Internet Governance Main
Consultation on Gendered Information Disorder in India
On 14th and 15th March 2024, Centre for Internet and Society (CIS) collaborated with Point of View (POV) to organise a consultation in Mumbai to explore the phenomenon of gendered information disorder in India, spanning various aspects from healthcare and sexuality to financial literacy, and the role of digital mediums, social media platforms and AI in exacerbating these issues.
India’s parental control directive and the need to improve stalkerware detection
We analyse a child-monitoring app being developed by the Indian government and question whether it is an effective way to enact parental controls. We highlight how such monitoring apps are often repurposed for digital stalking and play a role in intimate partner violence. We also evaluate the protection provided by antivirus tools in detecting such stalkerware apps and describe how we collected technical evidence to help improve the detection of these apps.
Reconfiguring Data Governance: Insights from India and the EU
This policy paper is the result of a workshop organised jointly by the Tilburg Institute of Law, Technology and Society, Netherlands, the Centre for Communication Governance at the National Law University Delhi, India and the Centre for Internet & Society, India in January, 2023. The workshop brought together a number of academics, researchers, and industry representatives in Delhi to discuss a range of issues at the core of data governance theory and practice.
Information Disorders and their Regulation
The Indian media and digital sphere, perhaps a crude reflection of the socio-economic realities of the Indian political landscape, presents a unique and challenging setting for studying information disorders.
DoT’s order to trace server IP addresses will lead to unintended censorship
This post was reviewed and edited by Isha Suri and Nishant Shankar.
In December 2023, the Department of Telecommunications (DoT) issued instructions to internet service providers (ISPs) to maintain and share a list of “customer owned” IP addresses that host internet services through Indian ISPs so that they can be immediately traced in case “they are required to be blocked as per orders of [the court], etc”.
For the purposes of the notification, tracing customer-owned IP addresses implies identifying the network location of a subset of web services that possess their own IP addresses, as opposed to renting them from the ISP. These web services purchase IP Transit from Indian ISPs in order to connect their servers to the internet. In such cases, it is not immediately apparent which ISP routes to a particular IP address, requiring some amount of manual tracing to locate the host and immediately cut off access to the service. The order notes that “It has been observed that many times it is time consuming to trace location of such servers specially in case the IP address of servers is customer owned and not allocated by the Licensed Internet Service Provider”.
This indicates that, not only is the DoT blocking access to web services based on their IP addresses, but is doing so often enough for manual tracing of IP addresses to be a time consuming process for them.
While our legal framework allows courts and the government to issue content takedown orders, it is well documented that blocking web services based on their IP addresses is ineffectual and disruptive. An explainer on content blocking by the Internet Society notes, “Generally, IP blocking is a poor filtering technique that is not very effective, is difficult to maintain effectively, has a high level of unintended additional blockage, and is easily evaded by publishers who move content to new servers (with new IP addresses)”. The practice of virtual hosting is very common on the internet, which entails that a single web service can span multiple IP addresses and a single IP address can be shared by hundreds, or even thousands, of web services. Blocking access to a particular IP address can cause unrelated web services to fail in subtle and unpredictable ways, leading to collateral censorship. For example, a 2022 Austrian court order to block 11 IP addresses associated with 14 websites that engaged in copyright infringement rendered thousands of unrelated websites inaccessible.
The unintended effects of IP blocking have also been observed in practice in India. In 2021, US-based OneSignal Inc. approached the Delhi High Court challenging the blockage of one of its IP addresses by ISPs in India. With OneSignal being an online marketing company, there did not appear to be any legitimate reason for it to be blocked. In response to the petition the Government said that they had already issued unblocking orders for the IP address. There have also been numerous reports by internet users of inexplicable blocking of innocuous websites hosted on content delivery networks (which are known to often share IP addresses between customers).
We urge the ISPs, government departments and courts issuing and implementing website blocking orders to refrain from utilising overly broad censorship mechanisms like IP blocking which can lead to failure of unrelated services on the internet.
Digital Delivery and Data System for Farmer Income Support
This report, jointly published by the Centre for Internet & Society and Privacy International, highlights the digital systems deployed by the government to augment farmer income. It analyses the PM-Kisan and Kalia schemes in Odisha and Andhra Pradesh.
Detecting Encrypted Client Hello (ECH) Blocking
A new internet protocol makes it harder for internet service providers to censor websites. We made a technical intervention to check if censors are interfering with its deployment.
Deceptive Design in Voice Interfaces: Impact on Inclusivity, Accessibility, and Privacy
This article was commissioned by the Pranava Institute, as part of their project titled Design Beyond Deception, supported by the University of Notre Dame - IBM's Tech Ethics Lab.” The article examines the design of voice interfaces (VI) to anticipate potential deceptive design patterns in VIs. It also presents design and regulatory recommendations to mitigate these practices.
Health Data Management Policies - Differences Between the EU and India
Through this issue brief we would like to highlight the differences in approaches to health data management taken by the EU and India, and look at possible recommendations for India, in creating a privacy preserving health data management policy.
CoWIN Breach: What Makes India's Health Data an Easy Target for Bad Actors?
Recent health data policies have failed to even mention the CoWIN platform.
CensorWatch: On the Implementation of Online Censorship in India
Results from a nation-wide empirical study on web censorship
Civil Society’s second opinion on a UHI prescription
On January 13, Pallavi Bedi and Shweta Mohandas from CIS participated in an online collaboration organised by Internet Freedom Foundation for a joint submission to the Consultation Paper on Operationalising Unified Health Interface (UHI) in India released by the National Health Authority.
Comments to the proposed amendments to The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
This note presents comments by the Centre for Internet and Society (CIS), India, on the proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“proposed amendments”). We thank Isha Suri for her review of this submission.
The Centre for Internet and Society’s comments and recommendations to the: The Digital Data Protection Bill 2022
The Centre for Internet & Society (CIS) published its comments and recommendations to the Digital Personal Data Protection Bill, 2022, on December 17, 2022.
‘Techplomacy’ and the negotiation of AI standards for the Indo-Pacific
Researchers at the Australian Strategic Policy Institute have partnered with the Centre for Internet and Society (Bengaluru) to produce a ‘techplomacy guide’ on negotiating AI standards for stakeholders in the Indo-Pacific.
Demystifying Data Breaches in India
Despite the rate at which data breaches occur and are reported in the media, there seems to be little information about how and when they are resolved. This post examines the discourse on data breaches in India with respect to their historical forms, with a focus on how the specific terminology to describe data security incidents has evolved in mainstream news media reportage.
Getting the (Digital) Indo-Pacific Economic Framework Right
On the eve of the Tokyo Quad Summit in May 2022, President Biden unveiled the Indo-Pacific Economic Framework (IPEF), visualising cooperation across the Indo-Pacific based on four pillars: trade; supply chains; clean energy, decarbonisation and infrastructure; and tax and anti-corruption. Galvanised by the US, the other 13 founding members of the IPEF are Australia, Brunei Darussalam, India, Indonesia, Japan, Republic of Korea, Malaysia, New Zealand, Philippines, Singapore, Thailand and Vietnam. The first official in-person Ministerial meeting was held in Los Angeles on 9 September 2022.
NHA Data Sharing Guidelines – Yet Another Policy in the Absence of a Data Protection Act
In July this year, the National Health Authority (NHA) released the NHA Data Sharing Guidelines for the Pradhan Mantri Jan Aarogya Yojana (PM-JAY) just two months after publishing the draft Health Data Management Policy.
Surveillance Enabling Identity Systems in Africa: Tracing the Fingerprints of Aadhaar
Biometric identity systems are being introduced around the world with a focus on promoting human development and social and economic inclusion, rather than previous goals of security. As a result, these systems being encouraged in developing countries, particularly in Africa and Asia, sometimes with disastrous consequences.
Deployment of Digital Health Policies and Technologies: During Covid-19
In the last twenty years or so, the Indian government has adopted several digital mechanisms to deliver services to its citizens.
