The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 131 to 145.
What’s In a Name? — DNS Singularity of ICANN and The Gold Rush
https://cis-india.org/internet-governance/blog/dns-singularity-of-icann-and-the-gold-rush
<b>March 2013 being the 28th birthday of the first ever registered Internet domain as well as the exigent launch of the Trademark Clearing House disguised as a milestone in rights protection by the Internet Corporation for Assigned Names and Numbers (ICANN) for it’s new gTLD program, Sharath Chandra Ram, dissects the transitory role of ICANN from being a technical outfit to the Boardroom Big Brother of Internet Governance.</b>
<hr />
<p><a class="external-link" href="http://trademark-clearinghouse.com/">Click to read</a> more about the <b>Trademark Clearing House</b>.</p>
<hr />
<p style="text-align: justify; ">As a non-profit organization, established in agreement with the US Department of Commerce in 1998, the current arrangement of ICANN has come under serious questions in recent years, with the United Nations wanting the ITU to oversee Internet Governance while Europe seeking more public participation in the decision making process that currently comprises a majority of private stakeholders as ICANN board members with vested interests. In this post we shall look at a few instances that give room for thought about the regulatory powers and methods adopted by ICANN as well as reparatory measures taken to reaffirm it’s image as an able governing body amidst disputes over trademarks and fair competition that might actually call for a wider and objective inclusion in future. An outline of functional and structural arrangements of ICANN maybe found at the <a class="external-link" href="http://goo.gl/FijE7">CIS Knowledge Repository page</a>.</p>
<h3 style="text-align: justify; ">The Business Model</h3>
<p style="text-align: justify; ">Earlier this month, (March 15, 2013) was the 28<sup>th</sup> birthday of <a href="http://www.symbolics.com">symbolics.com</a>, the first ever domain name registered in 1985 through the formal ICANN process. (<a class="external-link" href="http://www.nordu.net/ndnweb/home.html">nordu.net</a> being the first domain name created by the registry on January 1, 1985 for the first root server, nic.nordu.net) Symbolics, that spun-off the MIT AI Lab and specialized in building workstations running LISP finally sold the domain for an undisclosed amount to XY.com, an Internet investment firm that has been proudly boasting about their acquired relic for over three years now. The golden days of fancy one word domain name resale at exorbitant prices are over, as Google’s page ranking crawler now really looks at unique content and backlinks. Nevertheless, those with the same archaic view of a real estate agent still believe that a good domain name does have a high ROI and have managed to find naïve takers who will offer ridiculous amounts. One of many such examples is the plain looking <a href="http://www.business.com">www.business.com</a> that was bought initially for $1,50,000 and changed hands twice from $7.5 million to an absurd $345 million of R.H. Donnelley Inc., that soon filed for bankruptcy!</p>
<p style="text-align: justify; ">The top level domain market however, is consistently lucrative. A TLD registry on an average receives $5 - $7 per domain registered under it. So the .COM registry run by VeriSign which, as of 2013 has over a 100 million registered domains, receives a revenue of $500 to $700 million per year of which a fraction is paid to ICANN periodically on a per-registration or per-renewal basis. Competing registrars and registries across TLDs, their revenue generation practices as well as the application process for new TLDs gradually began to be regulated by ICANN in mysterious ways, as we will see in the following legal case studies.</p>
<h3 style="text-align: justify; ">VeriSign vs. ICANN</h3>
<p style="text-align: justify; ">VeriSign began to operate the .COM and .NET TLD after taking over Network Solutions Inc. and entering into a contractual agreement with ICANN in 2001. Let’s take a look at some methods used by VeriSign to garner internet traffic and registrant revenue, that were clamped down by the ICANN, which resulted in a lawsuit by plaintiff VeriSign claiming prevention of fair competition and revenue by impeding innovation.</p>
<p style="text-align: justify; "><i>Clamping of Site Finder & WLS</i>: In September 2003, VeriSign introduced a Wild Card DNS Service called Site Finder for all .com and .net domains. This meant that any user trying to access a non-existent domain name no longer received the 404 Error but were instead redirected to the VeriSign website with adverts and links to affiliate registrars. Often a result of a misspelled domain, in ICANN’s view, the redirection by VeriSign amounted to typo squatting internet users as within a month VeriSign’s traffic rose dramatically moving it to the top 20 most visited websites on the web. As seen below in this archived image of Alexa’s 2003 traffic statistic (Courtesy: <a class="external-link" href="http://cyber.law.harvard.edu/">cyber.law.harvard.edu</a>).</p>
<table class="listing">
<tbody>
<tr>
<th style="text-align: center; "><img src="https://cis-india.org/home-images/copy_of_DailyTraffic.png" alt="Daily Traffic" class="image-inline" title="Daily Traffic" /></th>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">Shortly, in October 2003, ICANN issued a suspension ultimatum pointing Site Finder in violation of the 2001 .Com agreement. This was not the first time ICANN clamped down on VeriSign’s ‘profiteering’ methods. In 2001, ICANN prevented VeriSign’s WLS (Wait Listing Service) that allowed a registrant (through selected participating affiliate registrars of VeriSign) to apply to register an already registered domain in the event that the registration is deleted – a nifty scheme considering the fact that about 25000 domains are deleted everyday!</p>
<h2 style="text-align: justify; ">Remarks and Submissions</h2>
<p style="text-align: justify; ">The long drawn case of VeriSign Vs. ICANN ended on a reconciliatory note, with ICANN bringing the Site Finder service to a halt at the cost of VeriSign walking away happier with a free 5 year extension on the .COM domain (2007 extended to 2012).</p>
<p style="text-align: justify; ">While the ingenious Site Finder service did pose a huge problem to spam filters, both the WLS and yet another service that VeriSign launched to allow registration of non-English language SLDs were also met with a cringe by ICANN.</p>
<p style="text-align: justify; "><b>However looking closer, one may realize that the act of ICANN permitting a DNS root redirect service such as Site Finder for all TLD operators (with an acceptable template that also carried information about the 404 error besides other marketing options) meant the first step towards paving the way towards a plausible scenario of multiple competing DNS roots across TLDs being able to interact with each other — a system often argued by network theorists to be the most efficient and competitive model that would reduce the disjoint between the demand and supply of TLDs in a decentralized infrastructure, and that definitely was not in the best interest of ICANN’s monopolistic plan. Hence, this could be seen as a move by ICANN to nip the Site Finder bud while still young</b>.</p>
<p style="text-align: justify; ">Finally, as brought to public notice in more than one instance (name.Space Vs. ICANN, IOD Vs. ICANN), the vested interests of ICANN board members has come under glaring light. <b>Can the ICANN leadership consisting of members from the very same domain name business industry be able to objectively deal with competing registry services and legal issues?</b> Conspicuous targets have been chairperson Steve Crocker who owns a consulting firm Shinkuro, whose subtle investor is infact AFILIAS INC which runs the .INFO and .MOBI TLDs, provides backend services to numerous TLDs (.ORG, .ASIA, .AERO (aviation)), has applied for a further 31 new TLDs and has it’s CTO Ram Mohan on the Board of Directors of ICANN. Also ICANN Vice Chariman, Bruce Tonkin is Senior Executive at Australia’s largest domain name provider Melbourne IT, and Peter Thrush former chairman of the ICANN Board of Directors is Executive Chairman of Top Level Domain Holdings,Inc which filed 92 gTLD applications in 2012.</p>
<h3 style="text-align: justify; ">Trademark Protection and Domain Names</h3>
<p style="text-align: justify; ">Image Online Design (IOD) is a company that since 1996 has been providing Internet registry services using the trademark .WEB (trademark #3,177,334 including computer accessories) registered with the US Patents and Trademarks Office (USPTO).</p>
<p style="text-align: justify; ">It’s registry services however, were not through the primary DNS root server maintained by ICANN, but through an alternate DNS root that required prospective users to manually make changes in their browser settings in order to resolve .WEB domains registered through IOD. Despite not running the primary DNS root server for. WEB, by the year 2000 IOD had acquired about 20,000 registered .WEB customers.</p>
<p style="text-align: justify; ">The beacon of ‘hope’ arrived upon IOD in mid-2000 as ICANN (on advise of supporting organization GNSO) opened a call for proposals for registrations of new TLDs, with a non-refundable deposit of $50,000 for an application to be considered. By then the importance of the .WEB TLD for e-commerce was well known amongst ICANN board members with Louis Touton lobbying for his preferred applicant AFILIAS INC to be given the .WEB TLD, with others raising concerns about IOD’s preregistration of .WEB domains. One of the founding fathers of the internet, Vinton Cerf, the then Chairman of ICANN took a benevolent stance-- <i>"I'm still interested in IOD," he repeated over Touton's objections. "They've worked with .WEB for some time. To assign that to someone else given that they're actually functioning makes me uneasy," he said, prompting board member Linda Wilson to chime in, "I agree with Vint."</i> (<a href="http://goo.gl/d1v6X">http://goo.gl/d1v6X</a> , <a href="http://goo.gl/eV9Jd">http://goo.gl/eV9Jd</a>).</p>
<p style="text-align: justify; ">Finally amidst all the contention, no one was offered the .WEB domain and ICANN announced that all applications not selected will remain pending and those who submitted will have the option of being re-considered when additional TLD selections are made in future. And the future being, 2012, when ICANN invited a new round of TLD applicants, this time with the non-refundable deposit of whopping $185,000 for a single application (1 TLD/application as opposed to the $50,000 in the year 2000 that allowed multiple TLD requests within the same application) to be considered. While 7 new applicants for the .WEB TLD registered their interest, IOD considered their application to be still pending and did not join the new pool that included AFILIAS INC. and GOOGLE.</p>
<p style="text-align: justify; ">The litigation of IOD Vs ICANN ended in Feb 2013, with IOD claiming weak causes of action under “Trademark Infringement” and “Breach of Contract” &“Fair Dealing” hinging on the fact that the initial $50,000 application was still pending and never was officially rejected by ICANN. Further, there was not enough room to make a valid trademark infringement, as there was no substantial room for consumer confusion in the .WEB case.</p>
<h2 style="text-align: justify; ">Remarks and Submissions</h2>
<p style="text-align: justify; ">The IOD Vs. ICANN case not only increased concerns globally, over the uncertainty associated with the ICANN application process for generic TLDs along with questions regarding the objectivity of its board members, but at the same time has alerted ICANN to take the necessary big sister steps to ensure that it’s well in the game.</p>
<p style="text-align: justify; ">The fact of the matter is that the USPTO does not provide trademark protection services for the Top level Domain industry citing the reason that TLDs trademarks do not provide a distinct service mark that can identify or differentiate the service of an applicant from others, and further cannot be used to ascertain the source of an applicant’s services. This view is flawed, as by looking at a TLD, say BBC.com, an informed person can easily say that VeriSign INC manages the service of directing a user to a correct location on the .COM registry. With introduction of new gTLDs, perhaps BBC would shift it’s content to BBC.news, where the source may be an abstracted Registrar and the nature of service being quite evident. And to those registered trademarks, especially those that shall result in substantial brand confusion to the customer if infringed, granting a TLD like .ibm or .bbc may well be granted to the owner of the trademark who may then outsource registry services to a service provider. This shall invert the current model by relegating the role of a TLD registry holder to that of a contracted service provider.</p>
<p style="text-align: justify; "><b>So the question is, should have the US Department of Commerce, who contracted ICANN in the first place, mediated with USPTO to place the business of a registrar on par with other trades and businesses, and modify it’s trademark infringement policies? And more importantly, will ICANN view this as introducing yet another key stakeholder to the gTLD assignment process?</b></p>
<p style="text-align: justify; "><b>The answer to the latter is already clear as ICANN being in the top of it’s game decided to take matters into its own hands and on March 26, 2013) launched</b> <a href="http://trademark-clearinghouse.com/"><b>http://trademark-clearinghouse.com/</b></a><b> with a new set of guidelines for accepted trademarks and a mechanism that allows trademark holders to submit their application to a central repository.</b></p>
<p style="text-align: justify; ">Accepted trademark holders shall be given priority to register gTLDs during the ‘sunrise’ period. Deloitte Enterprise Risk Services have been assigned the responsibility of evaluating submitted trademarks while IBM shall maintain the actual database of trademarks by the later half of 2013.</p>
<p style="text-align: justify; ">The tip of the iceberg is well in scope of view. ICANN46 is currently being hosted in Beijing, at the China Internet Network Information Centre (CINIC) from April 7 to 11, 2013 while hopefully parallel discussions will happen on all other global forums to hopefully re-consider a future of multiple competing DNS root servers towards healthy competition that is decentralized.</p>
<hr />
<p><b> Key References</b></p>
<ol>
<li><a href="http://www.icann.org/en/news/litigation">http://www.icann.org/en/news/litigation</a></li>
<li><a href="http://cyber.law.harvard.edu/tlds/">http://cyber.law.harvard.edu/tlds/</a></li>
<li style="text-align: justify; ">Lynn, S. [2001] “Discussion Draft: A Unique, Authoritative Root for the DNS” Internet Corporation for Assigned Names and Numbers, 28 May, 2001.</li>
<li style="text-align: justify; ">Internet Architecture Board [2000] “IAB Technical Comment on the Unique DNS Root.” RFC 2826, Internet Society, May 2000.</li>
</ol>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/dns-singularity-of-icann-and-the-gold-rush'>https://cis-india.org/internet-governance/blog/dns-singularity-of-icann-and-the-gold-rush</a>
</p>
No publishersharathICANNInternet Governance2013-03-31T05:35:33ZBlog EntryWhat’s Hard To Digest About The Zomato Hacking
https://cis-india.org/internet-governance/news/bloomber-quint-may-19-2017-aayush-ailawadi-whats-hard-to-digest-about-the-zomato-hacking
<b>Yet another day, yet another major security breach. But, this time it’s not a presidential candidate in the U.S. or the U.K.’s National Health Service. Instead. it’s Zomato, the popular Indian online food delivery and restaurant search service.</b>
<div class="story__element__wrapper" style="text-align: justify; ">
<div class="story__element__text story__element">
<div class="story-element-">
<p>The blog post by Aayush Ailawadi was published by <a class="external-link" href="https://www.bloombergquint.com/technology/2017/05/18/whats-hard-to-digest-about-the-zomato-hacking">Bloomberg Quint</a> on May 19, 2017. Pranesh Prakash was quoted.</p>
<hr />
<p>The company disclosed that data from 17 million user accounts was stolen in a security breach. It said in <a href="http://blog.zomato.com/post/160791675411/security-notice" target="_blank">its blog</a> that no financial details were at risk and only user IDs, usernames, names, email addresses and password hashes had been compromised.</p>
</div>
</div>
</div>
<div class="story__element__wrapper" style="text-align: justify; ">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Throughout the course of the day, the company kept updating its blog post and offered different sets of advice to its users. In an earlier post, it only recommended changing one’s password on other sites if you are “paranoid about security like us”. Later, that post mentioned that the passwords were “salted” and hence had an extra layer of security but it still “strongly advises” customers to change passwords.</p>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>In an emailed response, the company explained to BloombergQuint, “We made our disclosure very early, soon after we discovered that it happened. We wanted to be proactive in communicating to our users. As we found more details about the leak, we updated the information”</p>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>But, that wasn’t the only problem. The data was put up on the dark web for sale by the hacker, and the seller was apparently charging 0.5521 bitcoins, or $1001.45, for the data. According to the post, the passwords were stored by Zomato using MD5 encryption, which according to security experts is antiquated and unsuitable for password encryption.</p>
<div class="__container">
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Late on Thursday night, the story took an interesting turn when the company updated <a href="http://blog.zomato.com/post/160807042556/security-notice-update" target="_blank">its blog post yet again</a>. It said that it had gotten in touch with the hacker who was selling the data on the dark web and that apparently the hacker had been very cooperative and helpful. “He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers,” the company said.</p>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Usually, when hackers around the world attack with ransomware, they demand a massive amount of bitcoins as ransom. But, in this case the company claims that all the hacker wants is the assurance that the company will introduce a bug bounty program on Hackerone soon. In return, the hacker has agreed to destroy all copies of the stolen data and take the data off the dark web marketplace.</p>
</div>
</div>
</div>
</div>
<div class="card-block-qsection-technology card">
<div class="__container">
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>But, while it may seem like the storm has passed for Zomato, cybersecurity experts like Pranesh Prakash at the Centre for Internet & Society believe that a lot more could have been done by the company in such a case.</p>
</div>
</div>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<h3><b>Disclose To Confuse?</b></h3>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Concern #1: Prakash feels that Zomato got it all wrong by issuing multiple disclosures and not addressing the problem at hand, which was to clearly explain what happened and immediately request customers to change similar passwords on other websites.</p>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<h3><b>What’s So Scary About The Zomato Hacking?</b></h3>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Concern #2: BloombergQuint reached out to Zomato to confirm whether the passwords were encrypted with “MD5”, a hashing algorithm that Prakash and other Twitter users who accessed the seller’s page on the dark web believe was used by the company. But, the tech company didn’t respond to that specific question.</p>
<p>What’s worse is that Prakash adds that not only is this algorithm antiquated but it is also highly unsuitable for password encryption, as it can be cracked quickly.</p>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<h3><b>Genuine Disclosures Vs False Promises</b></h3>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Concern #3: Prakash suspects that the company wasn’t honest and forthright with its users during this episode. According to him, the company could learn a thing or two about honest disclosures from companies like CloudFlare and LastPass, which fell victim to similar attacks in the past year.</p>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<h3><b>Where’s My Privacy And Security?</b></h3>
</div>
</div>
</div>
<div class="story__element__wrapper">
<div class="story__element__text story__element">
<div class="story-element-">
<p>Concern #4: According to Prakash, it’s not just about privacy, but also one’s security that has been compromised in this instance. He says that the Zomato hack is like a reminder that an odd section in the Information Technology Act is not sufficient when it comes to data protection. Instead, India needs a robust data protection law where bad security practices can actually be prosecuted and companies can be penalised if they don’t follow standard and reasonable security practices.</p>
<p>Zomato also told BloombergQuint that it has understood how the breach happened but couldn’t share exact details at the moment. The company said, “Our team is working to make sure we have the vulnerability patched. All we can say right now is that it started with a password leak on some other site. We will share more details on our blog over the next few days.”</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/bloomber-quint-may-19-2017-aayush-ailawadi-whats-hard-to-digest-about-the-zomato-hacking'>https://cis-india.org/internet-governance/news/bloomber-quint-may-19-2017-aayush-ailawadi-whats-hard-to-digest-about-the-zomato-hacking</a>
</p>
No publisherpraskrishnaCyber SecurityInternet GovernancePrivacy2017-05-19T09:22:37ZNews ItemWhat You Need To Worry About Before Linking Your Mobile Number With Aadhaar
https://cis-india.org/internet-governance/news/youth-ki-awaaz-roopa-sudarshan-what-you-need-to-worry-about-before-linking-your-mobile-number-with-aadhaar
<b>As part of the directive issued by the Department of Telecommunications (DoT) dated March 23, 2017, major telecom service providers have issued a deadline of February 6, 2018, for linking mobile numbers with Aadhaar as part of the E-KYC verification.</b>
<p style="text-align: justify; ">The blog post by Roopa Raju and Shekhar Rai was published in <a class="external-link" href="https://www.youthkiawaaz.com/2017/11/linking-aadhar-with-mobile-number-pros-and-cons/">Youth Ki Awaaz</a> on November 8, 2017</p>
<hr />
<p style="text-align: justify; ">The landmark case referenced by the DoT in the circular was the order issued by the Supreme Court on February 6, 2017, delivered by Justice JS Khehar (the erstwhile Chief Justice of India) in the case of <a href="https://thewire.in/109330/aadhaar-phone-legal-battle/" rel="noopener" target="_blank">Lokniti Foundation vs Union of India</a>. The petitioner <a href="http://supremecourtofindia.nic.in/jonew/courtnic/rop/2016/23429/rop_885627.pdf" rel="noopener" target="_blank">contended</a> that terrorists, criminals and anti-social elements frequently used SIM cards to commit atrocious, organised and unorganised crimes across the country. The petition called for <a href="http://supremecourtofindia.nic.in/jonew/courtnic/rop/2016/23429/rop_885627.pdf" rel="noopener" target="_blank">ensuring 100% verification</a> on the identity of telecom service subscribers in public interest under <a href="https://indiankanoon.org/doc/981147/" rel="noopener" target="_blank">Article 32</a> of the Constitution of India. The PIL added that unverified SIM cards pose a serious threat to the country’s security as they are routinely used in criminal and terrorist activities, thereby affecting a citizen’s right (as ensured under <a href="https://indiankanoon.org/doc/1199182/" rel="noopener" target="_blank">Article 21</a> of the Constitution). As per the CAG report tabled at the Parliament in 2014, the identities of <a href="https://timesofindia.indiatimes.com/india/Identities-of-4-59-crore-mobile-users-still-unverified-CAG/articleshow/39572824.cms" rel="noopener" target="_blank">4.59 crore mobile users</a> still remained unverified.</p>
<p style="text-align: justify; ">Article 21 of the Constitution of India, 1949, <a href="https://indiankanoon.org/doc/1199182/" rel="noopener" target="_blank">states</a> that – <i>“No person shall be deprived of his life or personal liberty except according to procedure established by law.”</i> While there is a threat to the common public interest through increased acts of terrorism and atrocities due to unverified SIM cards, the safety of information provided and linked to Aadhaar are increasingly being questioned.</p>
<p style="text-align: justify; ">In a study dated May 1, 2017, published by the Centre for Internet and Society (CIS), a Bangalore-based organisation, it was observed that data of <a href="http://indiatoday.intoday.in/technology/story/aadhaar-data-of-130-millions-bank-account-details-leaked-from-govt-websites-report/1/943632.html" rel="noopener" target="_blank">over 130 million</a> Aadhaar card-holders were leaked from just four government portals dealing with the National Social Assistance programme, the National Rural Employment Guarantee Scheme, the Chandranna Bima Scheme and the Daily Online Payment Reports of NREGA.</p>
<p style="text-align: justify; ">On October 25, 2017, the chief minister of West Bengal, Mamata Banerjee, also <a href="https://thewire.in/190932/west-bengal-mamata-banerjee-bjp-aadhaar/" rel="noopener" target="_blank">strongly opposed</a> the government’s plan to link mobile numbers with Aadhaar cards. She said that it was a breach of privacy and that the ruling government was intruding upon the citizen’s right to personal freedom. However, the Supreme Court <a href="https://www.ndtv.com/india-news/aadhaar-petitions-in-supreme-court-today-including-bengals-10-points-1768703" rel="noopener" target="_blank">questioned</a> the state government’s right to challenge the Centre and asked her to file a plea with the court in her individual capacity.</p>
<p style="text-align: justify; ">As per the data published by Telecom Regulatory Authority of India (TRAI) on September 14, 2017, India’s telecom subscriber base <a href="http://indianexpress.com/article/technology/tech-news-technology/telecom-subscriber-base-dips-marginally-to-121-crore/" rel="noopener" target="_blank">dipped by 1.3 lakh</a> to 121.07 crore in July 2017. Moreover, only three operators – Reliance Jio, Bharti Airtel and the state-run BSNL – reported additions to their subscriber base.</p>
<table style="text-align: justify; ">
<tbody>
<tr>
<td><b>Month</b></td>
<td><b>Telephone subscriber base<br /> (in million)</b></td>
<td><b>Growth rate</b></td>
</tr>
<tr>
<td><b>Mar-17</b></td>
<td>1194.58</td>
<td>–</td>
</tr>
<tr>
<td><b>Apr-17</b></td>
<td>1198.89</td>
<td>0.36%</td>
</tr>
<tr>
<td><b>May-17</b></td>
<td>1204.98</td>
<td>0.51%</td>
</tr>
<tr>
<td><b>Jun-17</b></td>
<td>1210.84</td>
<td>0.49%</td>
</tr>
<tr>
<td><b>Jul-17</b></td>
<td>1210.71</td>
<td>-0.01%</td>
</tr>
</tbody>
</table>
<p style="text-align: justify; "><i>(Source: <a href="http://www.trai.gov.in/release-publication/reports/telecom-subscriptions-reports" rel="noopener" target="_blank">TRAI monthly subscription data</a>)</i></p>
<p style="text-align: justify; ">The dip in the subscriber count for various telecom operators can be accredited to the phasing of registration of SIM cards through E-KYC for new mobile numbers. While there is a the possibility of addition of genuine subscribers in the following months, the direct subscriber acquisition cost (DSAC) has been significantly reduced owing to the overall reduction in subscriber addition (assuming exclusion of sunk cost).</p>
<p style="text-align: justify; ">Prior to the DoT directive, telecom service providers relied heavily on the documents provided by the subscribers for SIM registration. The two-fold impact of this was the delay in SIM activation, owing to the transfer of documents from the retailer to the distributor to the company and the possibility of documents not matching with the usage timeline of usage. Additionally, tracking the ever-changing retailers was difficult for the service providers – and with the subscriber documents being collected and stored at one location by the service providers, verification of dummy subscribers was difficult.</p>
<p style="text-align: justify; ">With the introduction of Aadhaar linkage for mobile numbers, subscribers are held accountable for its usage, thereby tagging responsibility for any acts arising as a result. Savings from the digitisation of documents and paper should also be considered.</p>
<p style="text-align: justify; ">However, an increased number of job losses is possible, owing to the ‘optimisation’ of the process by way of document verification, servicing costs and reliance on third parties (to name just a few). Increased compliance costs are also an issue of concern.</p>
<p style="text-align: justify; ">The key question that looms prominently with the approaching deadline is how secure public data will be, given that it may possibly be linked with bank account numbers and income tax returns. With retailers using fingerprints of the subscribers to validate Aadhaar numbers with the mobile numbers at the time of SIM registration, there is an increased risk of exposure to identity theft.</p>
<p style="text-align: justify; ">While the government is increasingly trying to bring in a seamless process to assimilate data for transparency in analysing consumer patterns, it is suggested that they also allocate funds for enhancing the cyber-security of the data consolidated from this directive. Furthermore, cyber security regulations can be strengthened to avoid data leakages to third party organisations. Severe penalties should also be implemented to ensure robust compliance to these measures.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/youth-ki-awaaz-roopa-sudarshan-what-you-need-to-worry-about-before-linking-your-mobile-number-with-aadhaar'>https://cis-india.org/internet-governance/news/youth-ki-awaaz-roopa-sudarshan-what-you-need-to-worry-about-before-linking-your-mobile-number-with-aadhaar</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2017-11-26T05:55:49ZNews ItemWhat the government's draft IT intermediary guidelines say
https://cis-india.org/internet-governance/news/livemint-abhijit-ahaskar-february-12-2019-what-the-governments-draft-it-intermediary-guidelines-say
<b>Intermediaries will have to hand over to government agencies any information within 72 hours.
Intermediaries will have to use automated tools to trace the person posting unlawful content.
</b>
<p>The article by Abhijit Ahaskar was <a class="external-link" href="https://www.livemint.com/technology/tech-news/what-the-government-s-draft-it-intermediary-guidelines-say-1549959448471.html">published in Livemint</a> on February 12, 2019. CIS research was quoted.</p>
<hr />
<p style="text-align: justify; ">With voices for regulating tech companies getting stronger in the wake of growing incidence of fake news being circulated through social media platforms, the Ministry of Electronics and Information Technology (MEITY) of India has decided to re-examine the Information Technology (IT) Intermediary Guidelines, 2011, under the IT Act, 2000.</p>
<p style="text-align: justify; ">Setting the wheel in motion, the ministry proposed a draft called Information Technology Intermediaries Guidelines (Amendment), 2018, and released the recommendations on its website for public comments in December 2018. The first round of comments ended on 31 January, 2019 and was made public last week. The second round of comments and counter-comments will close on 14 February, 2019.</p>
<h3 style="text-align: justify; ">What the draft proposes</h3>
<p style="text-align: justify; ">The term intermediary refers to all tech companies that are hosting user data or are providing users with a platform for communication. This brings all internet, social media, telecom companies in its ambit.</p>
<p style="text-align: justify; ">The draft amendment proposes that intermediaries will have to hand over to governmentagencies any information that might be related to cyber security, national security and related with the investigation, prosecution or prevention of an offence, within 72 hours.</p>
<p style="text-align: justify; ">They will have to take down or disable content considered defamatory or against national security under Article 19 (2) of the Constitution within 24 hours on being notified by the appropriate government or its agency in addition to using automated tools to identify, remove and trace the origin of such content. Intermediaries with over 55 lakh users will be required to have a permanent registered office with physical address and a senior official who would be available for coordination with law enforcement agencies.</p>
<h3 style="text-align: justify; ">Concerns over the draft guidelines</h3>
<p style="text-align: justify; ">Microsoft notes that the problem MEITY is trying to address is of fake news. “Existing regulations provide enough powers to work with social media platforms. There may be a case to bring out additional guidelines for certain types of intermediaries like social media platforms. There may also be a case to strengthen other laws which make the punishment of fake news and misuse of social media stringent. The focus should be on the perpetrators of the crime rather than the intermediaries," it has said in response to the guidelines. Regarding deployment of tools to proactively identify and remove unlawful content, Microsoft cautions that intermediaries will have to monitor all content passing through their systems for this, which is a violation of their individual privacy and right to freedom of expression. It will also be technically impractical due to the high cost of deploying such tech.</p>
<p style="text-align: justify; ">According to Broadband India Forum, one of the grounds for the Supreme Court striking down Section 66A of the IT Act, 2000, in Shreya Singhal vs Union of India was the vagueness of the terms used in the provision, such as offensive, menacing and dangerous, which invaded the right of free speech. However, words with a similar level of vagueness, such as grossly harmful, harassing and hateful exist in the proposed draft.</p>
<p style="text-align: justify; ">The Centre for Internet and Society (CIS) pointed out that existing laws provide enough teeth to the Indian agencies to act. For instance, Section 505 of the IPC has provisions to penalise disinformation while Sections 290 and 153A of the IPC have provisions if the disinformation is being used to create communal strife. CIS has also flagged the scope of the term unlawful as it is not clearly defined, leaving room for broad interpretation. On the traceability clause, CIS draws attention to the lack of clarity on whether it applies on just social media platforms and messaging services or all intermediaries.</p>
<p style="text-align: justify; ">This can be a bit of problem for ISPs which may have no access to contents of an encrypted communication sent and received on its network.</p>
<h3 style="text-align: justify; ">Threat to privacy</h3>
<p style="text-align: justify; ">The traceability clause, which requires intermediaries to use automated tools to trace the person posting unlawful content, came in for a lot of criticism. While the Ministry in an official tweet in January 2018 clarified that it only requires intermediaries to trace the origin of messages which lead to unlawful activities without breaking encryption, experts believe it isn’t possible without lowering encryption standards or building a backdoor to access encrypted communications.</p>
<p style="text-align: justify; ">Amnesty International slammed the clause, arguing, “While governments can legitimately use electronic surveillance to protect people from crime, forcing companies to weaken encryption will affect all users’ online privacy. Such measures would be inherently disproportionate, and therefore impermissible under international human rights law."</p>
<p style="text-align: justify; ">Wipro in its response rues such a traceability requirement could lead to breaking of encryption on apps such as WhatsApp and Signal, and this will be a major threat to the privacy rights of citizens as enshrined in the Puttaswamy judgment of the Supreme Court.</p>
<h3 style="text-align: justify; ">Undue burden on small companies</h3>
<p style="text-align: justify; ">Commenting on the 72 hours timeline for furnishing user data, the Internet Freedom Foundation says that such short deadline for compliance can only be fulfilled by large social media platforms. This might make smaller companies over compliant to government demands for immunity resulting in a total disregard for user privacy.</p>
<p style="text-align: justify; ">Regarding taking down of unlawful content, technology policy researchers form National Institute of Public Finance & Policy (NIPFP) caution that overzealous implementation along with over reliance on technological tools for the detection of unlawful content would lead to the curtailment of online speech. They pointed out the instance where Facebook had removed posts documenting the ethnic cleansing of Rohingyas as it had classified Rohingya organisations as dangerous militant groups.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/livemint-abhijit-ahaskar-february-12-2019-what-the-governments-draft-it-intermediary-guidelines-say'>https://cis-india.org/internet-governance/news/livemint-abhijit-ahaskar-february-12-2019-what-the-governments-draft-it-intermediary-guidelines-say</a>
</p>
No publisherAdminInternet Governance2019-02-13T00:31:29ZNews ItemWhat the experts said on live chat
https://cis-india.org/internet-governance/news/the-hindu-march-25-2015-what-the-experts-said-on-live-chat
<b>Three eminent panellists shared their views and answered questions from readers on the Supreme Court verdict striking down Section 66 A of the IT Act that allowed the arrest of people posting “offensive content” on the Internet, in a live chat hosted by The Hindu. </b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.thehindu.com/news/national/what-the-experts-said-on-live-chat/article7029320.ece">Hindu</a> on March 25, 2015. Geetha Hariharan was one of the panelists.</p>
<hr />
<p style="text-align: justify; ">Does this now mean anything goes on the Internet, asked one reader.</p>
<p style="text-align: justify; ">“No, the standard penal laws — against defamation, hate speech (S. 153A), religious incitement (S. 295A) — continue to apply,” said Gautam Bhatia, a practicing lawyer and author of forthcoming book “Offend, shock or disturb: Free Speech under the Constitution.” The argument that the Internet needed separate rules when it came to the content of speech was what was rejected by the Court, he said.</p>
<p style="text-align: justify; ">What was the rationale for the Court upholding Section 69 A, allowing the blocking of websites, asked another.</p>
<p style="text-align: justify; ">“One wishes that the court had paid as much attention to the blocking orders as they did to 66A,” said Lawrence Liang, lawyer and researcher at Alternative Law Forum working on free speech.</p>
<p style="text-align: justify; ">Geetha Hariharan, a Programme Officer at Centre for Internet and Society, focusing on Internet governance and freedom of expression, was the third expert on the panel.</p>
<p style="text-align: justify; "><i>Click <a href="http://www.thehindu.com/news/national/live-chat-hope-for-free-speech/article7028037.ece?homepage=true&theme=true">here</a> to read the full transcript of the chat</i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/the-hindu-march-25-2015-what-the-experts-said-on-live-chat'>https://cis-india.org/internet-governance/news/the-hindu-march-25-2015-what-the-experts-said-on-live-chat</a>
</p>
No publisherpraskrishnaIT ActCensorshipFreedom of Speech and ExpressionInternet GovernanceChilling Effect2015-03-26T02:35:49ZNews ItemWhat privacy? 13 crore Aadhaar numbers accessible on government portals
https://cis-india.org/internet-governance/news/one-india-may-2-2017-anusha-ravi-what-privacy-13-crore-aadhaar-numbers-accessible-on-governmental-portals
<b>At least 13 crore Aadhaar numbers and 10 crore bank account numbers are readily accessible on government portals, a report claims.</b>
<p style="text-align: justify; ">The blog post by Anusha Ravi was <a href="http://www.oneindia.com/india/what-privacy-13-crore-aadhaar-numbers-accessible-on-government-portals-2422904.html">published in Oneindia</a> on May 2, 2017.</p>
<hr />
<p style="text-align: justify; ">The centre for internet and society, in its report, has claimed that Aadhaar numbers with sensitive personal financial information were publicly available on four government portals built to oversee <a href="http://www.oneindia.com/topic/welfare" title="Topic: welfare schemes">welfare schemes</a>. The report said that the government portals made it easy to access sensitive details, despite it being <a href="http://www.oneindia.com/topic/illegal" title="Topic: illegal">illegal</a>. "It is extremely irresponsible on the part of the UIDAI [Unique Identification Authority of India], the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may be used for mischief," said Amber Sinha and Srinivas Kodali, the authors of the report.<br /> <br /> Apart from accessing a person's details, the portals made it possible for anyone to get data on beneficiaries of welfare schemes. In many cases, it included bank account numbers of beneficiaries. The report suggests that close to 23 crore Aadhaar number could have been leaked if most of the government portals connected to direct benefit transfers used the 'same negligent standards for storing data as the ones examined'. "The document shows that the breaches are an indicator of potentially irreversible privacy harm and the data could be used for financial fraud," the authors said in the report. The report was documented after authors studied the National Social Assistance Programme, National Rural Employment Guarantee Scheme, Andhra Pradesh government's Chandranna Bima Scheme and Andhra Pradesh's Daily Online Payment Reports of NREGA. <br /> <br /> The report said that sensitive personal identity information such as Aadhaar number, caste, religion, address, photographs and financial information were easily available with a few clicks and suggested how poorly conceived these initiatives were. The report highlights that it was illegal to make personal data public and also refers to # #AadhaarLeaks, a campaign on twitter aimed at exposing the loopholes in the Aadhaar system.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/one-india-may-2-2017-anusha-ravi-what-privacy-13-crore-aadhaar-numbers-accessible-on-governmental-portals'>https://cis-india.org/internet-governance/news/one-india-may-2-2017-anusha-ravi-what-privacy-13-crore-aadhaar-numbers-accessible-on-governmental-portals</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-03T14:39:46ZNews ItemWhat lurks beneath the Network
https://cis-india.org/internet-governance/down-to-earth-org-nishant-shah-aug-24-2012-what-lurks-beneath-the-network
<b>There is a series of buzzwords that have become a naturalised part of discussions around digital social media—participation, collaboration, peer-2-peer, mobilisation, etc. Especially in the post Arab Spring world (and our own home-grown Anna Hazare spectacles), there is this increasing belief in the innate possibilities of social media as providing ways by which the world as we know it shall change for the better. Young people are getting on to the streets and demanding their rights to the future. </b>
<hr />
<p style="text-align: justify; ">Nishant Shah's column on the North East exodus and digital networks was published in <a class="external-link" href="http://www.downtoearth.org.in/content/what-lurks-beneath-network">Down to Earth</a> magazine on August 24, 2012</p>
<hr />
<p style="text-align: justify; ">Citizens are mobilising themselves to overthrow authoritarian governments. Socio-economically disadvantaged people, who have always been an alternative to the mainstream, are finding ways of expressing themselves through collaborative practices. Older boundaries of nation, region and body are quickly collapsing as we all become avatars of our biological selves, occupying futures that were once available only to science fiction heroes.</p>
<p style="text-align: justify; ">To this list of very diverse phenomena, I want to add the recent tragic and alarming exodus of people from the north eastern states, from the city of Bengaluru, where I live. There might not be many connections between this state of fear which instigated thousands of people, fearing their safety and security, to leave Bengaluru and return home and the global spectacles of political change that I listed earlier. And yet, there is something about the digital networks, the social web and the ways in which they shape our information societies, that needs to be thought through. In the Arab Spring like events, which are events of global spectacle, there is a certain imagination of digital technologies and its circuits that gets overturned.</p>
<p style="text-align: justify; ">These events challenge the idea that digital networks are always outward looking—connecting us to somebody and someplace ‘out there’ in a world that is quickly getting flat—and show how these networks actually create new local and specific communities around information production, consumption and sharing. These networks that connect people in their information practices, often make themselves simultaneously ubiquitous and invisible. So that the interfaces that we operate through—laptops, cellphones and other portable computing devices—become such a part of our everyday life, that we stop noticing them. They are a natural element of our everyday mechanics of urban survival, and in their omnipresence, become invisible.</p>
<p style="text-align: justify; ">This invisibility or naturalisation of the digital technologies, often make us forget the intricate and inextricable way in which they are woven into our basic survival strategies. Especially with the younger generation that has ‘grown up digital’, the interface, the gadget and the network is the default space that they turn to for their everyday needs. We develop intimate relationships with these technologised circuits, making them such a part of our quotidian existence that we often forget that these technologies are external to us. Which is why we come across articulations like, “I love my computer because my friends live in it,” or “I feel amputated when you take away my cell-phone”. These are ways in which we naturalise and internalise the digital technologies that we live in and live with. However, in times of crises, we suddenly realise the separation, as the technologies make themselves present, unable to sustain the new conditions of crises. It would be fruitful to see then that the eruption in our seamless connection with the digital technologies is a sign of an external crisis –something that we have seen in the Arab Spring or the Anna Hazare campaign, where these networks became visible to signal towards an external crisis. The emergence of networks into public view is a symptom that there is something that has gone wrong and so we see the separation of the digital ecosystem from its external reality and context.</p>
<p style="text-align: justify; ">The unexpected visibility of the network indicates that the regular information ecologies have been disrupted, the contexts which support community interaction at the local level have been changed, and those changes need to be accounted for and addressed in order for the network to become the transparent infrastructure of new urban communities again. In many ways, it resonates with the science fiction logic of the Matrix Trilogy where, if you can see the matrix, it means that something has gone wrong in the fabric of reality and it needs to be fixed.</p>
<p style="text-align: justify; ">The exodus of the north eastern people also needs to be examined in this context. In an immigrant city like Bengaluru, the sense of belonging and community is often deeply mediated by the digital ecologies of information sharing. Beneath the veneer of a global city that is to connect with the external world, there is also a huge network of local, specific and invisible practices that do not become a part of the global spectacle of digital technologies, and operate in a condition of relative invisibility. However, when the logic of a migrant city gets disrupted because the conditions of its work force get threatened, these networks go into an overdrive. They become gossip and rumour mills. They become visible and suddenly create conditions of fear, danger and crisis that were unexpected. And so, without a warning, over-night, a huge number of people, who were a part of these networks, decided to abandon their lives and head home, because the larger social, cultural and political threats transmitted through these local networks before they could become global spectacles that we could consume.</p>
<p style="text-align: justify; ">A large part of the people fleeing the city had already crowded the trains and left their lives behind, before any attempt at regulation or control could be made. All kinds of post-facto theories about the real or perceived nature of the threat, the actual cases of violence, and the conditions of life in the IT City have emerged since then. However, in all these theories is a recognition that the crisis which led to this phenomenon lingers on and cannot be addressed. There is no particular person to hold responsible. The few scattered incidents of attacks, violence or intimidation have been recognised as strategic and opportunistic interventions by local regressive groups. All in all, we have a condition where something drastic and dramatic has happened and there is no real or material person or group of people who can be blamed for it. And so, instead of addressing the crisis and the conditions which led to the exodus, we have committed an ellipsis, where we have made technology the scape-goat of our problems.</p>
<p style="text-align: justify; ">And we have done this repeatedly in the history of technology and crises in India. In the early days, when the notorious Delhi Public School MMS clip that captured two under-age students in sexual activity, became hugely visible, instead of addressing the problem at hand, we eventually set up a committee to regulate the conditions of cultural production and distribution online. During the horrifying bomb-attacks in the trains in Mumbai, we tried to block Blogspot and curtail information online as if technology was the reason that these acts were made possible. Last year, Dr. Sibal’s attempts at establishing a pre-censorship regime on information on the social web, because he encountered material that was disrespectful to the Congress party leader Mrs. Gandhi, sought to regulate the web rather than look at the political discontent and dissent that was being established through those articulations. Because there was no way by which the local situation could be controlled or contained, technology became the only site of regulation, inspiring draconian measures that limit the volume of text messaging and try and censor the web for lingering traces of the information mill that catalysed and facilitated this exodus.</p>
<p style="text-align: justify; ">This is a remarkable ellipsis where the actual problem – the conditions of life and safety in our global cities – is hidden under a perceived problem, which is the sudden visibility of a digital information ecosystem which was not apparent to us hitherto. And while there is no denying that at the level of tactics, for immediate fire-fighting this kind of regulation is important, nay, necessary, we also need to realise that at the level of strategy, these kinds of knee-jerk regulatory mechanisms are not a resolution of the problem. These laws and attempts at censorship are neither going to correct what has happened, nor are they going to be potent enough to curb such networked information sharing in the future. They are symbolic tactics that are trying to correct the crisis – the feeling of fear and danger – and in that, they do their job well in establishing some sense of control over the quickly collapsing world. However, we need to look beyond the visibility of this network, and realise that the crisis is not its emergence or its functioning but at something else that lurks behind the facade of the network.</p>
<p>Nishant Shah is director (research), Centre for Internet and Society, Bengaluru</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/down-to-earth-org-nishant-shah-aug-24-2012-what-lurks-beneath-the-network'>https://cis-india.org/internet-governance/down-to-earth-org-nishant-shah-aug-24-2012-what-lurks-beneath-the-network</a>
</p>
No publishernishantFreedom of Speech and ExpressionPublic AccountabilityInternet GovernanceCensorship2012-08-25T07:10:38ZBlog EntryWhat is the problem with ‘Ethical AI’? An Indian Perspective
https://cis-india.org/internet-governance/blog/what-is-the-problem-with-2018ethical-ai2019-an-indian-perspective
<b>On 22 May 2019, the OECD member countries adopted the OECD Council Recommendation on Artificial Intelligence. The Principles, meant to provide an “ethical framework” for governing Artificial Intelligence (AI), were the first set of guidelines signed by multiple governments, including non-OECD members: Argentina, Brazil, Colombia, Costa Rica, Peru, and Romania. </b>
<p style="text-align: justify; ">The article by Arindrajit Basu and Pranav M.B. was <a class="external-link" href="https://cyberbrics.info/what-is-the-problem-with-ethical-ai-an-indian-perspective/">published by cyberBRICS</a> on July 17, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">This was followed by the <a href="https://g20trade-digital.go.jp/dl/Ministerial_Statement_on_Trade_and_Digital_Economy.pdf" rel="noreferrer noopener" target="_blank">G20 adopted human-centred AI Principles</a> on June 9th. These are the latest in a slew of (<a href="https://clinic.cyber.harvard.edu/2019/06/07/introducing-the-principled-artificial-intelligence-project/" rel="noreferrer noopener" target="_blank">at least 32!</a>) public, and private ‘Ethical AI’ initiatives that seek to use ethics to guide the development, deployment and use of AI in a variety of use cases. They were conceived as a response to a range of concerns around algorithmic decision-making, including discrimination, privacy, and transparency in the decision-making process.</p>
<p style="text-align: justify; ">In India, a noteworthy recent document that attempts to address these concerns is the <a href="https://niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf" rel="noreferrer noopener" target="_blank">National Strategy for Artificial Intelligence</a> published by the National Institution for Transforming India, also called <em>NITI Aayog</em>, in June 2018. As the NITI Aayog Discussion paper acknowledges, India is the fastest growing economy with the second largest population in the world and has a significant stake in understanding and taking advantage of the AI revolution. For these reasons the goal pursued by the strategy is to establish the National Program on AI, with a view to guiding the research and development in new and emerging technologies, while addressing questions on ethics, privacy and security.</p>
<p style="text-align: justify; ">While such initiatives and policy measures are critical to promulgating discourse and focussing awareness on the broad socio-economic impacts of AI, we fear that they are dangerously conflating tenets of existing legal principles and frameworks, such as human rights and constitutional law, with ethical principles – thereby diluting the scope of the former. While we agree that ethics and law can co-exist, ‘Ethical AI’ principles are often drafted in a manner that posits as voluntary positive obligations various actors have taken upon themselves as opposed to legal codes they necessarily have to comply with.</p>
<p style="text-align: justify; ">To have optimal impact, ‘Ethical AI’ should serve as a decision-making framework only in specific instances when human rights and constitutional law do not provide a ready and available answer.</p>
<h3 style="text-align: justify; ">Vague and unactionable</h3>
<p style="text-align: justify; ">Conceptually, ‘Ethical AI’ is a vague set of principles that are often difficult to define objectively. In this perspective, academics like Brett Mittelstadt of the Oxford Internet Institute <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3391293" rel="noreferrer noopener" target="_blank">argues</a> that unlike in the field of medicine – where ethics has been used to design a professional code, ethics in AI suffers from four core flaws. First, developers lack a common aim or fiduciary duty to a consumer, which in the case of medicine is the health and well-being of the patient. Their primary duty lies to the company or institution that pays their bills, which often prevents them from realizing the extent of the moral obligation they owe to the consumer.</p>
<p style="text-align: justify; ">The second is a lack of professional history which can help clarify the contours of well-defined norms of ‘good behaviour.’ In medicine, ethical principles can be applied to specific contexts by considering what similarly placed medical practitioners did in analogous past scenarios. Given the relative nascent emergence of AI solutions, similar professional codes are yet to develop.</p>
<p style="text-align: justify; ">Third is the absence of workable methods or sustained discourse on how these principles may be translated into practice. Fourth, and we believe most importantly, in addition to ethical codes, medicine is governed by a robust and stringent legal framework and strict legal and accountability mechanisms, which are absent in the case of ‘Ethical AI’. This absence gives both developers and policy-makers large room for manoeuvre.</p>
<p style="text-align: justify; ">However, such focus on ethics may be a means of avoiding government regulation and the arm of the law. Indeed, due to its inherent flexibility and non-binding nature, ethics can be exploited as a piecemeal red herring solution to the problems posed by AI. Controllers of AI development are often profit-driven private entities, that gain reputational mileage by using the opportunity to extensively deliberate on broad ethical notions.</p>
<p style="text-align: justify; ">Under the guise of meaningful ‘self-regulation’, several organisations publish internal ‘Ethical AI’ guidelines and principles, and <a href="https://www.newstatesman.com/science-tech/technology/2019/06/how-big-tech-funds-debate-ai-ethics">fund ethics research</a> across the globe. In doing so, they occlude the shackles of binding obligation and deflect from attempts at tangible regulation.</p>
<h3 style="text-align: justify; ">Comparing Law to Ethics</h3>
<p style="text-align: justify; ">This is in contrast to the well-defined jurisprudence that human rights and constitutional law offer, which should serve as the edifice of data-driven decision making in any context.</p>
<p style="text-align: justify; ">In the table below, we try to explain this point by looking at how three core fundamental rights enshrined both in our constitution and human rights instruments across the globe-right to privacy, right to equality/right against discrimination and due process-find themselves captured in three different sets of ‘Ethical AI frameworks.’ One of these inter-governmental <a href="https://www.oecd.org/going-digital/ai/principles/" rel="noreferrer noopener" target="_blank">(OECD)</a>, one devised by a private sector actor (‘<a href="https://ai.google/principles/" rel="noreferrer noopener" target="_blank">Google AI</a>’) and one by our very own, <a href="https://niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf" rel="noreferrer noopener" target="_blank">NITI AAYOG.</a></p>
<p style="text-align: justify; "><img src="https://cyberbrics.info/wp-content/uploads/2019/07/image.png" /></p>
<p style="text-align: justify; ">With the exception of certain principles,most ‘Ethical AI’ principles are loosely worded as ‘‘seek to avoid’, ‘give opportunity for’, or ‘encourage’. A notable exception is the NITI AAYOG’s approach to protecting privacy in the context of AI. The document explicitly recommends the establishment of a national data protection framework for data protection, sectoral regulations that apply to specific contexts with the consideration of international standards such as GDPR as benchmarks. However, it fails to reference available constitutional standards when it discusses bias or explainability.</p>
<p style="text-align: justify; ">Several similar legal rules that have been enshrined in legal provisions -outlined and elucidated through years of case law and academic discourse – can be utilised to underscore and guide AI principles. However, existing AI principles do not adequately articulate how the legal rule can actually be applied to various scenarios by multiple organisations.</p>
<p style="text-align: justify; ">We do not need a new “Law of Artificial Intelligence” to regulate this space. Judge Frank Easterbrook’s famous 1996 proclamation on the <a href="https://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=2147&context=journal_articles">‘Law of the Horse’</a> through which he opposed the creation of a niche field of ‘cyberspace law’ comes to mind. He argued that a multitude of legal rules deal with ‘horses’, including the sale of horses, individuals kicked by horses, and with the licensing and racing of horses. Like with cyberspace, any attempt to arrive at a corpus of specialised ‘law of the horse’ would be shallow and ineffective.</p>
<p style="text-align: justify; ">Instead of fidgeting around for the next shiny regulatory tool, industry, practitioners, civil society and policy makers need to get back to the drawing board and think about applying the rich corpus of existing jurisprudence to AI governance.</p>
<h3 style="text-align: justify; ">What is the role for ‘Ethical AI?’</h3>
<p style="text-align: justify; ">What role can ‘ethical AI’ then play in forging robust and equitable governance of Artificial Intelligence? As it does in all other societal avenues, ‘ethical AI’ should serve as a framework for making legitimate algorithmic decisions in instances where law might not have an answer. An example of such a scenario is the <a href="https://globalnews.ca/news/4125382/google-pentagon-ai-project-maven/" rel="noreferrer noopener" target="_blank">Project Maven saga</a> – where 3,000 Google employees signed a petition opposing Google’s involvement with a US Department of Defense project by claiming that Google should not be involved in “the business of war.” There is no law-international or domestic that suggests that Project Maven-which was designed to study battlefield imagery using AI, was illegal. However, the debate at Google proceeded on ethical grounds and on the application of the ‘Ethical AI’ principles to this present context.</p>
<p style="text-align: justify; ">We realise the importance of social norms and mores in carving out any regulatory space. We also appreciate the role of ethics in framing these norms for responsible behaviour. However, discourse across civil society, academic, industry and government circles all across the globe needs to bring law back into the discussion as a framing device. Not doing so risks diluting the debate and potential progress to a set of broad, unactionable principles that can easily be manipulated for private gain at the cost of public welfare.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/what-is-the-problem-with-2018ethical-ai2019-an-indian-perspective'>https://cis-india.org/internet-governance/blog/what-is-the-problem-with-2018ethical-ai2019-an-indian-perspective</a>
</p>
No publisherArindrajit Basu and Pranav M.B.Internet GovernanceArtificial Intelligence2019-07-21T14:57:08ZBlog EntryWhat is net neutrality and why it is important
https://cis-india.org/news/times-of-india-january-20-2014-what-is-net-neutrality-and-why-is-it-important
<b>Internet is built around the idea of openness. It allows people to connect and exchange information freely, if the information or service is not illegal. </b>
<hr />
<p style="text-align: justify; ">The article was <a class="external-link" href="http://articles.timesofindia.indiatimes.com/2014-01-20/internet/46373677_1_net-neutrality-web-service-web-users/2">published in the Times of India</a> on January 20, 2014. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Much of this is because of the idea of net neutrality. If you like the current state of the internet, you should know about net neutrality. Many web users are aware of it. But if you are not, don't worry. We explain it here:</p>
<p style="text-align: justify; "><b>What is net neutrality?</b><br /><a href="http://timesofindia.indiatimes.com/topic/Net-Neutrality">Net neutrality</a> is an idea derived from how telephone lines have worked since the beginning of the 20th century. In case of a telephone line, you can dial any number and connect to it. It does not matter if you are calling from operator A to operator B. It doesn't matter if you are calling a restaurant or a drug dealer. The operators neither block the access to a number nor deliberately delay connection to a particular number, unless forced by the law. Most of the countries have rules that ask telecom operators to provide an unfiltered and unrestricted phone service.</p>
<p style="text-align: justify; ">When the internet started to take off in 1980s and 1990s, there were no specific rules that asked that internet service providers (ISPs) should follow the same principle. But, mostly because telecom operators were also ISPs, they adhered to the same principle. This principle is known as net neutrality. An ISP does not control the traffic that passes its servers. When a web user connects to a website or web service, he or she gets the same speed. Data rate for Youtube videos and Facebook photos is theoretically same. Users can access any legal website or web service without any interference from an ISP.</p>
<p>Some countries have rules that enforce net neutrality but most don't. Instead, the principle is followed because that is how it has always been. It is more of a norm than a law.</p>
<p><b>How did net neutrality shape the internet?</b><br />Net neutrality has shaped the internet in two fundamental ways.</p>
<p style="text-align: justify; ">One, web users are free to connect to whatever website or service they want. ISPs do not bother with what kind of content is flowing from their servers. This has allowed the internet to grow into a truly global network and has allowed people to freely express themselves. For example, you can criticize your ISP on a blog post and the ISP will not restrict access to that post for its other subscribers even though the post may harm its business.</p>
<p style="text-align: justify; ">But more importantly, net neutrality has enabled a level playing field on the internet. To start a website, you don't need lot of money or connections. Just host your website and you are good to go. If your service is good, it will find favour with web users. Unlike the cable TV where you have to forge alliances with cable connection providers to make sure that your channel reaches viewers, on internet you don't have to talk to ISPs to put your website online.</p>
<p style="text-align: justify; ">This has led to creation Google, Facebook, Twitter and countless other services. All of these services had very humble beginnings. They started as a basic websites with modest resources. But they succeeded because net neutrality allowed web users to access these websites in an easy and unhindered way.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>What will happen if there is no net neutrality?</b><br />If there is no net neutrality, ISPs will have the power (and inclination) to shape internet traffic so that they can derive extra benefit from it. For example, several ISPs believe that they should be allowed to charge companies for services like YouTube and Netflix because these services consume more bandwidth compared to a normal website. Basically, these ISPs want a share in the money that YouTube or Netflix make.</p>
<p style="text-align: justify; ">Without net neutrality, the internet as we know it will not exist. Instead of free access, there could be "package plans" for consumers. For example, if you pay Rs 500, you will only be able to access websites based in India. To access international websites, you may have to pay a more. Or maybe there can be different connection speed for different type of content, depending on how much you are paying for the service and what "add-on package" you have bought.</p>
<p style="text-align: justify; ">Lack of net neutrality, will also spell doom for innovation on the web. It is possible that ISPs will charge web companies to enable faster access to their websites. Those who don't pay may see that their websites will open slowly. This means bigger companies like Google will be able to pay more to make access to Youtube or Google+ faster for web users but a startup that wants to create a different and better video hosting site may not be able to do that.</p>
<p style="text-align: justify; ">Instead of an open and free internet, without net neutrality we are likely to get a web that has silos in it and to enter each silo, you will have to pay some "tax" to ISPs.</p>
<p style="text-align: justify; "><b>What is the state of net neutrality in India?</b><br /> Legally, the concept of net neutrality doesn't exist in India. Sunil Abraham, director of Centre for internet and Society in Bangalore, says that Trai, which regulates the telecom industry, has tried to come up with some rules regarding net neutrality several times. For example it invited comments on the concept of net neutrality from industry bodies and stakeholders in 2006. But no formal rules have been formed to uphold and enforce net neutrality.</p>
<p style="text-align: justify; ">However, despite lack of formal rules, ISPs in India mostly adhere to the principal of net neutrality. There have been some incidents where Indian ISPs have ignored net neutrality but these are few and far between.</p>
<p style="text-align: justify; "><b>Will the concept of net neutrality survive?</b><br /> Net neutrality is sort of gentlemen's agreement. It has survived so far because few people realized the potential of internet when it took off around 30 years ago. But now when the internet is an integral part of the society and incredibly important, ISPs across the world are trying to get the power to shape and control the traffic. But there are ways to keep net neutrality alive.</p>
<p style="text-align: justify; ">Consumers should demand that ISPs continue their hands-off approach from the internet traffic. If consumers see a violation of net neutrality, they ought to take a proactive approach and register their displeasure with the ISP. They should also reward ISPs that uphold the net neutrality.</p>
<p style="text-align: justify; ">At the same time, as Abraham says, Trai needs to come out with a set of clear and precise rules that protect the net neutrality. "We have started seeing ISPs trying to take control of the traffic that flows from their servers but Trai can regulate them. It can keep the internet open and consumer-friendly by forming rules that protect net neutrality. These are early days so it is easy to do. If ISPs manage to change the system, it may become too late," he says.</p>
<p>
For more details visit <a href='https://cis-india.org/news/times-of-india-january-20-2014-what-is-net-neutrality-and-why-is-it-important'>https://cis-india.org/news/times-of-india-january-20-2014-what-is-net-neutrality-and-why-is-it-important</a>
</p>
No publisherpraskrishnaInternet Governance2014-02-03T08:24:34ZNews ItemWhat is Dilligaf?
https://cis-india.org/internet-governance/what-is-dilligaf
<b>On the web, time moves at the speed of thought: Groups emerge, proliferate and are abandoned as new trends and fads take precedence. Nowhere else is this dramatic flux as apparent as in the language that evolves online. While SMS lingo – like TTYL (Talk To You Later) and LOL (Laughing Out Loud)– has endured and become a part of everyday language, new forms of speech are taking over.</b>
<p>“Leetspeak” or “L33t” (derived the word “elite”), for example, incorporate numbers in words, giving geeks their own language. One that they use to bypass firewalls and filters trained to recognize certain words – so in “l33t”-speak, porn becomes Pr0n, and onwards moves mankind.</p>
<p>These mutations are not permanent: Like organisms, they grow to form new constellations of words and expressions demanding that users keep pace. And while purists have bled their hearts out, lamenting the savage attack on the language and grammar that digital technology has spawned, there is also a recognition of the fact that these linguistic developments are not merely experiments – they capture the spirit of a democratized knowledge system and the opening up of the information highway. User-generated content sites like Wikipedia, YouTube and Tumblr embody these acronyms and attitudes, where any attempt at regulation, control or imposition of authority is usually met with the reply – DILLIGAF (Do I Look Like I Give A F***)?</p>
<p>DILLIGAFers – people who live a significant part of their lives online – might scoff at older forms of institutional control, but they don’t necessarily live in a space of anarchy, either. For example, academic credentials, institutional affliations and geopolitical location might not bear the same weight on Wikipedia as while writing a book, but there are other ways in which digital rank can be pulled. Your overall Internet experience, editing history and ability to garner mass support for your views are more important in determining your place in Wikipedia’s hierarchy. Any attempt at pulling rank with assets like money, influence or name are casually discarded with succinct exclamations like WTF (What The F***) and BFD (Big F****ing Deal).<br /> <br />One of the defining characteristics of the DILLIGAF generation is their fiercely independent spirit. While they’re constantly connected and incessantly sharing information, they are also terribly alone. When it comes to searching for information, finding people or exploring the web, personal skills with different digital tools and platforms makes one independent. In fact, one of the deterrents for the less technically inclined to join online communities is the idea that they’re supposed to find their own way as they tread unknown digital paths. Hence, DILLIGAFers often resort to acronyms like RTFM (Read The F***ing Manual) for people (read: the rest of us) who ask for information that can be easily found. And with the rapid Googlization of the world, an obvious question is met with an obvious answer – RTFG (Read The F****ing Google).<br /> <br />Geeks have invented many interesting and creative acronyms to make their voices heard, and while some of the acronyms predate the Internet, they often capture the irony of online and offline existence. SNAFU (Situation Normal: All F***ed Up), an acronym that supposedly emerged in America during the Second World War, often finds its way into describing the complexity of our lives. The dramatic nature of interactions, the struggle to establish trust and the complex structure of experiences all find voice online. FML (F*** My Life), an acronym as well as a popular networking site, is a sterling example of such a space, where people share stories of how things went wrong for them, allowing other users to rate their stories on a sympathy meter.<br /> <br />One of the most delicious ironies of the online space is that while irreverence might find a way into acronyms, unnecessary profanity is looked down upon. If you go around swearing on discussion pages, you will immediately be ostracized, and quite possibly asked to STFU (Shut The F*** Up).</p>
<p>This article by Nishant Shah was<a class="external-link" href="http://www.gqindia.com/content/what-dilligaf"> published in GQ India </a>on September 4, 2011.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/what-is-dilligaf'>https://cis-india.org/internet-governance/what-is-dilligaf</a>
</p>
No publishernishantInternet Governance2011-12-01T09:52:53ZBlog EntryWhat India can Learn from the Snowden Revelations
https://cis-india.org/internet-governance/blog/yahoo-october-23-2013-what-india-can-learn-from-snowden-revelations
<b>Big Brother is watching, across cyberspace and international borders. Meanwhile, the Indian government has few safeguards in theory and fewer in practice. There’s no telling how prevalent or extensive Indian surveillance really is.</b>
<p>The title of the article was changed in the<a class="external-link" href="http://in.news.yahoo.com/why-india-needs-a-snowden-of-its-own-054956734.html"> version published by Yahoo</a> on October 23, 2013.</p>
<hr />
<p>Since the ‘<a href="http://www.theguardian.com/world/edward-snowden" target="_blank">Snowden revelations</a>’, which uncovered the United States government’s massive global <span class="cs4-ndcor yshortcuts" id="lw_1382621265093_3">surveillance</span> through the <a href="http://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29" target="_blank">PRISM</a> program, there have been reactions aplenty to their impact.</p>
<p style="text-align: justify; ">The Snowden revelations highlighted the issue of human rights in the context of the existing cross-border and jurisdictional nightmare: the data of foreign citizens surveilled and harvested by agencies such as the National Security Agency through programs such as PRISM are not subject to protection found in the laws of the country. Thus, the US government has the right to access and use the data, but has no responsibility in terms of how the data will be used or respecting the rights of the people from whom the data was harvested.</p>
<p style="text-align: justify; ">The Snowden revelations demonstrated that the biggest global surveillance efforts are now being conducted by democratically elected governments – institutions of the people, by the people, for the people – that are increasingly becoming suspicious of all people.</p>
<p style="text-align: justify; ">Adding irony to this worrying trend, Snowden sought asylum from many of the most repressive regimes: this dynamic speaks to the state of society today. The Snowden revelations also demonstrate how government surveillance is shifting from targeted surveillance, warranted for a specific reason and towards a specified individual, to blanket surveillance where security agencies monitor and filter massive amounts of information.</p>
<p style="text-align: justify; ">This is happening with few checks and balances for cross-border and domestic surveillance in place, and even fewer forms of redress for the individual. This is true for many governments, including <span class="cs4-visible yshortcuts" id="lw_1382621265093_1">India</span>.</p>
<h3 style="text-align: justify; ">India’s reaction</h3>
<p style="text-align: justify; ">After the first news of the Snowden revelations, the Indian Supreme Court <a href="http://www.medianama.com/2013/06/223-supreme-court-to-hear-pil-against-nsa-surveillance-of-indian-data-report/" target="_blank">agreed</a> to hear a Public Interest Litigation requesting that foreign companies that shared the information with US security agencies be held accountable for the disclosure. In response to the PIL, the Supreme Court stated it did not have jurisdiction over the US government.<br /><br />The response of the Supreme Court of India demonstrates the potency of jurisdiction in today’s global information economy in the context of governmental surveillance. Despite being upset at the actions of America’s National Security Agency (NSA), there is little direct legal action that any <span class="cs4-ndcor yshortcuts" id="lw_1382621265093_7">government</span> or individual can take against the US government or companies incorporated there.<br /><br />In the PIL, the demand that companies be held responsible is interesting and representative of a global debate, as it implies that in the context of governmental surveillance, companies have a responsibility to actively evaluate and reject or accept governmental surveillance requests. Although I do not disagree with this as a principle, in reality, this evaluation is a difficult step for companies to take. <br /><br />For example, in India, under Section 69 of the Information Technology Act, 2000, service providers are penalized with up to seven years in prison for non-compliance with a governmental request for surveillance. The incentives for companies to actually reject governmental requests are minimal, but one factor that could possibly push companies to become more pronounced in their resistance to installing backdoors for the government and complying with governmental surveillance requests is market pressure from consumers.<br /><br />To a certain extent, this has already started to happen. Companies such as Facebook, Yahoo and Google have created ‘transparency reports’ that provide – at different granularities – information about governmental requests and the company’s compliance or rejection of the same. <br /><br />In India, P. Rajeev, Member of Parliament from Kerala, has started a <a href="http://www.change.org/petitions/google-facebook-microsoft-yahoo-reveal-information-on-data-of-indian-citizens-given-to-us-security-agencies-2" target="_blank">petition</a> asking that the companies disclose information on <span class="cs4-ndcor yshortcuts" id="lw_1382621265093_8">Indian data</span> given to US security agencies. Although transparency by complying companies does not translate directly into regulation of surveillance, it allows the customer to make informed choices and decide whether a company’s level of compliance with governmental requests will impact his/her use of that service.<br /><br />The PIL also called for the establishment of Indian servers to protect the privacy of Indian data. This solution has been <a href="http://articles.economictimes.indiatimes.com/2013-08-14/news/41409701_1_traffic-originating-and-terminating-servers-mocit" target="_blank">voiced by many</a>, including government officials. Though the creation of domestic servers would ensure that the US government does not have direct and unfettered access to Indian data, as it would require that foreign governments access Indian information through a formal <a href="http://mha.nic.in/Policy_Planing_Division" target="_blank">Mutual Legal Assistance Treaty</a> process, it does not necessarily enhance the privacy of Indian data. <br /><br />As a note, India has MLAT treaties with 34 countries. If domestic servers were established, the information would be subject to Indian laws and regulations.</p>
<h3 style="text-align: justify; ">Snooping</h3>
<p style="text-align: justify; ">The Snowden Revelations are not the first instance to spark a discussion on domestic servers by the Government of India. <br /><br />For example, in the back-and-forth between the Indian government and the Canadian company RIM, now BlackBerry, the company eventually <a href="http://timesofindia.indiatimes.com/tech/tech-news/telecom/BlackBerry-sets-up-server-in-Mumbai-to-aid-interception/articleshow/11969224.cms" target="_blank">set up servers in Mumbai</a> and provided a lawful interception solution that satisfied the Indian government. The Indian government made similar demands from <a href="http://news.cnet.com/8301-1009_3-20015418-83.html" target="_blank">Skype and Google</a>. In these instances, the domestic servers were meant to facilitate greater surveillance by Indian law enforcement agencies.<br /><br />Currently in India there are a number of ways in which the government can legally track data online and offline. For example, the interception of telephonic communications is regulated by the Indian Telegraph Act, 1885, and relies on an order from the Secretary to the Ministry of Home Affairs. Interception, decryption, and monitoring of digital communications are governed by Section 69 of the Information Technology Act, 2000 and again rely on the order of the executive. <br /><br />The collection and monitoring of traffic data is governed by Section 69B of the Information Technology Act and relies on the order of the Secretary to the government of India in the Department of Information Technology. Access to stored data, on the other hand, is regulated by Section 91 of the Code of Criminal Procedure and permits access on the authorization of an officer in charge of a police station.</p>
<p style="text-align: justify; ">The gaps in the Indian <span class="cs4-ndcor yshortcuts" id="lw_1382621265093_4">surveillance</span> regime are many and begin with a lack of enforcement and harmonization of existing safeguards and protocols. Presently, <span class="cs4-visible yshortcuts" id="lw_1382621265093_2">India</span> is in the process of realizing a privacy legislation. <br /><br />In 2012, a committee chaired by Justice AP Shah (of which the Center for Internet and Society was a member) wrote <a href="http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf" target="_blank">The Report of the Group of Experts on Privacy</a>, which laid out nine national privacy principles meant to be applied to different legislation and sectors – including Indian provisions on surveillance.<br /><br />The creation of domestic servers is just one example of how the Indian government has been seeking greater access to information flowing within its borders. New requirements for Indian service providers and the creation of projects that go beyond the legal limits of governmental surveillance in India enable greater access to details about an individual on a real-time and blanket basis.<br /><br />For example, telecoms in India are now required to include <a href="http://www.firstpost.com/tech/exclusive-location-tracking-of-every-indian-mobile-user-by-2014-876109.html/2" target="_blank">user location data</a> as part of the ‘call detail record’ and be able to <a href="http://www.medianama.com/2012/08/223-indian-government-revises-location-accuracy-guidelines-says-telcos-should-bear-the-cost/" target="_blank">provide</a> the same to law enforcement agencies on request under <a href="http://www.cca.ap.nic.in/i_agreement.pdf" target="_blank">provisions</a> in the Unified Access Service and Internet Service Provider Licenses. <br /><br />At the same time, the Government of India is in the process of putting in place a <a href="http://en.wikipedia.org/wiki/Central_Monitoring_System" target="_blank">Central Monitoring System</a> that would provide Indian security agencies the ability to directly intercept communications, bypassing the service provider.</p>
<p style="text-align: justify; ">Even if the Central Monitoring System were to adhere to the legal safeguards and procedures defined under the Indian Telegraph Act and Information Technology Act, the system can only do so partially, as both provisions create a clear chain of custody that the government and service providers must follow – that is, the service provider was included as an integral component of the interception process.<br /><br />If the Indian government implements the Central Monitoring System, it could remove governmental surveillance completely from the public eye. Bypassing the service provider allows the government to fully determine how much the public knows about surveillance. It also removes the market and any pressure that consumers could exert from insight provided by companies on the surveillance requests that they are facing.<br /><br />Though the Indian government could (and should) be transparent about the amount and type of surveillance it is undertaking, currently there is no legal requirement for the government of India to disclose this information, and security agencies are exempt from the Right to Information Act. Thus, unless India has a Snowden somewhere in the apparatus, the Indian public cannot hope to get an idea of how prevalent or extensive Indian surveillance really is.</p>
<h3 style="text-align: justify; ">Policy vacuum</h3>
<p style="text-align: justify; ">For any <span class="cs4-ndcor yshortcuts" id="lw_1382621265093_5">government</span>, the surveillance of its citizens, to some degree, might be necessary. But the Snowden revelations demonstrate that there is a vacuum when it comes to surveillance policy and practices. This vacuum has permitted draconian measures of surveillance to take place and created an environment of mistrust between citizens and governments across the globe. <br /><br />When governments undertake surveillance, it is critical that the purpose, necessity and legality of monitoring, and the use of the material collected are built into the regime to ensure it does not violate the human rights of the people surveilled, foreign or domestic.<br /><br />In 2013, the <a href="https://en.necessaryandproportionate.org/text" target="_blank">International Principles on the Application of Human Rights to Communications Surveillance</a> were drafted, in part, to address this vacuum. The principles seek to explain how international human rights law applies to surveillance of communications in the current digital and technological environment. They define safeguards to ensure that human rights are protected and upheld when governments undertake surveillance of communications. <br /><br />When the Indian surveillance regime is measured against these principles, it appears to miss a number of them, and does not fully meet several others. In the context of surveillance projects like the Central Monitoring System, and in order to avoid an Indian version of the PRISM program, India should take into consideration the safeguards defined in the principles and strengthen its surveillance regime to ensure not only the protection of human rights in the context of surveillance, but to also establish trust in its surveillance regime and practices with other countries.</p>
<hr />
<p style="text-align: justify; "><i>Elonnai Hickok is the Program Manager for Internet Governance at the Centre for Internet and Society, and leads its research on privacy.</i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/yahoo-october-23-2013-what-india-can-learn-from-snowden-revelations'>https://cis-india.org/internet-governance/blog/yahoo-october-23-2013-what-india-can-learn-from-snowden-revelations</a>
</p>
No publisherelonnaiInternet GovernancePrivacy2013-10-25T07:29:57ZBlog EntryWhat if the Net shut down for a few days
https://cis-india.org/news/times-of-india-atul-sethi-march-30-2013-what-if-the-net-shut-down-for-a-few-days
<b>When spammers attacked Spamhaus, a European spam-fighting group in what was billed as the "biggest cyber attack in history", they managed to temporarily slow down the internet. But what if dedicated attackers succeeded in shutting down the internet for a longer time, maybe a few days? What would be the potential impact of such a scenario in a world where crucial data is stored on emails, most financial transactions have shifted online and an entire generation has grown up not realising what life without the web could be like?</b>
<hr />
<p>The article by Atul Sethi was <a class="external-link" href="http://articles.timesofindia.indiatimes.com/2013-03-30/internet/38144585_1_internet-blackout-cyber-attack-internet-and-society">published in the Times of India</a> on March 30, 2013. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">"The thought itself is frightening," says Vijay Mukhi, president of the Foundation of Information Security and Technology and co-founder of the Internet Users Community of India. "Most people use their email or cloud computing to store their data. What happens when you can't access your crucial information? Also, financial activity in the absence of the internet will come to a standstill since there would be no money flow happening between banks or transactions in the stock market. The implications are huge. And I'm not even thinking of the withdrawal symptoms that many youngsters are going to go through when they can't log on. "</p>
<p style="text-align: justify; ">However, contrary to the horror that this situation might elicit from those whose lives revolve around the web, the impact on India, at least, should not be much, says Sunil Abraham, director of the Bangalore-based Centre for Internet and Society. "An internet blackout in India can at most be compared to a bandh. Life becomes uncomfortable but it still goes on. This is because in India, the internet is used by just about 20% of the population. At the most, one can argue that since this 20% also constitutes the elite of the country - bureaucrats, politicians, businessmen, media, etc, any disruption in their work could also affect the remaining 80% of the country indirectly."</p>
<p style="text-align: justify; ">Even though complete shutdown of the internet is believed to be virtually impossible - since it is made up of thousands of interconnections which ensure its infallibility - hackers haven't stopped trying as the latest cyber attack shows. Internet security consultant Ankit Fadia points out that the only way somebody can bring down the internet is if a few million hackers combine together as part of a sustained project. "Even then, it's a remote possibility that they can pull it off," he says.</p>
<p style="text-align: justify; ">If it does happen, though, remember to polish up your letter-writing skills and go over to your friend's house if you want to chat.</p>
<p>
For more details visit <a href='https://cis-india.org/news/times-of-india-atul-sethi-march-30-2013-what-if-the-net-shut-down-for-a-few-days'>https://cis-india.org/news/times-of-india-atul-sethi-march-30-2013-what-if-the-net-shut-down-for-a-few-days</a>
</p>
No publisherpraskrishnaInternet GovernanceCensorship2013-04-03T11:01:38ZNews ItemWhat Frameworks for Cross-Border Online Communities and Services
https://cis-india.org/news/frameworks-for-cross-border-online-communities-and-services
<b>Chinmayi Arun, Assistant Professor at National Law University India and Fellow at the CIS India, talks about the Internet Governance Forum 2012 Workshop 154 "What Frameworks for Cross-Border Online Communities and Services", which was hosted by the Internet & Jurisdiction Project on November 8, 2012.</b>
<h3>Panelists:</h3>
<ul>
<li style="text-align: justify; ">Chinmayi Arun, National Law University India and Fellow at CIS India</li>
<li style="text-align: justify; ">Brian Cute, CEO at PIR (.org)</li>
<li style="text-align: justify; ">Lee Hibbard, Media and Information Society Division at Council of Europe</li>
<li style="text-align: justify; ">Konstantinos Komaitis, Policy Advisor at Internet Society</li>
<li style="text-align: justify; ">Michael Niebel, Internet Policy Development at European Commission</li>
<li style="text-align: justify; ">Patrick Ryan, Policy Councel Open Internet at Google</li>
</ul>
<ol>
<hr />
Moderator: Bertrand de La Chapelle, Director of the Internet & Jurisdiction Project Remote Moderator: Paul Fehlinger, Manager of the Internet & Jurisdiction Project </ol>
<p>More information at <a class="external-link" href="http://www.internetjurisdiction.net">www.internetjurisdiction.net</a></p>
<hr />
<h3>Video by the Internet Governance Forum</h3>
<p><iframe frameborder="0" height="315" src="http://www.youtube.com/embed/RmlMkIQmMog" width="320"></iframe></p>
<p>
For more details visit <a href='https://cis-india.org/news/frameworks-for-cross-border-online-communities-and-services'>https://cis-india.org/news/frameworks-for-cross-border-online-communities-and-services</a>
</p>
No publisherpraskrishnaInternet Governance ForumVideoInternet Governance2012-12-05T00:10:27ZNews ItemWhat Does Facebook's Transparency Report Tell Us About the Indian Government's Record on Free Expression & Privacy?
https://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell-us-about-indian-government-record-on-free-expression-and-privacy
<b>Given India's online population, the number of user data requests made by the Indian government aren't very high, but the number of content restriction requests are not only high on an absolute number, but even on a per-user basis.</b>
<p style="text-align: justify; ">Further, Facebook's data shows that India is more successful at getting Facebook to share user data than France or Germany. Yet, our government complains far more about Facebook's lack of cooperation with Indian authorities than either of those countries do. I think it unfair for any government to raise such complaints unless that government independently shows to its citizens that it is making legally legitimate requests.</p>
<p style="text-align: justify; ">Since the Prime Minister of India Shri Narendra Modi has stated that "<a class="external-link" href="http://pmindia.gov.in/en/quest-for-transparency/">transparency and accountability are the two cornerstones of any pro-people government</a>", the government ought to publish a transparency report about the requests it makes to Internet companies, and which must, importantly, provide details about how many user data requests actually ended up being used in a criminal case before a court, as well as details of all their content removal requests and the laws under which each request was made.</p>
<p style="text-align: justify; ">At the same time, <a class="external-link" href="https://govtrequests.facebook.com/">Facebook's Global Government Requests Report</a> implicitly showcases governments as the main causes of censorship and surveillance. This is far from the truth, and it behoves Facebook to also provide more information about private censorship requests that it accedes to, including its blocking of BitTorrent links, it's banning of pseudonymity, and the surveillance it carries out for its advertisers.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell-us-about-indian-government-record-on-free-expression-and-privacy'>https://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell-us-about-indian-government-record-on-free-expression-and-privacy</a>
</p>
No publisherpraneshFreedom of Speech and ExpressionTransparency ReportsInternet GovernancePrivacy2015-04-05T05:08:37ZBlog EntryWhat Centre will tell Supreme Court on Aadhaar and social media account linkage
https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage
<b>The top court had held in the Aadhaar case that the government can make the linking of the 12-digit-number mandatory only in the case of availing subsidies and welfare benefits. Consequently, Section 57 of the Aadhaar Act was struck down.</b>
<p style="text-align: justify; ">The article by Amrita Madhukalya was published in <a class="external-link" href="https://www.hindustantimes.com/india-news/what-centre-will-tell-supreme-court-on-aadhaar-and-social-media-account-linkage/story-KSnf1PHpsTboHQh6sk7VxK.html">Hindustan Times</a> on August 28, 2019. Gurshabad Grover was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Centre will refer to the Aadhaar Act and the Supreme Court’s 2017 privacy judgement when it is directed by the top court to put forward its view on whether the unique identification number should be made mandatory in opening and managing accounts on Facebook, Twitter, WhatsApp and other social media platforms.</p>
<p style="text-align: justify; ">“While we are yet to receive a notice from the SC asking for our reply, the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016, and the apex court’s 2017 judgement upholding the Right to Privacy will guide us in drafting a response,” a senior official of the ministry of electronics and information technology, who did not wish to be named, said.</p>
<p style="text-align: justify; ">The top court had held in the Aadhaar case that the government can make the linking of the 12-digit-number mandatory only in the case of availing subsidies and welfare benefits. Consequently, Section 57 of the Aadhaar Act was struck down.</p>
<p style="text-align: justify; ">As a division bench of Madras High Court continues to hear two writ petitions on whether social media profiles should be linked to Aadhaar so that users in cases where pornographic material, fake news and communal content is posted on these sites can be traced, Facebook had simultaneously filed a plea to transfer all similar cases in the high courts of Madras, Bombay as well as Madhya Pradesh. The top court will hear the matter on September 13.</p>
<p style="text-align: justify; ">During its hearings, Madras High Court made it clear that it will not rule on Aadhaar-linking and the case will concentrate on traceability now. As of now, only one of the transfer petitions, the one in Jabalpur, deals with Aadhaar linking.</p>
<p style="text-align: justify; ">Meanwhile, the top court has already asked social media companies for their stand on the matter. Senior lawyers Mukul Rohatgi and Kapil Sibal, who have been representing Facebook and WhatsApp respectively in Madras High Court case, have already said that as both the companies are headquartered outside of India, with operations in dozens of countries, the high court’s judgement will have ramifications globally.</p>
<p style="text-align: justify; ">Both Twitter and Google declined to comment on the matter, as the matter is sub-judice, while Facebook was not available.</p>
<p style="text-align: justify; ">However, in March this year, Facebook CEO Mark Zuckerberg said that privacy, encryption and secure data storage were some of these principles while unveiling the company’s “vision and principles” in building a “privacy-focused” social platform.</p>
<p style="text-align: justify; ">Wherein people can have “clear control over who can communicate with them and confidence that no one else can access what they share”, such communication could be secure with end-to-end encryption, and Facebook will not store sensitive data in countries with “weak records on human rights”.</p>
<p style="text-align: justify; ">Gurshabad Grover of the Centre for Internet Security says he welcomes the Centre’s stand but adds that the petition should not have been allowed by the Madras High Court in the first place.</p>
<p style="text-align: justify; ">“The case is now deliberating on policy, which is the responsibility of the government. This goes against the basis of separation of power,” he says.</p>
<p style="text-align: justify; ">The Centre is dealing with issues surrounding traceability through the Intermediaries Guidelines, which is due in the next few weeks.</p>
<p style="text-align: justify; ">The solution, Grover says, lies in diplomatic negotiations.</p>
<p style="text-align: justify; ">“Instruments like the US’ Clarifying Lawful Overseas Use of Data Act can come in handy if India can fight for better executive agreements there, provided we have data protection laws in line with human rights standards,” he said.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage'>https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage</a>
</p>
No publisherAmrita MadhukalyaInternet GovernancePrivacy2019-09-02T04:28:45ZNews Item