Centre for Internet and Society

IETF 104 Prague

Admin — 2019-04-12T01:04:47Z

Karan Saini and Gurshabad Grover participated in IETF 104 organized by IETF in Prague from 23rd March to 29th March 2019.

Karan Saini:

Attended and scribed for the Privacy Enhancements and Assessments Proposed Research Group (PEARG) session.
Attended and made interventions in the Stopping Malware and Researching Threats (SMART RG) research group session.
Attended: DNS Over HTTPS (DOH), Domain Name System Operations (DNSOP), Transport Layer Security (TLS) and Authentication and Authorization for Constrained Environments (ACE WG) group sessions
Attended side meetings: Public Interest Technology (PITG) and Web Packaging (webpack)

Gurshabad Grover:

Attended and made interventions in the Captive Portals (capport) and Registration Protocols Extensions (regext) working groups. Also attended the meetings of the Transport Layer Security (TLS), DNS Privacy, and DNS over HTTPS (DoH) working groups and the Privacy Enhancements and Assessments Proposed Research Group (PEARG). Additionally, attended the Public Interest Technology Group (PITG) and Centralisation of DNS Services side meetings.
At the meeting of the Human Rights Protocol Considerations (HRPC) research group, I presented an update to draft-irtf-hrpc-guidelines ('Guidelines for Human Rights Protocol and Architecture Considerations'), which I am co-editing with Niels ten Oever.
At the IETF Hackathon, I explored the use of differential privacy for privacy-preserving latency measurement in the QUIC protocol (with Amelia Andersdotter and Shivan Kaul Sahib). We will continue the research to see whether differential privacy techniques are viable/useful for IETF protocols.
Attended and made interventions in the Captive Portals (capport) andRegistration Protocols Extensions (regext) working groups. Also attended the meetings of the Transport Layer Security (TLS), DNS Privacy, and DNS over HTTPS (DoH) working groups and the Privacy Enhancements and Assessments Proposed Research Group (PEARG). Additionally, attended the Public Interest Technology Group (PITG) and Centralisation of DNS Services side meetings.
At the meeting of the Human Rights Protocol Considerations (HRPC)research group, I presented an update to draft-irtf-hrpc-guidelines('Guidelines for Human Rights Protocol and ArchitectureConsiderations'), which I am co-editing with Niels ten Oever.
At the IETF Hackathon, I explored the use of differential privacy forprivacy-preserving latency measurement in the QUIC protocol (with Amelia Andersdotter and Shivan Kaul Sahib). We will continue the research to see whether differential privacy techniques are viable/useful for IETF protocols.

For more information visit IETF website

For more details visit https://cis-india.org/internet-governance/news/ietf-104-prague

Policy Lab on Artificial Intelligence & Democracy

Admin — 2019-04-12T01:32:32Z

Shweta Mohandas participated in a policy lab on Artificial Intelligence & Democracy in India organised by Tandem Research, in partnership with Microsoft Research and Friedrich-Ebert-Stiftung on 2 & 3 April, 2019, in Bangalore.

For more details visit https://cis-india.org/telecom/news/policy-lab-on-artificial-intelligence-democracy

Data leaks could wreak havoc in India, so why aren’t they an issue this election?

Aria Thaker — 2019-04-12T01:40:58Z

India’s government leaks data like a sieve, and it’s putting people at risk.

The article by Aria Thaker was published in Quartz India on April 4, 2019. Karan Saini was quoted.

The latest instance was reported on April 01, when technology website ZDNet reported that an Indian government agency had left sensitive medical records of 12.5 million pregnant women online, in a database that wasn’t even password protected.

This is only the latest in a slew of dozens of data leaks and cybersecurity lapses that have plagued the Indian government over the past few years. These have occurred despite—or in part, because of—prime minister Narendra Modi’s aggressive push towards “Digital India.”

Sloppy digitisation efforts and a lack of capacity in cybersecurity issues have caused so many leaks that they seem almost routine by now. Even the one reported by ZDNet, large and grievous as it is, has received little coverage in the mainstream media so far.

“This issue has to be an election priority—the focus on privacy and protection of citizen data,” Raman Chima, policy director at digital-rights organisation Access Now, told Quartz. But as India’s general election approaches, the near silence from politicians on these issues is deafening.

Endangering pregnant women and children

ZDNet reported that a database of medical records from 12.5 million pregnant women was left available online by the department of medical, health and family welfare of a northern Indian state. It does not name the state since the server is still available online, though the medical records have finally been removed, almost a month after security researcher Bob Diachenko contacted the department.

The information in this database was extremely sensitive, including patients’ names, contact details, disease information, pregnancy status and complications, and procedures, such as abortions, that they have undergone.

This wasn’t the first such data leak incident involving the government—nor even the first involving pregnant women.

“This could lead to significant bodily harms to a woman in a context where abortions, especially for unmarried women, are heavily stigmatised,” said Ambika Tandon, a policy officer who researches gender and tech issues for the think tank Centre for Internet and Society (CIS). Women who seek abortions or sensitive procedures “may resort to unsafe abortions at facilities that are not registered for fear of their personal information or physical and informational privacy being compromised,” Tandon said.

Yet this wasn’t the first such incident involving the government—nor even the first involving pregnant women.

Aadhaar and beyond

Aadhaar, the 12-digit personal identification number from India’s controversial, biometrics-backed database, has often been at the centre of previous such leaks in India. Much like a the social security number in the US, it is a sensitive piece of information as it helps identify individuals and is often linked to other government and financial services one uses.

Here’s a look at just a handful of the most prominent leaks, breaches, and vulnerabilities involving Aadhaar:

May 2017: Around 130 million individuals have their Aadhaar numbers, banking details, and more leaked on four government websites
January 2018: A reporter of The Tribune newspaper pays Rs500 ($7) to access a portal with demographic data from every Aadhaar holder in the country
March 2018: State-owned gas company Indane leaks private dataof its customers and all Aadhaar holders
April 2018: Andhra Pradesh leaks medical records of over 2 million pregnant women, as well as their Aadhaar numbers and contact details
June 2018: An unsecured Aadhaar API on over 70 subdomains of a government website allows anyone to access demographic-authentication services
July 2018: Data of 250,000 students taking a government medical entrance exam is leaked and sold online
January 2019: The State Bank of India, the country’s largest bank, leaks financial data of millions customers
February 2019: Indane strikes again. Aadhaar data of nearly 6.7 million dealers and distributors of the state-owned gas company is exposed on its dealers portal

This list is far from comprehensive. Aadhaar-related leaks alone comprise at least 37 such cases, which can be found listed on Indian tech site Medianama. These include instances of many state and central departments publishing Aadhaar numbers next to banking details, or even instances of colour photocopies of Aadhaar cards being published online.

Government entities, especially the Unique Identification Authority of India (UIDAI), which administers Aadhaar, have been known to take a long time—sometimes even months—to respond to leaks. Worse, they have often hounded journalists and whistleblowers raising awareness about these incidents. For instance, the UIDAI filed a police case against The Tribune’s reporter and, weeks later, the newspaper’s editor stepped down. CIS, which published the report about 130 million Aadhaar records being exposed, received a legal notice from the UIDAI.

Why do leaks happen?

India’s government agencies are undergoing rapid digitisation.

“There’s been a particular focus over the past few years to aggregate (data) from different databases that might normally exist in one area, or one scheme, and bring them together to one master spreadsheet,” said Chima of Access Now. “As a result of this, a lot of data is being collected in a few places and (the government) is not doing enough thinking…as to how to control and think about cybersecurity.”

Besides, government departments face major personnel and training issues in matters of cybersecurity.

“Most of the officials who collect information do not know about security practices, and they don’t really understand the challenges involved,” said Srinivas Kodali, a cybersecurity researcher who has uncovered many government leaks. “They think it’s normal data—they don’t understand the privacy implications of it.”

Beyond this, a lack of resources holds government bodies back from protecting user data. “Indian government departments require an increase in skill and resources to deal with information security,” said Karan Saini, a security researcher and policy officer at CIS, who has also reported leaks and vulnerabilities.

A lack of comprehensive privacy regulation exacerbates the problem. India does not currently have a data-protection law. A draft bill was put forth by the electronics and IT ministry last year, but it has been criticised by many for being too lenient on government institutions who handle citizen data.

How leaks and lapses endanger democracy

The issue of data leaks is deeply tied to one of the core threats to democracy today—voter microtargeting, which often takes the form of parties conveying conflicting messages to different social groups, in their attempts to get elected. Such targeting has been under the global spotlight since 2016, after secretive firm Cambridge Analytica reportedly used it in Donald Trump’s presidential campaign.

In India, “there’s a lot of these datasets of sensitive data about citizens available, which may have electoral implications in terms of how it affects people’s desire to vote, and the ability of parties to influence or micro-target them,” Chima said.

Parties have already demonstrated an appetite for citizen data. Modi’s Bharatiya Janata Party has already been known to target voters based on data such as electricity bills, which are thought to reveal a voter’s socioeconomic standing.

State-held data could be abused by politicians, especially those currently in power, to target or profile voters.

Now Aadhaar has come into the picture as well, with the government attempting, in a failed project, to link the biometrics-backed ID number with citizens’ voter ID numbers. The project was discontinued in 2015, but concerns remain about the way the data was collected, with ground reports suggesting that reams of documents are still floating in government offices and private homes. It has also been suggested that the lapsed linking project resulted in the disenfranchisement of millions, due to an opaque algorithm it used.

Worries abound that existing state-held data could be abused by politicians, especially those currently in power, to target or profile voters. State resident data hubs (SRDH), which use Aadhaar to log full profiles of individuals, including the government schemes they avail, have come under the scanner for being particularly dangerous for profiling.

Reports have already suggested the occurrence of such data being used for political gain. An app used by a leading party in Andhra Pradesh has been accused of using stolen state data to profile voters based on caste, though the party denied this.

A government or political actor’s access to state repositories of data, which might be aided by data leaks, could be a truly sinister political tool that sways an election.

For more details visit https://cis-india.org/internet-governance/news/quartz-india-aria-thaker-april-4-2019-data-leaks-and-cybersecurity-should-be-an-election-issue-in-india

Programme Officer - Privacy

amber — 2019-04-15T06:53:44Z

The Centre for Internet and Society (CIS) is seeking applications for the position of Programme Officer, to undertake public policy research on privacy and related themes. For this position, we will hire one full time researcher, to be based in the Delhi office of CIS, for the duration of one year.

To apply for this position please write to amber@cis-india.org along with a CV, two writing samples and contact details of two references, Interested candidates are invited to send their applications at the earliest — latest by April 30th.

Organisation Profile

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa. Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and practices around internet, technology and society in India, and elsewhere.

Privacy Research at CIS

While privacy has been a key subject of study for digital rights and development organisations in India for the last decade, recent and ongoing legal and policy developments have placed this issue at the forefront of human rights and regulatory research. CIS has conducted extensive research into the areas of privacy, data protection, data security, and was also a member of the Committee of Experts constituted under Justice A P Shah. CIS has also been cited multiple times in the Report of the Committee of Experts led by Justice Srikrishna. CIS values the fundamental principles of justice, equality, freedom and economic development and strongly advocates the right to privacy.

Over the next year, CIS intends to look at several research questions on data protection which may include the global experience with privacy enforcement, need for effective redressal mechanisms, documenting the design of business models and data flows, regulation of social media big data, how data of disadvantaged groups including children may be protected. Additionally, while we now have the Supreme Court’s unanimous and emphatic recognition of the fundamental right to privacy, there is a need for research enquiry into several issues such as a clarification of the scope of the Puttaswamy judgment, unpacking the different dimensions of privacy, how state actions interact with privacy.

The Role

Research and analysis: Literature review, policy design, detailed analysis of research topics
Knowledge management: Staying up-to-date on developments of interest to the project, and sharing/debating these with the team. Contributing to documentary and knowledge management processes
Policy outreach and stakeholder engagement: Supporting the project manager in the dissemination of research findings in innovative formats. Attending, planning and executing events
Writing op-eds, short notes, policy briefs and longer form academic writing for a range of audiences
Presentations and formal discussions: Preparing and delivering presentations to various audiences
Helping manage communications with stakeholders including international experts, regulators and policy makers
Managing interns and team: Managing work outputs with our interns; coordinating research with team members and the project manager

Qualifications and Skills

We are looking for professionals from law, regulatory theory and public policy backgrounds.

We are looking for candidates who are interested in studying the regulatory challenges of notice and consent, state capacity, how business models thwart privacy and the future of privacy post Puttaswamy.

This is a full-time position based out of Delhi. The position is for a duration of one year. Salary will be commensurate with qualifications and experience.

For more details visit https://cis-india.org/jobs/programme-officer-privacy-2019

March 2019 Newsletter

praskrishna — 2019-07-18T02:14:11Z

The Centre for Internet & Society (CIS) newsletter for the month of March 2019.

Highlights for March 2019

The Indian Patent Office (IPO) on 1 March 2019, published a draft of the “Manual of Patent Office Practice and Procedure, Version 3.0”. CIS provided comments on patenting of computer related inventions.
The Centre for Internet and Society's Access to Knowledge (CIS-A2K) team has submitted its proposal for the year 2019-2020 to the Wikimedia Foundation. CIS-A2K has proposed to undertake content enrichment, skill development initiatives, cement partnership with existing partners and build relationships with new ones, and activities like Train-the-Trainer, Wikisource Conference, Wikimedia Summit India, Intensive Personal Wiki Training, supporting Indic Wikimedians through request page, etc.
Tarun Bharat Sangh (TBS), an organisation working on rejuvenation of rivers in India, has began documentation of rivers on Wiki, especially to draw attention to and mitigate the crisis of toxic deposits facing more than 40 rivers in India. The work was started by Jal Biradari, TBS’s Maharashtra based group, in Sangli district with the help of the Access to Knowledge (CIS-A2K) team of CIS. A report from the first pilot workshop conducted by CIS-A2K during 22-25 December 2018 at Tarun Bharat Sangh Ashram, in Alwar, Rajasthan has been published.
With the objective of connecting the open knowledge movement with design, the Access to Knowledge team at the Centre for Internet and Society co-organised the Wikigraphists Bootcamp India 2018 with the Wikimedia Foundation during September 28-30, 2018 in New Delhi. Saumyaa Naidu in a report has shared the learningsfrom the panel discussion aimed at exploring the potential collaborations between design and the open knowledge movement.
Karan Saini, Pranesh Prakash and Elonnai Hickok co-authored a policy brief titled Improving the Processes for Disclosing Security Vulnerabilities to Government Entities in India. The policy brief has recommended changes pertaining to current legislation, policy and practice to the Government of India regarding external vulnerability reporting and disclosure.
Arindrajit Basu, Elonnai Hickok and Aditya Singh Chawla co-authored a White Paper titled 'The Localisation Gambit'. The paper was edited by Pranav M.B., Vipul Kharbanda and Amber Sinha. Anjanaa Aravindan provided research assistance. Government of India has drafted multiple policy instruments which dictate that certain types of data must be stored in servers located physically within the territory of India. The White Paper serves as a resource for stakeholders attempting to intervene in this debate and arrive at a workable solution where the objectives of data localisation are met through measures that have the least negative impact on India’s economic, political, and legal interests.
The Technology Law Forum at the National Academy of Legal Studies and Research (NALSAR) has published the Report on Data Privacy and Citizen's Rights' Symposium.This report is a compilation of all the speakers' speeches during the panel discussion. Shweta Mohandas was one of the eight speakers at the panel and the excerpts from her presentation has also been covered in this report.
CIS in its r@w blog featured an essay titled 'Users and the Internet' by Purbasha Auddy, part of a series on Studying Internet in India (2015); and audio recording of a session titled #SelfiesFromtheField which was part of the Internet Researchers Conference, 2017.

Jobs

CIS is hiring:

CIS-A2K Finance Officer: Call for application (Only women candidates).
Internship - applications accepted throughout the year.

CIS and the News

The following news pieces were authored by CIS and published on its website in January:

Recapturing the Commons (Shyam Ponappa; Business Standard; March 7, 2019).
Digital Native: How an information overload affects what you forward (Nishant Shah; Indian Express; March 10, 2019).
Digital Native: Lessons from Facebook, Instagram and Whatsapp going down (Nishant Shah; Indian Express; March 24, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Why entrepreneurs are wary of the new draft e-commerce policy (Rahul Sachitanand; Economic Times; March 3, 2019).
'Website not found' pop-ups leave net activists fuming (Tushar Kaushik; Economic Times; March 6, 2019).
More urban Indian women are acting against offensive calls and text messages (Aria Thaker; Quartz India; March 8, 2019).
Unlike Facebook, Twitter is a ghost town for political ads in India so far (Aria Thaker; Quartz India; March 12, 2019).

Wie die chinesische Mega-App TikTok Indiens Wahlkampf beeinflussen könnte (Handelsblatt; March 13, 2019).
When laugh lines turn worry lines (K.V. Aditya Bharadwaj; Hindu; March 15, 2019).

Proposed Intermediary Liability Rules threat to privacy and free speech, global coalition tells MeitY (Zaheer Merchant; Medianama; March 18, 2019).
Now, police use apps to catch a criminal (Ketaki Desai with inputs from Sanjeev Verma; Times of India; March 31, 2019).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Copyright and Patent

Access to Knowledge is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents and trademarks, which are an important part of the digital landscape. We prepared the India report for the Consumers International IP Watchlist, made submission to the HRD Ministry on WIPO Broadcast Treaty, questioned the demonisation of pirates, and advocated against laws (such as PUPFIP Bill) that privatize public funded knowledge.

Submission

Comments and Suggestions to the Draft Patent Manual March 2019 (Achal Prabhala, Feroz Ali, Ramya Sheshadri, Roshan John and Anubha Sinha; March 21, 2019).

Wikipdedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Train the Trainer program 2018 (Sailesh Patnaik; March 6, 2019).
The city of Bhubaneswar is going Open (Sailesh Patnaik; March 7, 2019).
Rejuvenating India’s Rivers the Wiki Way (Subodh Kulkarni; March 7, 2019).
ಕನ್ನಡ ವಿಕಿಪೀಡಿಯ ಶಿಕ್ಷಣ ಯೋಜನೆ ಸಮಾವೇಶ ಮತ್ತು ತರಬೇತಿಯ ವರದಿ (Ananth Subray; March 7, 2019).
Design and the Open Knowledge Movement (Saumyaa Naidu; March 31, 2019).

Event Organized

Wikimedia Summit India 2019 (Organized by CIS-A2K; New Delhi; March 16 - 17, 2019). CIS-A2K team organized a two-day Wikimedia Summit event for the participants taking part in the Wikimedia Summit in Berlin.

Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Event Organized

Talks by Richard Abisla and Kaliya Young (Organized by CIS; Bangalore; March 4, 2019).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Cyber Security

Research Paper

Improving the Processes for Disclosing Security Vulnerabilities to Government Entities in India (Karan Saini, Pranesh Prakash and Elonnai Hickok; March 20, 2019). This is an update to our previously released paper titled "Leveraging the Coordinated Vulnerability Disclosure Process to Improve the State of Information Security in India". The full document can be accessed here.

Privacy

Research Paper

The Localisation Gambit: Unpacking policy moves for the sovereign control of data in India (Arindrajit Basu, Elonnai Hickok and Aditya Singh Chawla; March 19, 2019).

Participation in Events

Nullcon Security Conference (Organized by Nullcon; March 1 - 2, 2019; Goa). Karan Saini attended the event.
Seminar on “Evolution of communication: Social Media & Beyond” (Organized by TRAI; Hotel Radisson Blu GRT, Near Airport, Chennaii; March 15, 2019).
DSCI-Infosys Roundtable (Organized by Infosys; Bangalore; March 25, 2019). Sunil Abraham was a speaker.

Free Speech and Expression

Event

Internet Speech: Perspectives on Regulation and Policy (Organized by CIS; India Habitat Centre; New Delhi; April 5, 2019).

Participation in Event

Just Net Coalition Workshop on Equity and Social Justice in a Digital World (Organized by Just Net Coalition Workshop on Equity and Social Justice in a Digital World and its partners; Bangkok; March 25 - 27, 2019). Anubha Sinha participated in the event.

Artificial Intelligence, ICT and IoT

Participation in Events

RFCs We Love: Transport & Apps Edition (Organized by India Internet Engineering Society; March 2, 2019; Go-Jek; Domlur, Bangalore). Gurshabad Grover was a speaker at this event.
Consultation on Draft E-commerce Policy (Organized by Alternative Law Forum and IT for Change; March 14, 2019; Tony Hall, Ashirwad , Off St.Marks Road; Bangalore). Arindrajit Basu attended the event.
International Conference on Justice Education:Legal Implications of Artificial Intelligence (Organized by Nirma University; Ahmedabad; March 15 - 16, 2019). Arindrajit Basu attended the conference.
AI for India Summit (Organized by Facebook; Leela Palace, Bengaluru; March 26, 2019). Shweta Mohandas participated in the event.
Roundtable on Consumer Experiences with New Technologies in APAC (Singapore) (Organized by Consumers International; Google, Singapore; March 26, 2019). Arindrajit Basu participated in the event.

Researchers at Work (RAW)

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entries

#CollectionAndIdentity (Ravi Shukla, Rajiv K. Mishra, and Mrutyunjay Mishra; March 2, 2019).
The Many Lives and Sites of Internet in Bhubaneswar (Sailen Routray; March 2, 2019).
Effective Activism: The Internet, Social Media, and Hierarchical Activism in New Delhi (Sarah McKeever; March 12, 2019).
#CampusCampaigns: User Perceptions in Pre-digital and Digital Eras (Arjun Ghosh; March 12, 2019).
Taking Open Science Offline (Shreyashi Ray; March 21, 2019).

Participation in Event

Presentation at Global Digital Humanities Symposium (Organized by Michigan State University; March 21 - 22, 2019). P.P. Sneha gave a virtual presentation of her work on digital cultural archives.

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/march-2019-newsletter

To preserve freedoms online, amend the IT Act

gurshabad — 2019-04-16T10:09:41Z

Look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

The article by Gurshabad Grover was published in the Hindustan Times on April 16, 2019.

The issue of blocking of websites and online services in India has gained much deserved traction after internet users reported that popular services like Reddit and Telegram were inaccessible on certain Internet Service Providers (ISPs). The befuddlement of users calls for a look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

Among other things, Section 69A of the Information Technology (IT) Act, which regulates takedown and blocking of online content, allows both government departments and courts to issue directions to ISPs to block websites. Since court orders are in the public domain, it is possible to know this set of blocked websites and URLs. However, the process is much more opaque when it comes to government orders.

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009, issued under the Act, detail a process entirely driven through decisions made by executive-appointed officers. Although some scrutiny of such orders is required normally, it can be waived in cases of emergencies. The process does not require judicial sanction, and does not present an opportunity of a fair hearing to the website owner. Notably, the rules also mandate ISPs to maintain all such government requests as confidential, thus making the process and complete list of blocked websites unavailable to the general public.

In the absence of transparency, we have to rely on a mix of user reports and media reports that carry leaked government documents to get a glimpse into what websites the government is blocking. Civil society efforts to get the entire list of blocked websites have repeatedly failed. In response to the Right to Information (RTI) request filed by the Software Freedom Law Centre India in August 2017, the Ministry of Electronics and IT refused to provide the entire of list of blocked websites citing national security and public order, but only revealed the number of blocked websites: 11,422.

Unsurprisingly, ISPs do not share this information because of the confidentiality provision in the rules. A 2017 study by the Centre for Internet and Society (CIS) found all five ISPs surveyed refused to share information about website blocking requests. In July 2018, the Bharat Sanchar Nagam Limited rejected the RTI request by CIS which asked for the list of blocked websites.

The lack of transparency, clear guidelines, and a monitoring mechanism means that there are various forms of arbitrary behaviour by ISPs. First and most importantly, there is no way to ascertain whether a website block has legal backing through a government order because of the aforementioned confidentiality clause. Second, the rules define no technical method for the ISPs to follow to block the website. This results in some ISPs suppressing Domain Name System queries (which translate human-parseable addresses like ‘example.com’ to their network address, ‘93.184.216.34’), or using the Hypertext Transfer Protocol (HTTP) headers to block requests. Third, as has been made clear with recent user reports, users in different regions and telecom circles, but serviced by the same ISP, may be facing a different list of blocked websites. Fourth, when blocking orders are rescinded, there is no way to make sure that ISPs have unblocked the websites. These factors mean that two Indians can have wildly different experiences with online censorship.

Organisations like the Internet Freedom Foundation have also been pointing out how, if ISPs block websites in a non-transparent way (for example, when there is no information page mentioning a government order presented to users when they attempt to access a blocked website), it constitutes a violation of the net neutrality rules that ISPs are bound to since July 2018.

While the Supreme Court upheld the legality of the rules in 2015 in Shreya Singhal vs. Union of India, recent events highlight how the opaque processes can have arbitrary and unfair outcomes for users and website owners. The right to access to information and freedom of expression are essential to a liberal democratic order. To preserve these freedoms online, there is a need to amend the rules under the IT Act to replace the current regime with a transparent and fair process that makes the government accountable for its decisions that aim to censor speech on the internet.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-april-16-2019-gurshabad-grover-to-preserve-freedoms-online-amend-it-act

Artificial Intelligence: Consumer Experiences in New Technologies

Admin — 2019-05-28T01:57:23Z

A new report by Consumer International on Consumer Experiences in New Technologies has cited CIS research on artificial intelligence. Arindrajit Basu was interviewed and provided feedback at a roundtable conducted in Singapore in March.

Click to read the report

For more details visit https://cis-india.org/internet-governance/news/artificial-intelligence-consumer-experiences-in-new-technologies

Banking on artificial intelligence: In hiring drive, Bots are calling the shots now

Anjali Venugopalan — 2019-07-02T05:38:26Z

Algorithms analyse expressions, tone to check for traits such as confidence, anger in video interviews.

The article by Anjali Venugopalan was published in Economic Times on June 4, 2019, Sunil Abraham was quoted. Also mirrored on ET Tech.com.

The future of hiring is already upon us. Algorithms are analysing people’s expressions and tone of voice to check for traits such as “confidence” and “happiness” during video interviews. The robotic video assessment software is then used to hire candidates — customer service operators and assistant vice presidents alike — though the process comes with its own set of problems.

Axis Bank used algorithm-based video interviews — along with aptitude tests — to hire around 2,000 customer service officers from a pool of more than 40,000 applicants this year, said Rajkamal Vempati, HR head of the private sector bank, adding it could standardise and scale up the process of hiring.

HR managers only gave offer letters, he said.

Nirmal Singh, CEO of Wheebox, a division of PeopleStrong which carried out the hiring, said it trained the face-indexing software — sourced from Microsoft — using around 50,000 candidates who had applied to Axis Bank in 2017. The software picked up emotional states such as “nervousness” and “happiness” based on eye movements, expressions and tone of voice and marked the candidates, Singh said. Scores from candidates who were shortlisted were used to come up with the “cutoff ” for these traits. Nirmal Singh, CEO of Wheebox, a division of PeopleStrong which carried out the hiring, said it trained the face-indexing software — sourced from Microsoft — using around50,000 candidates who had applied to Axis Bank in 2017. The software picked up emotional states such as “nervousness” and “happiness” based on eye movements,expressions and tone of voice and marked the candidates, Singh said. Scores from candidates who were shortlisted were used to come up with the “cutoff ” for these traits.

Insurance provider Bajaj Allianz has hired more than 1,600 people, including underwriters and assistant vice presidents, with the help of robotic video assessments that analysed behaviour, said Vikramjeet Singh, chief HR officer, adding it could help reduce human bias. Insurance provider Bajaj Allianz has hired more than 1,600 people, including underwriters and assistant vice presidents, with the help of robotic video assessments that analysedbehaviour, said Vikramjeet Singh, chief HR officer, adding it could help reduce human bias.

Concerns over Software's Biases

Talview, a Palo Alto-headquartered company with operations in Singapore and the United States, provided the assessment for the insurer.

The software, sourced from Microsoft and IBM, can analyse states such as “anger” and “happiness” from expressions, “confidence” from voice tone and traits like “ability to work ina team” and “decisiveness” from text analysis, according to Rajeev Menon, chief product officer, Talview.

Candidates may be able to beat questionnaires by giving expected answers to questions like “Can you work in a team?”, but video assessments pick up on subtleties in expression and vocabulary, and cannot be gamed, Menon said.Be that as it may, Amazon.com scrapped its artificial intelligence-based recruiting system after it found the AI system biased against women, according to an October 2018 report by Reuters.

The AI system was drawing on data from the past, where more men had made it into the company than women.“If you can fool a human, you can fool a computer,” said Sunil Abraham, executive director of Centre for Internet and Society.Recruitment algorithms could “homogenise the emotional economy” by forcing people to act a certain way, he said.

Since the software is based on expressions and tone of voice, it could disadvantage less expressive people, like those who are autistic, said Wheebox’s Singh.

Facial recognition by companies such as IBM, Microsoft and Amazon got the gender of a dark-skinned woman wrong one out of three times (20-35% error rate), a 2018 study by MIT researcher Joy Buolamwini found. For white males, the error was 0.8%.

Video Assessments

Facial recognition has nothing to do with video analytics, Wheebox’s Singh said. The two are, however, closely linked, said Animashree Anandkumar, professor of computing andmathematical science at California Institute of Technology.

She said such software was “deeply problematic”, as it could correlate wrong factors (likegender or skin colour) and show that as the cause for success. It is possible dark-skinned people would be disadvantaged, said Menon of Talview. Thecompany uses facial expression as just one input among many and gives it a low weightage, he said.The software they use is only 39% accurate, and will improve with more data, said and will improve with more data, said Ridhima Gauba, co-founder of Interview Air, a Navi Mumbai-based company that provides a similar service to companies and colleges.

Companies also say video assessments are a risky business.

Bajaj Allianz does not use video assessments for recruitments beyond middle management. It is “important to see a person physically” when hiring for senior positions, said Asha Sharma, manager (corporate HR) of Everest Industries.

The company, however, uses pre-recorded video interviews — where the computer asks questions — to hire juniors from campuses, she said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-anjali-venugopalan-june-4-2019-banking-on-artificial-intelligence

Stockholm Internet Forum 2019

Admin — 2019-06-05T04:15:00Z

Swedish International Development Agency (Sida) organized the Stockholm Internet Forum 2019 in Stockholm from 16 - 17 May 2019. Gurshabad Grover was a panelist in the discussion on 'Influencing Internet Governance' co-organised by Article 19. The other panelists were Sylvie Coudray (UNESCO), Grace Githaiga (Kictanet), J. Carlos Lara (Derechos Digitales) and Charles Bradley (GPD). The discussion was moderated by Mallory Knodel (Article 19).

Gurshabad's primary contributions were around the motivations for civil society organisations to participate in technical internet governance fora, and how their role has matured at such fora in the last couple of years. Gurshabad extends his thanks to the inputs of Akriti Bopanna and Arindrajit Basu primarily for their contributions around the motivations for civil society organisations to participate in technical internet governance fora, and how their role has matured at such fora in the last couple of years.

Click to view the agenda. See the concept note here

For more details visit https://cis-india.org/internet-governance/news/stockholm-internet-forum-2019

Shining light into darkness: Encouraging greater transparency of government offensive practices in cyberspace

Admin — 2019-06-05T06:53:31Z

RightsCon is organizing a summit on human rights in the digital age in Tunis in June 2019. Sunil Abraham will be attending a conversation on encouraging greater transparency of government offensive practices in cyberspace on June 12.

In the plethora of different cybersecurity benchmark reports today, one is conspicuously missing. No entity has so far found a way to highlight and measure the different cyber offensive and deterrence doctrines, policies, or capabilities on a country-by-country basis. Similarly, there have been limited attempts to not only map, but monitor adherence to, international law and emerging international norms of behaviour in cyberspace.

During this session, pulled together by Microsoft, the Hewlett Foundation and Mastercard, we will explore whether there is value in developing either one or the other product, and assess how difficult they would be to realize. Would such a report encourage greater transparency of these policies and as a result drive international discussion about responsible behaviour in cyberspace? What would data would be required for it to generate a meaningful impact?

We will also examine whether there are lessons that can be learnt on the development, use, and impact of seminal benchmarking reports, such as the Global Peace Index, the Nuclear Security Index, Human Rights Watch’s World Report, and others. This gap is being examined in the light of the potential creation of a CyberPeace Institute, an independent non-profit organization to empower the global community with the knowledge and capabilities to protect civilians in cyberspace from sophisticated systemic cyber-attacks. It is envisioned that the CyberPeace Institute would perform three key functions: a) increase transparency of information on cyberattacks that are perpetrated by sophisticated actors and have significant, direct harm on civilians and civilian infrastructure; b) advance the role of international law and norms in governing the behavior of states and other actors in cyberspace; and c) deliver assistance at scale to the most vulnerable victims of qualifying cyberattacks, accelerating victims’ recovery and increasing their resilience. More information on the proposed Institute can be find in the attached overview.

The conversation will take place at RightsCon, in the Erythrean room on Wednesday, June 12 from 4:30 p.m - 5:30 p.m.

For more details visit https://cis-india.org/internet-governance/news/shining-light-into-darkness-encouraging-greater-transparency-of-government-offensive-practices-in-cyberspace

MWC19 Shanghai AI and Trust in APAC and China

Admin — 2019-06-05T07:10:50Z

Sunil Abraham will be making a presentation at the summit on AI and Trust in APAC and China at MWC19 Shanghai on June 27, 2019. Sunil has been invited as a speaker on panel ‘Framing AI for Digital Upstarts’.

MWC Shanghai is a three-day conference and exhibition bringing together over 200 AI business leaders, 65,000 attendees, and 550 companies from across different industries and perspectives to address business and technical concerns in the Intelligent Connectivity era and debate tough problems for today and tomorrow. More info here. For event details see this page.

For more details visit https://cis-india.org/internet-governance/news/mwc19-shanghai-ai-and-trust-in-apac-and-china

ABLI Privacy Workshop

Admin — 2019-06-05T07:29:18Z

On May 21 and 22, 2019, Elonnai Hickok, participated in the ABLI privacy workshop along with side events in Singapore.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/abli-privacy-workshop

HillHacks 2019

Admin — 2019-06-05T14:41:44Z

Karan Saini was a speaker at HillHacks 2019 organized by HillHacks in Bir, Himachal Pradesh from May 24 to May 26, 2019.

Karan's talk was on using web applications for intelligence gathering purposes. For more info on the event, click here

For more details visit https://cis-india.org/internet-governance/news/hillhacks-2019

AI for Good Workshop

Admin — 2019-06-05T14:47:27Z

Pranav Manjesh Bidare attended a workshop on AI for Good, organised by Swissnex India, and Wadhwani AI in Bangalore on May 22, 2019.

The workshop was a forerunner to the AI for Good Global Summit. More recommendations can be made at https://www.policykitchen.com/group/19/stream

For more details visit https://cis-india.org/internet-governance/news/ai-for-good-workshop

Central Monitoring System to make government privy to phone calls, text messages and social media conversations

praskrishna — 2013-06-05T09:17:42Z

The government last month quietly began rolling out a project that gives it access to everything that happens over India's telecommunications network—online activities, phone calls, text messages and even social media conversations. Called the Central Monitoring System, it will be the single window from where government arms such as the National Investigation Agency or the tax authorities will be able to monitor every byte of communication.

This article by Indu Nandakumar was published in the Times of India on May 7, 2013. Pranesh Prakash is quoted.

But privacy and Internet freedom advocates are worried that in the name of security, the government could end up snooping on people, possibly abusing a system that does not have enough safeguards to protect ordinary citizens.

"In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome," warned Pranesh Prakash, director of policy at the Centre for Internet and Society. "Further, this has been done with neither public nor parliamentary dialogue, making the government unaccountable to its citizens."

After the Mumbai blasts in November 2008, the government has been arming itself with powers and technology to help it eavesdrop on digital communications. The information technology law, enacted in 2000 and amended twice in 2008 and 2011, gives designated government officials the authority to listen in on phone calls, read SMSes, emails, and monitor websites.

Such access is allowed for purposes of "reasonable security practices and procedures".

However, Pavan Duggal, a Supreme Court advocate specialising in cyber law, said the government has given itself unprecedented powers to monitor private Internet records of citizens. "This system is capable of tremendous abuse," he said. The Central Monitoring System, being set up by the Centre for Development of Telematics, plugs into telecom gear and gives central and state investigative agencies a single point of access to call records, text messages and emails as well as the geographical location of individuals.

Duggal, who closely follows New Delhi's battle with Internet firms, said there hasn't been much details from the government on what exactly the system intends to monitor and under what conditions.

In December 2012, the then information technology minister Milind Deora told Parliament that the monitoring system, on which the government is spending Rs 400 crore, will "lawfully intercept Internet and telephone services".

Work on the system has been kept under wraps for nearly two years. Several government agencies have issued tenders seeking specialised equipment and systems for such monitoring.

As part of modernisation, the home ministry is updating all its offices in state capitals with such gear. C-DOT group head Shikha Srivastava declined comment. Information technology ministry spokeswoman Mamta Verma redirected the queries to Gulshan Rai, director of India's Cyber Emergency Response Team, but Rai declined comment.

With over 100 million users, India is one of the fastest-growing Internet markets in the world. The government has come under criticism from activists for increased censorship and tracking of user records. Internet activist group Anonymous has started raising the pitch against the monitoring system, claiming that security is just a pretext for spying on citizens.

Disclosures by Google show that the number of requests from the government seeking personal information has been on the rise. In the second half of 2012, the government made nearly 2,500 requests, Google said.

"Even legitimate conversations could end up being tracked," cautioned Duggal, the Supreme Court lawyer.

For more details visit https://cis-india.org/news/times-of-india-indu-nandakumar-may-7-2013-cms-to-make-govt-privy-to-phone-calls-text-messages-and-social-media-conversations