Policy for Government's Presence in Social Media - Recommendations

Explore money apps but watch your data

praskrishna — 2017-06-08T12:46:11Z

Financial apps may appear to be free but before you install them, read their privacy policies to know what you may be signing away.

The article by Shaikh Zoaib Saleem was published in Livemint on June 8, 2017. Pranesh Prakash was quoted.

With the increasing usage of smartphones and other smart devices, our use of and dependence on mobile applications also increases. These apps, while being installed on your device, ask for a lot of permissions. Most users do not take a detailed look at all the permissions being granted to any particular app’s publisher. Moreover, even fewer users look at the privacy policies and terms of use of apps, which detail how the publisher intends to utilize the data you share.

In most cases, the data collected is analysed and used for targeted marketing campaigns by the apps’ publishers, based on the users’ profiles and habits. Read more about it here: bit.ly/2q3ByA3. While this phenomena is spread across the board for all categories of apps, we take a look at the privacy policies and terms of use of the top 10 Android financial apps in India (top 10 as of June 1, according to App Annie, a mobile apps market research company based in California). The 10 apps are: PhonePe, BHIM, SBI Anywhere Personal, Kotak – 811 and Mobile Banking, JioMoney Wallet, Money View Money Manager, State Bank Buddy, Bank Balance Check, All Bank Balance Enquiry, iMobile by ICICI Bank.

Collecting information

The common theme across privacy policies of these apps is that the information is collected to enhance customer experience while using an app, respond to customer complaints and resolve disputes. Another theme is tracking consumer behaviour. For instance, PhonePe, in its privacy policy states, “We may automatically track certain information about you based upon your behaviour on our app. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users. This information is compiled and analysed on an aggregated basis.”

Similarly, the privacy policy of BHIM app says, “…once you give us your personal information, you are not anonymous to us. We may automatically track certain information about you based upon your behaviour on our app to the extent we deem fit.” It further adds that if you choose to transact on the app, then “we collect information about your transaction behaviour.” All the apps collect some or the other information like device IDs and location.

Sharing Information

The information gathered by the apps is not just used by these companies themselves, but also shared with third parties, subsidiaries, parent companies and agents of the companies. iMobile by ICICI Bank, for instance, in its privacy policy states that the bank will limit the collection and use of customer information only on a need-to-know basis to deliver better service to the customers. “ICICI Bank may use and share the information provided by the customers with its affiliates and third parties for providing services and any service-related activities such as collecting subscription fees for such services, and notifying or contacting the customers regarding any problem with, or the expiration of, such services. In this regard, it may be necessary to disclose the customer information to one or more agents and contractors of ICICI Bank and their sub-contractors, but such agents, contractors, and sub-contractors will be required to agree to use the information obtained from ICICI Bank only for these purposes,” the policy reads.

Similarly, PhonePe in its privacy policy has said that the company may share personal information with its other corporate entities and affiliates. “We and our affiliates will share/sell some or all of your personal information with another business entity should we (or our assets) plan to merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business. Should such a transaction occur that other business entity (or the new combined entity) will be required to follow this privacy policy with respect to your personal information,” it reads.

While installing, the Kotak app seeks your “irrevocable consent” to its privacy policy, which, among others things, states: “We may disclose the customer information to third parties for following, among other purposes, and will make reasonable efforts to bind them to obligation to keep the same secure and confidential and an obligation to use the information for the purpose for which the same is disclosed, and you hereby give your irrevocable consent for the same.”

JioMoney Wallet, while disclosing upfront that the publishing company and its affiliates do not sell or rent personal information to any third-party entities, also adds that the company “engages a number of vendors, consultants, contractors and takes support of our group companies or affiliates. We may provide our partners access to or share your personal information to enable them to provide the services subscribed by you.” Terms and conditions of the BHIM app state: “For the protection of both the parties, and as a tool to correct misunderstandings, the user understands, agrees and authorises NPCI, at its discretion, and without further prior notice to the user, to monitor and record any or all telephone conversations between the user(s) and NPCI only.”

It is imperative to note that most of these apps announce it upfront in their privacy policies that the policy could change anytime without prior information to the users. At the same time, it should be noted that sharing of some data is required for proper functioning of many apps. While most app publishers may not misuse the data being gathered, you should know exactly what data is being used.

Pranesh Prakash, policy director at the Centre for Internet and Society said that their research outputs show that laws to deal with misuse of personal data are very weak in India. “We need a strong privacy law to address these issues, of which we have proposed a citizens’ draft. Clearly, the prevailing situation shows that the industry is not taking enough initiative on self-regulation. At the same time, even the government isn’t taking much interest in consumer protection.”

For more details visit https://cis-india.org/internet-governance/news/livemint-june-8-2017-shaikh-zoaib-saleem-explore-money-apps-but-watch-your-data

Privacy is culture specific, MNCs hit by Aadhaar, says TRAI chief

praskrishna — 2017-06-07T13:57:08Z

A clutch of petitions filed by those opposing what they call the unchecked use of Aadhaar is currently in the Supreme Court.

The article by Pranav Mukul was published in the Indian Express on June 1, 2017.

Questioning the anti-Aadhaar campaigns by non-governmental organisations and civil society groups, Telecom Regulatory Authority of India’s (TRAI) Chairman R S Sharma, who is also the former Director General of Unique Identification Authority of India (UIDAI), said that various multinational companies were being affected by Aadhaar as it was in conflict with their attempts to create their own database of users.

“It’s making a mountain out of a molehill. There are motivated campaigns being launched. Various multinationals are getting affected. There are companies, which are creating their own identities. Someone has called it digital colonisation. The fingerprint scanners on smartphones can be easily used for authenticating Aadhaar but they don’t allow it. A lot of fraudulent or benami transactions can go down because of Aadhaar,” Sharma told The Indian Express. While he refused to elaborate on these multinationals, the remarks are an apparent reference to Silicon Valley giants such as Facebook and Google.

Sharma’s remarks come at a time when civil society groups have flagged serious concerns on issues such as privacy and accountability that arise from the Centre’s increasing use of Aadhaar. A clutch of petitions filed by those opposing what they call the unchecked use of Aadhaar is currently in the Supreme Court.

Recently, a Bengaluru-based NGO — Centre for Internet & Society (CIS) — released a report suggesting 130 million Aadhaar numbers were leaked on government portals. CIS later updated its report to say that there were no “leaks” or “leakages” but a “public disclosure”. The UIDAI served a show-cause notice to CIS, asking it to explain its claims.

The TRAI chairman defended UIDAI’s decision to send the notice to CIS and said that there were no leakages from Aadhaar, or decryption of of biometric data from the UIDAI server. At the same time, Sharma made a case for having a comprehensive data protection law in the country. “There is a need for a larger data protection law. In today’s digitally connected world, data protection law is a must. Data security, its protocols, rules, responsibilities, accountabilities, damage, payments, compensations, all these issues must come in that law,” he said.

“Aadhaar Act, itself, is very self-contained, which takes into account all data protection and privacy issues,” Sharma said, adding that privacy was a cultural concept. “Privacy is a culture specific concept, which they are trying to import here. Except for NGOs, has any individual or poor person complained, or filed a case about privacy?” he asked.

In a recent interview to The Indian Express, Minister of Law & Justice and Electronics & Information Technology Ravi Shankar Prasad had tried to allay fears of any loopholes in the Aadhaar security system and said “this systematic campaign against Aadhaar comes as a surprise for me”. He said that the voter ID information was also in public domain, but “I don’t see any campaign there”.

For more details visit https://cis-india.org/internet-governance/news/indian-express-june-1-2017-pranav-mukul-privacy-is-culture-specific-mncs-hit-by-aadhaar-says-trai-chief

New rules for govt agencies to ensure security of personal data

praskrishna — 2017-06-07T13:51:29Z

The new rules put the onus on government departments and agencies to safeguard personal data or information held by them.

The article by Komal Gupta was published by Livemint on June 2, 2017.

Government departments handling personal data or information will have to ensure that end-users are made aware of the data usage and collection and their consent is taken either in writing or electronically, according to new guidelines issued by the government for security of personal data. Sensitive personal data such as passwords, financial information (bank account, credit card, debit card and other payment instrument details), medical records and history, sexual orientation, physical and mental health, and biometric information cannot be stored by agencies without encryption, say the guidelines issued by the ministry of electronics and information technology (IT) on 22 May.

The rules put the onus on government departments and agencies to safeguard personal data or information held by them. To be sure, the Information Technology Act 2000 and Aadhaar Act 2016 have laid down most of these rules. The new guidelines seek answers to questions being asked on data protection under the Aadhaar Act. “If agency is storing Aadhaar number or sensitive personal information in database, data must be encrypted and stored. Encryption keys must be protected securely, preferably using Hardware Security Modules (HSMs). If simple spreadsheets are used, it must be password protected and securely stored,” according to the guidelines.

In April, the IT Ministry issued a notification directing all government departments to remove any personal data published on their websites or through other avenues. The guidelines require regular audits to ensure effectiveness of data protection and also call for swift action on any breach of personal data. In cases where an Aadhaar number has to be printed, it should be truncated or masked. The guidelines say only the last four digits of the 12-digit unique identity number can be displayed or printed.

According to a research report issued by Bengaluru-based think tank Centre for Internet and Society on 1 May, four government portals could have made public around 130-135 million Aadhaar numbers and around 100 million bank account numbers.

For more details visit https://cis-india.org/internet-governance/news/livemint-june-2-2017-komal-gupta-new-rules-for-govt-agencies-to-ensure-security-of-personal-data

Aadhaar: Ushering in a Commercialized Era of Surveillance in India

praskrishna — 2017-06-07T12:45:30Z

Since last year, Indian citizens have been required to submit their photograph, iris and fingerprint scans in order to access legal entitlements, benefits, compensation, scholarships, and even nutrition programs. Submitting biometric information is needed for the rehabilitation of manual scavengers, the training and aid of disabled people, and anti-retroviral therapy for HIV/AIDS patients. Soon police in the Alwar district of Rajasthan will be able to register criminals, and track missing persons through an app that integrates biometric information with the Crime and Criminal Tracking Network Systems (CCTNS).

The article by Jyoti Panday was published by the Electronic Frontier Foundation on June 1, 2017.

These instances demonstrate how intrusive India’s controversial national biometric identity scheme, better known as Aadhaar has grown. Aadhaar is a 12-digit unique identity number (UID) issued by the government after verifying a person’s biometric and demographic information. As of April 2017, the Unique Identification Authority of India (UIDAI) has issued 1.14 billion UIDs covering nearly 87% of the population making Aadhaar, the largest biometric database in the world. The government asserts that enrollment reduces fraud in welfare schemes and brings greater social inclusion. Welfare schemes that provide access to basic services for marginalized and vulnerable groups are essential. However, unlike countries where similar schemes have been implemented, invasive biometric collection is being imposed as a condition for basic entitlements in India. The privacy and surveillance risks associated with the scheme have caused much dissension in India.

Identity and Privacy in India

Initiated as an identity authentication tool, the critical problem with Aadhaar is that it is being pushed as a unique identifier to access a range of services. The government continues to maintain that the scheme is voluntary, and yet it has galvanized enrollment by linking Aadhaar to over 50 schemes. Aadhaar has become the de-facto identity document accepted at private, banks, schools, and hospitals. Since Aadhaar is linked to the delivery of essential services, authentication errors or deactivation has serious consequences including exclusion and denial of statutory rights. But more importantly, using a unique identifier across a range of schemes and services enables seamless combination and comparison of databases. By using Aadhaar, the government can match existing records such as driving license, ration card, financial history to the primary identifier to create detailed profiles. Aadhaar may not be the only mechanism, but essentially, it's a surveillance tool that the Indian government can use to surreptitiously identify and track citizens.

This is worrying, particularly in context of the ambiguity regarding privacy in India. The right to privacy for Indian citizens is not enshrined in the Constitution. Although, the Supreme Court has located the right to privacy as implicit in the concept of “ordered liberty” and held that it is necessary in order for citizens to effectively enjoy all other fundamental rights. There is also no comprehensive national framework that regulates the collection and use of personal information. In 2012, Justice K.S. Puttaswamy challenged Aadhaar in the Supreme Court of India on the grounds that it violates the right to privacy. The Court passed an interim order restricting compulsory linking of Aadhaar for benefits delivery, and referred the clarification on privacy as a right to a larger bench. More than a year later, the constitutional bench is yet to be constituted.

The delay in sorting out the nature and scope of privacy as right in India has allowed the government to continue linking Aadhaar to as many schemes as possible, perhaps with the intention of ensuring the scheme becomes too big to be rolled back. In 2016, the government enacted the 'Aadhaar Act' passing the legislation without any debate, discussion or even approval of both houses of Parliament. In April this year, Aadhaar was made compulsory for filing income tax or PAN number application and the decision is being challenges in Supreme Court. Defending the State , the Attorney-General of India claimed that the arguments on so-called privacy and bodily intrusion is bogus, and citizens cannot have an absolute right over their body! The State’s articulation is chilling, especially in light of the Human DNA Profiling Bill seeking the right to collect biological samples and DNA indices of citizens. Such anti-rights arguments are worth note because biometric tracking of citizens isn't just government policy - it is also becoming big business.

Role of Private Companies

Private companies supply hardware, software, programs, and the biometric registration services for rolling out Aadhaar to India’s large population. UIDAI’s Committee on Biometrics acknowledges that biometrics data are national assets though American biometric technology provider L-1 Identity Solutions, and consulting firms Accenture and Ernst and Young can access and retain citizens' data. The Aadhaar Act introduces electronic Know-Your-Customer (eKYC) that allows government agencies and private companies to download data such as name, gender and date of birth from the Aadhaar database at the time of authentication. Banks and telecom companies using authentication process to download data and auto-fill KYC forms and to profile users. Over the last few years, the number of companies or applications built around profiling of citizens’ personally sensitive data has grown exponentially.

A number of people linked with creating the UIDAI infrastructure have founded iSPIRT, an organisation that is pushing for commercial uses of Aadhaar. Private companies are using Aadhaar for authentication purposes and background checks. Microsoft has announced SkypeLite integration with Aadhaar to verify users. Others, such as TrustId and Eko are integrating rating systems into their authentication services and tracking users through platforms they create. In essence such companies are creating their own private database to track authenticated Aadhaar users and they may sell this data to other companies. The growth of companies that share and combine databases to profile users is an indication of the value of personal data and its centrality for both large and small companies in India.

Integrating and linking large biometrics collections to each other, which are then linked with traditional data points that private companies hold such as geolocation or phone number enables constant surveillance to take over. So far, there has been no parliamentary discussion on the role of private companies. UIDAI remains the ultimate authority in deciding the nature, level and cost of access granted to private companies. For example, there is nothing in Aadhaar Act that prevents Facebook from entering into an agreement with the Indian government to make Aadhaar mandatory to access WhatsApp or any of its other services. Facebook could also pay data brokers and aggregators to create customer profiles to add to its ever growing data points for tracking and profiling its users.

Security Risks and Liability

A series of data leakages have raised concerns about which private entities are involved, and how they handle personal and sensitive data. In February, UIDAI registered a complaint against three companies for storing and using biometric data for multiple transactions. Aadhaar numbers of over 130 million people and bank account details of about 100 million people have been publicly displayed through government portals owing to poor security practices. A recent report from Centre for Internet and Society (CIS) showed that a simple tweaking of URL query parameters of the National Social Assistance Programme (NSAP) website could unmask and display private information of a fifth of India's population.

Such data leaks pose a huge risk as compromised biometrics can never be recovered. The Aadhaar Act establishes UIDAI as the primary custodian of identity information, but is silent on the liability in case of data breaches. The Act is also unclear about notice and remedies for victims of identity theft and financial frauds and citizens whose data has been compromised. UIDAI has continued to fix breaches upon being notified, but maintains that storage in federated databases ensures that no agency can track or profile individuals.

After almost a decade of pushing a framework for mass collection of data, the Indian government has issued guidelines to secure identity and sensitive personal data in India. The guidelines could have come earlier, and given large data leaks in the past may also be redundant. Nevertheless, it is reassuring to see practices for keeping information safe and the idea of positive informed consent being reinforced for government departments. To be clear, the guidelines are meant for government departments and private companies using Aadhaar for authentication, profiling and building databases fall outside its scope. With political attitudes to corporations exploiting personal information changing the world over, the stakes for establishing a framework that limits private companies commercializing personal data and tracking Indian citizens are as high as they have ever been.

For more details visit https://cis-india.org/internet-governance/news/electronic-frontier-foundation-jyoti-panday-june-1-2017-aadhaar-ushering-in-a-commercialized-era-of-surveillance-in-india

Centre brings in new safeguards following cases of Aadhaar data leaks on government websites

praskrishna — 2017-06-06T15:41:16Z

The Centre has put in new safeguards following a number of cases of Aadhaar data leaks on government websites. All ministries are being asked to encrypt all Aadhaar data and personal financial details. Also, officials are being "sensitised" about legal consequences of data breach. And every government department is to now have one official responsible for Aadhaar data protection.

The article by Nidhi Sharma was published in the Economic Times on June 2, 2017.

The ministry of electronics and information technology has written to all departments on better data security. ET has reviewed the new guidelines. Aadhaar, a 12-digit unique identity number issued on the basis of biometric data, is linked to a person's bank account and used by government agencies to directly transfer benefits of several social welfare schemes.

Senior officials, who spoke off record, told ET all departments have been asked to immediately review their website content to check if personal data is on display.

A set of 27 dos and 9 don'ts has been circulated on data handling. This includes instructions on masking Aadhaar data and bank details as well as encrypting data. The government has mandated regular audits to check safety of personal data.

The ministry letter says, "It has come to notice there have been instances wherein personal identity or information of residents, along with Aadhaar numbers and demographic information, and other sensitive personal data ... have been published online."

The letter also spells out legal consequences of such data breach and warns the government departments to check future leaks. "Publishing identity information, i.e. Aadhaar number along with demographic information is in clear contravention of the provisions of the Aadhaar Act 2016 and constitutes an offence punishable with imprisonment up to 3 years. Further, publishing of financial information including bank details, being sensitive personal data, is also in contravention of provision under IT Act 2000 with violations liable to pay damages by way of compensation to persons affected."

The move to protect personal data comes after reports that data of 130 million Aadhaar cardholders has been leaked from four government websites. Reports, based on a study conducted by the Centre for Internet and Society (CIS) said Aadhaar numbers and details have been leaked.

For more details visit https://cis-india.org/internet-governance/news/economic-times-june-2-2017-nidhi-sharma-centre-brings-in-new-safeguards-following-cases-of-aadhaar-data-leaks-on-government-websites

Tweets from the afterlife

praskrishna — 2017-06-06T12:46:06Z

What happens to the digital legacy that celebrities leave behind after they die. Heena Khandelwal asks if their families must inherit their digital assets or can social media managers stake a claim.

The article by Heena Khandelwal was published by DNA on May 28, 2017.

Famous personalities and celebrities with millions of followers on social media platforms enjoy the stature comparable to high-value brands. Their Facebook posts, tweets and Instagram images not only have the potential to influence society but often become fodder for news, online discussions and even prime time debates. But have you paused to wonder what happens to their social media accounts in the event of their death? What becomes of the huge bank of online data that they leave behind? Do these digital assets naturally pass onto the next of kin, to the digital platform or to a third party that managed the said account/s in the first place?

While these are not new questions, the tussle over the social media accounts of former president late Dr APJ Abdul Kalam between his family and Kalam's former aide who managed his social media affairs, has thrown the issue under the spotlight. Nearly two years after Kalam's sudden demise, his family and Srijan Pal Singh find themselves on the opposing sides. It all started when Singh began handling Kalam's Twitter and Facebook accounts after his death on July 27, 2015. When the family sought the account details, stating their rights over Kalam's digital assets, Singh changed the username and the handle of his verified Twitter account from @apjabdulkalam to @KalamCentre. At the time of Kalam's death, his verified Twitter account (@apjabdulkalam) had nearly 1.5 million followers and 886 tweets. When this was renamed to @KalamCentre, it stopped being a 'verified' handle. Singh did not hand over the details of this account to the family but the details of a new Twitter account that he'd created with the same handle, @apjabdulkalam, which had barely 50 followers. Incidentally, Kalam's original Twitter account had 829 tweets (at the time of going to press), implying that some of Kalam's tweets have been deleted since his death. Regarding Kalam's Facebook page (Facebook.com/kalamcentre), Singh maintains that its username has always been Kalam Centre and that it doesn't belong to the family.

"These are digital assets of a former President of India. He (Singh) is changing the legacy by changing the name and handle of his Twitter account," says Kalam's grandnephew APJMJ Sheik Dawood, insisting that the account details should be given to the family. "Everybody was following Kalam and not anything or anybody else. He shouldn't have changed the name or handle."

Singh contends that since he was the one who created and managed Kalam's social media presence, he has sole rights over these assets. "Dr Kalam's social media accounts were started to spread the message about his ideologies. I am here to continue his mission... whoever handles his accounts should be in sync with his ideologies," says the 32-year-old. "I practically lived with him in the same house in the last few years of his life and was very close to him. I understood him."

Trust in times of tweets

Ask if his actions tantamount to misleading Kalam's followers and the public at large, Singh is dismissive. "On March 18, 2017, we informed our (Kalam Centre) users of the name change through a tweet, and so it is up to them to follow who they like. There are already plenty of fan pages and other accounts running in his name," says Singh.

Even as he defends his position, the fact that he was using Kalam's verified account for nearly 20 months after his demise can be seen as a breach of the right of reputation. "Posting or tweeting on behalf of a deceased person is breaching their right of reputation," says Chinmayi Arun, executive director, Centre for Communication Governance (CCG) at National Law University, Delhi. Third party agents, according to Arun, should refrain from impersonating their principals in the same manner that secretaries and administrators refrain from impersonating their employers. "In case of an individual's demise, the agents are expected to handover everything to the heirs and this should also apply to digital accounts," she says.

On its part, Twitter India refused to comment when contacted and pointed this reporter to the site's support page on deceased or incapacitated users. The micro-blogging site makes it clear on its website that it does not provide account access to anyone regardless of their relationship with the deceased person, and added that "this policy is about deactivating accounts, not transferring ownership of accounts".

Emails to Facebook India's corporate communication head remained unanswered. The social networking site states on its pages that it neither approves the inheritance of a user's account nor permits using an account following a user's demise. Instagram lists a similar policy and states that an account can be memoralised or removed after the user's demise.

Black, white & grey

While social networking sites' policies clearly mention that an individual user account should be operated by the person him/herself, it is common knowledge that celebrities often outsource the management of their social media accounts to digital and social media agencies or to a select team under their direct watch. They too tread nebulous waters. Digital marketing agency, EveryMedia Technologies, which manages celebrity accounts, states that although there is no clause regarding the protocol to be followed in the case of a client's death, they would do as per the social platform's guidelines after due consent from the family. "Our contracts do not have a clause that states the way forward in case of demise of the account holder and we hope such a day doesn't come," says Gautam B Thakker, CEO, EveryMedia Technologies. "In the event of such an unfortunate incident, the standard operating procedure would be to convert the account into a legacy account and memorialise it for fans and well-wishers or to deactivate and close it — whatever the social platforms' and the client's family permits."

Daksh Juneja says of Avignyata Inc specifies that the work is based on strict contracts, which never mention the course of action to be taken in case of the personality's death. "There is no contractual obligation towards the IPR rights for a celebratory client on both sides but it's important to share the access of the social media pages with the person's manager or a family member," says Juneja, the chief operating officer of the Mumbai-based digital agency, which handles social media accounts of Bollywood celebrities and sportsmen.

Supreme Court advocate and an expert in cyber law, Pavan Duggal, points out that the terms and conditions of social networking sites aren't clear. "Deactivating accounts can amount to loss of data, which can be used for reference and research. I think more clarity is required," says Duggal. "When a person has an account, only he/she should access it. However, if a person has an agent, then (in the case of death), the principle of agent applies."

Courtside view

Given the reluctance of social media platforms to engage and the lack of clarity as highlighted in the case of Kalam's accounts points to several questions — from handing over the digital accounts, intellectual property rights, right to reputation as well as unambiguous policies by service providers. Taking about Kalam's accounts, Duggal feels his family is the rightful legal heir to his digital assets. "The family should approach the court and file a case against Singh under the Information Technology Act and under IPC section 408 — criminal breach of trust," he says. "They can also reach out to service providers, and if they don't co-operate, they too can be sued under the IT Act."

Duggal strongly believes that "if a person has died without specifying, then his/her digital presence or accounts being a digital property, should be treated as movable assets and should pass on to the legal heir or representatives of the deceased person rather than to an NGO".

According to Sunil Abraham, executive director at Centre for Internet and Society, Twitter India should help settle the Kalam case using its existing policy. "And if there is no space for a legacy contact, they might consider resetting the password so that nobody has access to it and then they can memorialise the account," says Abraham. "Social media accounts are increasingly being enumerated under digital assets in wills. Once the asset has been transferred to the heir, the heir can choose to transfer the account to another person or organisation for their services in maintaining the account. While this is not explicitly provided for in the law, there is no prohibition either."

WHEN THEY DIED...

Among the eminent personalities whose social media accounts continue to be operational after their demise are anti-apartheid leader and former president of South Africa Nelson Mandela, pop star Michael Jackson and boxing legend Muhammad Ali.

While Mandela's account has been turned into a foundation, Ali's account states that it pays tribute to the boxing legend. Jackson's account mentions nothing about the fact that he died in 2009. Their Twitter and Facebook pages witness a tweet or a post every few days. Both Jackson and Ali also have verified accounts on Instagram; their photos are posted every now and then.

Among the celebrities whose accounts have been left inactive are Bollywood actress Jiah Khan, television actress Pratyusha Banerjee and British singer-songwriter George Michael. While Khan's last tweet (on May 23, 2013) was an apology message for staying away from the social networking site, Michael had shared his song Heartbreak a day before Valentine's Day on February 12, 2016. Banerjee had tweeted '#prayforparis #prayfortheworld' on November 15, 2015, showing her support against the terrorist attack in Paris on November 13, 2015. This was her last tweet before she was found hanging in her apartment in Mumbai on April 1, 2016.

For more details visit https://cis-india.org/internet-governance/news/dna-may-28-2017-heena-khandelwal-tweets-from-the-afterlife

T20 Germany and Beyond: Digital Economy

praskrishna — 2017-06-06T15:25:46Z

Elonnai Hickok participated in a round-table discussion organized by GIZ and EPF in Berlin from May 29 to 30, 2017.

The Think20 (T20) is a network of research institutes and think tanks from the G20 countries. The T20 provides research-based policy advice to the G20, facilitates interaction among its members and the policy community, and communicates with the broader public about issues of global importance. Click to read more

For more details visit https://cis-india.org/internet-governance/news/t20-germany-and-beyond-digital-economy

Stockholm Internet Forum 2017

praskrishna — 2017-06-06T13:43:25Z

Elonnai Hickok participated in the Stockholm Internet Forum 2017 held in Stockholm from May 15 to 18, 2017. She spoke on the panel "Private sector and civil society collaboration to advance freedom online". The event was organized by Swedish International Development Cooperation Agency.

Pre-SIF 15 May at Sida HQ

Welcoming and informal lunch at Sida 12.00 – 14.00 (Location: Oasen)

Pre-SIF regional sessions: 14.00 – 17.00 (breaks included)

MENA: Access, power and gender (Location: Hörsalen)

AFRICA: Inequality and the digital revolution in Africa (Location: Oasen)

LATIN AMERICA: Human rights and technology in Latin America: Where to from here? (Location: Room 19, Asante)

EURASIA: Media freedom and fact checking practices (Location: Room 18, Djenné)

SOUTH EAST ASIA: Regional internet freedom unconference (Location: Room 23, Quirigua)

STUDY VISIT: Kista Science City

Mingle: 17.00 – 18.00

Dinner: 18.00 – 20.00

Pre-SIF 16 May at Sida HQ

Welcome and framing access and power 09.00 – 11.30 (break included, location: Oasen)

Pre-SIF Parallel sessions: 11.30 – 13.00

1A From divides to dividends – DDP and SDG17 (Location: Oasen)

1B Online threats: Operational response and kick-ass solutions (Location: Hörsalen)

Mingle and lunch: 13.00 – 15.00 (Location: Oasen)

Pre-SIF Parallel sessions: 15.00 – 17.00

2A Financial services in a digital era: Development, livelihoods and privacy (Location: Oasen)

2B Responsible data forum: Open source investigation for human rights (Location: Hörsalen)

Mingle: 17.00 – 18.00

Dinner: 18.00 – 20.00

SIF 17 May at Münchenbryggeriet

Opening and main session 1: 9.00 – 11.00 (Location: Mässhallen)

Welcoming remarks by Sida Director General Lennart Båge

Speech by Swedish Minister of Culture and Democracy Alice Bah Kuhnke

Main session 1: Equal access – Distributed power

The theme of SIF 2017 is “Access and Power” – a duality that can be analysed in many different ways. It is not enough to have access to the Internet, ICT’s and digital tools to achieve social justice and development outcomes. The question of what people have access to and what possibilities access gives also needs to be addressed. Access to the Internet is more than technical aspects and solutions – there are also dimensions related to rights, policy and power that need to be addressed.

At SIF we are keen on framing the current struggles and challenges in order to formulate possible ways ahead. One way to approach this is to discuss the co-relation between access and power. The first main session on the various aspects of access and power, is designed to get the conversation started.

Speech by State Secretary Annika Söder 11.00 – 11.15 (Location: Mässhallen)

Coffee break 11.15 – 11.45

Parallel sessions: 11.45 – 13.00

#SIF1A Digital Identity (Location: Mässhallen)

#SIF1B Community access – Helping the last 4 billion get connected (Location: Fogelström)

#SIF1C Gender based violence online: levelling the discussion (Location: Riddarsalen)

Mingle and lunch: 13.00 – 14.00

Parallel sessions: 14.00 – 15.30

#SIF2A OPEN SIF (Location: Mässhallen)

#SIF2B The promises and risks of the platform economy (Location: Fogelström)

#SIF2C The global shut down epidemic – From rights, tech and economic perspective (Location: Riddarsalen)

Coffee break 15.30 – 16.00

Breakout sessions: 16.00 – 17.30

#SIFB1 The (alternative) truth is out there (Location: Mässhallen)

#SIFB2 Private sector and civil society collaboration to advance freedom online (Location: Galleriet)

#SIFB3 Access and human rights in the smart city (Location: Riddarsalen)

#SIFB4 Empowering technologies in hostile environments (Location: Milles)

#SIFB5 Freedom Online Coalition: Open forum (Location: Fogelström)

Reflections and highlights from the day: 17.45 – 18.45

(Location: Mässhallen)

Mingle and Dinner: 19.00 – 21.00

SIF 18 May at Münchenbryggeriet

Welcome and keynote: 09.00 – 09.30 (Location: Mässhallen)

Parallel sessions: 09.30 – 11.00

#SIF3A OPEN SIF (Location: Mässhallen)

#SIF3B Digital rights 2.0: challenges and opportunities to empowerment (Location: Fogelström)

#SIF3C Safe media in conflict and chaos (Location: Riddarsalen)

Coffee break: 11.00 – 11.30

Main session 2: 11.30 – 13.00 (Location: Mässhallen)

A positive outlook: Leave no one offline

Half of the world’s population — specifically women, the poor and marginalised populations in developing countries — are still being left offline. What is needed to reach those still offline?

Beyond access, there are still many obstacles to achieving a digital inclusive society. Access to the Internet, ICT’s and digital tools is not only a catalyst for economic growth but increasingly a means for people to participate in today’s society. Too often access is measured by number of subscribers. This session will address access and power from a multidimensional approach – including infrastructure, affordability and contextual factors such as regulation and social and power structures.

Mingle and lunch: 13.00 – 14.00

Closing session: 14.00 – 15.00 (Location: Mässhallen)

This session will focus on summarizing knowledge and experiences shared at SIF17 and mapping the road ahead – identifying constraints but also opportunities for equal access and Internet freedom in the strive for global development and a digital inclusive society. The closing session will be interactive with the participants being the centre of the discussion.

Side happenings

During breaks you will have the opportunity to develop your digital skills, participate in discussions and expand your knowledge at this year’s side happenings.

16 May at Sida HQ

11.00 – 17.30

New media documentation clinic with Witness

(Location: Room 19 Asante)

11.00 – 17.00

Developing Internet universality indicators with UNESCO and the APC Internet indicators consortium

(Location: Room 21 Tsodilo)

14.30 – 17.30

Local access and community based networks with APC and ISOC

(Location: Djenné)

17 – 18 May at Münchenbryggeriet

All day

Digital security clinic with Access Now

(Location: Mässtorget)

Healing justice pod with Astraea Foundation

(Location: Bergrummet)

For more details visit https://cis-india.org/internet-governance/news/stockholm-internet-forum-2017

Comments from the Centre for Internet and Society on Renewal of .NET Registry Agreement

vidushi — 2017-06-06T13:35:53Z

The Centre for Internet and Society (CIS) is grateful for the opportunity to comment on the proposed renewal of the .NET Registry Agreement.

With inputs from Sunil Abraham and Pranesh Prakash

CIS would like to express its strong opposition to the proposed renewal. This is for three primary reasons:

Inconsistency with ICANN’s core values

It is important to consider the proposed renewal in light of two Core Values which are meant to guide the decisions and actions of ICANN.

Section 1.2.(b)(iii) of the Bylaws contemplates ICANN’s responsibility to, “ Where feasible and appropriate, depending on market mechanisms to promote and sustain a competitive environment in the DNS market;” and S ection 1.2(b)(iv) envisages, “Introducing and promoting competition in the registration of domain names where practicable and beneficial to the public interest as identified through the bottom-up, multistakeholder policy development process;”.

The presumptive renewal of the .NET Registry agreement precludes an open tender, thereby significantly undermining competition in the DNS market. It ignores the public interest consideration, as the absence of competitive pressure on the contract also means the absence of pressure to lower user costs.

Historical accident

Verisign’s operations over .NET is a historical accident; one that does not justify its collection of .NET revenues in perpetuity. Policies for Contractual Compliance of Existing Registries was approved in 2007 to include presumptive renewal. However, during the deliberations in that Policy Development Process, there was significant objection to presumption of renewal of registry contracts; with constituencies and individuals pointing out that such renewal was blatantly anti competitive, and allowed for presumption to prevail even in the case of material breaches.

The proposed agreement contemplates using a portion of Registry Level
Transaction Fees to create a “special restricted fund for developing country Internet communities to enable further participation in the ICANN mission for these stakeholders.” This form of tokenism to the global south will do little to achieve meaningful participation and diversity of civil society. .NET should instead, be opened to a competitive bid and open tender, in order to encourage innovators from around the world to benefit from it.

Irregularity of contract

The argument that the proposed changes are to bring the contract in line with other gTLD registry agreements doesn't hold because this contract is in itself completely irregular: it was not entered into after a competitive process that other gTLD registry agreements are subject to; and it is not subject to the price sensitivity that other contracts are either.

For more details visit https://cis-india.org/internet-governance/blog/comments-from-the-centre-for-internet-and-society-on-renewal-of-net-registry-agreement

May 2017 Newsletter

praskrishna — 2017-06-17T02:46:03Z

Welcome to the Centre for Internet & Society (CIS) newsletter for May 2017.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS compiled a report that highlighted four government projects run by various government departments that have made sensitive personal financial information and Aadhaar numbers public on the project websites. Article 19 had put out a call for applications for its Internet of Rights Fellowship in February 2017. Vidushi Marda was selected for Internet of Rights Fellowship. CIS gave inputs on a document on implementing digital accessibility to Ministry of Electronics and Information Technology on May 2, 2017. The 34th session of the Standing Committee on Copyright and Related Rights (SCCR) was held in Geneva from May 1 to 5, 2017. Anubha Sinha participated in the event and a summary report is available here. She made statements on behalf of CIS on the Discussion on Limitations and Exceptions for Libraries and Archives and on the Proposal for Analysis of Copyright Related to the Digital Environment. CIS-A2K’s widely well-regarded flagship skill building program, Train The Trainer and MediaWiki Training was conducted in Kolkata earlier this year. Tito Dutta captured the developments in a blog post. Although it has made the topographic maps or the Open Series Maps available to general public, Survey of India’s (SoI) Nakshe portal will have to go through a variety of litmus test, as the initiative fails to implement the mandates of public sharing of government data using open standards and open license as put forward by the NMP 2005 and NDSAP 2012, said Sumandro Chattapadhyay in an interview with Geospatial World on May 02, 2017. In an interview with nettime.org, Geert Lovink discussed with Ramesh Srinivasan Tech Anthropology Today and "how can we embrace the realities of communities too-often relegated to the margins". In an article published in the Business Standard on May 3, 2017, Shyam Ponappa examined whether policies can be better framed to harness the market potential. Why is so much investment flowing into India's securities markets?

CIS in the news:

130 Million Aadhaar Numbers Were Made Public, Says New Report (The Wire; May 1, 2017 and MensXP.com; May 5, 2017).
Aadhaar Details Of 13.5 Crore People Available On Government Sites (Mahima Kapoor; Bloomberg Quint; May 2, 2017).
Aadhaar numbers of 135 mn may have leaked, claims CIS report (Press Trust of India; May 2, 2017).
Details of 135 million Aadhaar card holders may have leaked, claims CIS report (Hindustan Times; May 2, 2017).
UIDAI remains silent on #Aadhaarleaks of 13 crore users through government portals (Shruti Menon; Newslaundry; May 2, 2017).
১৩ কোটি আধার তথ্য ফাঁস চার সরকারি পোর্টাল থেকে! বিস্ফোরক দাবি রিপোর্টে (Amar Bazar Patrika; May 2, 2017).
13 crore Aadhaar numbers on four government websites compromised: Report (Akram Mohammed; New Indian Express; May 2, 2017).
Aadhaar numbers of 135 mn may have leaked, claims CIS report (DNA; May 2, 2017).
Biggest blast on Aadhaar leak so far: govt sites leaked data of 13 crore people (Jikku Varghese Jacob; Manorama; May 2, 2017).
Around 13 crore Aadhaar numbers easily available on government portals, says report (Scroll.in; May 2, 2017).
What privacy? 13 crore Aadhaar numbers accessible on government portals (Anusha Ravi; Oneindia; May 2, 2017).
Govt may have made 135 million Aadhaar numbers public: CIS report (Komal Gupta; Livemint; May 2, 2017).
Aadhaar numbers of 135 mn may have leaked, claims CIS report (The Times of India; May 2, 2017)
Aadhaar data leaks not from UIDAI: Centre (Krishnadas Rajagopal; Hindu; May 3, 2017).
135 MEELLION Indian government payment card details leaked (Richard Chirgwin; The Register; May 3, 2017).
Aadhaar data of over 13 crore people exposed: New report (Indian Express; May 3, 2017).
In The Biggest Data Leak, Info Of 13 Crore Aadhaar Card Holders Has Been Compromised And Is Available Online (Bobins Abraham; The Times of India; May 3, 2017).
Around 130-135M Aadhaar Numbers published on 4 sites alone (Nikhil Pahwa; Medianama; May 4, 2017).
Aadhaar's the largest biometric database globally but it is leaky by design (Rohith Jyotish; Global Voices; May 2, 2017 and Business Standard; May 5, 2017).
Why Aadhaar leaks should worry you, and is biometrics really safe? (Rakesh Mehar; Newsminute; May 4, 2017).
Indian Government says it is still drafting privacy law, but doesn’t give timelines (Vivek Pai; Medianama; May 4, 2017).
आधार नंबर, नाम, पता, बैंक अकाउंट और दूसरी संवेदनशील जानकारियां लीक: CIS रिपोर्ट (Aaj Tak; May 4, 2017).
With digitisation at the forefront, government departments need to be cautious about digital security (Manas Pratap Singh; NDTV; May 4, 2017).
Kashmir: Telecom firms struggle to block 22 banned social media sites (Aijaz Hussain; Livemint; May 4, 2017).
Aadhaar data of 130 millions, bank account details leaked from govt websites: Report (India Today; May 4, 2017).
Aadhaar: Are a billion identities at risk on India's biometric database (Soutik Biswas; BBC News; May 4, 2017 and Rawlson King; Biometric Update.com; May 5, 2017).
135 million aadhaar details, 100 million bank accounts "leaked" from government websites: Researchers (Counterview; May 5, 2017).
Suicide videos: Facebook beefs up team to monitor content (Kim Arora; The Times of India; May 5, 2017).
Aadhaar assurances fail to assuage privacy concerns (Anirban Sen; Livemint; May 5, 2017).
A 13-year-old's rape in TN highlights the major threat online sexual grooming poses to children (Priyanka Thirumurthy; May 6, 2017).
Experts stress on need for enhanced security (New Indian Express; May 6, 2017).
Taking Cognisance of the Deeply Flawed System That Is Aadhaar (Shreyashi Roy; Wire; May 10, 2017).
Plug data leak before imposing Aadhaar (Deccan Herald; May 11, 2017).
Aadhaar data leak: Take precautions while sharing info on websites, MEITy tells all depts (Indian Express; May 11, 2017).
Aadhaar security: Here's how your private information can be protected (Sanjay Kumar Singh; Business Standard; May 11, 2017).
Online Trolls Attack Critics of India's Aadhaar State ID System (Rohith Jyothish; Global Voices; May 31, 2017).
India is building a biometric database for 1.3 billion people — and enrollment is mandatory (Shashank Bengali; Los Angeles Times; May 12, 2017).
Watch: Aadhaar has become a whipping boy: Nandan Nilekani (Alnoor Peermohamed and Raghu Krishnan; Business Standard; May 13, 2017).
Partnership on AI Adds Corporate, NGO Members, Charts Initial Course (Benjamin Romano; Xconomy; May 16, 2017).
WannaCry: ATMs not to shut down, clarifies RBI, but how safe are our machines? (Soumya Chatterjee; May 16, 2017).
Google, Facebook's AI group adds new members (Jens Meyer; Axios; May 16, 2017).
22 companies join Partnership on AI, begin to study AI's impact on work and society (Alison DeNisco; TechRepublic; May 17, 2017).
Intel, Salesforce, eBay, Sony and others join the grand AI partnership club (CIOL; May 17, 2017).
IT companies in Bengaluru on high alert over WannaCry ransomware (Kiran Parashar K M & Shruthi H M; New Indian Express; May 17, 2017).
Partnership on AI adds new organizations to its network (Madison Moore; Software Development Times; May 17, 2017).
Intel, eBay, SAP, Salesforce y Sony colaborarán en inteligencia artificial (Monica Tilves; Silicon; May 17, 2017).
22 nieuwe leden voor Partnership on AI (Telecom Paper; May 17, 2017).
Provide hacker details, outfit that claimed data leak told (Mahendra Singh; The Times of India; May 18, 2017).
UIDAI asks Centre for Internet & Society to provide hacker details (Mahendra Singh; Economic Times; May 18, 2017).
Hack exposes Zomato's weak protection of customer data, say Cyber experts (Alnoor Peermohamed; Business Standard; May 19, 2017).
What’s Hard To Digest About The Zomato Hacking (Aayush Ailawadi; Bloomberg Quint; May 19, 2017).
UIDAI puts posers to CIS over Aadhaar data leak claim (Press Trust of India and Financial Express; May 19, 2017).
Faking it on WhatsApp: How India's favourite messaging app is turning into a rumour mill (Samarth Bansal; Hindustan Times; May 19, 2017).
Debate over #Aadhaar Turns Nasty as Critics Accuse Supporters of Online Trolling (Ajoy Ashirwad Mahaprahasta; The Wire; May 19, 2017).
Hacker steals 17 million Zomato users’ data, briefly puts it on dark web (Kim Arora and Digbijay Mishra with inputs from Ranjani Ayyar; The Times of India; May 19, 2017).
UIDAI goes after org that disclosed government departments were releasing Aadhaar data (Nikhil Pahwa; May 19, 2017).
Developer releases WannaCry key-recovery tool for Windows XP (Cirilo Laguardia; Hoyen TV; May 20, 2017).
Will Aadhaar leaks be used as an excuse to shut out scrutiny of welfare schemes? (Anumeha Yadav; Scroll.in; May 20, 2017).
Microsoft says WannaCry ransomware must be a wake-up call for governments (Journaldu Maghreb; May 20, 2017).
Noida cyber cell gives tips on preventing WannaCry attack (Juana McKenzie; World News Journal; May 20, 2017).
Chinese state media says U.S. should take some blame for cyber attack (Ellis Neal; Villages Suntimes; May 21, 2017).
Zomato hack: You need to enhance online security with a password manager (Sanjay Kumar Singh; Business Standard; May 23, 2017).
Sharad Sharma Apologises for Trolling Aadhaar Critics; Unmasking Ispirit's Controversial Trolling Program (Shweta Modgil; Inc 42; May 23, 2017).
iSpirt's Sharad Sharma: Sorry, I trolled Aadhaar critics (Shalina Pillai and Anand J; The Times of India; May 24, 2017).
Sharad Sharma's case shows how rampant troll culture has become under Modi (Catch News; May 25, 2017).
Aadhaar Card: One Identity, Multiple Disorders (Gaurav Raj; India Saga; May 25, 2017).
Tweets from the afterlife (Heena Khandelwal; DNA; May 28, 2017).
BBMP faces ire for publishing pourakarmikas' Aadhaar details on website (Bharat Joshi; Economic Times; May 29, 2017).

CIS members wrote the following articles

Aadhaar Case: Beyond Privacy, An Issue of Bodily Integrity (Amber Sinha and Aradhya Sethia; Quint; May 1, 2017).
Digital native: Free speech? You must be joking! (Nishant Shah; Indian Express; May 14, 2017).
Digital native: Look before you (digitally) leap (Nishant Shah; Indian Express; May 28, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Submission

Comments on the draft Policy on IT Accessibility for People with Disabilities (Nirmita Narasimhan; May 19, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright

Blog Entries

34th SCCR: A Summary Report (Anubha Sinha; May 15, 2017).
34th SCCR: CIS Statement on the Proposal for Analysis of Copyright Related to the Digital Environment (Anubha Sinha; May 15, 2017).
34th SCCR: CIS Statement on the Discussion on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; May 15, 2017).
34th SCCR: Observer Statements on Proposal for Analysis of Copyright related to the Digital Environment (Anubha Sinha; May 30, 2017).
34th SCCR: Observer Statements on Limitations and Exceptions for Educational and Research Institutions (Anubha Sinha; May 30, 2017).
34th SCCR: Observer Statements on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; May 30, 2017).

Participation in Event

Fixing Copyright for Education (SCCR34 Side Event) (Hosted by Communia, EIFL, Creative Commons, and PIJIP; May 5, 2017). Anubha Sinha was a speaker.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Wiki Loves Mayabazaar (Pavan Santhosh; May 1, 2017).
Marathi Wikipedia Symposium at Gokhale Institute Of Politics & Economics (Subodh Kulkarni; May 1, 2017).
Digitisation, Wikimedia Commons and Wikisource Orientation Workshop at Vigyan Ashram, Pabal, Pune District (Subodh Kulkarni; May 4, 2017).
Thematic Edit-a-thon at J.P.Naik Centre for Education & Development, Pune (Subodh Kulkarni; May 10, 2017).
Train The Trainer 2017 (Manasa Rao; May 10, 2017).
Continuing community engagement: Communities of interest and Quarrying (Manasa Rao; May 19, 2017).
Preliminary research result on Wikipedia gender gap in India (Ting-Yi Chang; May 22, 2017).
MediaWiki Training 2017 (Tito Dutta and Ananth Subray; May 23, 2017).
Mini TTT and MWT held in Kolkata (Tito Dutta; May 23, 2017).

Note: The workshops for the above blog posts were held earlier but the reports were published during the month of May.

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Blog Entry

SoI’s Open Series Maps Fails to Implement Public Sharing of Govt Data (Geospatial World; May 4, 2017). Sumandro Chattapadhyay was interviewed.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Freedom of Speech and Expression

Submission

Comments from the Centre for Internet and Society on Renewal of .NET Registry Agreement (Vidushi Marda with inputs from Pranesh Prakash and Sunil Abraham; May 31, 2017).

Event Organized

Communication Design and Visualising Information (CIS, Bengaluru; May 5, 2017). Saumyaa conducted a session on the broad principles of communication design and visualising information.

Participation in Events

World Press Freedom Day 2017 (UNESCO and the Digital Empowerment Foundation; New Delhi; May 3, 2017). Udbhav Tiwari participated in the event.
Consilience 2017 - A Conference on Artificial Intelligence & Law (Organized by National Law School of India University; May 20, 2017). Vidushi Marda was a panelist.

►Privacy

Submission

Comments on the Statistical Disclosure Control Report (Srinivs Kodali and Amber Sinha; May 2, 2017).

Blog Entry

(Updated) Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information (Amber Sinha and Srinivas Kodali; May 1, 2017).

Events Organized

Stand Shielded of Digital Rights (CIS; New Delhi; May 5, 2017). Amutha Arunachalam gave a talk.
Meeting on Proactive Disclosure and Personal Data (CIS; New Delhi; May 13, 2017).

Participation in Events

4th National Standards Conclave Evolving a Comprehensive National Strategy for Standards Sectoral and Regional Inclusiveness (Organized by Ministry of Commerce and Industry and the Confederation of Indian Industry; May 1 - 2, 2017).
Stockholm Internet Forum 2017 (Organized by Swedish International Development Cooperation Agency; Stockholm; May 15 to 18, 2017). Elonnai Hickok was a panelist in the session, "Private sector and civil society collaboration to advance freedom online".
Open house on information breaches (Organized by Has Geek; Bengaluru; May 26, 2017). Udbhav Tiwari was a speaker.
T20 Germany and Beyond: Digital Economy (Organized by GIZ and EPF; May 29 - 30, 2017). Elonnai Hickok participated in a round-table discussion.

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Policies to Sustain India's Market (Shyam Ponappa; Business Standard; May 3, 2017 and Organizing India Blogspot; May 4, 2017).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entry

Tech Anthropology Today: Collaborate, Rather than Fetishize from Afar (Geert Lovink and Ramesh Srinivasan; nettime.org; May 16, 2017).

Participation in Event

Consultative Meeting for a Digital Archive Lab (Organized by Ambedkar University, New Delhi; May 20, 2017). P.P. Sneha participated in the meeting.

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/may-2017-newsletter

Online Trolls Attack Critics of India's Aadhaar State ID System

praskrishna — 2017-06-07T13:34:00Z

India's biometric state ID system has been leaking citizens’ data for months. When this information surfaced in April 2017, it stoked fears that the system could be used as an instrument of surveillance against Indian residents.

The blog post by Rohith Jyothish was published by Global Voices on May 31, 2017.

The Unique Identity Authority of India (UIDAI), which administrates the system known as Aadhaar (meaning foundation in Hindi) maintains that it only collects minimal personal data and stores it securely. But critics have firmly expressed doubts about these claims.

The implications of these leaks, and of any system flaw in Aadhaar technology, are substantial, especially for Indians who depend on the Aadhaar system in order to authenticate their identities when they use any number of government services. The Aadhaar system has become the gatekeeper of state systems and services ranging from voting to financial savings to food subsidies.

The digital sphere is now starting to see a pushback against Aadhaar critics through articles and blogposts that describe concerned citizens and privacy experts as the ‘anti-Aadhaar brigade‘ and accuse them of publishing “half-truths” and “spread[ing] confusion to advance their own interests.” One such article was even featured on the UIDAI website.

Some of the most well-researched critiques of the system have come from the Centre for Internet and Society (CIS), an inter-disciplinary research organisation in Bangalore that has now become a target of the pro-Aadhaar lobby. Shortly after CIS released a report that pointed out security flaws in the Aadhaar ecosystem, the UIDAI accused the organization of hacking into the Aadhaar system themselves.

In fact, CIS had investigated databases of four specific government websites. Three were available publicly, the fourth one was accessible by simply changing one of the URL parameters. Following the accusation from UIDAI, CIS clarified that the Aadhaar numbers along with other sensitive personal financial information like bank account details were made available by government websites themselves, putting a sizeable portion of Indian citizens at risk of financial fraud.

The Press Trust of India (India's largest news agency) referred to it as a “flip-flop”, which was contested by researchers at CIS.

Independent technology news platform Medianama reported that the accusation by the UIDAI is regrettably consistent with previous actions in which they filed a case against a journalist for exposing flaws in Aadhaar's enrollment mechanism.

A website called ‘Support Aadhaar‘ and its Twitter handle sought to collate opinions supporting Aadhaar and quell those speaking against it. However, most of their messages appear to evade or deflect the concerns that critics have raised by touting the benefits of the system and portraying critics as having a poor understanding of the benefits of technology.

Many Twitter users have also begun noticing patterns in the pro-Aadhaar posts:

Meanwhile, several critics of Aadhaar have repeatedly been trolled by anonymous handles on Twitter. These ‘sock puppet’ accounts seemed to be targeting those who criticise Aadhaar on social media.

One of the most active trolls issued an open challenge to reveal their identity with just their Aadhaar number. Technology entrepreneur Kiran Jonnalagadda accepted the challenge and found that ‘@Confident_India’, one of the many anonymous troll Twitter handles, is Sharad Sharma, the co-founder and director of iSPIRT Foundation (Indian Software Product Industry Roundtable), the software lobby that built the backbone of the Aadhaar ecosystem.

Sharma accidentally tweeted a denial from the troll account which has since been deleted. He then tweeted again from his personal handle which was captured.

iSPIRT officially denied allegations by Jonnalgadda that the “evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.” India Stack is the digital infrastructure that has been built over Aadhaar.

But several other Twitter users have confirmed that Sharma's phone number is linked to ‘@Confident_India’. By their own admission, iSPIRT seemed to have an officially sanctioned project intended to systematically challenge anti-Aadhaar campaigners in online platforms. But they refuse to term these actions as “trolling”.

However, Sharma later made an apology for trolling and called it a “lapse of judgement”. CIS Executive Director Sunil Abraham seemed to appreciate the message. He tweeted: Bravo to @sharads for this! All of us at @cis_india look fwd to collaborating with @Product_Nation & @sharads to serve Indian s/w sector. https://twitter.com/sharads/status/866943195678035968 …

iSPIRT is an initiative which finds far-reaching support from several IT industry leaders in India. What is worrying is that there is still no clarification from iSPIRT on the identities of the other anonymous trolls and their position on trolling against genuine concerns raised by citizens.

More than a week after the trolling revelations, iSPIRT announced on its website, the results of an investigation carried out by an Internal Guidelines and Compliance Committee over the allegations against Sharma of operating the anonymous handles, ‘@Confident_India’ and ‘@Indiaforward2′. Jonnalgadda was one of the trolling victims who testified in the internal meeting. A summary of the investigation was posted bafflingly by the accused himself in which he says that project Sudham has been dissolved and that he has been told to not make public appearances on behalf of iSPIRT for four months while he remains Director and the face of the organisation. FactorDaily reported that iSPIRT members on the condition of anonymity said that Pallav Nadhani (Founder, Chief Executive, FusionCharts) and Naveen Tewari (Co-founder, InMobi) who quit iSPIRT were upset with their excessive focus on India Stack.

One wonders whether this kind of behavior would be treated differently if it took place offline. Is intimidating those who appear to be ‘detractors’ the most effective way of dealing with criticism? Why is a software lobby taking it upon themselves to defend the idea of Aadhaar and India Stack through such means?

Many are hoping that experts on both sides of the issue can find a way to debate questions around the privacy and security of Aadhaar's technology — that affect some 1.3 billion people — in a more democratic way.

For more details visit https://cis-india.org/internet-governance/news/global-voices-rohith-jyothish-may-31-2017-online-troll-attack-critics-of-indias-aadhaar-state-id-system

BBMP faces ire for publishing pourakarmikas' Aadhaar details on website

praskrishna — 2017-06-06T14:27:27Z

The Bruhat Bengaluru Mahanagara Palike (BBMP) has published the Aadhaar details and other personal information of thousands of its pourakarmikas - civic workers who sweep streets and collect waste door-to-door.

This has angered activists who believe it could be misused. BBMP claims it was done to bring transparency in the city's solid waste management. The article by Bharat Joshi was published in the Economic Times on May 29, 2017.

The Aadhaar number, provident fund number, employee state insurance (ESIC) number and residential addresses of thousands of pourakarmikas are available ward-wise on the civic body's website. ET accessed as many as 4,215 Aadhaar numbers and 5,744 PF and ESI numbers of pourakarmikas from 58 wards. The number could be much higher across the city's 198 wards. An ESI number grants access to personal details of an employee on the esic.nic.in website, such as father's name and date of birth.

The city has over 30,000 pourakarmikas, most of them Dalit women and employed by contractors. The disclosure of their Aadhaar numbers comes at a time when the Modi administration's push for wider application of the unique identification number has triggered a nationwide debate on privacy.

"(Disclosure) happens because authorities don't read the law," Supreme Court advocate KV Dhananjay said. "There is every possibility of misuse, especially identity theft. What hackers do is they start aggregating such information because the Aadhaar is used as a platform for transfer of benefits. And with Aadhaar set to become the anchor for many things, the BBMP should immediately remove those details."

A recent report by city-based Centre for Internet and Society flagged four government agencies for publishing Aadhaar and other financial data. It blamed the Unique Identification Authority of India (UIDAI) for turning a blind eye to the lack of standards prescribed for how other agencies deal with data, such cases of massive public disclosure and "the myriad ways in which it could be used for mischief."

Earlier this month, UIDAI chief executive officer Ajay Bhushan Pandey wrote to chief secretaries of all states, reminding them that publishing an Aadhaar number is prohibited under Sections 29(2), 29(3) and 29(4) of the Aadhaar Act, 2016. "Our intention was not to cause anyone any harm," BBMP Joint Commissioner (solid waste management) Sarfaraz Khan said. The idea was to prevent contractors from taking payments against non-existent pourakarmikas. "We're also planning to make public details of which exact street a pourakarmika is working on."

He added that he would discuss the disclosure with the Commissioner, "If there is any violation, the Aadhaar numbers will be removed."

This points to the need for BBMP to have a policy on data and privacy, said Vinay K Sreenivasa of the Alternative Law Forum. "Of what use is an Aadhaar number to the BBMP? Names and photographs would have sufficed to ensure transparency."

ET Follow-up on Scare in Malleswaram
BBMP Joint Commissioner Sarfaraz Khan was unaware that publishing Aadhaar data is a punishable offence. However, the election wing of the BBMP has ordered a probe after ET reported how a certain Hanumantharaju, claiming to be a municipal official, collected Aadhaar details from residents of the Atma KT Apartment in Malleswaram.

Residents also filed a complaint with the Malleswaram police. "We called the man's mobile number but a woman picked up. Further investigation is underway and BBMP is also checking its records," a police officer said.

Residents also plan to submit a representation to Malleswaram MLA CN Ashwathnarayan. "We have taken this seriously and are awaiting a report from the Malleswaram BBMP revenue office," Assistant Commissioner (election) TR Shobha told ET.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-29-2017-bharat-joshi-bbmp-faces-ire-for-publishing-pourakarmikas-aadhaar-details-on-website

Sharad Sharma Apologises for Trolling Aadhaar Critics; Unmasking Ispirit's Controversial Trolling Program

praskrishna — 2017-05-26T01:08:09Z

Last weekend I was at Aditi Mittal’s standup comedy show in Mumbai where she made a cheeky remark that stayed with me – “Do you guys know what India’s soft power is today? It is trolling!”

The blog post by Shweta Modgil was published by Inc 42 on May 23, 2017.

While she was poking fun at the Snapchat-Snapdeal-Evan Spiegel controversy, in a bizarre coincidence those words came back to haunt me three days later. That was when one of biometric authentication system Aadhaar’s most vocal critics, Kiran Jonnalagadda, co-founder of Internet Freedom Foundation (IFF), an advocacy group, revealed in a series of tweets that @Confident_India, one of the anonymous accounts arguing in favour of Aadhaar and attacking its critics on Twitter, was being operated by none other than Sharad Sharma, the founder of software products think tank iSPIRT.

At the time, Sharad had completely denied that he was tweeting from an anonymous account. But today, on Twitter, Sharad apologised for the anonymous trolling on Twitter.

In a tweet, Sharad stated that “There was a lapse of judgement on my part. I condoned tweets with uncivil comments. So I’d like to unreservedly apologise to everybody who was hurt by them.”

He added that “Anonymity seemed easier than propriety, and tired as I was by personal events and attacks on iSPIRT’s reputation, I slipped.” Furthermore, he stated that he would not be part of anything like this again or allow such behaviour to continue. He also revealed that an iSPIRT Guidelines and Compliance Committee (IGCC) has been set up to investigate the matter and recommend corrective action.

On Catching a Troll

On 17 May, Kiran tweeted out a revelation, which shook a lot of people – “Have we caught an Aadhaar troll?” Kiran used Twitter’s account reset option on Confident_India with Sharad Sharma’s number to see if it is was accepted. And, as per a screenshot posted by him, it did.

This was further corroborated by many other Twitter users. Medianama’s Nikhil Pahwa (and co-founder of IFF) also confirmed the same, tweeting that the troll account does link to Sharad Sharma.

In a detailed Medium post, Kiran then revealed how he investigated the rise of anonymous Twitter accounts and trolls responding to critics of Aadhaar. But what he revealed next was the shocking part – that at the 27th Fellows meeting of the think tank, a plan was hatched to respond to critics of India Stack which involved the use of trolls. A group called Sudham, created earlier, divided people who were broadcasting different views on Aadhaar, into different categories and then underlined various proposals on dealing with them. One of the groups called “archers” was entrusted to carry out the mainstream debate, while another group of “swordsmen” was entrusted to challenge people who were categorised as informed yet “trolling.” Swordsmen would do this by coordinating on WhatsApp with quick responses and in numbers.

Kiran got a hold of the presentation and also shared how one controversial slide also showed a detractor matrix.

It is this slide which Kiran uses to illustrate the fact that: “ iSPIRT has an officially sanctioned trolling program where the trolls coordinate on WhatsApp and attack together on Twitter, exactly the behaviour seen in all the tweets above—and I’ve only covered the leader’s tweets. There are at least a dozen known troll accounts that attack in packs.”

First Denial

Back when the information was first revealed, Sharad Sharma responded by denying that he was tweeting from the @Confident_India Twitter account.

He further added that he was in for a family emergency in the US. And that he was clueless as to why his number was linked with that account.

But, interestingly, what roused the investigator’s suspicions was that Sharad shared the same denial from another troll account @indiaforward2 – which was captured by another Twitter user before it was deleted.

The denial from Sharad’s true account came half an hour later. But the damage had been done and all fingers pointed in the direction of Sharad Sharma engaging in trolling from those accounts. Kiran then wrote another damning post on Sharad’s dubious denial.

As can be guessed, all the tweets related to this matter from Sharad’s and Indiaforward’s accounts have been deleted. The last tweet from Confident India’s account on 17 May professed that he is not Sharad Sharma.

Meanwhile, iSPIRT finally responded to Kiran’s revelations on Medium –“We want to categorically state that the allegations against iSPIRT coordinating and/or promoting any troll campaign are false and the evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.”

The post further explained that in its Fellows meeting held in February and April 2017, it did address the issue of the chatter around India Stack. It says, “Our volunteer, Tanuj Bhojwani, led the discussion and we outlined our strategy for dealing with our detractors. The slide in question is clearly titled “Detractor Matrix.” The slide outlines how we classify those speaking against India Stack, and how we are engaging with them. We called one category of people “informed yet trolling (IYT),” a category of people deliberately misleading people, despite understanding the nuance behind the debate.”

The post admitted that the think tank encouraged volunteers to respond to these IYT Twitter handles directly from their own personal handles. However, at no point did it endorse or recommend anonymous trolling.

“We are aware that some volunteers and their friends have created an anonymous campaign to Support Aadhaar. This is not a troll campaign, but an informational one. It is also not an iSPIRT campaign.”

It concluded with: “Kiran’s motivated misrepresentation of the slides perhaps speaks to his biases against iSPIRT.” The post added that it plans to investigate the confusion around the alleged mobile number and account link and clarify all outstanding questions.

Meanwhile coming back to trolling from where we started. Though Sharad’s apology did not say directly whether he operated the two Twitter accounts — @Confident_ India and @Indiaforward2 — which he was suspected of using for trolling- he signs off by saying that he requests “those who I have disappointed to look at this as an exception.”

The Aadhaar Controversy

While the series of incidents raises many doubts over an esteemed organisation such as iSPIRT, the controversy over Aadhaar, India’s massive biometric identification programme, has been raging for many months now.

Over the last few months, it has come under fire for not addressing the privacy concerns of an individual and leaking individual data. Aadhaar critics have pointed out that it is more a mass surveillance tool, can lead to identity thefts, and linking basic services with it spells doom.

This month, a CIS (Centre for Internet and Society ) report revealed that Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals, due to lack of IT security practices. The report claimed that the absence of “proper controls” in populating the databases could have disastrous results as it may divulge sensitive information about individuals, including details about the address, photographs, and financial data. It also added that as many as 100 Mn bank account numbers could have been “leaked.”

However, on May 16, the CIS updated its report and clarified that although the term ‘leak’ was originally used 22 times in its report, it is at “best characterised as an illegal data disclosure or publication and not a breach or a leak.” It also claimed that some of its findings were “misunderstood or misinterpreted” by the media and that it never suggested that the biometric database had been breached.

Meanwhile, the Aadhaar-issuing authority UIDAI has asked CIS to explain its sensational claim that 13 crore Aadhaar numbers were “leaked” and provide details of servers where they are stored. The UIDAI also wants CIS to clarify what kind of “sensitive data” is still with the Centre or anyone else. The UIDAI has strongly denied any breach of its database and has asked CIS to provide details such as the servers where the downloaded “sensitive data” is stored.

While the security of the above-mentioned Aadhaar data is still being debated, the government’s push towards making it compulsory across industries has become a major topic of debate in India.

From linking bank accounts, to PAN numbers, to obtaining free gas connections under the Pradhan Mantri Ujjwala Yojana, to linking scholarships to linking Aadhaar numbers to social welfare schemes for electronically disbursing money to specific beneficiaries, or the Aadhaar-enabled Payment System (AEPS), the government has been pushing on with Aadhaar to make it a mandatory ID rather than the voluntary one it was envisaged to be originally. India still does not have a data protection and privacy law and making Aadhaar mandatory in such a country is not without risks.

Given the fact that the UIDAI cannot afford to carry out authentication-based rollouts across schemes in haste as the failure rate of AEPS can lead to denial of direct benefits, it makes more sense to retain Aadhaar as a voluntary authenticator, at least until the government solves on-ground issues around Aadhaar-based authentication. Because any failure can erode public faith in Aadhaar as the beneficiary would not get his rightful ration over authentication failure— and, to that extent, in the government itself. So, for beneficiaries who depend on public distribution systems (PDS) for rice, sugar, kerosene or oil, authentication failure is a serious problem.

It is to this effect that PILs (public interest litigation suits) have been filed in the Supreme Court stating that making Aadhaar compulsory is illegal and would virtually convert citizens into “slaves” as they would be under the government’s surveillance all the time. The Supreme Court had itself stated in August 2015 that Aadhaar cards will not be mandatory for availing benefits of government’s welfare schemes and had also barred authorities from sharing personal biometric data collected for enrollment under the scheme.

Last month too, it lambasted the Narendra Modi-led BJP government at the Centre for making Aadhaar card a mandatory prerequisite to avail government services. The court will examine all applications against Aadhaar on June 27 2017, while the government remains steadfast on not extending the deadline of June 30 by which various schemes such as the grant of scholarships, Sarva Shiksha Abhiyan and various other social welfare schemes were to seek mandatory Aadhaar number.

While the debate rages on, controversies keep on piling up. Recently, linking people living with HIV/ AIDS with Aadhaar cards has allegedly driven away patients from hospitals and antiretroviral therapy (ATR) centres in Madhya Pradesh. As per health department sources, the MP State AIDS Control Society made Aadhaar card number compulsory from February this year for those affected by the virus to get free medicines and treatment in accordance with the Central government’s policy making Aadhaar mandatory to avail benefits of any government scheme.

However, this led to negative fallout as many patients and suspected victims started avoiding ATR centres and district hospitals after the new rule came into effect. The patients feared that the compulsory submission of Aadhaar card to get free medicines and medical check-ups could lead to the disclosure of their identity, inviting social stigma.

While there is no denying the fact that, in a welfare state, technology can play a big role in enabling the state to hand out entitlements more efficiently and distribute public services at scale. But doing the same at the cost of an individual citizen’s privacy and resting it all on one mandatory number whose authentication is still not completely foolproof, is hardly the way a welfare state would like to operate.

For more details visit https://cis-india.org/internet-governance/news/inc42-may-23-2017-shweta-modgil-sharad-sharma-aplogises-for-trolling-aadhaar-critics

Open house on information breaches

praskrishna — 2017-06-07T00:41:55Z

On May 26, 2017 at the Has Geek open house participants discussed the state of information security in India the legal and regulatory measures that companies must comply with, and consumers should be aware of. Udbhav Tiwari was a speaker at the event organized by Has Geek in Bengaluru.

Sandesh Anand–InfoSec professional at Cigital was the other speaker. Alok Prasanna Kumar, former Supreme Court advocate and Senior Resident Fellow at the Vidhi Centre for Legal policy, moderated the discussion. Udbhav spoke about Breach Notifications and the legal and regulatory positions behind it in India. His presentation from the event can be found here: https://goo.gl/51GDba

For more details visit https://cis-india.org/internet-governance/news/open-house-on-information-breaches

iSpirt's Sharad Sharma: Sorry, I trolled Aadhaar critics

praskrishna — 2017-05-26T00:13:38Z

Sharad Sharma, the man who is seen as one of the critical backbones of India's digital drive, profusely apologized on Tuesday for anonymously trolling those arguing for better privacy and security standards in Aadhaar.

The article by Shalina Pillai and Anand J was published in the Times of India on May 24, 2017.

The apology came a few days after Kiran Jonnalagadda, co-founder of developer community platform HasGeek and one of those who were at the receiving end of the trolling, used internet tools to discover the faces behind the trolling.

The trolls allegedly included several other members of iSpirt, the software product association co-founded by Sharma and which leads IndiaStack, a set of technologies that can be used to digitise many everyday processes used by common people. The issue has divided India's nascent startup community like never before, and coming soon after the division over the arrest of Stayzilla co-founder Yogendra Vasupal, there are many who now worry for the ecosystem.This may also explain the apology by Sharma, who has been at the forefront of building this ecosystem.

In the apology mail that he tweeted, Sharma said: "There was a lapse of judgment on my part. I condoned tweets with uncivil comments. So I would like to unreservedly apologise to everybody who was hurt by them. Anonymity seemed easier than propriety, and tired as I was by personal events and attack on iSpirt's reputation, I slipped. I won't be part of anything like this again nor passively allow such behaviour to happen, even in the worst of times."

Nandan Nilekani tweeted in response to Sharma's apology that it was brave of him to do so. Several others in iSpirt also backed Sharma after the public apology . There was a surge of tweets in response to Sharma's and Nilekani's tweets, some welcoming the turn of events and others saying it wasn't enough. Jonnalagadda is among those who are not satisfied. "There were several individuals at iSpirt behind these trolls and Sharma's apology is not enough," he told TOI.

Aadhaar, aggressively pushed by the government, is being fiercely questioned by privacy and security advocates. Though most of these activists say they are asking for implementation of safeguards, the Twitter hashtags used by some of them include #antiaadhaar, #destroyaadhaar and #attackaadhaar, which seem to suggest they are entirely opposed to the authentication mechanism.

Both sides have used intemperate and often abusive language on social media -many using anonymous names. The latest flashpoint was a report by the Centre for Internet and Society (CIS) released earlier this month that said some 135 million Aadhaar numbers were leaked through government databases. There have also been accusations that private companies that verify Aadhaar credentials often get access to the full Aadhaar information of individuals. These provoked the proAadhaar trolls. Jonnalagadda, Nikhil Pahwa, co-founder of the Internet Freedom Foundation, which works on issues including net neutrality, and free expression and privacy on the internet, and Sunil Abraham of CIS were under particular attack.

Some of the iSpirt fellows and volunteers TOI spoke to had little remorse. "I am not saying iSpirt should have done what it did. But I can imagine why iSpirt reacted like this as we all have been under constant personal attack for a year now," said an iSpirt fellow, who did not want to be identified. Jas Gulati, co-founder and CEO at Nowfloats and a volunteer at iSprit, said iSpirt was an open organisation. "Sharad was upfront about it and I think it's very positive."

The Aadhaar privacy advocates, including Jonnalagadda and Pahwa, are clear they value iSpirt, but say it was undermining itself by its actions. One pointed to a February meeting of iSpirt where they created a programme called Sudham that distributed prominent Aadhaar critiques into four quadrants -`Misinformed, fearful and engaging', `Informed, fearful and engaging', `Misinformed and trolling' and `Informed and trolling' -and assigned different members to deal with each quadrant. Some of those who were assigned responsibilities appear to have taken their job too seriously .

Pahwa told TOI, "The work done by the Product Nation initiative at iSpirt is what makes it an important organization. But when people raise questions of IndiaStack and Aadhaar, many in that team respond with venom. iSpirt is unique, in that it is a thinktank that plays the role of an activist and lobbyist with a high degree of influence with the government and so they must develop processes for better governance, transparency and accountability ."

Anand Venkatanarayanan, a senior engineer at NetApp and independent Aadhaar researcher, said iSpirt should not be judged based on what Sharma did. "What we are trying to do is strengthen the Aadhaar system. Currently, they do not even have a process to report bugs. Large companies all have SOPs (standard operating procedures) to deal with issues. UIDAI does not," he said, noting that his views are personal and not that of his employer's.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-may-24-2017-shalina-pillai-anand-j-ispirts-sharad-sharma-sorry-i-trolled-aadhaar-critics