA Functions Operator. However, given the large public interest in this matter, there should be some proviso to make information in this regard available to the public as well.
12.	Trade secrets and commercial and financial information not publicly disclosed by ICANN.	Information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information;^{^[15]}	This is fairly similar in both cases.
13.	Information requests: ● which are not reasonable; ● which are excessive or overly burdensome ● complying with which is not feasible ● which are made with an abusive or vexatious purpose or by a vexatious or querulous individual.	No similar provision in Indian Law	Of all the DIDP exclusions, this is the one which is most loosely worded. The terms in this clause are not clearly defined, and it can effectively be used to deflect any request sought from ICANN because of its extreme subjectivity. What amounts to ‘reasonable’? Whom is the process going to ‘burden’? What lens does ICANN use to define a ‘vexatious’ purpose? Where do we look for answers?
14.	No similar provision in ICANN’s DIDP.	Information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information;^{^[16]}	-
15.	No similar provision in ICANN’s DIDP.	Information which providing access to would involve an infringement of copyright subsisting in a person other than the State.^{^[17]}	-

Thus, the net cast by the DIDP exclusions policy is more vast than even than that of a democratic state’s transparency law. Clearly, the exclusions above have effectively allowed ICANN to dodge answers to most of the requests floating its way. One can only hope that ICANN realises that these exclusions come in the way of the transparency that they are so committed to, and does away with this unreasonably wide range on the road to the IANA Transition.

^{^[1]} https://www.icann.org/resources/pages/welcome-2012-02-25-en

^{^[2]} https://www.icann.org/resources/accountability

^{^[3]} https://www.icann.org/resources/pages/didp-2012-02-25-en

^{^[4]} Shekhar Singh, India: Grassroot Initiatives in Tʜᴇ Rɪɢʜᴛ ᴛᴏ Kɴᴏᴡ 19, 44 (Ann Florin ed., 2007)

^{^[5]} In a proviso, ICANN’s DIDP states that all these exemptions can be overridden if the larger public interest is higher. However, this has not yet been reflected in their responses to any DIDP requests.

^{^[6]} Section 8(1)(a), Right to Information Act, 2005.

^{^[7]} Section 8(1)(f), Right to Information Act, 2005.

^{^[8]} Section 8(1)(i), Right to Information Act, 2005.

^{^[9]} Section 8(1)(j), Right to Information Act, 2005.

^{^[10]} Section 8(1)(b), Right to Information Act, 2005.

^{^[11]} Section (1)(d), Right to Information Act, 2005

^{^[12]} Section 8(1)(g), Right to Information Act, 2005.

^{^[13]} Section 8(1)(c), Right to Information Act, 2005.

^{^[14]} Section 8(1)(h), Right to Information Act, 2005.

^{^[15]} Section (1)(d), Right to Information Act, 2005

^{^[16]} Section 8(1)(e), Right to Information Act, 2005.

^{^[17]} Section 9, Right to Information Act, 2005.

For more details visit https://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icann2019s-didp

Peering behind the veil of ICANN's DIDP (II)

Padmini Baruah — 2015-10-15T03:14:18Z

In a previous blog post, I had introduced the concept of ICANN’s Documentary Information Disclosure Policy (“DIDP”) and their extremely vast grounds for non-disclosure. In this short post, I have made an analysis of every DIDP request that ICANN has ever responded to, to point out the flaws in their policy that need to be urgently remedied.

Read the previous blog post here. Every DIDP request that ICANN has ever responded to can be accessed here.

The table here is a comprehensive breakdown of all the different DIDP requests that ICANN has responded to. This table is to be read with this document, which has a numbered list of the different non-disclosure exceptions outlined in ICANN’s policy. What I sought to scrutinize was the number of times ICANN has provided satisfactory information, the number of times it has denied information, and the grounds for the same. What we found was alarming:

Of a total of 91 requests (as of 13/10/2015), ICANN has fully and positively responded to only 11.
It has responded partially to 47 of 91 requests, with some amount of information (usually that which is available as public records).
It has not responded at all to 33 of 91 requests.
The Non-Disclosure Clause (1)^{^[1]} has been invoked 17 times.
The Non-Disclosure Clause (2)^{^[2]} has been invoked 39 times.
The Non-Disclosure Clause (3)^{^[3]} has been invoked 31 times.
The Non-Disclosure Clause (4)^{^[4]} has been invoked 5 times.
The Non-Disclosure Clause (5)^{^[5]} has been invoked 34 times.
The Non-Disclosure Clause (6)^{^[6]} has been invoked 35 times.
The Non-Disclosure Clause (7)^{^[7]} has been invoked once.
The Non-Disclosure Clause (8)^{^[8]} has been invoked 22 times.
The Non-Disclosure Clause (9)^{^[9]} has been invoked 30 times.
The Non-Disclosure Clause (10)^{^[10]} has been invoked 10 times.
The Non-Disclosure Clause (11)^{^[11]} has been invoked 12 times.
The Non-Disclosure Clause (12)^{^[12]} has been invoked 18 times.

This data is disturbing because it reveals that ICANN has in practice been able to deflect most requests for information. It regularly utilised its internal processes and discussions with stakeholders clauses, as well as clauses on protecting financial interests of third parties (over 50% of the total non-disclosure clauses ever invoked - see chart below) to do away with having to provide information on pertinent matters such as its compliance audits and reports of abuse to registrars. We believe that even if ICANN is a private entity legally, and not at the same level as a state, it nonetheless plays the role of regulating an enormous public good, namely the Internet. Therefore, there is a great onus on ICANN to be far more open about the information that they provide.

Finally, it is extremely disturbing that they have extended full disclosure to only 12% of the requests that they receive. An astonishing 88% of the requests have been denied, partly or otherwise. Therefore, it is clear that there is a failure on part of ICANN to uphold the transparency it claims to stand for, and this needs to be remedied at the earliest.

^{^[1]} “Information provided by or to a government or international organization, or any form of recitation of such information, in the expectation that the information will be kept confidential and/or would or likely would materially prejudice ICANN's relationship with that party”

^{^[2]} “Internal information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process by inhibiting the candid exchange of ideas and communications, including internal documents, memoranda, and other similar communications to or from ICANN Directors, ICANN Directors' Advisors, ICANN staff, ICANN consultants, ICANN contractors, and ICANN agents”

^{^[3]} “Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications”

^{^[4]} “Personnel, medical, contractual, remuneration, and similar records relating to an individual's personal information, when the disclosure of such information would or likely would constitute an invasion of personal privacy, as well as proceedings of internal appeal mechanisms and investigations”

^{^[5]} “Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement”

^{^[6]} “Confidential business information and/or internal policies and procedures”

^{^[7]} “Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice”

^{^[8]} “Information subject to the attorney– client, attorney work product privilege, or any other applicable privilege, or disclosure of which might prejudice any internal, governmental, or legal investigation”

^{^[9]} “Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication”

^{^[10]} “Information that relates in any way to the security and stability of the Internet, including the operation of the L Root or any changes, modifications, or additions to the root zone”

^{^[11]} “Trade secrets and commercial and financial information not publicly disclosed by ICANN”

^{^[12]} “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual”

For more details visit https://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icanns-didp-ii

Peeping Toms In Your Inbox

praskrishna — 2011-04-02T11:42:11Z

Nothing’s safe any more—not your mobile number, nor your e-mail—as they’re put on offer for the benefit of telemarketers, writes Namrata Joshi and Neha Bhatt in an article published in the Outlook.

It was Saturday morning and Sneha Gupta wanted to book a table for dinner at a Delhi restaurant called Rodeo. So she called up a telephone directory service and procured the restaurant’s phone number, firmly nixing the operator’s seemingly casual offer to also provide numbers of similar restaurants. But that wasn’t the end of the story. The next day, Sunday brunch with her extended family was interrupted by calls from sundry restaurants enquiring if she’d be interested in hosting parties and events—at a discount.

“Instead of enjoying the food, the company and the conversation, I was busy ticking off these guys. Why were they assuming I wanted to organise a party? How did they get my mobile number to blatantly infringe on my private family time?” asks Sneha. She got no answers from them, but the sequence of events is clear: the telephone directory service sold Sneha’s contact details to marketers who broadly assumed, from her Rodeo outing, that she was a party animal, and decided to bombard her with similar offers.

Something similar happened to media professional Raghav Agarwal. He paid off his bank loan for a car in two-and-a-half years instead of the stipulated five, happy to stop living off credit. But from the next day, he was inundated with calls offering him bigger and better credit for everything—from house to car to education. “It was awfully distracting to deal with this while trying to meet deadlines,” he recounts. The fact that he had paid back the loan ahead of time had, by hook or by crook, reached financial outfits who used the information to serenade what they saw as an attractive catch.

For Kuhu Tanvir, these attentions come laced with a hint of menace. The film student was startled to find herself receiving unsolicited calls from unknown vendors offering to maintain the water purifier installed in the recesses of her kitchen. “It’s scary to think,” she says, “that there are people out there who even know which products you’ve bought for your house.” It was equally unnerving for film producer Gaurang Jalan to have his personal details passed on to data-miners by none other than a prominent Calcutta club (“strangers now call you on your birthday, offering schemes”). All those out there accosted by calls offering car insurance just at the time their policy is up for renewal will know exactly how they felt....

8 Ways In Which You’re Being Intruded Upon

Privacy is being redefined in India, with the lines between the public and the private blurring not just for celebrities but also for ordinary citizens...
Personal details like your phone number, date of birth, credit history, bank loans, insurance policies, white goods purchases, favourite restaurants and nightclubs are bought and sold among cellphone operators, banks, shops, telephone directory services, credit card companies, hospitals, hotels, elite clubs and even your locality’s residents’ welfare association.
Unsolicited telemarketing calls, spam SMSes and e-mails intrude incessantly on your private space, time
Your online purchases and searches, archived e-mails and documents are being tracked for marketing purposes. Social networking groups and search engines stand accused of sharing user information and contact details.
Personal pictures, information about relationships on social networking sites are being misused by online predators and molesters.
Identity theft is fast emerging as a threat.
Surveillance cameras and intrusive frisking have become a way of life, at airports, cinema halls, malls, hospitals, hotels, etc.
TV cameras and sting operations blur the line between individual privacy and public interest.
People encouraged and offered inducements to bare all about their lives on TV. Shows like Emotional Atyachar, Splitsvilla, Truth Love Cash play out individual dating rituals and infidelity games for the masses.

7 Steps You Can Take To Protect Yourself

Give out your mobile number cautiously, if at all; don’t print it on the visiting cards you hand out generously. Give only your landline number if you have to, to avoid being constantly disturbed.
Be wary of filling in random forms at retail stores and restaurants, or the gift voucher you’re offered in return for your friends’ names and phone numbers.
Be alert while shopping with your debit or credit card. The retailer may be also swiping the card on his computer to feed your contact information into it.
Even though the Do Not Call facility has not worked for a majority of users, you lose nothing by registering for it on www.donotcall.gov. You can’t complain about unsolicited calls unless you register.
Online, be cautious of the personal information you reveal, such as your date of birth and photographs, which make you especially vulnerable to identity theft. Use Google dashboard and the new Facebook privacy settings to protect yourself.
Get the latest browser that allows you to delete cookies-as-you-go, delete your browsing history regularly, learn to encrypt your e-mail.
Always read privacy clauses in bank and other forms, and on websites carefully, and remember to tick opt-out boxes if you don’t want to be besieged with new product information.

For celebrities, the lines between the private and the public have always been blurred. But in a transforming India, ordinary people like Sneha, Raghav, Kuhu and Gaurang are finding themselves intruded upon in newer ways—from the trivial to the serious—and across varied platforms, from the mobile phone to the internet, TV to the surveillance camera. And, with citizens like them mostly dimly aware of how to safeguard, renegotiate or fight for their right to privacy—enshrined in the Constitution, but vaguely defined—in a changing world, and no effective laws to rein in those who violate it, the infringements and threats are set to increase.

Take telemarketing, perhaps the most insistent manifestation today of this marauding culture. It started out as an irritant, became a nuisance and is now a virtually unchecked invasion. “In the West, telemarketing is an unobtrusive experience thanks to opt-in services by which users get calls only if they ask for them. Moreover, governments discourage telemarketers through strict regulations. In India, it’s a menace,” says Supreme Court advocate Harsh Pathak, who has litigated against telemarketing calls and the sale of personal data to companies.

Indeed, you can chart an entire day in your life with these intrusions as markers. You get woken up with the SMS: “Hare Krishna. Today is Ekadashi. Fasting from grains and beens (sic). Chant Hare Krishna mahamantra 25 rounds (sic) and be happy. Hari bol.” Through the day, they keep coming, both SMSes and human voices, trying to sell you everything from houses and farmland to hotel deals, sauna belts, equity tips and public speaking skills. And, if you happen to be even an occasional club-hopper, your phone could carry on beeping till two or three am, with SMSes announcing the next gig in town.

It’s clear from this virtually round-the-clock barrage that our personal lives are up for sale in an aggressive marketing-driven environment. Be it telecom companies, banks, shops, credit card firms, DVD rental libraries, insurance, auto dealers, clubs or hotels, they all profit from sharing personal information—phone numbers, credit history, spending patterns, shopping preferences and much else—about their customers. “The irony is that the corporate world has no accountability or transparency in India but the public has turned transparent for them,” says media analyst and columnist Sudheesh Pachauri.

Those often identified as the prime offenders in this game are quick to shrug off blame, or not respond, as Outlook found. ICICI Bank could not “participate in this story”, Airtel declined comment while Vodafone did not respond at all. Rajat Mukarji, chief corporate officer, Idea Cellular, who did respond, said phone companies were unfairly blamed for unsolicited calls. “Such data is available everywhere now, you can buy it off the Net for Rs 150,” he argued. HDFC Bank’s chief information security officer Vishal Salvi also stoutly denies that databases are sold, and when asked why existing customers are deluged with new product and service offers, says: “It only happens on a need-to-know, need-to-do-basis.” That’s the theory, but in practice, many customers find that the “need” seems to be defined by the banks, not their clients.

So where does that leave the consumer? Well, says Bangalore-based freelance writer and photographer Darshan Manakkal, “On a good day, I plead with the telemarketer to never call me again. With the more persistent ones, I try a different approach, like putting them on hold while I go for a bath. On really bad days, I just abuse them.” Others, like Chennai professional P.K. Pradeep, who shared with us pages upon pages of (extremely polite) e-mails to Airtel and Vodafone requesting them to halt unsolicited calls and SMSes, have been more persistent, but have achieved little beyond the robotic response, “We’re looking into it.”

Signing up, along with some 66 million souls, at the National Do Not Call (NDNC) Registry set up in October 2007, provided no protection to Pradeep, nor did changing phone numbers. “I got a new number from Vodafone recently, and would you believe it, the very next day I was bombarded with promotional messages. They had clearly passed on my number,” he says. The NDNC of the Telecom Regulatory Authority of India (TRAI) is now widely acknowledged as a failure. There was a brief dip in calls, but they resumed with renewed gusto. You could get lost in the maze of explanations for why NDNC doesn’t work; what’s clear, though, is that it has no capacity to deal with telemarketers who fail to register with it—like all those unknown real estate companies who bombard you with SMSes—and little teeth to deal with those who do. Fines are laughably minuscule—ranging from Rs 500 to Rs 1,000—and the threat of disconnecting a telemarketer’s line is an empty one when it can quickly sign up and assault consumers from another connection. In view of its failure, a Do Call registry has been mooted, on the more consumer-friendly principle that those who want to be called should opt in rather than opt out. Consultations are on but its future shape is still unclear, with telecom companies (no surprise there) opposed to it. “We have gone far with dnc. To now backtrack and try something new doesn’t seem feasible,” says Mukarji.

“The whole problem of unregistered telemarketers will continue and telecom companies will go on blaming them,” S. Saroja, legal coordinator for the Chennai-based Citizen Consumer and Civic Action Group, predicts pessimistically. The group has tried, to no avail, to get phone companies to trace bulk SMSes, which she maintains are easily traceable. “Telemarketing is a Rs 50,000-crore industry and growing at 20 per cent every year. Nobody wants to upset it as everybody is making money out of it, including the government,” says Supreme Court advocate Nivedita Sharma, who has fought her own battles against the sale of privacy.

Meanwhile, an expanding online world is throwing up its own challenges. By 2013, according to some estimates, India will have the third-largest internet user base in the world. Already, with 50 million-plus users and growing, it is a magnet for marketers, who as we know—without perhaps fully internalising the fact—avidly follow the telltale digital pugmarks and trails we leave on the Net as we e-mail, search, shop and obsessively communicate with each other on platforms like Facebook and Twitter.

These spaces on the Net, and their counterparts on other media, seem to be drawing us into an open, sharing, even confessional, culture, without our being fully aware of our vulnerability. We occasionally get intimations of it—like when our e-mail account is hacked into and bizarre mail sent out on our behalf; our Facebook pictures downloaded and their obscene versions floated on Orkut, as happened to two Delhi airhostesses recently; or vicious, revealing comments on our personal lives posted amid the banter on our favourite chat sites.

However, as media analysts point out, there is little push in the Indian environment to do what Western users of Facebook did recently: forcing it to change privacy policies and settings by protesting against its inadequate privacy controls. Here too, as with telemarketing, the regulatory environment is missing.

“In India, there are no regulatory bodies related to online privacy concerns like in the US and Canada where there are privacy commissions which force corporations to make changes in their privacy policy in the interest of citizens,” says Sunil Abraham, executive director, the Centre for Internet and Society, Bangalore.

But individuals are to blame too. Saad Akhtar of naukri.com points out: “We don’t even read the fine print on privacy policies on websites, not realising that a lot of the data we upload even on Indian social networking websites becomes their property, which they can share with advertisers.”

Indeed, Akhila Sivadas of the Centre for Advocacy and Research, says that privacy issues are creating a cultural crisis of sorts, with no understanding of them, leave alone resolution. “Privacy is something that has been negotiated in a personal, intimate, micro universe. We have drawn our individual lakshman rekhas. But we have not debated on privacy norms as a society in a public space, which is very significant in the wake of how the mass media and social networking media is exploding in our country,” she says. It’s leading to an uneasy blend of the very closed and guarded, and the extremely open and no-holds-barred in our society. “There is no robust normative system in place, and corporate entities are exploiting that void,” she says. “The market is primed to take advantage and exploit existing conditions for profit. We are allowing the market to overreach itself,” agrees adman and social commentator Santosh Desai.

So what should be done? Obviously, the R-word—regulation—is critical, and hopefully, the cry for it from the ground will become stronger, as intrusions gather apace. But it would help for consumers to get smarter. Some of the questions to ask ourselves are: should I really be patronising a phone directory service, as Sneha did, that states that it shares information with third-party members and is not responsible for that information being misused by third parties? Should I hand out my visiting card, with my mobile number on it, to all and sundry? Should I reflexively press the “I agree to the terms & conditions” button while signing up for net services without reading the fine print? As Desai puts it, we need to be “mindful, suspicious and careful”. Without, of course, descending into paranoia. The irony, getting sharper and sharper in our lives, is that the very platforms that are used to invade our privacy also enrich our lives in manifold ways.

Read the original article in Outlook

For more details visit https://cis-india.org/news/peeping-toms-in-inbox

Paytm Payments Bank woos corporates with digital incentives

Admin — 2018-01-24T23:52:36Z

Offerings will be an incentive to companies already using Paytm e-wallet services to shift employees’ salary accounts to the bank, says Paytm Payments Bank CEO Renu Satti.

The article was published by Komal Gupta and Remya Nair was published in Livemint on January 24, 2018

Looking to tap the ready customer base of salary accounts, Paytm Payments Bank is trying to attract corporate entities with digital offerings such as food and gift wallets for their employees.

The bank has set a target of reaching a customer base of 500 million over the next 2-3 years, managing director and chief executive Renu Satti said in an interview. The bank claims to have 170 million customers, including those using the Paytm e-wallet.

Satti said the offerings will be an incentive to companies already using Paytm e-wallet services to shift employees’ salary accounts to the bank. Around 500 corporate entities are using e-wallet services.

“These corporate offerings will ensure better accountability and convenience for both the employers and employees,” she said, giving the example of food wallets which are automatically debited when a customer buys food, due to the tagging of merchants done at the back-end by Paytm.

“We even offer customisation to the extent of restricting usage of food wallet to specific merchants like office cafeterias, basis requirement,” Satti said.

Food vouchers and gift coupons have been typically issued in a physical form by corporate entities, earlier as paper coupons and now as prepaid cards.

Paytm Payments Bank offers customers the convenience of using their food and gift wallets through the app across the merchant base of Paytm, Satti said. “It doesn’t require any card, which also does away with issues such as loss of card and expiry of coupons, plus avail the benefits of cashback running on any Paytm merchant,” she added.

Last week, Paytm Payments Bank launched physical debit cards for its customers to facilitate account holders to withdraw cash from ATMs and make offline payments. Hitherto, the bank had been issuing virtual debit cards which could only be used for online payments.

The bank also plans to set up around 100,000 banking outlets across the country in the next one year to cater largely to under-banked rural areas.

The list of these outlets will be available on the bank’s website where the customer will be able to access a range of services including net banking, National Electronic Funds Transfer (NEFT), Immediate Payment Service (IMPS) and Unified Payments Interface (UPI). There will be monetary incentives for these correspondents for every transaction they perform for the customer. These outlets could be a local kirana store or a chemist shop, Satti said.

“We will follow a stringent process to shortlist merchants. There will be screening, quality check, physical check to ensure whether the place is actually authorized to run a business,” she said.

The bank plans to onboard some from the existing merchant networks using Paytm wallets while others will be from areas where there is no Paytm presence as of now.

More than 6 million merchants are already a part of the Paytm ecosystem, primarily using wallet services.

Paytm Payments Bank was launched in November after receiving a payments bank license from RBI in January last year. Vijay Shekhar Sharma, founder of One97 Communications, holds the majority share in Paytm Payments Bank, with the rest being held by One97 Communications.

The bank currently has no minimum balance requirements and offers 4% interest on savings deposits. India has three other operational payment banks—Airtel Payments Bank, India Post Payments Bank and Fino Payments Bank. “The traditional banks that offer customized corporate services to its customers having a high amount of deposits would face competition from payments banks. They will have no other option but to offer those services to customers with deposits at the Payments bank limits, to stay relevant in the market,” said Udbhav Tiwari, programme manager at the Centre for Internet and Society, a Bengaluru-based think tank.

“Also, as a payment company, Paytm has data pertaining to the spending patterns of customers which help it be more competitive in the market,” he added.

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-remya-nair-january-24-2018-paytm-payments-bank-woos-corporates-with-digital-incentives

Patanjali's Kimbho swiftly retreats over security scare, ripped on Twitter

Admin — 2018-06-01T14:15:44Z

Swadeshi" messaging app targeted at WhatsApp taken off from app stores hours after launch.

The article by Alnoor Peermohamed and Manavi Kapur was published in the Business Standard on May 31, 2018. Gurshabad Grover was quoted.

The fate of Patanjali’s “swadeshi” instant messaging app Kimbho was sealed in the span of just a few hours, thanks to viral messages being shared on Facebook-owned WhatsApp, the app that the Baba Ramdev-promoted company was trying to combat.

Patanjali on Thursday launched Kimbho with the sole intent of checking the rise of messaging giant WhatsApp in India. However, after Kimbho’s various data vulnerabilities were exposed by the security expert and whistleblower who goes by the pseudonym Elliot Alderson on Twitter, the app made a quiet exit from Google’s Play Store.

Jokes surrounding the app’s quick retreat spread like wildfire on rival platform WhatsApp. It was perhaps the quickest rise and fall in the popularity of a mobile application.

Alderson, who has exposed data breaches in the UIDAI’s website, took to Twitter to rip apart the Kimbho app. “This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app,” he wrote. His next tweet sent alarm bells ringing among users: “The #Kimbho #android #app is a security disaster. I can access the messages of all the users...”

Kimbho, though, claims that every message on its platform is encrypted by the Advance Encryption Standard and that it saves “no data on our servers or cloud”. But Alderson pointed out that the one-time password security could be worked around. “It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice,” he tweeted. Kimbho, explained as a Sanskrit greeting by S K Tijarawala, Ramdev’s spokerperson, on Twitter, is also a patched-up application over the existing Bolo messaging app.

This is most likely the reason the app was taken off the Google Play Store. “There were basic authentication and authorisation related vulnerabilities where an end user can see the data of other users. These flaws may be the reason the developers took down the app. Google flags such things,” said Anand Prakash, a Bengaluru-based ethical hacker.

“WhatsApp uses end-to-end encryption that essentially means even they can’t access the messages you send. But Kimbho, on the other hand, was not using end-to-end security and probably even saving every message as plain text on its server,” adds Gurshabad Grover, policy officer at the Centre for Internet and Society.

Google did not respond to queries about whether the developer took the app down or Google flagged it as unsecure. Kimbho declared on its Twitter handle that its app was removed from the Play Store because of heavy traffic, claiming that it was downloaded 150,000 times in a mere three hours since its launch.

On Apple’s App Store, it was trending in the social networking category at the fourth position in India, just below WhatsApp, Facebook and Facebook’s Messenger, and above popular messaging apps such as Skype, LinkedIn and hike messenger.

Tijarawala had announced Kimbho’s launch on Twitter, calling it an app developed by the “shishyas” (disciples) and “navdikshit sadhus” (newly ordained priests) of Ramdev and Acharya Balkrishna, managing director, Patanjali Ayurved and co-founder, Patanjali Yogpeeth in Haridwar. Tijarawala’s tweet also claimed that this app was built using “swadeshi” techniques, though what these are remains a mystery. Emails, text messages and calls to Tijarawala went unanswered.

In keeping with an “Indian” aesthetic, the app’s logo has a “shankh” (conch shell), perhaps signifying a war cry against foreign-born WhatsApp, which has over 200 million active users in India. The conch shell also blends well with Kimbho’s tag line, “Ab Bharat Bolega” (now India will speak). But that is where its tenuous Indianness begins to crumble.

While the app was registered as a product of Patanjali Ayurved on the Play Store, the developer on Apple’s App Store is Appdios Inc, a San Francisco-based app development company. Aditi Kamal and Sumit Kumar are this company’s founders according to LinkedIn. The duo has worked with technology giants such as Google and Apple and hold masters degrees from University of Southern California in the US. A blonde man features on the screenshots that the app has featured on its landing page on the App Store.

Taking forward Bolo’s keyboard suggestions, cheekily called “Quickies”, Kimbho offers pre-typed messages such as “hugs and kisses”, “what the heck” and “parents are watching”. Whether these millennial-friendly features and Kimbho itself are an attempt to get young millennials in touch with their “swadeshi” roots remains to be seen.

For more details visit https://cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter

Pastebin, Dailymotion, Github blocked after DoT order: Report

praskrishna — 2015-01-03T04:17:48Z

A number of Indian users are reporting they're not able to access websites such as Pastebin, DailyMotion and Github while accessing the internet through providers such as BSNL and Vodafone.

The article by Anupam Saxena was published in the Times of India on December 31, 2014. Pranesh Prakash is quoted.

The block was first reported by Pastebin, a website where you can store text online for a set period of time, through its social media accounts on December 19. In a follow-up post on December 26, the site posted that it was still blocked in India on the directions of the Indian government.A number of users also posted about the blocks on Reddit threads confirming that the sites have been blocked by Vodafone, BSNL and Hathway, among others.It now appears that the blocks are being carried out on the instructions of DoT (Department of Telecom). The telecom body reportedly issued a notification regarding the same on December 17. A screenshot of the circular has been posted on Twitter by Pranesh Prakash.

The notification mentions that 32 URLs including Pastebin, video sharing sites Vimeo and DailyMotion, Internet archive site archive.org and Github.com( a web-based software code repository), have been blocked under Section 69A of the Information Technology Act, 2000. DoT has also asked ISPs to submit compliance reports. However, we have not been able to verify the authenticity of the circular.

At the time of writing this story, we could not access Pastebin, DailyMotion and Github on Vodafone 3G and our office network that has access via dedicated lines. Vodafone is not displaying any errors and is simply blocking access. However, a number of users report that they're getting an error that says 'the site is blocked as per the instructions of Competent Authority.' However, we were able to access all the websites on Airtel 3G.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-anupam-saxena-december-31-2014-pastein-dailymotion-github-blocked-after-dot-order

Partnership on AI adds new organizations to its network

praskrishna — 2017-05-19T06:40:08Z

The Partnership on AI to Benefit People and Society (Partnership on AI) is strengthening its network of partners by welcoming new organizations to share their diverse, unique perspectives on AI.

The blog post by Madison Moore was published in Software Development Times on May 17, 2017.

Earlier in the year, Partnership on AI brought in Apple and six nonprofit board members to serve on the board of directors. This week, the partnership announced that 22 new organizations will join the Partnership on AI, and these organizations will work and support the board of directors.

The Partnership on AI is welcoming eight new for-profit partners, including eBay, Intel, McKinsey & Company, Salesforce, SAP, Sony, and Zalando, along with the start-up Cogitai.

The fourteen non-profit Partners that joined include: Allen Institute for Artificial Intelligence, AI Forum of New Zealand, Center for Democracy & Technology, Centre for Internet and Society – India, Data & Society Research Institute, Digital Asia Hub, Electronic Frontier Foundation, Future of Humanity Institute, Future of Privacy Forum, Human Rights Watch, Leverhulme Centre for the Future of Intelligence, UNICEF, Upturn, and the XPRIZE Foundation.

Some of the representatives from these newly added organizations include Dr. Hiroaki Kitano, who is the head of Sony Computer Science Laboratories. Other collaborators include Chris Fabian, who leads the Ventures team in UNICEF’s Office of Innovation. SAP’s Dr. Markus Noga, who has led efforts applying machine learning to business problems, is also joining the partnership.

Additionally, the partnership will move forward with one other initiative, and that is to form a cross-conference “AI, People, and Society” Best Paper Award, and start an AI Grand Challenge series, which will focus on addressing long-term social and societal issues around artificial intelligence.

The partnership is also in the process of finding an executive director, and that person will oversee day-to-day operation of the organization.

For more details visit https://cis-india.org/internet-governance/news/sd-times-may-17-partnership-on-ai-adds-new-organizations-to-its-network

Partnership on AI Adds Corporate, NGO Members, Charts Initial Course

praskrishna — 2017-05-19T06:00:15Z

Artificial intelligence is a booming business in 2017, but one that also comes with significant baggage in the form of public misunderstanding, potential job losses, and fear.

The blog post by Benjamin Roman was published by Xconomy on May 16, 2017.

Last fall, A.I. competitors Amazon, Microsoft, Facebook, IBM, and Google banded together to form the Partnership on AI to Benefit People and Society, an industry-led attempt to get ahead of the many social, ethical, and economic issues presented by the advent of technology with increasingly human-like capabilities. Apple joined the group as another founding member earlier this year.

On Tuesday, the Partnership on AI (PAI) announced nearly two dozen new members, including more of the tech industry’s biggest names—Intel, eBay, Salesforce, and SAP among them—and many of the world’s foremost A.I. research institutions, such as the Seattle-based Allen Institute for Artificial Intelligence. Also joining are nonprofits focused on digital privacy, human rights, and freedom. The full list of members is below.

The organization also outlined its initial plan of action, organized around seven “thematic pillars” (several of which hew closely to the AI principles agreed on by a gathering of researchers at the Asilomar conference earlier this year). The PAI pillars include safety, transparency, human-A.I. collaboration, economic and workforce impacts, and social and societal impacts.

After a recent board of directors retreat, the PAI plans: working groups to develop best practices by topic and sector; a fellowship for individuals at nonprofits and non-governmental organizations; an “AI, People, and Society” Best Paper Award; and a series of A.I. Grand Challenges aimed at “some of the most pressing long-term social and societal issues.”

The PAI is finding its organizational footing, but still has some big pieces missing: an executive director, for one.

While it was organized by the biggest names in technology and business, the PAI also aspires to be a “multi-stakeholder” organization and has welcomed into its fold the likes of the American Civil Liberties Union, Center for Democracy & Technology, Electronic Frontier Foundation, and Human Rights Watch.

It will be interesting to watch the degree to which these groups and their representatives to the PAI have sway over the organization’s direction, and the policy positions and best practices it puts forth—particularly on issues that could conflict with the business interests of its for-profit member companies.

PAI founding partners: Amazon, Apple, DeepMind, Google, Facebook, IBM, Microsoft

Other for-profit partners: eBay, Intel, McKinsey & Company, Salesforce, SAP, Sony, Zalando, Cogitai

Nonprofit partners: Association for the Advancement of Artificial Intelligence, ACLU, Allen Institute for Artificial Intelligence, AI Forum of New Zealand, Center for Democracy & Technology, Centre for Internet and Society—India, Data & Society Research Institute, Digital Asia Hub, Electronic Frontier Foundation, Future of Humanity Institute, Future of Privacy Forum, Human Rights Watch, Leverhulme Centre for the Future of Intelligence, OpenAI, UNICEF, Upturn, the XPRIZE Foundation.

For more details visit https://cis-india.org/internet-governance/news/x-conomy-benjamin-romano-may-16-2017-partnership-on-ai-adds-corporate-ngo-members-charts-initial-course

Parties seek social media influencers to go viral

Admin — 2018-04-03T15:30:30Z

It was 2015. Rahul Gandhi, Congress vice president then, met Mount Carmel College students in Bengaluru. Soon after the interaction, there were media reports on how Gandhi was stumped by the questions.

The article by Ipsita Basu was published in the Economic Times on March 31, 2018. Sunil Abraham was quoted.

While everybody was debating what really transpired in the auditorium, a 20-something Elixir Nahar wrote an open letter to Gandhi which said: ‘Thanks for stopping by, Rahul Gandhi. You were inspiring’.

It was the letter’s outspokenness and stating of facts that caught the imagination of everyone, especially on social media. The blog post went viral and was shared widely across digital platforms. In 2017, Nahar became part of the Congress social media cell when the party wanted to increase the party’s digital outreach.

Digital-savvy influencers are now an essential part of social media teams of political parties, which know that a viral tweet or a post can mean immense visibility. Knowing that traditional means like door-todoor campaigning and rallies have limited reach towards millennials, parties are making sure that the right messaging is sent out through such influencers, who usually have a large following on platforms like Twitter, Facebook and even Instagram.

According to Sunil Abraham, executive director, the Centre for Internet and Society, a Bengalurubased organisation looking at multidisciplinary research and advocacy works in internet and society, “Internet communication is becoming more and more sophisticated. Social media is not impressed by just ghost accounts and mass propagation. Influencers come with their own brand and credibility and this constitutes into more articulate and targeted communication, which is an engaging way to speak to a constituency."

Shilpa Ganesh, star wife and state vice president of BJP Mahila Morcha, is an intrinsic part of the party’s social media outreach. With 56,000 followers on Twitter and close to 2,00,000 on Facebook, she makes for a formidable influencer. “Most of my posts get a huge traction. I spend about 15-18 hours on various social media platforms to track news and restrict issue-related posts to at least twice a day,” she says.

Working on such social media teams is a draw for young corporates, IT professionals and college students who want to experience the power of digital media. Kamran Shahid, 28, a simulation engineer with a German car company, has taken a break, to work for the Aam Aadmi Party. Shahid, who now oversees the party’s state social media, was chosen for his knack with words and digital content.

Influencers are picked depending on their online popularity, proficiency to articulate on the Internet and the number of followers across platforms. The identities of those working in the background are kept under wraps. Review meetings are held every week to discuss the next strategy. Actor and former Mandya MP Divya Spandana, the chief of social media and digital communications of the Congress, has put together a mid-size team for digital outreach. “We’ve chosen people from diverse backgrounds who share our ideology. Each one brings a specific skill set to our team,” says Spandana, who is on the phone 24x7 tracking social media developments.

For more details visit https://cis-india.org/internet-governance/news/economic-times-ipsita-basu-march-31-2018-parties-seek-social-media-influencers-to-go-viral

Parties give short shrift to privacy

praskrishna — 2014-05-05T05:54:11Z

Both the Congress and BJP vision documents disappoint, but the real surprise is the CPI-M document that deals with cyber issues in a substantial manner.

The article by Pratap Vikram Singh was published in GovernanceNow.com on April 12, 2014. Sunil Abraham is quoted.

For civil rights activists in the internet and cyber space, the election manifestoes of major political parties including the Congress and the BJP have come as a disappointment. Both the parties are mute on privacy. In the recent past there has been a vociferous demand for a strong legislation on privacy. A draft bill on privacy has been making rounds of the bureaucratic circle for three years. Manifestoes are also silent on the need for correction in the information technology act, which activists say is characterised by 'arbitrariness and lack of processes'.

“A healthy democracy gives equal weightage to transparency and privacy. It’s disappointing that the two parties have overlooked these two,” says Sunil Abraham, director of the Bangalore based Centre for Internet and Society (CIS). Both Congress and BJP don’t mention about the lack of implementation of the open data policy. The policy, aka NDSAP 2012, requires all departments and ministries to put high value data sets in public domain within a few months of the policy enforcement. The parties are also silent on need for a balancing act on surveillance and civil liberty.

Nikhil Pahwa, founder of Medianama.com, a portal posting news and analysis on digital media, says “The parties could have talked about reforming the IT legislation, especially the Section 79 and IT Rules 2011 which gives the intermediaries—the ISPs, websites, and cyber cafes—the power to strike down content without even hearing the author.” The law, currently, doesn’t provide a redressal mechanism to the author.

Similarly both parties are mute on internet governance, which has become a major global issue after the US showed willingness to cede its monopolistic oversight over the body governing the internet ICANN.

The Congress manifesto is also blank on making websites and systems accessible for specially-abled population, also called as e-accessibility. While the BJP too doesn’t talk about making government portals e-accessible, it speaks about the use of technology to deliver low cost quality education to specially-abled students. Issuance of universal identity cards for all applicable government benefits and disabled friendly access to public facilities are two other things which the party promises to implement if voted in power.

Both election manifestoes don’t mention concerns related to telecommunication sector. Broadband is the only term that appears in the two manifestoes. The Congress promises to bring high speed Internet to every village panchayat. This is not a new initiative; a project under DoT called national optical fibre network, NOFN, proposes to do the same. The BJP’s manifesto says, “Deployment of broadband in every village would be a thrust area.”

Both parties also talk about putting public services online. There is also nothing concrete about promotion of indigenous manufacturing in electronics and IT hardware. While there are serious omissions in the two manifestoes, the manifesto of the CPI-M surprises many, highlighting key issues concerning civil rights and liberty.

The manifesto talks about ‘demilitarisation of cyber space’ and ‘protecting Internet and telecommunications networks from cyber attacks and surveillance by building indigenous capability’. Edward Snowden’s revelation of the PRISM programme seems to be the context. It also talks about promoting ‘free software and other such new technologies which are free from monopoly ownership through copyrights or patents; knowledge commons should be promoted across disciplines, like biotechnology and drug discovery’.

For more details visit https://cis-india.org/news/governance-now-april-12-2014-pratap-vikram-singh-parties-give-short-shrift-to-privacy