Centre for Internet and Society

Arrest of girl over Thackeray FB update a clear misuse of Sec 295A

praskrishna — 2012-11-20T12:00:53Z

The arrest of 21-year-old Shaheen Dhada over her Facebook status update questioning the shutdown of Mumbai over Shiv Sena supremo Bal Thackeray‘s death, is a clear misapplication of section 295 A of the Indian Penal Code (“outrage religious feelings of any class”), according to Pranesh Prakash of the Centre for Internet and Society.

The article was published in FirstPost on November 19, 2012. Pranesh Prakash is quoted.

In comments to Firstpost, Prakash said that this law had been misused numerous times in the state of Maharashtra.

“Even the banning of James Laine’s book Shivaji happened under section 295 A, and the ban was subsequently held to have been unlawful. What makes this seem ironic, and almost a parodic news report, is the fact that Bal Thackeray probably violated this provision more times than most other politicians, but was only charged under it once or twice”, he said.

Dhada’s status update reportedly read, “People like Thackeray are born and die daily and one should not observe a bandh for that.” A friend of hers who ‘liked’ the comment was also arrested.

Prakash said that the arrest called for a discussion on the regulation of speech and expression. “It being a Facebook status update should not grant it any special immunity; the fact of that update not being punishable under s.295 A should! It isn’t regulation of social media that needs to be discussed, but regulation of speech and expression”, he said.

News of the arrest has understandably drawn a lot of attention on social media, and forums like Facebook and Twitter reflected outrage at the news.

The Times of India also reported that a mob of Shiv Sena workers attacked and ransacked the girl’s uncle’s orthopaedic clinic at Palghar, even though she withdrew her comment and apologised.

For more details visit https://cis-india.org/news/first-post-india-nov-19-2012-arrest-of-girl-over-thackeray-fb-update-clear-misuse-of-sec-295a

Around 130-135M Aadhaar Numbers published on 4 sites alone

praskrishna — 2017-05-20T10:52:26Z

“Therefore, there is no data leak, there is no systematic problem, but, if any one tries to be smart, the law ignites into action.” – Ravi Shankar Prasad, IT Minister, in the Rajya Sabha, on 10th April 2017.

The blog post by Nikhil Pahwa was published by Medianama on May 4, 2017.

Details of around 130-135 million Aadhaar Numbers, and around 100 million bank numbers have been leaked online by just four government schemes alone: the National Social Assistance Programme, the National Rural Employment Guarantee Scheme (NREGA), Daily Online Payments Reports under NREGA (Govt of Andhra Pradesh), and the Chandranna Bima Scheme (Govt of Andhra Pradesh), as per a research report from the Centre for Internet and Society.

Download the report here. Read full story on Medianama website.

For more details visit https://cis-india.org/internet-governance/news/medianama-nikhil-pahwa-may-4-2017-around-130-135-m-aadhaar-numbers-published-on-four-sites-alone

Around 13 crore Aadhaar numbers easily available on government portals, says report

praskrishna — 2017-05-03T15:29:12Z

A report by The Centre for Internet and Society claimed that around 13 crore Aadhaar numbers and 10 crore bank account numbers were easily accessible on four government portals built to oversee welfare schemes. The document, released on Monday, pointed out that though it is illegal to reveal Aadhaar numbers, the government portals examined made it easy for anyone to access them, as well as other data about beneficiaries of welfare schemes including in many cases their bank account numbers.

This was published by Scroll.in on May 2, 2017.

The report suggests that the Aadhaar numbers leaked could actually be closer to 23 crore, if most of the government portals connected to direct benefit transfers used the same negligent standards for storing data as the ones examined. “It is extremely irresponsible on the part of the UIDAI [Unique Identification Authority of India], the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief,” the authors of the report said.

The document also pointed out that the breaches are an indicator of “potentially irreversible privacy harm” and said the data could be used for financial fraud. The report authored by Amber Sinha and Srinivas Kodali studied the National Social Assistance Programme, National Rural Employment Guarantee Scheme, Andhra Pradesh government’s Chandranna Bima Scheme and Andhra Pradesh’s Daily Online Payment Reports of NREGA.

While the report said the Aadhaar initiative as a concept may be praiseworthy, the absence of adequate security could prove disastrous. “Sensitive personal identity information such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away and suggest how poorly conceived these initiatives are,” the report said.

The Centre had, on April 25, cautioned states against leaking Aadhaar information, after it emerged that a number of government websites were making it easy for people to access individuals’ Aadhaar numbers. The Unique Identification Authority of India also filed First Information Reports against eight private websites for collecting Aadhaar-related data from citizens in an unauthorised manner on April 19, but no such action appears to have been taken against government websites so far.

According to government data, the UIDAI has issued 112 crore Aadhaar numbers so far and has maintained that its biometrics database is tamper-proof, although it is up to various other authorities to maintain the secrecy of Aadhaar data collected or kept by them.

On April 21, the Supreme Court had questioned the Centre for making the Aadhaar card mandatory for a number of central schemes despite its repeated orders that the unique identification programme cannot be made mandatory. The government has nevertheless been expanding the scope of the Unique Identity project over the past few months by introducing it for initiatives such as the midday meal scheme of school lunches for children, and, most recently, requiring Aadhaar to file income tax returns.

In March, an Aadhaar enrolment agency had been de-registered for leaking the personal data of cricketer Mahendra Singh Dhoni.

For more details visit https://cis-india.org/internet-governance/news/scroll-may-2-2017-around-13-crore-aadhaar-numbers-easily-available-on-government-portals-says-report

Arogya Setu App

praskrishna — 2021-06-26T06:38:14Z

People show Arogya Setu App installed in their phones while travelling by special New Delhi-Bilaspur train from New Delhi Railway Station. Credit: PTI File Photo

For more details visit https://cis-india.org/home-images/ArogyaSetuApp.jpg

Arindrajit Basu

praskrishna — 2019-09-22T16:53:31Z

Arindrajit Basu

For more details visit https://cis-india.org/home-images/Arindrajit.jpg

Are Elections Fair to People With Special Needs?

praskrishna — 2014-04-09T06:37:14Z

City-based think tanks have submitted a report to the Election Commission saying elections in India are unfriendly to people with disabilities.

The article by Papiya Bhattacharya was published in the New Indian Express on April 8, 2014. Dr. Nirmita Narasimhan is quoted.

The report, by the Centre for Internet and Society (CIS) and Centre for Law and Policy Research (CLPR), says there are several legal barriers that hinder the involvement of people with disabilities in elections.

The World Health Organisation (WHO) estimates that India is home to 150 million people with disabilities. While the Constitution of India and the Representation of People Act, 1951, gives people with disabilities the right to vote, the report says the community remains excluded from polling largely because of the inaccessibility of the physical environment of polling and lack of easily-available electoral information.

Dr. Nirmita Narasimhan, policy director of CIS and one of the authors of the study, says, “The report is based on feedback from the disabled. It would be nice if the Election Commission makes it easy for them to vote.”
She said registration of voters with disabilities has not been completed because there have been too few attempts to reach out to them.

The report concludes with recommendations to make the electoral process more inclusive. The suggestions include ensuring complete registration of voters with disabilities, use of technology to this end, training and sensitising voters with disabilities and improving information accessibility and election monitoring.

The report also inludes the results of a test conducted on the information accessibility in websites of EC and major political parties. The test revealed that most of the websites don’t conform to standards of web accessibility and are not disabled-friendly.

Steps Taken for Fair Polling: JHA

Chief Electoral Officer Anil Kumar Jha told Express that the Election Commission has instructed polling officers to ensure fair treatment to people with special needs. He said, “We have instructed polling officers to provide entry to specially-challenged people on priority. The visually-impaired can take a companion above the age of 18 to the polling booth for help. The electronic voting machines have Braille stickers on their side. If the voters know the serial number of the candidate, they can vote on their own.” He added that a ramp will be set up wherever feasible.

For more details visit https://cis-india.org/news/new-indian-express-april-8-2014-papiya-bhattacharya-are-elections-fair-to-people-with-special-needs

Are Cab Apps safe?

praskrishna — 2014-12-27T17:01:39Z

Cab services are increasingly relying on mobile apps to book, track and charge you for journeys. While tech watchers say there is a digital trail.

Originally published by IBNLive on December 8, 2014. Sunil Abraham gave his inputs.

"You can always share your location, the app has a feature for you to share your location through the way to whoever is waiting at the other end," said Aprameya Radhakrishna, CEO Taxi For Sure.

There's also a major safety loopholes. "We have more complicated technological safegaurd. All the cab driver has to do is use a very primitive technique. He just has to pull off his battery and can ensure that he throws away the phone of the traveller, and no one would know," said Sunil Abraham, Head, Centre For Internet And Society.

So can you trust technology to safeguard you? Rest assured that someone will be monitoring your journey back in some control room?

People feel that there should be some kind of an automatically generated alert system. Had the tracker been switched off, that could have been a point of loophole.

Great degree of automation is possible here but finally it is the human oversight which is critical eventually, in any technology.

Technology, ultimately, doesn't have all the answers, can't provide all solutions against crime prevention. We have seen instances when criminals have attacked women in ATMs knowing full well they are caught on camera, we have seen attacks by unruly drivers at road toll booths, regardless of the surveillance cameras.

While technology helps in tracking digital footprints that a criminal has taken, it hasn't deterred the criminal from doing what he wants to. For that, we have to be on guard.

For more details visit https://cis-india.org/internet-governance/news/ibn-live-december-8-2014-are-cab-apps-safe

Are biometrics hack-proof?

praskrishna — 2017-06-12T01:39:14Z

There are growing concerns over biometric security in India. We ask the experts if biometrics can really be hacked.

The article by Shaikh Zoaib Saleem was published by Livemint on June 11, 2017. Pranesh Prakash was quoted.

There are growing concerns over biometric security. A compromised password can be changed but not a stolen biometric. We ask experts about biometrics security in India.

Pranesh Prakash, policy director, The Centre for Internet & Society

Biometric devices are not hack-proof. It depends on the ease with which this can be done. In Malaysia, thieves who stole a car with a fingerprint-based ignition system simply chopped off the owner's finger. When a biometric attendance system was introduced at the Institute of Chemical Technology (ICT) in Mumbai, students continued giving proxies by using moulds made from Fevicol.

Earlier this year, researchers at NYU and Michigan State University revealed that they were able to generate a "MasterPrint", which is a "partial fingerprint that can be used to impersonate a large number of users". While there are potential safeguards, they require re-capturing everyone's biometrics.

Even other technologies like iris scanner, gait recognition, face recognition, and others, are getting better, but all have problems. Our laws haven't evolved either, leaving many unanswered questions: who can demand your biometrics and under what circumstances? Can your biometrics be captured without your consent? Who is liable for failure? What remedies does one have?

This is an evolving area of technology studies, and every day new kinds of attacks are discovered. Further, they are probabilistic technologies unlike passwords. Given this, if you seek a reliable identity verification system, it doesn't make sense to deploy a system exclusively based on biometrics.

Umesh Panchal, vice-president, Biomatiques Identification Solutions

Biometric devices are instruments delivering added security check functions over traditional methods and these devices can be hack-proof, if the process of exploiting vulnerabilities to gain unauthorised access to systems or resources, is taken care of. With liveliness detection, iris biometric devices are far more hack-proof than fingerprint devices. Even Pentagon has been hacked. Theoretically, a biometric device can internally store or copy fingerprints or iris scans. Depending upon the use-case and ecosystem, a biometric device can internally store templates. However, the UID system (Unique Identification Authority of India) doesn’t permit storage of any biometric data in any biometric devices.

Several security measures can be incorporated to ensure strong transaction security and end-to-end traceability to prevent misuse. This can be achieved by implementing specification of authentication ecosystem. These include deploying signed application, host and operator authentication, usage of multi-factor authentication, SMS/email alerts, encryption of sensitive data, biometric locking, device identification with unique device identifier for analytics/fraud management, eliminating use of stored biometrics and so on.

For a consumer, the device security is determined by the certification it holds from the competent certification authority.

Bryce Boland, chief technology officer-Asia Pacific, FireEye

Biometrics take many forms. Most often people think biometrics are the actually measured biological feature, but they are actually measurements of a feature turned into a sequence of data that is compared against another set of data. You don’t actually need the physical feature, you need the measurements to generate the sequence of data to make a match. If you can inject that data into a biometric, bypassing the reader, you can potentially trick a biometric system.

Most successful biometric implementations have a controlled enrolment process where identity validation is undertaken, and have physically secured, tamperproof and closely monitored readers. Systems like those used for passport biometric enrolment with restricted deployments of readers at airports are an example. Self-enrollment is prone to fraud. Widely distributed readers are prone to tampering. Insecure paths from readers to central credential repositories are prone to credential theft.

Once biometric information is stolen, it usually cannot be changed. So stolen data can potentially be used for a long time, creating problems. This isn’t the case for airport fingerprint readers, but it is a problem for biometric devices in the hands of the public. The best way to check this is to keep the system’s environment physically secured, tamperproof and closely monitored.

Rajesh Babu, CEO, Mirox Cyber Security & Technology

Biometrics devices can be hacked. They have fingerprint sensors, which only check the pattern. It is possible to recreate these patterns through various techniques. Technically, it is difficult to recreate biometrics from a high-resolution picture. However, by using other image rendering tools we can recreate the patterns. Security experts and hackers have already proved that they can bypass mobile fingerprint scanners using a collection of high-resolution photographs taken from different angles using standard photo cameras to make a latex replica print.

Most of the biometric scanners have a date set of all fingerprints and other identities inside the device database. Not every manufacturer in India undergoes enough security auditing. Most of the companies manufacture low-cost biometric devices which are highly vulnerable. These devices are imported from China and other countries but they do not conduct or go through any security audits in our country. They may have kernel level back doors, which are highly vulnerable and can lead to launch of an any kind of attack, including compromising an organization’s network. Only a handful of companies conduct audits of their products as part of security practice.

Organizations and the government must have a clear and concise Security Devices Policy based on standard applicable laws and regulation framework.

For more details visit https://cis-india.org/internet-governance/news/livemint-june-11-2017-shaikh-zoaib-saleem-are-biometrics-hack-proof

Archives and Access

praskrishna — 2015-04-17T11:06:20Z

The monograph by Aparna Balachandran and Rochelle Pinto, is a material history of the Internet archives. It examines the role of the archivist and the changing relationship between the state and private archives for looking at the politics of subversion, preservation and value of archiving. By examining the Tamil Nadu and Goa state archives, along with the larger public and state archives in the country, the monograph looks at the materiality of archiving, the ambitions and aspirations of an archive, and why it is necessary to preserve archives, not as historical artefacts but as living interactive spaces of memory and remembrance. The findings have direct implications on various government and market impulses to digitise archives and show a clear link between opening up archives and other knowledge sources for breathing life into local and alternative histories.

Download the Monograph

For more details visit https://cis-india.org/raw/histories-of-the-internet/blogs/archives-and-access/archives-and-access

Archives and Access

praskrishna — 2011-09-27T09:40:58Z

Aparna and Rochelle’s research is a material history of the Internet archives. It examines the role of the archivist and the changing relationship between the state and private archives for looking at the politics of subversion, preservation and value of archiving.

For more details visit https://cis-india.org/raw/histories-of-the-internet/archives-and-access.pdf

Archives and Access

praskrishna — 2013-09-26T11:09:56Z

For more details visit https://cis-india.org/raw/archives-and-access.pdf

Archives and Access

praskrishna — 2012-06-22T06:45:08Z

For more details visit https://cis-india.org/home-images/archives.jpg

Archive and Access: Call for Review

praskrishna — 2012-12-14T12:15:23Z

The Archive and Access research project by Rochelle Pinto, Aparna Balachandran and Abhijit Bhattacharya is a part of the Researchers @ Work Programme at the Centre for Internet and Society, Bangalore. The project that attempts to look at the ways in which the notion of the archive, the role of the archivist and the relationship between the state and private archives that has undergone a transition with the emergence of Internet technologies in India has been put up for public review.

The Researchers At Work Programme, at the Centre for Internet and Society, advocates an Open and transparent process of knowledge production. We recognise peer review as an essential and an extremely important part of original research, and invite you, with the greatest of pleasures, to participate in our research, and help us in making our arguments and methods stronger.

Laying out a theoretical review of the history of technologies of archiving in the country, the project aims at building case studies of public and private archives in the country and the needs for a local capacity building network of historians, archivists, technologists and state bodies which exploits the digital and Internet technologies for building new archives of Indian material.

The monograph has emerged out of the "Archive and Access" project that was initiated in September 2008. The first draft of the monograph is now available for public review and feedback.Please click on the links below to choose your own format for accessing the document:

We appreciate your time, engagement and feedback that will help us to bring out the monograph in a published form. Please send all comments or feedback by 15 December 2010 to nishant@cis-india.org or you can use your Open ID to login to the website and leave comments to this post.

For more details visit https://cis-india.org/raw/histories-of-the-internet/blogs/the-cyborgs/archive-and-access

Archive and Access File

praskrishna — 2010-11-18T13:42:01Z

The file of Archive and Access

For more details visit https://cis-india.org/raw/histories-of-the-internet/archive-access-file