Centre for Internet and Society

You auto-complete me: romancing the bot

sumandro — 2019-12-06T05:00:19Z

This is an excerpt from an essay by Maya Indira Ganesh, written for and published as part of the Bodies of Evidence collection of Deep Dives. The Bodies of Evidence collection, edited by Bishakha Datta and Richa Kaul Padte, is a collaboration between Point of View and the Centre for Internet and Society, undertaken as part of the Big Data for Development Network supported by International Development Research Centre, Canada.

Please read the full essay on Deep Dives: You auto-complete me: romancing the bot

Maya Indira Ganesh: Website and Twitter

I feel like Kismet the Robot.

Kismet is a flappy-eared animatronic head with oversized eyeballs and bushy eyebrows. Connected to cameras and sensors, it exhibits the six primary human emotions identified by psychologist Paul Ekman: happiness, sadness, disgust, surprise, anger, and fear.

Scholar Katherine Hayles says that Kismet was built as an ‘ecological whole’ to respond to both humans and the environment. ‘The community,’ she writes, ‘understood as the robot plus its human interlocutors, is greater than the sum of its parts, because the robot’s design and programming have been created to optimise interactions with humans.’

In other words, Kismet may have ‘social intelligence’.

Kismet’s creator Cynthia Breazal explains this through a telling example. If someone comes too close to it, Kismet retracts its head as if to suggest that its personal space is being violated, or that it is shy. In reality, it is trying to adjust its camera so that it can properly see whatever is in front of it. But it is the human interacting with Kismet who interprets this retraction as the robot requiring its own space by moving back. Breazal says, ‘Human interpretation and response make the robot’s actions more meaningful than they otherwise would be.’

In other words, humans interpret Kismet’s social intelligence as ‘emotional intelligence’...

Kismet was built at the start of a new field called affective computing, which is now branded as ‘emotion AI’. Affective computing is about analysing human facial expressions, gait and stance into a map of emotional states. Here is what Affectiva, one of the companies developing this technology, says about how it works:

‘Humans use a lot of non-verbal cues, such as facial expressions, gesture, body language and tone of voice, to communicate their emotions. Our vision is to develop Emotion AI that can detect emotion just the way humans do. Our technology first identifies a human face in real time or in an image or video. Computer vision algorithms then identify key landmarks on the face…[and] deep learning algorithms analyse pixels in those regions to classify facial expressions. Combinations of these facial expressions are then mapped to emotions.’

But there is also a more sinister aspect to this digitised love-fest. Our faces, voices, and selfies are being used to collect data to train future bots to be more realistic. There is an entire industry of Emotion AI that harvests human emotional data to build technologies that we are supposed to enjoy because they appear more human. But it often comes down to a question of social control, because the same emotional data is used to track, monitor and regulate our own emotions and behaviours...

For more details visit https://cis-india.org/raw/maya-indira-ganesh-you-auto-complete-me-romancing-the-bot

CIS_APU_DigitalLabour_PlatypusEssays_SL_02

sumandro — 2019-08-16T12:29:56Z

For more details visit https://cis-india.org/CIS_APU_DigitalLabour_PlatypusEssays_SL_02.jpg

Manuel Beltrán - IoHO - April 01, 2019

sumandro — 2019-04-01T07:57:29Z

For more details visit https://cis-india.org/CIS_RAW_20190404_ManuelBeltran.png

Khetrimayum Monish Singh - Photograph

sumandro — 2018-01-24T11:23:50Z

Khetrimayum Monish Singh

For more details visit https://cis-india.org/home-images/khetrimayum-monish-singh-photograph

Saman Goudarzi - Photograph

sumandro — 2018-01-24T11:53:07Z

Saman Goudarzi

For more details visit https://cis-india.org/home-images/saman-goudarzi-photograph

Internet Researchers' Conference 2018 (IRC18): Offline, February 22-24, Sambhaavnaa Institute

sumandro — 2018-07-02T18:30:52Z

We are proud to announce that the third edition of the Internet Researchers' Conference series will be held at the Sambhaavnaa Institute, Kandbari (Himachal Pradesh) during February 22-24, 2018. This annual conference series was initiated by the Researchers@Work (RAW) programme at CIS in 2016 to gather researchers, academic or otherwise, studying internet in/from India to congregate, share insights and tensions, and chart the ways forward. The *offline* is the theme of the 2018 edition of the conference (IRC18), and the conference agenda will be shaped by nine sessions selected by all the teams that submitted session proposals, and an independent paper track consisting of six presentations.

Venue: Sambhaavnaa Institute, Kandbari, Palampur, Himachal Pradesh, 176061

Travel Information: Getting to Sambhaavnaa (Sambhaavnaa Institute)

Weather in Kandbari: 10°-20°c with possibility of light shower (AccuWeather)

Registration: RSVP (Google Drive)

Agenda: Conference Programme (Google Drive)

Poster: Download (JPG)

IRC18: Offline

Does being offline necessarily mean being disconnected? Beyond anxieties such as FOMO, being offline is also seen as disengagement from a certain milieu of the digital (read: capital), an impediment to the way life is organised by and around technologies in general. However, being offline is not the exception, as examples of internet shutdown and acts on online censorship illustrate the persistence and often alarming regularity of the offline even for the ‘connected’ sections of the population.

State and commercial providers of internet and telecommunication services work in tandem to produce both the “online” and the “offline” - through content censorship, internet regulation, generalised service provision failures, and so on. Further, efforts to prioritise the use of digital technologies for financial transactions, especially since demonetisation, has led to a not-so-subtle equalisation of the ‘online economy’ with the ‘formal economy’; thus recognising the offline as the zones of informality, corruption, and piracy. This contributes to the offline becoming invisible, and in many cases, illegal, rather than being recognised as a condition that necessarily informs what it means to be digital.

Who is offline, and is it a choice? The global project of bringing people online has spurred several commendable initiatives in expanding access to digital devices, networks, and content, and often contentious ones such as Free Basics / internet.org, which illustrate the intersectionalities of scale, privilege, and rights that we need to be mindful of when we imagine the offline. Further, the experience of the internet, for a large section of people is often mediated through prior and ongoing experiences of traditional media, and through cultural metaphors and cognitive frames that transcend more practical registers such as consumption and facilitation. How do we approach, study, and represent this disembodied internet – devoid of its hypertext, platforms, devices, it's nuts and bolts, but still tangible through engagement in myriad, personal and often indiscernible ways.

For the third edition of the Internet Researchers’ Conference (IRC18), we invite participants to critically discuss the *offline*. We invite sessions that present or propose academic, applied, creative, or technical works that explore social, economic, cultural, political, infrastructural, or aesthetic dimensions of the *offline*.

Sessions

#OnlineGovernanceOfflineGovernment - Mohammad Javed Alam and Suman Mandal - Session Details

#WomenInTech - Priyanka Chaudhuri and Tripti Jain - Session Details

#Cyberflesh - Akriti Rastogi, Ishani Dey, and Sagorika Singha - Session Details

#RethinkingTheVirtualPublic - Daisy Barman and Aamir Qayoom - Session Details

#FeminismIRL - Mamatha Karollil, the SIVE Collective, and Tara Atluri - Session Details

#ILoveYou - Dhiren Borisa and Dhrubo Jyoti - Session Details

#CollectionAndIdentity - Ravi Shukla, Rajiv Mishra, and Mrutyunjay Mishra - Session Details

#FollowUsOffline - Dinesh, Farah Yameen, Afrah Shafiq, and Bhanu Prakash GS - Session Details

#OfSiegesAndShutdowns - Chinmayi S. K. and Rohini Lakshané - Session Details

Papers

Slow journalism and the temporalities of the offline - Akshata Pai - Paper Abstract

Campus campaigns: User perceptions in pre-digital and digital eras - Arjun Ghosh - Paper Abstract

The many lives of food: Blogs to books and back - Dhrupadi Chattopadhyay - Paper Abstract

Feminism in digital age - Putul Sathe - Paper Abstract

Marathi literary criticism in the era of social media - Rajashree Patil - Paper Abstract

Taking open science offline - Shreyashi Ray - Paper Abstract

About the IRC Series

The Researchers at Work (RAW) programme at the Centre for Internet and Society (CIS) initiated the Internet Researchers' Conference (IRC) series to address these concerns, and to create an annual temporary space in India, for internet researchers to gather and share experiences.

The IRC series is driven by the following interests:

creating discussion spaces for researchers and practitioners studying internet in India and in other comparable regions,
foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India, accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and
exploring and practicing new modes of research and documentation necessitated by new (digital) objects of power/knowledge.

The first edition of the Internet Researchers' Conference series was held in February 2016. It was hosted by the Centre for Political Studies at Jawaharlal Nehru University, and was supported by the CSCS Digital Innovation Fund. The second Internet Researchers' Conference was organised in partnership with the Centre for Information Technology and Public Policy (CITAPP) at the International Institute of Information Technology Bangalore (IIIT-B) campus on March 03-05, 2017.

For more details visit https://cis-india.org/raw/irc18

The Last Chance for a Welfare State Doesn’t Rest in the Aadhaar System

sumandro — 2016-04-19T13:18:42Z

Boosting welfare is the message, which is how Aadhaar is being presented in India. The Aadhaar system as a medium, however, is one that enables tracking, surveillance, and data monetisation. This piece by Sumandro Chattapadhyay was published in The Wire on April 19, 2016.

Originally published in and cross-posted from The Wire.

Once upon a time, a king desired that his parrot should be taught all the ancient knowledge of the kingdom. The priests started feeding the pages of the great books to the parrot with much enthusiasm. One day, the king asked the priests if the parrot’s education has completed. The priests poked the belly of the parrot but it made no sound. Only the rustle of undigested pages inside the belly could be heard. The priests declared that the parrot is indeed a learned one now.

The fate of the welfare system in our country is quite similar to this parrot from Tagore’s parable. It has been forcefully fed identification cards and other official documents (often four copies of the same) for years, and always with the same justification of making it more effective and fixing the leaks. These identification regimes are in effect killing off the welfare system. And some may say that that has been the actual plan in any case.

The Aadhaar number has been recently offered as the ‘last chance’ for the ailing welfare system – a last identification regime that it needs to gulp down to survive. This argument wilfully overlooks the acute problems with the Aadhaar project.

Firstly, the ‘last chance’ for a welfare state in India is not provided by implementing a new and improved identification regime (Aadhaar numbers or otherwise), but by enabling citizens to effectively track, monitor, and ensure delivery of welfare, services, and benefits. This ‘opening up’ of the welfare bureaucracy has been most effectively initiated by the Right to Information Act. Instead of a centralised biometrics-linked identity verification platform, which gives the privilege of tracking and monitoring welfare flows only to a few expert groups, an effective welfare state requires the devolution of such privilege and responsibility.

We should harness the tracking capabilities of electronic financial systems to disclose how money belonging to the Consolidated Fund of India travel around state agencies and departmental levels. Instead, the Aadhaar system effectively stacks up a range of entry barriers to accessing welfare – from malfunctioning biometric scanners, to connectivity problems, to the burden of keeping one’s fingerprint digitally legible under all labouring and algorithmic circumstances.

Secondly, authentication of welfare recipients by Aadhaar number neither make the welfare delivery process free of techno-bureaucratic hurdles, nor does it exorcise away corruption. Anumeha Yadav has recently documented the emerging ‘unrest at the ration shop’ across Rajasthan, as authentication processes face technical and connectivity delays, people get ‘locked out’ of public services for not having or having Aadhaar number with incorrect demographic details, and no mechanisms exist to provide rapid and definitive recourse.

RTI activists at the Satark Nagrik Sangathan have highlighted that the Delhi ration shops, using Aadhaar-based authentication, maintain only two columns of data to describe people who have come to the shop – those who received their ration, and those who did not (without any indication of the reason). This leads to erasure-by-design of evidence of the number of welfare-seekers who are excluded from welfare services when the Aadhaar-based authentication process fails (for valid reasons, or otherwise).

Reetika Khera has made it very clear that using Aadhaar Payments Bridge to directly transfer cash to a beneficiary’s account, in the best case scenario, may only take care of one form of corruption: deception (a different person claiming to be the beneficiary). But it does not address the other two common forms of public corruption: collusion (government officials approving undue benefits and creating false beneficiaries) and extortion (forceful rent seeking after the cash has been transferred to the beneficiary’s account). Evidently, going after only deception does not make much sense in an environment where collusion and extortion are commonplace.

Thirdly, the ‘relevant privacy question’ for Aadhaar is not limited to how UIDAI protects the data collected by it, but expands to usage of Aadhaar numbers across the public and private sectors. The privacy problem created by the Aadhaar numbers does begin but surely not end with internal data management procedures and responsibilities of the UIDAI.

On one hand, the Aadhaar Bill 2016 has reduced the personal data sharing restrictions of the NIAI Bill 2010, and has allowed for sharing of all data except core biometrics (fingerprints and iris scan) with all agencies involved in authentication of a person through her/his Aadhaar number. These agencies have been asked to seek consent from the person who is being authenticated, and to inform her/him of the ways in which the provided data (by the person, and by UIDAI) will be used by the agency. In careful wording, the Bill only asks the agencies to inform the person about “alternatives to submission of identity information to the requesting entity” (Section 8.3) but not to provide any such alternatives. This facilitates and legalises a much wider collection of personal demographic data for offering of services by public agencies “or any body corporate or person” (Section 57), which is way beyond the scope of data management practices of UIDAI.

On the other hand, the Aadhaar number is being seeded to all government databases – from lists of HIV patients, of rural citizens being offered 100 days of work, of students getting scholarships meant for specific social groups, of people with a bank account. Now in some sectors, such as banking, inter-agency sharing of data about clients is strictly regulated. But we increasingly have non-financial agencies playing crucial roles in the financial sector – from mobile wallets to peer-to-peer transaction to innovative credit ratings. Seeding of Aadhaar into all government and private databases would allow for easy and direct joining up of these databases by anyone who has access to them, and not at all by security agencies only.

When it becomes publicly acceptable that the money bill route was a ‘remedial’ instrument to put the Rajya Sabha ‘back on track’, one cannot not wonder about what was being remedied by avoiding a public debate about the draft bill before it was presented in Lok Sabha. The answer is simple: welfare is the message, surveillance is the medium.

Acceptance and adoption of all medium requires a message, a content. The users are interested in the message. The message, however, is not the business. Think of Free Basics. Facebook wants people with none or limited access to internet to enjoy parts of the internet at zero data cost. Facebook does not provide the content that the users consume on such internet. The content is created by the users themselves, and also provided by other companies. Facebook own and control the medium, and makes money out of all content, including interactions, passing through it.

The UIDAI has set up a biometric data bank and related infrastructure to offer authentication-as-a-service. As the Bill clarifies, almost all agencies (public or private, national or global) can use this service to verify the identity of Indian residents. Unlike Facebook, the content of these services do not flow through the Aadhaar system. Nonetheless, Aadhaar keeps track of all ‘authentication records’, that is records of whose identity was authenticated by whom, when, and where. This database is gold (data) mine for security agencies in India, and elsewhere. Further, as more agencies use authentication based on Aadhaar numbers, it becomes easier for them to combine and compare databases with other agencies doing the same, by linking each line of transaction across databases using Aadhaar numbers.

Welfare is the message that the Aadhaar system is riding on. The message is only useful for the medium as far as it ensures that the majority of the user population are subscribing to it. Once the users are enrolled, or on-boarded, the medium enables flow of all kinds of messages, and tracking and monetisation (perhaps not so much in the case of UIDAI) of all those flows. It does not matter if the Aadhaar system is being introduced to remedy the broken parliamentary process, or the broken welfare distribution system. What matters is that the UIDAI is establishing the infrastructure for a universal surveillance system in India, and without a formal acknowledgement and legal framework for the same.

For more details visit https://cis-india.org/internet-governance/blog/the-last-chance-for-a-welfare-state-doesnt-rest-in-the-aadhaar-system

GLAM

sumandro — 2015-12-15T08:26:04Z

For more details visit https://cis-india.org/openness/glam

RAW Lectures #02: Anil Menon on 'Undermining the Tyrant’s Protocols: Speculative Fiction and Freedom'

sumandro — 2016-02-09T08:43:57Z

Anil Menon will give a talk on 'Undermining the Tyrant’s Protocols: Speculative Fiction and Freedom' at the Centre for Internet and Society's office in Bangalore on Wednesday, January 13, 2016 at 6 pm. Please join us for tea and coffee before the lecture at 5.30 pm.

Update: The video recording of the lecture can be accessed here.

The RAW Lectures series was initiated by the Researchers at Work (RAW) programme to take stock, reflect, and chart courses into the studies of Internet in/from India. The lectures address the experiences and practices of Internet in India as plural and intertwined with longer-duration processes. The lectures also critically respond to the questions around the methods of studying Internet in/from India, and the opportunities and challenges of studying Indian society on/through the Internet.

It gives us great pleasure to announce that Anil Menon will present the second lecture of the series on Wednesday, January 13, 2016, at 6 pm.

Undermining the Tyrant’s Protocols: Speculative Fiction and Freedom

Story-telling, like the internet, depends on the existence of fixed protocols between the sender and the receiver. However, by manipulating ambiguity and contexts, speculative fiction constantly creates new and ever-changing protocols of reading. This makes it hard to define what exactly speculative fiction is. Spec-fic may be described as a catch-all term to describe genres such as magic-realism, fabulist fiction, slipstream, science-fiction, fantasy and various fusions thereof. In my talk, I will outline the history of spec-fic on the subcontinent, and show how it was used by authors such as Kylas Chundar Dutt to undermine imperialist narratives. In the last decade, the internet, which may be conceived as a speculative network, has emerged as another such tool. Internet access in India is growing at an extraordinary rate, but less well-known is the fact that Indian spec-fic is also undergoing a rather remarkable renaissance. I will show that these two threads of development are related, mutually reinforcing, and point to an interesting metaphor of speculative sovereignity, perhaps unique to India, and that serves to undermine any would-be tyrant’s protocols.

Anil Menon

Anil Menon’s research work has appeared in peer-reviewed journals such as Intl J. of Neural Networks, Neural Proc. Letters, IEEE Trans On Evolutionary Computation, Foundations of Genetic Algorithms, British J. of the History of Science, and Small Business Economics. His short fiction has appeared in a variety of magazines and anthologies including Interzone, Interfictions, Strange Horizons, Jaggery Lit Review, and Lady Churchill’s Rosebud Wristlet. His stories have been translated into German, French, Chinese, Romanian and Hebrew. His debut novel The Beast With Nine Billion Feet (Zubaan Books, 2010) was short-listed for the 2010 Vodafone-Crossword award and the Carl Brandon Society's 2011 Parallax Award. Along with Vandana Singh, he co-edited Breaking the Bow (Zubaan Books 2012), an international anthology of speculative fiction inspired by the Ramayana epic. His most recent work is the novel Half Of What I Say (Bloomsbury, 2015).

Website: http://anilmenon.com/.

For more details visit https://cis-india.org/raw/raw-lectures-02-anil-menon

Approaching Open Research via Open Data - Presentation at TERI, December 22, 2015

sumandro — 2016-01-12T14:37:38Z

The Energy and Resources Institute (TERI), Delhi, organised a seminar on 'Open Access in Research Area: A Strategic Approach' on December 22, 2015. We supported the seminar as a knowledge partner. Sumandro Chattapadhyay was invited to deliver a special address. Here are the notes and slides from the presentation.

The brief presentation foregrounded open data as a crucial part of open research, and also as an instrument of opening up research for public consumption, discussion, and scrutiny.

The presentation started with reference to the Open Access Dialogues organised by The African Commons Project and the Centre for Internet and Society during November 2012 to March 2013 that explored the global open access agenda from a developing world perspective.

I noted that one of the key findings from the Indian participants of the online consultations organised as part of the Open Access Dialogues was the need for a broader vision of open access. Open research data is a key component of this broader vision of open access and open research.

There was a brief discussion of how to start doing and thinking about open data as an approach to open research. I highlighted the need to get started on 1) getting government to open up data relevant to research, 2) opening up academic research data, and 3) sectoral conversations on data standards (technical and semantic); as well as the need to think about 1) open data as bridge across disciplinary communities, 2) quantification of life and the widening sphere of research data, and 3) academic research and public life.

In next slides, I quickly mentioned the international processes going on in the open data landscape - the conversation on open data and Sustainable Development Data, the possibility of using big (social and telecom) data for purposes of development monitoring, and the International Open Data Charter as a set of global principles for open data.

More about the seminar: http://cis-india.org/openness/teri-seminar-on-open-access-in-research.

For more details visit https://cis-india.org/openness/approaching-open-research-via-open-data-2015

NASSCOM-DSCI Annual Information Security Summit 2015 - Notes

sumandro — 2016-01-19T07:58:56Z

NASSCOM-DSCI organised the 10th Annual Information Security Summit (AISS) 2015 in Delhi during December 16-17. Sumandro Chattapadhyay participated in this engaging Summit. He shares a collection of his notes and various tweets from the event.

Details about the Summit

Event page: https://www.dsci.in/events/about/2261.

Agenda: https://www.dsci.in/sites/default/files/Agenda-AISS-2015.pdf.

Notes from the Summit

Mr.G.K.Pillai ,Chairman DSCI addressing the audience @ 10th Annual Information Security Summit '15 #AISS15 pic.twitter.com/JVcwct3HSF
— DSCI (@DSCI_Connect) December 16, 2015

Mr. G. K. Pillai, Chairman of Data Security Council of India (DSCI), set the tone of the Summit at the very first hour by noting that 1) state and private industries in India are working in silos when it comes to preventing cybercrimes, 2) there is a lot of skill among young technologists and entrepreneurs, and the state and the private sectors are often unaware of this, and 3) there is serious lack of (cyber-)capacity among law enforcement agencies.

In his Inaugural Address, Dr. Arvind Gupta (Deputy National Security Advisor and Secretary, NSCS), provided a detailed overview of the emerging challenges and framework of cybersecurity in India. He focused on the following points:

#India Dy NSA Dr Arvind Gupta calls 4 #cybersecurity by #design in #ICT #AISS15 pic.twitter.com/79kq9lWGtk
— Deepak Maheshwari (@dmcorpaffair) December 16, 2015

Security is a key problem in the present era of ICTs as it is not in-built. In the upcoming IoT era, security must be built into ICT systems.
In the next billion addition to internet population, 50% will be from India. Hence cybersecurity is a big concern for India.
ICTs will play a catalytic role in achieving SDGs. Growth of internet is part of the sustainable development agenda.
We need a broad range of critical security services - big data analytics, identity management, etc.
The e-governance initiatives launched by the Indian government are critically dependent on a safe and secure internet.
Darkweb is a key facilitator of cybercrime. Globally there is a growing concern regarding the security of cyberspace.
On the other hand, there exists deep divide in access to ICTs, and also in availability of content in local languages.
The Indian government has initiated bilateral cybersecurity dialogues with various countries.
Indian government is contemplating setting up of centres of excellence in cryptography. It has already partnered with NASSCOM to develop cybersecurity guidelines for smart cities.
While India is a large global market for security technology, it also needs to be self-reliant. Indian private sector should make use of government policies and bilateral trust enjoyed by India with various developing countries in Africa and south America to develop security technology solutions, create meaningful jobs in India, and export services and software to other developing countries.
Strong research and development, and manufacturing base are absolutely necessary for India to be self-reliant in cybersecurity. DSCI should work with private sector, academia, and government to coordinate and realise this agenda.
In the line of the Climate Change Fund, we should create a cybersecurity fund, since it is a global problem.
Silos are our bane in general. Bringing government agencies together is crucial. Trust issues (between government, private sector, and users) remain, and can only be resolved over time.
The demand for cybersecurity solutions in India is so large, that there is space for everyone.
The national cybersecurity centre is being set up.
Thinktanks can play a crucial role in helping the government to develop strategies for global cybersecurity negotiations. Indian negotiators are often capacity constrained.

Rajendra Pawar, Chair of the NASSCOM Cyber Security Task Force, NASSCOM Cybersecurity Initiative, provided glimpses of the emerging business opportunity around cybersecurity in India:

In next 10 years, the IT economy in India will be USD 350 bn, and 10% of that will be the cybersecurity pie. This means a million job only in the cybersecurity space.
Academic institutes are key to creation of new ideas and hence entrepreneurs. Government and private sectors should work closely with academic institutes.

'Companies+Govt+Academia= High growth of the cybersecurity industry' - Rajendra Pawar at #AISS15 @DSCI_Connect
— Shivangi Nadkarni (@shivanginadkarn) December 16, 2015
Globally, cybersecurity innovation and industries happen in clusters. Cities and states must come forward to create such clusters.
2/3rd of the cybersecurity market is provision of services. This is where India has a great advantage, and should build on that to become a global brand in cybersecurity services.
Everyday digital security literacy and cultures need to be created.
Publication of cybersecurity best practices among private companies is a necessity.

Corporate disclosures of breaches being considered with Nasscom under cybersec task force: Rajendra Pawar #AISS15 @DSCI_Connect @ETtech
— Neha Alawadhi (@NehaAlawadhiET) December 16, 2015
Dedicated cybersecurity spending should be made part of the e-governance budget of central and state governments.
DSCI should function as a clearing house of cybersecurity case studies. At present, thought leadership in cybersecurity comes from the criminals. By serving as a use case clearing house, DSCI will inform interested researchers about potential challenges for which solution needs to be created.

Manish Tiwary of Microsoft informed the audience that India is in the top 3 positions globally in terms of malware proliferation, and this ensures that India is a big focus for Microsoft in its global war against malware. Microsoft India looks forward to work closely with CERT-In and other government agencies.

RSA's Kartik Shahani @DSCI_Connect #AISS15 Adopt a Deep & Pervasive Level of True Visibility Everywhere pic.twitter.com/2U8J8WkWsI
— Debjani Gupta (@DebjaniGupta1) December 16, 2015

Data localization; one of the stumbling blocks that undermine investments in #cybersecurity. #AISS15 pic.twitter.com/vrff3Amcv0
— Appvigil (@appvigil_co) December 16, 2015

Trust verification 4 embedded devices isnt complex bt much desired as people lives r dependent on that-cld cause physical damage #AISS15
— Lokesh Mehra (@lokesh_mehra) December 16, 2015

"Most compromised OS in 2k15: iOS"-Riyaz Tambe, Palo Alto Networks #AISS15
— Indira Sen (@drealcharbar) December 16, 2015

Security by default in IOS architecture tho' can't verify code as noṭ open - is it security by obscurity? #AISS15 pic.twitter.com/kbPZgH8oA0
— Lokesh Mehra (@lokesh_mehra) December 16, 2015

The session on Catching Fraudsters had two insightful presentations from Dr. Triveni Singh, Additional SP of Special Task Force of UP Police, and Mr. Manoj Kaushik, IAS, Additional Director of FIU.

Dr. Singh noted that a key challenge faced by police today is that nobody comes to them with a case of online fraud. Most fraud businesses are run by young groups operating BPOs that steal details from individuals. There exists a huge black market of financial and personal data - often collected from financial institutions and job search sites. Almost any personal data can be bought in such markets. Further, SIM cards under fake names are very easy to buy. The fraudsters are effective using all fake identity, and is using operational infrastructures outsourced from legitimate vendors under fake names. Without a central database of all bank customers, it is very difficult for the police to track people across the financial sector. It becomes even more difficult for Indian police to get access to personal data of potential fraudsters when it is stored in a foreign server. which is often the case with usual web services and apps. Many Indian ISPs do not keep IP history data systematically, or do not have the technical expertise to share it in a structured and time-sensitive way.

Mr. Triveni Singh talks about raiding fake call centres in Delhi NCR that scam millions every year #AISS15 pic.twitter.com/EmE4y3jux2
— pradyumn nand (@PradyumnNand) December 16, 2015

Mr. Kaushik explained that no financial fraud is uniquely committed via internet. Many fraud begin with internet but eventually involve physical fraudulent money transaction. Credit/debit card frauds all involve card data theft via various internet-based and physical methods. However, cybercrime is continued to be mistakenly seen as frauds undertaken completely online. Further, mobile-based frauds are yet another category. Almost all apps we use are compromised, or store transaction history in an insecure way, which reveals such data to hackers. FIU is targeting bank accounts to which fraud money is going, and closing them down. Catching the people behind these bank accounts is much more difficult, as account loaning has become a common practice - where valid accounts are loaned out for a small amount of money to fraudsters who return the account after taking out the fraudulent money. Better information sharing between private sector and government will make catching fraudsters easier.

@AkhileshTuteja With data overload and big data being prevalent are we considering privacy elements #AISS15 #KpmgIndiaCyber
— Atul Gupta (@AtulGup15843145) December 16, 2015

'Tech solns today designed to protect security - solns for privacy need to evolve'- @Mayurakshi_Ray #AISS15 @DSCI_Connect
— Shivangi Nadkarni (@shivanginadkarn) December 16, 2015

In-house tools important but community collaboration critical to fight security threats @tata_comm #AISS15 pic.twitter.com/ZjbCnaROXC
— aparna (@aparnag14) December 16, 2015

'Orgns in India have a long way to go b4 they internalise privacy principles' Subhash S, CISO ICICI #AISS15 @DSCI_Connect
— Shivangi Nadkarni (@shivanginadkarn) December 16, 2015

Prof PK giving an interesting brief on Academia role in Cyber Security. @ponguru @DSCI_Connect at #AISS15 pic.twitter.com/MEiO6sCJwu
— Vikas Yadav (@VikasSYadav) December 16, 2015

Potential for interaction between Academia, Government and Industry but not an established reality yet. #AISS15 #MappingCyberEducation
— Indira Sen (@drealcharbar) December 16, 2015

I have figured out why information security is not in any boardroom discussions. Cause there are no good speakers / orators . #AISS15
— Virag Thakkar (@viragthakkar) December 16, 2015

The session on Smart Cities focused on discussing the actual cities coming up India, and the security challenges highlighted by them. There was a presentation on Mahindra World City being built near Jaipur. Presenters talked about the need to stabilise, standardise, and securitise the unique identities of machines and sensors in a smart city context, so as to enable secured machine-to-machine communication. Since 'smartness' comes from connecting various applications and data silos together, the governance of proprietary technology and ensuring inter-operable data standards are crucial in the smart city.

As Special Purposed Vehicles are being planned to realise the smart cities, the presenters warned that finding the right CEOs for these entities will be critical for their success. Legacy processes and infrastructures (and labour unions) are a big challenge when realising smart cities. Hence, the first step towards the smart cities must be taken through connected enforcement of law, order, and social norms.

Privacy-by-design and security-by-design are necessary criteria for smart cities technologies. Along with that regular and automatic software/middleware updating of distributed systems and devices should be ensured, as well as the physical security of the actual devices and cables.

In terms of standards, security service compliance standards and those for protocols need to be established for the internet-of-things sector in India. On the other hand, there is significant interest of international vendors to serve the Indian market. All global data and cloud storage players, including Microsoft Azure cloud, are moving into India, and are working on substantial and complete data localisation efforts.

Session - Why should you hire Women Security Professionals?... Balancing gender diversity #AISS15 #DSCI_Connect pic.twitter.com/uIMfG9PvAb
— Jagan Suri (@jsuri90) December 16, 2015

gender Diversity in cybersecurity critical 4 India's future. @symantec partnered with @nasscom via 1000 women scholarships #AISS15
— Lokesh Mehra (@lokesh_mehra) December 16, 2015

Dialogue with CERT-In .. Starting 2nd Day of #AISS15 .. B J Srinath, DG, CERT @DSCI_Connect #security #privacy pic.twitter.com/cvDcrgkein
— Vinayak Godse (@godvinayak) December 17, 2015

New #problems can't b solved w old #solutions: #India CERT DG BJ Srinath #AISS15
— Deepak Maheshwari (@dmcorpaffair) December 17, 2015

17 entities within #Indian #government engaged in #cybersecurity: #India CERT head #AISS15
— Deepak Maheshwari (@dmcorpaffair) December 17, 2015

Scope of activities by CERT in #India way more than its counterparts elsewhere #AISS15
— Deepak Maheshwari (@dmcorpaffair) December 17, 2015

#India CERT looks 8 prediction & #prevention #cybersecurity #emergency not just #response #AISS15
— Deepak Maheshwari (@dmcorpaffair) December 17, 2015

#India CERT willing to #share #information rather than just receiving #AISS15
— Deepak Maheshwari (@dmcorpaffair) December 17, 2015

Savita CERTin outlines drill initiatives taken 4 preparedness-detect (protect), defend attacks wth response #AISS15 pic.twitter.com/wXrkgoLzr2
— Lokesh Mehra (@lokesh_mehra) December 17, 2015

CERTin also offers incident predicatibility,Crisis mgmt plans, #cybersecurity assurance ladder (7 levels) besides 24 x 7 prevention #AISS15
— Lokesh Mehra (@lokesh_mehra) December 17, 2015

#India has 7.2 million bot infected #machines: #India CERT DG Srinath #AISS15
— Deepak Maheshwari (@dmcorpaffair) December 17, 2015

Seizure & protection of electronic devices as admissible evidence (certificate u Sec 65B) imperative under Forensics investigation #AISS15
— Lokesh Mehra (@lokesh_mehra) December 17, 2015

'Law enforcement agency&corporate world must collaborate to fight cybercrime'-Atul Gupta,Partner-Risk Adv. @ #AISS15 pic.twitter.com/GwAQWhYMmK
— KPMG India (@KPMGIndia) December 17, 2015

Mr. R. Chandrasekhar, President of NASSCOM, foregrounded the recommendations made by the Cybersecurity Special Task Force of NASSCOM, in his Special Address on the second day. He noted:

There is a great opportunity to brand India as a global security R&D and services hub. Other countries are also quite interested in India becoming such a hub.
The government should set up a cybersecurity startup and innovation fund, in coordination with and working in parallel with the centres of excellence in internet-of-things (being led by DeitY) and the data science/analytics initiative (being led by DST).
There is an immediate need to create a capable workforce for the cybersecurity industry.
Cybersecurity affects everyone but there is almost no public disclosure. This leads to low public awareness and valuation of costs of cybersecurity failures. The government should instruct the Ministry of Corporate Affairs to get corporates to disclose (publicly or directly to the Ministry) security breeches.
With digital India and everyone going online, cyberspace will increasingly be prone to attacks of various kinds, and increasing scale of potential loss. Cybersecurity, hence, must be part of the core national development agenda.
The cybersecurity market in India is big enough and under-served enough for everyone to come and contribute to it.

The Keynote Address by Mr. Rajiv Singh, MD – South Asia of Entrust Datacard, and Mr. Saurabh Airi, Technical Sales Consultant of Entrust Datacard, focused on trustworthiness and security of online identities for financial transactions. They argued that all kinds of transactions require a common form factor, which can be a card or a mobile phone. The key challenge is to make the form factor unique, verified, and secure. While no programme is completely secure, it is necessary to build security into the form factor - security of both the physical and digital kind, from the substrates of the card to the encryption algorithms. Entrust and Datacard have merged in recent past to align their identity management and security transaction workflows, from physical cards to software systems for transactions. The advantages of this joint expertise have allowed them to successfully develop the National Population Register cards of India. Now, with the mobile phone emerging as a key financial transaction form factor, the challenge across the cybersecurity industry is to offer the same level of physical, digital, and network security for the mobile phone, as are provided for ATM cards and cash machines.

The following Keynote Address by Dr. Jared Ragland, Director - Policy of BSA, focused on the cybersecurity investment landscape in India and the neighbouring region. BSA, he explained, is a global trade body of software companies. All major global software companies are members of BSA. Recently, BSA has produced a study on the cybersecurity industry across 10 markets in the Asia Pacific region, titled Asia Pacific Cybersecurity Dashboard. The study provides an overview of cybersecurity policy developments in these countries, and sector-specific opportunities in the region. Dr. Ragland mentioned the following as the key building blocks of cybersecurity policy: legal foundation, establishment of operational entities, building trust and partnerships (PPP), addressing sector-specific requirements, and education and awareness. As for India, he argued that while steady steps have been taken in the cybersecurity policy space by the government, a lot remains to be done. Operationalisation of the policy is especially lacking. PPPs are happening but there is a general lack of persistent formal engagement with the private sector, especially with global software companies. There is almost no sector-specific strategy. Further, the requirement for India-specific testing of technologies, according to domestic and not global standards, is leading to entry barrier for global companies and export barrier for Indian companies. Having said that, Dr. Ragland pointed out that India's cybersecurity experience is quite representative of that of the Asia Pacific region. He noted the following as major stumbling blocks from an international industry perspective: unnecessary and unreasonable testing requirements, setting of domestic standards, and data localisations rules.

The Policy Makers' panel in #AISS15 in progress. Arvind Gupta, Head, BJP IT cell (@buzzindelhi) speaks. pic.twitter.com/9yWR0gMwf5
— Nandkumar Saravadé (@saravade) December 17, 2015

One of the final sessions of the Summit was the Public Policy Dialogue between Prof. M.V. Rajeev Gowda, Member of Parliament, Rajya Sabha, and Mr. Arvind Gupta, Head of IT Cell, BJP.

Prof. Gowda focused on the following concerns:

We often freely give up our information and rights over to owners of websites and applications on the web. We need to ask questions regarding the ownership, storage, and usage of such data.
While Section 66A of Information Technology Act started as a anti-spam rule, it has actually been used to harass people, instead of protecting them from online harassment.
The bill on DNA profiling has raised crucial privacy concerns related to this most personal data. The complexity around the issue is created by the possibility of data leakage and usage for various commercial interests.
We need to ask if western notions of privacy will work in the Indian context.
We need to move towards a cashless economy, which will not only formalise the existing informal economy but also speed up transactions nationally. We need to keep in mind that this will put a substantial demand burden on the communication infrastructure, as all transactions will happen through these.

Mr. Gupta shared his keen insights about the key public policy issues in digital India:

The journey to establish the digital as a key political agenda and strategy within BJP took him more than 6 years. He has been an entrepreneur, and will always remain one. His approached his political journey as an entrepreneur.
While we are producing numerous digitally literate citizens, the companies offering services on the internet often unknowingly acquire data about these citizens, store them, and sometimes even expose them. India perhaps produces the greatest volume of digital exhaust globally.
BJP inherited the Aadhaar national identity management platform from UPA, and has decided to integrate it deeply into its digital India architecture.
Financial and administrative transactions, especially ones undertake by and with governments, are all becoming digital and mostly Aadhaar-linked. We are not sure where all such data is going, and who all has access to such data.
Right now there is an ongoing debate about using biometric system for identification. The debate on privacy is much needed, and a privacy policy is essential to strengthen Aadhaar. We must remember that the benefits of Aadhaar clearly outweigh the risks. Greatest privacy threats today come from many other places, including simple mobile torch apps.
India is rethinking its cybersecurity capacities in a serious manner. After Paris attack it has become obvious that the state should be allowed to look into electronic communication under reasonable guidelines. The challenge is identifying the fine balance between consumers' interest on one hand, and national interest and security concerns on the other. Unfortunately, the concerns of a few is often getting amplified in popular media.
MyGov platform should be used much more effectively for public policy debates. Social media networks, like Twitter, are not the correct platforms for such debates.

#AISS15: @rajivgowda & @buzzindelhi are talking abt proactive disclosure as a key part of #cybersecurity strategy #openData @DataPortalIndia
— sumandro (@ajantriks) December 17, 2015

For more details visit https://cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes

Mathematisation of the Urban and not Urbanisation of Mathematics: Smart Cities and the Primitive Accumulation of Data - Accepted Abstract

sumandro — 2015-11-13T05:47:13Z

"Many accounts of smart cities recognise the historical coincidence of cybernetic control and neoliberal capital. Even where it is machines which process the vast amounts of data produced by the city so much so that the ruling and managerial classes disappear from view, it is usually the logic of capital that steers the flows of data, people and things. Yet what other futures of the city may be possible within the smart city, what collective intelligence may it bring forth?" The Fibreculture Journal has accepted an abstract of mine for its upcoming issue on 'Computing the City.'

Speaking to Geert Lovink, Wolfgang Ernst explains that '[t]he coupling of machine and mathematics that enables computers occurs as a mathematization of machine, not as machinization of mathematics' [1]. In this paper, I propose that the idea of smart cities be understood not as 'urbanisation of mathematics' – as often described by industry documents, design fictions, and academic analyses – but as 'mathematisation of the urban.' By the notion of 'urbanisation of mathematics,' I indicate at those reports that conceptualise smart cities as data analytics, or civic mathematics, at an urban scale. I explain how this notion is shared by design visions of actors from the networking industry, such as IBM and Cisco, emerging academic practices in urban science and informatics, and calls for urbanising the technologies of regulation and governance, in the sense of making these technologies directly and bi-directionally interact with the urban citizens [2]. Conversely, the 'mathematisation of the urban' perspective foregrounds a specific transformation at hand in the production of urban space itself, which I argue is what is captured in the idea of smart cities. This transformation is not a new thing, and has been heralded by the coming of coded infrastructures and the transduction of urban space through them [3]. The process of 'mathematisation of the urban' refers to a fundamental reorganisation of the urban itself so as to make aspects of it available to mathematical manipulation, most often undertaken by software systems. This mathematisation takes place through the rebuilding of urban infrastructures so as to facilitate sensing and recording of parts of urban lives and processes as mathematical data, and the embedding of coded assemblages that can communicate and act upon the analysis of such data, and also through re-building the relations of property around this newly-obtained and continuously-generated resource of data about the urban.

I propose in this paper that production, circulation, and ownership of data must be considered as a central problematique in the discussions of smart cities. As writings on smart cities have often focused on the dyadic relationships between code and space on one hand, and co-evolution (and splintering) of networked infrastructures and the urban form, the figure of data has remained implicit yet subdued as as an entry point to study the idea of smart cities. Even for commentators who do focus on the implications of data, the category is often treated as a feature or a capacity of new technological assemblages. Instead, I argue in this paper that it is the concerns of production, circulation, and ownership of data that drive the conceptualisation and actual material forms of the visions of smart cities. These technological assemblages, materialisation of which constitute such visions, are implementations of exclusive data collection operations targeting various portions of urban lives and processes. The imagination of 'city 2.0' takes a particularly insightful colour when thought of as an analogy to the 'web 2.0' model of capture and monetisation of user behaviour data. Further, I employ the Marxian theory of 'primitive accumulation' to describe how the material infrastructures of networked sensors and embedded data capture systems create enclosed spaces for conversion of collectively-held-information into data-as-exchangable-and-interoperable-value, through which disparate and distributed knowledge and experiences of the urban is transformed into urban data, which can be centralised and queried, and hence value can be extracted from it.

Footnotes

[1] Lovink, Geert. 2013. Interview with German Media Archeologist Wolfgang Ernst. Nettime-l. February 26. Accessed on April 20, 2015, from http://www.nettime.org/Lists-Archives/nettime-l-0302/msg00132.html.

[2] Sassen, Saskia. 2012. Urbanising Technology. LSE Cities. December. Accessed on April 20, 2015, from http://lsecities.net/media/objects/articles/urbanising-technology/en-gb/.

[3] Dodge, Martin, and Rob Kitchin. 2005. Code and the Transduction of Space. Annals of the Association of American Geographers. 95: 01. Pp. 162-180.

For more details visit https://cis-india.org/raw/smart-cities-and-the-primitive-accumulation-of-data-abstract

Sreedeep_Mock-Calling_04_Resized

sumandro — 2015-07-13T06:44:24Z

For more details visit https://cis-india.org/raw/histories-of-the-internet/Sreedeep_MockCalling_04_Resized.jpg

Sreedeep_Mock-Calling_10_Resized

sumandro — 2015-07-13T07:15:32Z

For more details visit https://cis-india.org/raw/histories-of-the-internet/Sreedeep_MockCalling_10_Resized.jpg

Sreedeep_Mock-Calling_12_Resized

sumandro — 2015-07-13T07:16:57Z

For more details visit https://cis-india.org/raw/histories-of-the-internet/Sreedeep_MockCalling_12_Resized.jpg