Centre for Internet and Society

Can India Trust Its Government on Privacy?

pranesh — 2013-07-15T10:35:33Z

In response to criticisms of the Centralized Monitoring System, India’s new surveillance program, the government could contend that merely having the capability to engage in mass surveillance won’t mean that it will. Officials will argue that they will still abide by the law and will ensure that each instance of interception will be authorized.

Pranesh Prakash's article was published in the New York Times on July 11, 2013.

In fact, they will argue that the program, known as C.M.S., will better safeguard citizens’ privacy: it will cut out the telecommunications companies, which can be sources of privacy leaks; it will ensure that each interception request is tracked and the recorded content duly destroyed within six months as is required under the law; and it will enable quicker interception, which will save more lives. But there are a host of reasons why the citizens of India should be skeptical of those official claims.

Cutting out telecoms will not help protect citizens from electronic snooping since these companies still have the requisite infrastructure to conduct surveillance. As long as the infrastructure exists, telecom employees will misuse it. In a 2010 report, the journalist M.A. Arun noted that “alarmingly, this correspondent also came across several instances of service providers’ employees accessing personal communication of subscribers without authorization.” Some years back, K.K. Paul, a top Delhi Police officer and now the Governor of Meghalaya, drafted a memo in which he noted mobile operators’ complaints that private individuals were misusing police contacts to tap phone calls of “opponents in trade or estranged spouses.”

India does not need to have centralized interception facilities to have centralized tracking of interception requests. To prevent unauthorized access to communications content that has been intercepted, at all points of time, the files should be encrypted using public key infrastructure. Mechanisms also exist to securely allow a chain of custody to be tracked, and to ensure the timely destruction of intercepted material after six months, as required by the law. Such technological means need to be made mandatory to prevent unauthorized access, rather than centralizing all interception capabilities.

At the moment, interception orders are given by the federal Home Secretary of India and by state home secretaries without adequate consideration. Every month at the federal level 7,000 to 9,000 phone taps are authorized or re-authorized. Even if it took just three minutes to evaluate each case, it would take 15 hours each day (without any weekends or holidays) to go through 9,000 requests. The numbers in Indian states could be worse, but one can’t be certain as statistics on surveillance across India are not available. It indicates bureaucratic callousness and indifference toward following the procedure laid down in the Telegraph Act.

In a 1975 case, the Supreme Court held that an “economic emergency” may not amount to a “public emergency.” Yet we find that of the nine central government agencies empowered to conduct interception in India, according to press reports — Central Board of Direct Taxes, Intelligence Bureau, Central Bureau of Investigation, Narcotics Control Bureau, Directorate of Revenue Intelligence, Enforcement Directorate, Research & Analysis Wing, National Investigation Agency and the Defense Intelligence Agency — three are exclusively dedicated to economic offenses.

Suspicion of tax evasion cannot legally justify a wiretap, which is why the government said it had believed that Nira Radia, a corporate lobbyist, was a spy when it defended putting a wiretap on her phone in 2008 and 2009. A 2011 report by the cabinet secretary pointed out that economic offenses might not be counted as “public emergencies,” and that the Central Board of Direct Taxes should not be empowered to intercept communications. Yet the tax department continues to be on the list of agencies empowered to conduct interceptions.

India has arrived at a scary juncture, where the multiple departments of the Indian government don’t even trust each other. India’s Department of Information Technology recently complained to the National Security Advisor that the National Technical Research Organization had hacked into National Informatics Center infrastructure and extracted sensitive data connected to various ministries. The National Technical Research Organization denied it had hacked into the servers but said hundreds of e-mail accounts of top government officials were compromised in 2012, including those of “the home secretary, the naval attaché to Tehran, several Indian missions abroad, top investigators of the Central Bureau of Investigation and the armed forces,” The Mint newspaper reported. Such incidents aggravate the fear that the Indian government might not be willing and able to protect the enormous amounts of information it is about to collect through the C.M.S.

Simply put, government entities have engaged in unofficial and illegal surveillance, and the C.M.S. is not likely to change this. In a 2010 article in Outlook, the journalist Saikat Datta described how various central and state intelligence organizations across India are illegally using off-the-air interception devices. “These systems are frequently deployed in Muslim-dominated areas of cities like Delhi, Lucknow and Hyderabad,” Mr. Datta wrote. “The systems, mounted inside cars, are sent on ‘fishing expeditions,’ randomly tuning into conversations of citizens in a bid to track down terrorists.”

The National Technical Research Organization, which is not even on the list of entities authorized to conduct interception, is one of the largest surveillance organizations in India. The Mint reported last year that the organization’s surveillance devices, “contrary to norms, were deployed more often in the national capital than in border areas” and that under new standard operating procedures issued in early 2012, the organization can only intercept signals at the international borders. The organization runs multiple facilities in Mumbai, Bangalore, Delhi, Hyderabad, Lucknow and Kolkata, in which monumental amounts of Internet traffic are captured. In Mumbai, all the traffic passing through the undersea cables there is captured, Mr. Datta found.

In the western state of Gujarat, a recent investigation by Amitabh Pathak, the director general of police, revealed that in a period of less than six months, more than 90,000 requests were made for call detail records, including for the phones of senior police and civil service officers. This high a number could not possibly have been generated from criminal investigations alone. Again, these do not seem to have led to any criminal charges against any of the people whose records were obtained. The information seems to have been collected for purposes other than national security.

India is struggling to keep track of the location of its proliferating interception devices. More than 73,000 devices to intercept mobile phone calls have been imported into India since 2005. In 2011, the federal government asked various state governments, private corporations, the army and intelligence agencies to surrender these to the government, noting that usage of any such equipment for surveillance was illegal. We don’t know how many devices were actually turned in.

These kinds of violations of privacy can have very dangerous consequences. According to the former Intelligence Bureau head in the western state of Gujarat, R.B. Sreekumar, the call records of a mobile number used by Haren Pandya, the former Gujarat home minister, were used to confirm that it was he who had provided secret testimony to the Citizens’ Tribunal, which was conducting an independent investigation of the 2002 sectarian riots in the state. Mr. Pandya was murdered in 2003.

The limited efforts to make India’s intelligence agencies more accountable have gone nowhere. In 2012, the Planning Commission of India formed a group of experts under Justice A.P. Shah, a retired Chief Justice of the Delhi High Court, to look into existing projects of the government and to suggest principles to guide a privacy law in light of international experience. (Centre for Internet and Society, where I work was part of the group). However, the government has yet to introduce a bill to protect citizens’ privacy, even though the governmental and private sector violations of Indian citizens’ privacy is growing at an alarming rate.

In February, after frequent calls by privacy activists and lawyers for greater accountability and parliamentary oversight of intelligence agencies, the Centre for Public Interest Litigation filed a case in the Supreme Court. This would, one hopes, lead to reform.

Citizens must also demand that a strong Privacy Act be enacted. In 1991, the leak of a Central Bureau of Investigation report titled “Tapping of Politicians’ Phones” prompted the rights groups, People’s Union of Civil Liberties to file a writ petition, which eventually led to a Supreme Court of India ruling that recognized the right to privacy of communications for all citizens as part of the fundamental rights of freedom of speech and of life and personal liberty. However, through the 2008 amendments to the Information Technology Act, the IT Rules framed in 2011 and the telecom licenses, the government has greatly weakened the right to privacy as recognized by the Supreme Court. The damage must be undone through a strong privacy law that safeguards the privacy of Indian citizens against both the state and corporations. The law should not only provide legal procedures, but also ensure that the government should not employ technologies that erode legal procedures.

A strong privacy law should provide strong grounds on which to hold the National Security Advisor’s mass surveillance of Indians (over 12.1 billion pieces of intelligence in one month) as unlawful. The law should ensure that Parliament, and Indian citizens, are regularly provided information on the scale of surveillance across India, and the convictions resulting from that surveillance. Individuals whose communications metadata or content is monitored or intercepted should be told about it after the passage of a reasonable amount of time. After all, the data should only be gathered if it is to charge a person of committing a crime. If such charges are not being brought, the person should be told of the incursion into his or her privacy.

The privacy law should ensure that all surveillance follows the following principles: legitimacy (is the surveillance for a legitimate, democratic purpose?), necessity (is this necessary to further that purpose? does a less invasive means exist?), proportionality and harm minimization (is this the minimum level of intrusion into privacy?), specificity (is this surveillance order limited to a specific case?) transparency (is this intrusion into privacy recorded and also eventually revealed to the data subject?), purpose limitation (is the data collected only used for the stated purpose?), and independent oversight (is the surveillance reported to a legislative committee or a privacy commissioner, and are statistics kept on surveillance conducted and criminal prosecution filings?). Constitutional courts such as the Supreme Court of India or the High Courts in the Indian states should make such determinations. Citizens should have a right to civil and criminal remedies for violations of surveillance laws.

Indian citizens should also take greater care of their own privacy and safeguard the security of their communications. The solution is to minimize usage of mobile phones and to use anonymizing technologies and end-to-end encryption while communicating on the Internet. Free and open-source software like OpenPGP can make e-mails secure. Technologies like off-the-record messaging used in apps like ChatSecure and Pidgin chat conversations, TextSecure for text messages, HTTPS Everywhere and Virtual Private Networks can prevent Internet service providers from being able to snoop, and make Internet communications anonymous.

Indian government, and especially our intelligence agencies, violate Indian citizens’ privacy without legal authority on a routine basis. It is time India stops itself from sleepwalking into a surveillance state.

For more details visit https://cis-india.org/internet-governance/blog/new-york-times-july-11-2013-can-india-trust-its-government-on-piracy

Moving Towards a Surveillance State

atreya — 2013-07-15T05:57:15Z

The cyberspace is a modern construct of communication and today, a large part of human activity takes place in cyberspace. It has become the universal platform where business is executed, discourse is conducted and personal information is exchanged. However, the underbelly of the internet is also seen to host activities and persons who are motivated by nefarious intent.

Note: The original tender document of the Assam Police dated 28.02.2013 along with other several other tender documents for procurement of Internet and Voice Monitoring Systems is attached as a zip folder.

As highlighted in the International Principles on the Application of Human Rights to Communications Surveillance, logistical barriers to surveillance have decreased in recent decades and the application of legal principles in new technological contexts has become unclear. It is often feared that in light of the explosion of digital communications content and information about communications, or "communications metadata," coupled with the decreasing costs of storing and mining large sets of data and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale. Communications surveillance in the modern environment encompasses the monitoring, interception, collection, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person's communications in the past, present or future.[*] These fears are now turning into a reality with the introduction of mass surveillance systems which penetrate into the lives of every person who uses any form of communications. There is ample evidence in the form of tenders for Internet Monitoring Systems (IMS) and Telecom Interception Systems (TCIS) put out by the Central government and various state governments that the Indian state is steadily turning into an extensive surveillance state.

While surveillance and intelligence gathering is essential for the maintenance of national security, the creation and working of a mass surveillance system as it is envisioned today may not necessarily be in absolute conformity with the existing law. A mass surveillance system like the Central Monitoring System (CMS) not only threatens to completely eradicate any vestige of the right to privacy but in the absence of a concrete set of procedural guidelines creates a tremendous risk of abuse.

Although information regarding the Central Monitoring System is quite limited on the public forum at the moment it can be gathered that a centralized system for monitoring of all communication was first proposed by the Government of India in 2009 as indicated by the press release of the Ministry of Communications & Information. Implementation of the system started subsequently as indicated by another government press release and the Center for Development of Telematics (C-DOT) was entrusted with the responsibility of implementing the system. As per the C-DOT annual report 2011-12, research, development, trials and progressive scaling up of a Central Monitoring System were conducted by the organization in the past 4 years and the requisite hardware and CMS solutions which support voice and data interception have been installed and commissioned at various Telecom Service Providers (TSP) in Delhi and Haryana as part of the pilot project. Media reports indicate that the project will be fully functional by 2014. While an extensive surveillance system is being stealthily introduced by the state, several concerns with regard to its extent of use, functioning, and real world impact have been raised owing to ambiguities and wide gaps in procedure and law. Moreover, the lack of a concrete privacy legislation coupled with the absence of public discourse indicates the lack of interest of the state over the rights of an ordinary citizen. It is under these circumstances that awareness must first be brought regarding the risks of the mass surveillance on civil liberties which in the absence of established procedures protecting the rights of the citizens of the state can result in the abuse of powers by the state or its agencies and lead to the demise of civil freedoms even in democratic states.

The architecture and working of a proposed Internet Monitoring System must be examined in an attempt to better understand the functioning, capabilities and possible impact of a Central Monitoring System on our society and lives. This can perhaps allow more open discourse and a committed effort to preserve the rights of the citizens especially the right to privacy can be made while allowing for the creation of strong procedural guidelines which will help maintain legitimate intelligence gathering and surveillance.

Internet Monitoring System: Setup and Working
Very broadly, The Internet Monitoring System enables an agency of the state to intercept and monitor all content which passes through the Internet Service Provider’s (ISP) server which includes all electronic correspondence (emails, chats or IM’s, transcribed call logs), web forms, video and audio files, and other forms of internet content. The electronic data is stored and also subject to various types of analysis. While Internet Monitoring Systems are installed locally and their function is limited to specific geographic region, the Central Monitoring System will consolidate the data acquired from the different voice and data interception systems located across the country and create a centralized architecture for interception, monitoring and analysis of communications. Although the exact specifications and functions of the central monitoring system still remain unclear and ambiguous, some parallels regarding the functioning of the CMS can be drawn from the the specifications revealed in the Assam Police tender document for the procurement of an Internet Monitoring System.

Setup
The deployment architecture of an Internet Monitoring System (IMS) contains probe servers which are installed at the Internet Service Provider’s (ISP) premises and the probes are installed at various tapping points within the entire ISP network. A collection server is also installed and hosted at the site of the ISP. The collection server is used to either collect, analyze, filter or simple aggregate the data from the ISP servers and the data is transferred to a master aggregation server located a central data center. The central data center may also contain more servers specifically for analysis and storage. This type of architecture is being referred to as a ‘high availability clustered setup’ which is supposed to provide security in case of a failure or outage.

The Assam Police Internet Monitoring System tender document specifically indicates that the deployment in the state of Assam shall require 8 taps or probes to be installed at different ISPs, out of which 6 taps/probes shall be of 10 GBPS and 2 taps are of 1 GBPS. The document however mentions that the specifications are preliminary and subject to change.

Types of data
The proposed internet monitoring system of the Assam state can provide network traffic interception and a variety of internet protocols including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) and Session Initiation Protocol (SIP), Voice over Internet Protocol (VoIP) can be intercepted and monitored. The system can also support monitoring of Internet Relay Chat and various other messaging applications (such as Google Talk, Yahoo Chat, MSN Messenger, ICQ, etc.). The system can be equipped to capture and display multiple file types like text (.doc, .pdf), zipped (.zip) and executable applications (.exe). Further, information regarding login details, login pattern, login location, DNS address, routing address can be acquired along with the IP address and other details of the user.

Web crawling capabilities can be installed on the system which can provide data from various data sources like social networking sites, web based communities, wikis, blogs and other forms of web content. Social media websites (such as Twitter, Facebook, Orkut, MySpace etc.), web pages and data on hosted applications can also be intercepted, monitored and analyzed. The system also allows capture of additional pages if updated; log periodical updates and other changes. This allows the monitoring agencies the capability of gathering internet traffic based on several parameters like Protocols, Keywords, Filters and Watch lists. Keyword matching is achieved by including phonetically similar words in various languages including local languages.

More specific functions of the IMS can include complete email extraction which will disclose the address book, inbox, sent mail folder, drafts folder, personal folders, delete folders, custom folders etc. and can also provide identification of dead drop mails. The system can also be equipped to allow country wise tracking of instant messages, chats and mails.

Regarding retention and storage of data, the tender document specifies that the system shall be technically capable of retaining the metadata of Internet traffic for at least one year and the defined traffic/payload/content is to be retained in the storage server at least for a week. However, the data may be retained for a longer period if required. The metadata and qualified data after analysis are integrated to a designated main intelligence repository for storage.

Types of Analysis
The Internet Monitoring System apart from intercepting all the data generated through the Internet Service Providers is essentially equipped for various types of data analysis. The solutions that are installed in the internet monitoring system provide the capability for real time as well as historical analysis of network traffic, network perimeter devices and internal sniffers. The kinds of analysis based on ‘slicing and dicing of data’ range from text mining, sentiment analysis, link analysis, geo-spatial analysis, statistical analysis, social network analysis, transaction analysis, locational analysis and fusion based analysis, CDR analysis, timeline analysis and histogram based analysis from various sources.

The solutions installed in the IMS can enable monitoring of specific words or phrases (in various languages) in blogs, websites, forums, media reports, social media websites, media reports, chat rooms and messaging applications, collaboration applications and deep web applications. Phone numbers, addresses, names, locations, age, gender and other such information from content including comments and such can also be monitored. Specifically with regard to social media, the user’s profile and information related to it can be extracted and a detailed ontology of all the social media profiles of the user can be created.

Based on the information, the analysis supposed to provide the capability to identify suspicious behavior based on existing and new patterns as they emerge and are continuously applied to combine incoming and existing information on people, profiles, transactions, social network, type of websites visited, time spent on websites, type of content download or view and any other type of gatherable information. The solutions on the system are also supposed to create single or multiple or parallel scenario build-ups that may occur in blogs, social media forums, chat rooms, specific web hosting server locations or URL, packet route that may be defined from time to time and such scenario build-ups can be based on parameters like sentiments, language or expressions purporting hatred or anti-national expressions, and even emotions like expression of joy, compassion and anger, which as may be defined by the agency depending on operational and intelligence requirement. Based on these parameters, automated alerts can be generated relating to structured or unstructured data (including metadata of contents), events, pattern discovery, phonetically similar words or phrases or actions from users.

Based on the data analysis, reports or dossiers can be generated and visual analysis allowing a wide variety of views can be created. Further, real time visualization showing results from real-time data can be generated which allows alerts, alert categories or discoveries to be ranked (high, medium, and low priority, high value asset, low value asset, moderate value asset, verified information, unverified information, primary evidence, secondary evidence, circumstantial evidence, etc.) based on criteria developed by the agency. The IMS solutions can also be capable of offering web-intelligence and open source intelligence and allow capabilities like simultaneous search capabilities which can be automated providing a powerful tool for exploration of the intercepted data.

Another important requirement mentioned in the tender document is the systems capability to integrate with other interception and monitoring systems for 2G, 3G/UMTS and other evolving mobile carrier technologies including fixed line and Blackberry services and encrypted IP services like Skype services.

Conclusion
It is clear that a system like IMS with its extensive interception and analysis capabilities gives complete access to an agency or authority of all information that is accessed or transmitted by a person on the internet including information which is private and confidential such as email and instant messages. Although the state has the power to issue directions for interception or monitoring of information under the Information Technology Act, 2000 and certain rules are prescribed under section 69B, they are wholly inadequate compared to the scope and extent of the Internet Monitoring System and its scale of operations. The interception and monitoring systems that are either proposed or already in place effectively bypass the existing procedures prescribed under the Information Technology Act.

The issues, concerns and risks are only compounded when it comes to the Central Monitoring System. The solutions installed in present day interception and monitoring systems give the state unprecedented powers to intercept, monitor and analyze all the data of any person who access the internet. Tools like deep packet inspection and extensive data mining solutions in the absence of concrete safeguards and when deployed through a centralized system can be misused to censor any content including legitimate discourse. Also, the perception that access to a larger amount of data or all data can help improve intelligence can also be sometimes misleading and it must be asked whether the fundamental rights of the citizens of the state can be traded away under the pretext of national security. Furthermore, it is essential for the state to weigh the costs of such a project both economically and morally and balance it with sufficient internal measures as well as adequate laws so that the democratic values are persevered and not endangered by any act of reckless force.

Reiterating what has been said earlier, while it is important for the state to improve its intelligence gathering tools and mechanisms, it must not be done at the cost of a citizen’s fundamental right. It is the duty of the democratic state to endure and maintain a fine balance between national interest and fundamental rights through timely creation of equitable laws.

[*]. http://necessaryandproportionate.net/#_edn2

For more details visit https://cis-india.org/internet-governance/blog/moving-towards-surveillance-state

India-EU Proposed FTA

praskrishna — 2013-07-10T08:49:44Z

For more details visit https://cis-india.org/a2k/blogs/india-eu-proposed-fta.pdf

The Difficult Balance of Transparent Surveillance

kovey — 2013-07-15T04:23:35Z

Is it too much to ask for transparency in data surveillance? On occasion, companies like Microsoft, Facebook, and the other silicon valley giants would say no. When customers join these services, each company provides their own privacy statement which assures customers of the safety and transparency that accompanies their personal data.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

Google even publishes annual “Transparency Reports” which detail the data movement behind the scenes. Governments, too, are somewhat open about surveillance methods, for example with the public knowledge of the existence and role of institutions like America’s NSA and India’s CMS. These façades of assurance, however, never satisfy the public enough to protect them from feeling cheated and deceived when information leaks about surveillance practices. And in the face of controversy around surveillance, both service providers and governments scramble to provide explanations for discrepancies between their promises and their practices.

So it seems that transparency might not be too much to ask, but instead is perhaps more complicated of a request than imagined. For some citizens, nothing would be more satisfying than complete transparency on all data collection. For those who recognize surveillance as crucial for national security, however, complete transparency would mean undermining the very efficacy of surveillance practices. And data companies often find themselves caught between these two ends, simultaneously seeking profits by catering to the public, while also trying to abide by political and legal frameworks. Therefore, in the process of modern data surveillance, each attempt at resolution of the transparency issue will become a delicate balance between three actors: the government, the big data companies, and the people. As rightly stated on the Digital Due Process website, rules for surveillance must carefully consider “the individual’s constitutional right to privacy, the government’s need for tools to conduct investigations, and the interest of service providers in clarity and customer trust.”[1]

So we must unpack the idea of transparency.

First, there should be a distinction made between proactive transparency and reactive transparency, or, the announcement of surveillance practices versus the later access to surveillance records. The former is more risky and therefore more difficult to entertain, while the latter may lack any real substance beyond satisfying inquiries. Also consider the discrepancy in motivation for transparency between the actors. For the citizen, is transparency really an end goal, or is it only a stepping stone in the argument for eradication of surveillance practices in the name of rights to privacy? Here, we ascertain the true value of total transparency; will it ever please citizens to learn of a government’s most recent undermining of the private sphere?

Reactive transparency has been achieved only in recent years in India, during a number of well publicized legal cases. In one of the earliest cases of reactive transparency, Reliance Communications made an affidavit in the Supreme Court over the exact number of surveillance directives given by the government. It was released that 151,000 Reliance accounts were monitored for a project between 2006 and 2010, with 3,588 tapped phones just from the Delhi region alone in 2005.[2]

But also there has been controversy over the extent of reactive transparency, because it has been especially problematic to discern the point where transparency once again encroaches on privacy, both for government and the people’s sake. After gathering the data, its release could further jeopardize the citizens and the government. It is important to carefully consider the productive extent of reactive transparency: What will become of the information? Will one publicly reveal how many people were spied on? Who was spied on? What was found when through spying? Citizens must take all of this into consideration when requesting transparency.

Meanwhile, service providers embrace transparency when it can benefit their corporation, or as a recent Facebook statement explained, “we’ve been in discussions with U.S. national security authorities urging them to allow more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.” [a] Many of the service providers mentioned in the recently leaked PRISM report have made well-publicized requests to the U.S. government for more transparency.[3]

Not only have they allegedly written requests to the government to allow them to disclose information, but the companies (including Facebook [a], Apple [b], Microsoft[c], and Google [d]) have all released explanatory statements in the wake of the June 2013 PRISM scandal. Although service providers claim that the request to release data about their cooperation is in the ‘interest of transparency,’ it instead seems that the motivation for this transparency is to ease consumers’ concerns and help the companies save face. The companies (and the government) will admit their participation in surveillance once it has become impossible to deny their association with the programs. This shrewd aspect of transparency can be seen most clearly in statements like those from Microsoft, who included in their statement on June 14^th, “We have not received any national security orders of the type that Verizon was reported to have received.” [c] Spontaneous allusions like this are meant to contrast guilt-conscious service providers favorably to telecom service providers such as AT&T and Verizon, who allegedly yielded the most communications data and who as of now have yet to release defensive public statements.

Currently, we find ourselves in a situation where entities admit to their collusion in snooping only once information has leaked, indignation has ignited, and scandal has erupted. A half-hearted proactive transparency leads to an outrage demanding reactive semi-transparency. These weak forms of transparency neither satisfy the public, nor allow governments and service providers to maintain dignity.

But now is also a crucial moment for possible reevaluation and reformation of this system, especially in India. Not only is India enacting its own national security surveillance system, the CMS[4] but the recent NSA and PRISM revelations are still sending shockwaves throughout the world of cyber security and surveillance. Last week, a Public Interest Litigation (PIL) was sent to the Indian Supreme Court, arguing that nine foreign service providers (Facebook, Hotmail, Yahoo!, Google, Apple, Skype, Paltalk, AOL, YouTube) violated the trust and privacy of their Indian customers through their collusion with the US government’s surveillance programs.[5]

Among other things, the PIL emphatically sought prosecution of the mentioned corporations, demands for the service providers to establish servers in India, and also sought stricter rules to prevent Indian officials from using these foreign services for work involving national security. Ultimately, the PIL was rejected by the Supreme Court; although the PIL stated the grounds of Rule 6 of the Information Technology Rules 2011 for the guidelines in protecting sensitive Indian citizen information, the SC saw the PIL as addressing problems outside of SC jurisdiction, and was quoted as saying “we cannot entertain the petition as an Indian agency is not involved.”[5][6]

The SC considered the PIL only partially, however, as certain significant parts of the petition were indeed within Indian domestic agency, for example the urge to prohibit federal officials from using the private email services such as Gmail, Hotmail, and Yahoo. And although the SC is not the correct place to push for new safeguard legislation, the ideas of the PIL are not invalid, as Indian leaders have long searched for ways of ensuring basic Indian privacy laws in the context of international service providers. This is also not a problem distinctive to India. International service providers have entered into agreements regarding the same problems of incorporating international customers’ rights, formal agreements which India could emulate if it wanted to demand greater privacy or transparency.

For example, there is the Safe Harbor Framework, an institution in place to protect and mediate European Union citizens’ privacy rights within the servers of foreign (i.e. American) Internet companies. These regulations were established in 2000, and serve the purpose of adjusting foreign companies’ standards to incorporate E.U. privacy laws. In accordance with the agreement, E.U. data is only allowed to be sent to outside providers who maintain the seven Safe Harbor principles, several of which focus on transparency of data usage.[7] India could enact a system similar to this, and it would likely alleviate some of the concerns raised in the most recent PIL. These frameworks, however, have not proven completely reliable safeguards either, especially when the service providers’ own government uses national security as a means to override the agreement. Although the U.S. government has yet to fully confirm or deny many of the NSA and PRISM allegations in regards to Europe, there is currently strong room to believe that the surveillance practices may have violated the Safe Harbor agreements by delivering sensitive E.U. citizen data to the U.S. government.[8] It is uncertain how these revelations will impact the agreements made between the big Silicon-Valley companies and their E.U. customers.

The recent PIL also strongly suggested establishing domestic data servers to keep Indian citizens’ information within the country and under the direct supervision of Indian entities. It strongly pushes for self-reliance as the best way to ensure both citizen and national security. The PIL assumes that domestic servers will not only offer better information protection, but also create much needed jobs and raise national tax revenue.[5] If allegations about PRISM and the E.U. prove true, then the E.U. may also decide to support establishment of European servers as well.

Several of the ideas outlined in the PIL have merit, but may not be as productive as the requesters assume. It is true that establishing servers and domestic regulators in India may temporarily protect from unwanted foreign, i.e. American, surveillance. But at the same time, this also increases likelihood of India’s own central government taking a stronger surveillance stance, more stringently monitoring their own servers and databases. It has not yet been described how the CMS will be operate its surveillance methods, but moving data to domestic servers may just result in shifting power from NSA to CMS. Rather than more privacy or transparency, the situation could easily become a matter of who citizens prefer spying over them.

Even if one government establishes rules which enforce transparency, this may clash with the laws of the service providers’ domestic government, i.e. confidentiality in surveillance. Considering all of this, rejection of foreign service providers and promotion of domestic self reliance may ultimately prove the most effective alternative for nations which are growing rapidly in both internet presence and internet consciousness. But that does not make this option the easiest. Facing the revelations and disillusionment of domestic (CMS) and international (PRISM) surveillance methods, countries like India are reaching an impeding critical juncture. Now is the most important time to establish new norms, while public sentiment is at its highest and transition is most possible, not only creating new laws which can safeguard privacy, but also strongly considering alternatives to foreign service providers like those outlined in June’s PIL. Privacy International’s guiding principles of communications surveillance also offer useful advice, urging for the establishment of oversight institutions which can access surveillance records and periodically publish aggregate data on surveillance methods.[9] Although the balance between security on the national level and security on the personal level will continue to be problematic for nations in the upcoming years, and even though service providers’ positions on surveillance usually seem contrived, Microsoft Vice President John Frank made a statement which deserves appreciation, rightly saying, “Transparency alone may not be enough to restore public confidence, but it’s a great place to start.”[c]

[1]. http://digitaldueprocess.org/

[2]. http://bit.ly/151Ue1H

[3]. http://bit.ly/12XDb1Z

[4]. http://ti.me/11Xh08V

[5]. Copy of 2013 PIL to Supreme Court, Prof. S.N. Singh [attached]

[6]. http://bit.ly/1aXWdbU

[7]. http://1.usa.gov/qafcXe

[8]. http://bit.ly/114hcCX

[9]. http://bit.ly/156wspI

[a]. Facebook Statement: http://bit.ly/ZQDcn6

[b]. Apple Statement: http://bit.ly/1akaBuN

[c]. Microsoft Statement:http://bit.ly/1bFIt31

[d]. Google Statement: http://bit.ly/16QlaqB

For more details visit https://cis-india.org/internet-governance/blog/the-difficult-balance-of-transparent-surveillance

dna exclusive: Geeks have a solution to digital surveillance in India: Cryptography

praskrishna — 2013-07-15T06:24:40Z

While you were thinking of what next to post on Twitter, the government has stealthily put an ambitious surveillance programme in place that tracks your every move in the digital world — through voice calls, SMS and MMS, GPRS, fax communications on landlines, video calls and emails.

The article by Joanna Lobo was published in DNA on July 7, 2013. Pranesh Prakash is quoted.

The programme, conceived in 2011, has now been brought under one umbrella referred to as the centralised monitoring system (CMS). It is the death of privacy.

But as concerned citizens argue for the need to formulate policies and laws to protect privacy, there's a simpler solution in sight for now: a CryptoParty.

At this 'party', an informal gathering of people, non-geeks can learn how to legally encrypt their digital communications and how to store data without the fear of anyone snooping in. Encryption is a process of encoding messages so that it can only be read by authorised parties.

What is it?
"A CryptoParty educates people in the domain of cryptography. It's usually about the basics: how to send encrypted email, how to protect your hardware and how to use free and open source software," says Satyakam Goswami, a free software consultant associated with the Software Freedom Law Centre (SFLC), Delhi (remove this). Goswami was one of the 72 participants at the CryptoParty organised on Saturday at Institute of Informatics & Communication (IIC), Delhi University South Campus On June 30, a CryptoParty organised at the Centre for Internet and Society (CIS) in Bangalore had 30 people in attendance. "We were taught about the what, how and who is watching us. We were also taught how to encrypt emails, chat, video calls or instant messaging,” says Siddhart Prakash Rao, a computer science graduate and a free software and open source enthusiast who is about to pursue a Masters in Cryptography.

The topics may be a mouthful for non-geeks but CryptoParty advocates maintain that all this is taught in the simplest way possible. The choice of subject depends on the composition of the group — if it is a gathering of geeks, like at the Bangalore event, then the topics are more technical.

How can it help?
CryptoParties started in August 2012 by an Australian woman (who goes by the pseudonym Asher Wolf) after a conversation on Twitter about The Australian Parliament's new cybercrime bill that allowed law enforcement to ask Internet Service Providers to monitor and store data.
Attending a CryptoParty is a good way to learn how to overcome government snooping legally.

“Citizens should use encryption to safeguard their private communications against both corporations and the government. Encryption is one of the best ways to react to CMS along with increased civic vigilance and democratic questioning of our government and parliamentarians,” says Pranesh Prakash, policy director, CIS, and one of the frontrunners in the fight to formulate a policy to safeguard privacy in India.

"In India, people tend to be rather ignorant. They are not aware of the kind of surveillance they are subjected to once online. It's a lack of understanding," says Sumandro Chattapadhyay, a researcher with Sarai, a programme of the Centre for the Study of Developing Societies, Delhi.

Bernadette Langle, who also works at CIS has been instrumental in organising the handful of CryptoParties in the country. When dna spoke to her, she was on her way to Delhi after participating in the Bangalore event. Langle will also be part of a CryptoParty being planned for October in Mumbai. "Ten years ago, you had to be a geek to be able to encrypt and protect yourself online. Now, you need software and it's much easier," she says.

The advantage is that the privacy tactics taught at such parties is completely legal. All knowledge is in the public domain. “A government will only deny its citizens basic communications privacy if it is authoritarian,” says Pranesh. “So while it can try social engineering and other means to gain access to what you've encrypted, it simply cannot 'decode' it as long as you have chosen a strong pass phrase and keep that protected, or they create quantum computers capable of breaking your encryption.”

The CIS is currently working on revisions of the Privacy (Protection) Bill 2013 with the objective of contributing to privacy legislation in India. Till that bill becomes an Act and till there's a better way to overcome needless government surveillance, attending a CryptoParty could possibly be the wisest solution for those concerned about privacy.

(For more details on CryptoParties, visit www.cryptoparty.in)

How to encrypt:
SMS: Make content secure by using software like TextSecure (Android) or CryptoSMS (Symbian). However, SMS metadata (who you are sending the message to and at what time) can still be tracked.

Instead of Whatsapp, install Jabbir and add off the record encryption.

For email, you can use OpenPGP in conjunction with Thunderbird to encrypt mails you send from Gmail/Yahoo Mail/Live Mail accounts so that even Google, Yahoo and Microsoft can't read them

For web browsing, use a VPN (which will hide your traffic from your ISP), or Tor (which will help anonymise your traffic, but will slow down your connection slower).

For more details visit https://cis-india.org/news/report-dna-july-7-2013-joanna-lobo-geeks-have-a-solution-to-digital-surveillance-in-india-cryptography

Governance in the age of internet and fta

praskrishna — 2013-07-03T05:00:20Z

For more details visit https://cis-india.org/a2k/blogs/governance-in-the-age-of-internet-and-fta.pdf

Internet and Open Public Data

praskrishna — 2013-07-03T04:53:25Z

For more details visit https://cis-india.org/a2k/blogs/internet-and-open-public-data-ppp.pdf

Whose Change is it Anyway?

praskrishna — 2013-07-02T15:41:46Z

For more details visit https://cis-india.org/digital-natives/blog/whose-change-is-it-anyway.pdf

Designing Change? Gatekeepers in Digital Humanities

sara — 2013-07-02T08:33:54Z

After defining the archive as one of the important concepts for digital humanities research, the question arose, whether or not a redefined archive still functions as a gatekeeper. This blog entry follows the question, if the digital humanities have overcome gatekeepers of knowledge, or if there has simply been a shift in what is doing the gatekeeping.

The last digital humanities blog entry finished on a rather resentful note, arguing that perhaps the difference between humanities and the digital humanities were feigned – and badly at that – and if the digital humanities would stop worrying only about infrastructure, there would no longer be a difference between the two. This insinuates that if only digital humanities would drop the digital and go back to humanities research and include digital technologies into it, all would be well and resolved. However, it is obvious that this generalization was slightly exaggerated, as generalizations tend to be. Nonetheless, the hypotheses is that archives have served as gatekeepers to traditional humanities research in the past. As they suggest a literary canon, they contribute to shaping the field according to certain discursive perceptions. If something is archived, it is considered important enough at the time, to serve as a representation for future reference. This constructs a hierarchy of written work over others, and especially publicized work over written text without publication. Therefore archives serve as a gatekeeper of knowledge, which, if one remembers the circumstances under which books are and were published, is mostly not necessarily representative of important topics but mainly boils down to capitalistic preferences. These preferences are not made transparent and often they are not questioned.

As one could see in the last post, the digital humanities have a reviewed concept of the archive to encompass a more contemporary memory of discourse. This changes the function of the archive, which leaves the question, whether the gatekeepers have changed as well, or even completely dissolved. In traditional humanities, archives served as more of a historical perspective of discourse, which could only be accessed from a temporal distance, for a better understanding of discursive perception at the time. As a matter of fact, Derrida stresses the point that archives are not possible without exteriority and that they are always a protheses to memory, but also to reproduction (Derrida: 1998: 14). So in fact they are not only not supposed to be live, but are always highly technological transformations of events. If the archiving process “produces as much as it records the event” (ibid.: 17), then that change from archival work to live-archives is fundamental to understanding the digital humanities. As the time restrictions, the materiality and the function of the archive has changed, so must the field it is archiving. Nonetheless, as included in the citation, the archive is also a technology of reproduction and every reproductive process changes what is being reproduced incessantly, so that what was there before is not available anymore (ibid.:26). Which means that archives are not historical at all, but constantly changing themselves, as the media that contains them reproduces them.

The archives being produced nowadays therefore might be a lot more representative, as the medium of the internet in itself is ever-changing and therefore makes the repetitive and transformative process of archival work visible. Another fundamental difference in archival work, apart from the 'right-here-right-now' stance of modern internet archives, is that prior archives were mainly text-based. Up until now, the written word has been perceived as progressive as it is one of the main features of western advanced civilization (Stein 2006). This marginalizes populations who do not or cannot do research work in latin alphabetic writing. According to Vilém Flusser, writing is also a form of structuring knowledge in a one-dimensional manner, aberrations that do not fit into a flow of writing are not easily included into literary pieces (Flusser 1990). Research phenomena get a direction and a structure, just as writing is structured on a page. Text-based knowledge production therefore reproduces the “official reasoning of occidental culture” (Flusser 1999). This literary structure is closed, in a sense that a text portrays a meaning and once the text is over, its meaning will have enfolded itself completely onto the reader. It is therefore a closed train of thought without derivative. This narrative framework constructs historical consciousness as something linear. Going back to Foucault's conceptions around the archive, however, we see that history is never linear and never singular, but always a subjective fragment of the whole (Foucault 1969). Overcoming the structure of textual flow through visualizations and design could therefore mean overcoming supposed linearity and becoming more open towards diverse narratives of histories or knowledge.

The symbol for the ladies washroom exemplifies how design could be more generative to meaning than a purely textual format. The schematic depiction of a female via a dress implies that only females should enter the room beyond. It works internationally and does not need to rely on language or latin letters to portray its meaning. At the same time, women all across the world feel included by the sign, even though they do not match its proportions, or may never have worn a skirt or a dress, let alone one similar to the usual depiction. The depiction of the female body is completely fictional and has no relation to biological reality. The sign, just like Derrida's archive, is a repetition of the ideal of being female, just as any other female body is a repetition of this ideal, an ideal which does not have a 'real' existing counterpart. As Judith Butler explains, all embodiments of categories such as gender, but also race and class or any other category, are repetitions of this fictional ideal, and in their repetition they prove the ideal to be non-existent (Butler 1990). As no biologically female person would agree to the sign being a representation of womanhood, at least in this instance one could imagine a more open context within that sign to include people, who feel just as badly or well represented by the crude depiction, as any strictly biological female. The pictorial representation is a good example of how having only text-based information can often narrow perspectives and choosing design over text can open knowledge production to become more inclusive.

Nowadays digital technologies allow for multimedia documentation, in fact design has been identified as a key feature in digital humanities work, up to a point where designers, coders and artists are seen as equal to textual authors when collaborating on work (Burdick et. Al 2012: 12). This is a step towards deconstructing the hegemony the written word has over alternative forms of knowledge production. Visualizing what has been written and produced before, or even producing knowledge in a not solely textual form increases the openness of knowledge and makes it more accessible for people before marginalized by the latin phonetic alphabet, thereby overcoming conceptual barriers of nationality and dominant languages. Sure enough, giving credit to non-textual authors' contributions to text is sensible, as the way the output is shaped influences accessibility, readability and finally the content itself. So overcoming the hierarchy between text and non-textual knowledge production surely is something digital humanities should work on, it surely is not achieved yet, although some might claim otherwise. Especially in academia, a certain amount of written text is important even in visual departments such as an art academy, to show that ones productivity is not completely random, but justified. Still, design is becoming more and more relevant, just as packaging is important to sell a product.

However, the question is, if design counts as a main feature in research work, does it then function as a new gatekeeper? The hypotheses is, that just as publication and academic structures were limiting the knowledge being produced, needing a designer, a coder or any visual artist to actually produce and publish work can be just as limiting. If you need someone to visualize your work so that it can be comprehended, it will be just like needing a publisher – work will again be produced according to capitalistic preference and design just helps put your (intellectual) product on the market. Putting something in pretty packaging can sometimes obscure the production process, as it adds value to the final form, while hiding any ugly obstacles that were to be overcome along the way and could serve as a learning for future research. Design and visuality being more able to display affirmative information, such obstacles and learnings could be difficult to visualize. Also, given the timely limits one is faced with, there is reason for critics to believe that a nice form is valued over 'proper' or 'good' content. The problem lies within defining what is 'good' and what is 'proper'. Digital humanists like Ramsay would argue that “doing” is more important than reading (Ramsay 2011). However, by overcoming the hierarchy between written and non-textual knowledges, content and form cannot be separated but should be seen as two intertwined facets of one bundle of research output.

Another problem with the rising importance of design is that people with visual impediments are marginalized from knowledges that rely on optics and design to get their point across. So when design reaches new importance, researchers creating output must also take into consideration in what way this output is marginalizing people and how to overcome this marginalization. It is one of the main insights of disability studies that disabilities are “not so much a property of bodies as a product of cultural rules about what bodies should be or do” (Garland-Thomson 1997). Just as the phonetic alphabet, visualizations are therefore conceptualizing knowledge around a norm which implies functionality of vision. One way of overcoming that barrier is including screen-reading software onto visually appealing websites like it is described by George H. Williams (2012). The concept of inclusion is called 'universal design', instead of 'assistive technology', and is based on the perception that technology is always assistive, not only in the case of e.g. screen readers for the visually impaired (Williams 2012). This breaks with the normative perspective of the body functioning in a certain way and deconstructs the understanding of disabilities as an aberration of the norm. Universal design therefore benefits not only disabled people, but all people. As Williams puts it, “whether in a physical or digital environment, designers are always making choices about accessibility. However, not all designers are aware of how their choices affect accessibility. Universal design is design that involves conscious decisions about accessibility for all, and it is a philosophy that should be adopted more widely by digital humanities scholars” (ibid.). At the same time this intentional inclusion may be difficult to follow at times. Especially when considering that technology itself can be seen as co-authoring a text in the form of programs, algorithms and code, it might become difficult to impose the philosophy of universal design on non-human authorship. This implies that technology, too, should be theorized, a thought that is being suggested throughout more critical approaches of digital humanists and humanities (see e.g. Earhart 2012). As has been stated in prior blog entries, the digital humanities are trying to move away from theorizing, which might be the reason for the problems arising within the field. The deconstruction of text-based hegemony should not take place in favor of establishing new hierarchies. The written word and the visual underly a complex power/knowledge complex, simply trying to reverse it will not work. The category 'nation', or 'nationality' portrays the ambivalence of this case very well. While in some cases, like a national constitution, the written word will be more powerful than a pictorial or designed description, in others, like a national flag, the visual and symbolic materiality of a knowledge product is a lot more powerful than simple text. Instead of moving from reading to doing, as has been suggested (e.g. Ramsay), the digital humanities need to find a balance between the two, so as to incorporate questions of race, gender and other categories of human agency into their research. Especially when it comes to postcolonial studies and research in cultures and languages other than those of western dominance, digital humanists should not only consider themselves as consumers, but as actual producers of knowledge resources. This counts for producing work as much as it does for archiving, as the productive process of today remain the archives of tomorrow, or even of simultaneously happening research projects. Design can be a factor to help overcome these barriers, if the concept of universal design is incorporated into digital humanities work. All too often, however, design is still a concept that marginalizes, often unknowingly, so as to serve as a gatekeeper to knowledge production, benefiting capitalistic values.

Butler 1990 Butler, Judith: "Gender Trouble: Feminism and the Subversion of Identity". New York/London: Routledge

Derrida 1998 Derrida, Jacques: "Archive Fever: A Freudian Impression". Chicago: University of Chicago Press,

Earhart 2012 Earhart, Amy E.: "Can Information be Unfettered? Race and the New Digital Humanities Canon". Debates in the Digital Humanities. Open Access Edition. accessed June 28th, http://dhdebates.gc.cuny.edu/debates/text/16

Flusser 1990 Flusser, Vilém: "Does Writing have a Future?" U of Minnesota Press. 2011

Flusser 1999 Flusser, Vilém: “Into the Universe of Technical Images” U of Minnesota Press. 2011

Foucault 1969 Foucault, Michel: “The Archeology of Knowledge” translated by Allan Sheridan, New York: Harper and Row, 1972

Garland-Thomson 1997 Garland-Thomson, Rosemarie: "Extraordinary Bodies: Figuring Physical Disability in American Culture and Literature". New York: Columbia University Press, 1997.

Ramsay 2011 Ramsay, Stephen: “On Building” accessed June 20^th 2013, http://lenz.unl.edu/papers/2011/01/11/on-building.html.

Stein 2006 Stein, Peter: "Schriftkultur. Eine Geschichte des Schreibens und Lesens". Darmstadt: Primus

Williams 2012 Williams, George H.: "Disability, Universal Design, and the Digital Humanities". Debates in the Digital Humanities. Open Access Edition. accessed June 28th, http://dhdebates.gc.cuny.edu/debates/text/44

For more details visit https://cis-india.org/raw/digital-humanities/designing-change-gatekeepers-in-digital-humanities

June 2013 Bulletin

praskrishna — 2013-07-27T09:48:16Z

Our newsletter for the month of June 2013 can be accessed below.

The Centre for Internet & Society (CIS) welcomes you to the sixth issue of its newsletter for 2013. Hivos published a White Paper by Nishant Shah titled Whose Change is it Anyway?, which attempts to reflect critically on existing patterns of making change and its implications for the future of citizen action in information and network societies. The Access to Knowledge team carried out a quantitative analysis to identify trends and growth patterns in Indian Language Wikipedias from September 2012 to April 2013. CIS drafted the Privacy Protection Bill and amended it as per feedback gained from the New Delhi, Bangalore, and Chennai Privacy Roundtable Events. CIS made closing statement on the Treaty for the Blind at the WIPO Diplomatic Conference which was concluded with the adoption of the Marrakesh Treaty to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired, or otherwise Print Disabled. In a research paper Nehaa Chaudhari gives an analysis of patent pools, Sameer Boray gives an analysis of video piracy and Pranav Menon gives an analysis of India-EU FTA and issues surrounding data protection and security. In this period we organised the Institute on Internet and Society with support from the Ford Foundation at Golden Palms, Bangalore from June 8 to 14, 2013.

Celebrating 5 Years of CIS
CIS is now 5 years old and we just celebrated this by holding an open exhibition in our offices in Bangalore and Delhi from May 20 to 23, showcasing our work and accomplishments over the period. We had about 170 visitors from the general public coming in to our office. Videos of the event are here.

Google Policy Fellowship
CIS has initiated processing of applications for the Google Policy Fellowship programme. Shortlisted candidates would be informed about their interview. However, as of now there will be a 20 days delay in announcing the list for the interview.

Jobs
CIS is inviting applications for the posts of Developer (NVDA Screen Reader Project) and Editor/Content Developer. To apply for these posts, send in your resume to Nirmita Narasimhan (nirmita@cis-india.org). CIS is also seeking applications for the post of Programme Officer (Internet Governance). To apply send your resume to Sunil Abraham (sunil@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org).

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another for developing a screen reader and text-to- speech synthesizer for Indian languages:

National Resource Kit for Persons with Disabilities
CIS and the Centre for Law and Policy Research (CLPR) are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapter on Jharkhand:

The Jharkhand Chapter (by CLPR, June 30, 2013).

Note: All the chapters published on the website are early drafts and will be reviewed and updated.

Award

Girls in ICT Day 2013 (organized by ITU-APT Foundation of India with support from CMAI - Association of India Communication and Infrastructure, FICCI Auditorium, Tansen Marg, New Delhi, May 7, 2013). Dr. Nirmita Narasimhan got a felicitation for her contribution and achievements in the field of Information and Communication Technology. The honour was conferred during the celebration of this event.

Media Coverage

A Treat for the Blind (by Chitra Narayanan, Business World, June 26, 2013). Pranesh Prakash was quoted.

Access to Knowledge and Openness

The Wikimedia Foundation has given a grant to CIS to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Access to Knowledge (Previously IP Reforms)

WIPO
Pranesh Prakash participated in the WIPO Diplomatic Conference to Conclude a Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities in Marrakesh, Morocco, June 17 to 28, 2013. The conference concluded with the adoption of the Marrakesh Treaty to facilitate access to published works by blind persons, persons with visual impairment, and other print disabled persons, by requiring mandatory exceptions in copyright law to enable conversions of books into accessible formats, and by enabling cross-border transfer of accessible format books. Click for:

CIS's Closing Statement at Marrakesh on the Treaty for the Blind (by Pranesh Prakash, June 28, 2013).
India's Closing Statement at Marrakesh on the Treaty for the Blind (June 29, 2013).

Pervasive Technologies

Pervasive Technologies: Patent Pools (by Nehaa Chaudhari, June 27, 2013).

Other (FTA, Piracy)

The Right Way to Fight Video Piracy? (by Sameer Boray, June 6, 2013).
India-EU Proposed Free Trade Agreement: Issues Surrounding Data Protection and Security (by Pranav Menon, June 8, 2013).
India- EU FTA: A Note on the Copyright Issues (by Nehaa Chaudhari, June 18, 2013).

Event Participated

Governance in the Age of the Internet and Free Trade Agreements (organized by Thai Netizen Network and co-hosted by the Ministry of Information and Communication and the National Science and Technology Development Agency, Queen Sirikit National Convention Center, June 8, 2013). Sunil Abraham was a speaker.

Access to Knowledge (Wikipedia)

The A2K team consists of three members based in Bangalore: T. Vishnu Vardhan, Dr. U.B. Pavanaja and Subhashish Panigrahi and one team member Nitika Tandon who is working from Delhi office.

Statistical Report

Indian Language Wikipedia Statistics (by Nitika Tandon, June 30, September 2012 – April 2013).

Event Organised

A 'Kannada' Wikipedia Workshop for Bloggers (Suchitra, Bengaluru, June 23, 2013). Dr. U.B. Pavanaja conducted the workshop.

Event Co-organised

Telugu Wikipedia Training Workshop (co-organised by A2K team and Theatre Outreach Unit, University of Hyderabad, Golden Threshold, Nampally, Hyderabad, March 8, 2013). T. Vishnu Vardhan conducted the workshop.

Upcoming Event

Digital Humanities for Indian Higher Education (co-organised by HEIRA-CSCS, Tumkur University, CILHE-TISS and CCS, Indian Institute of Science, July 13, 2013).

Blog Entries

My First Wikipedia Training Workshop – Theatre Outreach Unit, University of Hyderabad (by T. Vishnu Vardhan, June 26, 2013). The workshop was conducted in March but the report was published only in June.
Wikipedia Visual Editor (by Nitika Tandon, June 27, 2013).

Press Coverage (including videos)

A Feature on Wikipedia and Telegu Wikipedians (HMTV, May 30-31, 2013). Watch the video.
Wikipedia Live Phone-in Programme (HMTV, June 1, 2013). T. Vishnu Vardhan took part in a one hour live phone-in programme on Wikipedia.
Wiki donors (by Akhila Seetharaman, TimeOut Bengaluru, June 21, 2013). T. Vishnu Vardhan and Dr. U.B. Pavanaja are quoted.
Kannada Wikipedia Workshop at Hasan (Prajavani, June 5, 2013). Dr. U.B. Pavanaja conducted the workshop on June 4, 2013.
Kannada Wikipedia Workshop at Hasan (Samyukta Karnataka, June 5, 2013). Dr. U.B.Pavanaja conducted the workshop on June 4, 2013.
Kannada Wikipedia Workshop at Hasan (Vijaya Karnataka, June 5, 2013). Dr. U.B.Pavanaja conducted the workshop on June 4, 2013.
Wiki Rahasya: Panel Discussion (Suvarna News, June 13, 2013). Dr. U.B.Pavanaja participated in a panel discussion around Wikipedia in general and about Kannada Wikipedia in specific.

Openness

Column

Big Data, People's Lives, and the Importance of Openness (by Nishant Shah, DML Central, June 24, 2013).

Event Hosted

RHoK Global Event (Centre for Internet and Society, Bangalore, June 1 – 2, 2013). Yogesh Londhe shares with you a post-event report.

Internet Governance

CIS began two projects earlier this year. The first one on facilitating research and events on surveillance and freedom of expression is with Privacy International and support from the International Development Research Centre, Canada. The second one on mapping cyber security actors in South Asia and South East Asia is with the Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the International Development Research Centre, Canada:

Cyber Stewards Project
Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project.

Video Interview

An Interview with Ram Mohan (June 30, 2013)

Event Organized

The Geopolitics of Information Controls: A Presentation by Masashi Crete-Nishihata (TERI, Bangalore, June 19, 2013). About 20 people participated in the event.

Privacy Research

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback) (by Elonnai Hickok, June 30, 2013): CIS drafted the Bill. Based on feedback received from the New Delhi, Bangalore, and Chennai Roundtables the Bill was amended.

Interviews

Interview with the Citizen Lab on Internet Filtering in India (June 24, 2013). Maria Xynou interviewed Masashi Crete-Nishihata and Jakub Dalek from the Citizen Lab on internet filtering in India.
Interview with Billy Hawkes (June 20, 2014). Maria Xynou interviewed Billy Hawkes, the Irish Data Protection Commissioner on recommendations for data protection in India.

Columns

Indian Surveillance Laws & Practices Far Worse than US (by Pranesh Prakash, Economic Times, June 13, 2013).
World Wide Rule (by Nishant Shah, Indian Express, June 14, 2013). Nishant Shah reviews Schmidt and Cohen's book “The New Digital Age”.
Way to Watch (by Chinmayi Arun, Indian Express, June 26, 2013).
The State is Snooping: Can You Escape? (by Snehashish Ghosh, India Together, June 26, 2013).

Blog Entries

India Subject to NSA Dragnet Surveillance! No Longer a Hypothesis — It is Now Officially Confirmed (by Maria Xynou, June 13, 2013).
SEBI and Communication Surveillance: New Rules, New Responsibilities? (by Kovey Coles, June 27, 2013).
Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation (by Elonnai Hickok, June 19, 2013).
Open Letter to Prevent the Installation of RFID tags in Vehicles (by Maria Xynou, June 27, 2013).

Events Organised

Technology, Power, and Revolutions in the Arab Spring (CIS, July 2, 2013). Prof. Ramesh Srinivasan gave a talk.
Learn to Secure Your Online Communication! (CIS, Bangalore, June 30, 2013). A Crypto Party was organised.
Learn to Secure Your Online Communication! (IIC, Delhi University, South Campus, New Delhi, July 6, 2013). A Crypto Party was organised.

Event Co-organised

4^th Privacy Round Table Meeting (co-organised with the Federation of Indian Chambers of Commerce and Industry and the Data Security Council of India, Mumbai, June 15, 2013).

Upcoming / Ongoing Events

Digital Activism in Europe (The Sarai Programme, Centre for the Study of Developing Societies, New Delhi, July 8, 2013). Bernadette Längle will give a talk.
Privacy Round Table, Kolkata (co-organised with the Federation for Indian Chambers of Commerce and Industry, and the Data Security Council of India, Lytton Hotel, Sudder Street, Kolkata, July 13, 2013).

Event Participated In

Biometrics or bust? India's Identity Crisis (organized by the Oxford Internet Institute, July 2, 2013). Malavika Jayaram was a speaker.

Video

Pranesh Prakash on the US snooping into Indian cyber space (by Tehelka, June 2013).

Media Coverage

Indian student in Cornell University hacks into ICSE, ISC database (by Kim Arora, Times of India, June 6, 2013). Pranesh Prakash is quoted.
‘Hacking’ sparks row over exam evaluation (by Vasudha Venugopal and Karthik Subramanian, Hindu, June 7, 2013). Pranesh Prakash is quoted.
Internet firms deny existence of PRISM (by Javed Anwer and Ishan Srivastava, Times of India, June 8, 2013). Sunil Abraham and Pranesh Prakash are quoted.
Indian Government Quietly Brings In Its 'Central Monitoring System': Total Surveillance Of All Telecommunications (Tech Dirt, June 8, 2013). Pranesh Prakash is quoted.
Facebook, Google deny spying access (by Javed Anwer, Times of India, June 9, 2013). Pranesh Prakash is quoted.
Govt mulls advisory on privacy issues related to Google, Facebook (by Thomas K Thomas, Hindu Business Line, June 10, 2013). Sunil Abraham is quoted.
Cyber experts suggest using open source software to protect privacy (by Kim Arora, Times of India, June 22, 2013). Sunil Abraham is quoted.
Govt goes after porn, makes ISPs ban sites (by Javed Anwer, Times of India, June 26, 2013). Sunil Abraham is quoted.
Indian govt blocks 40 smut sites, forgets to give reason (by Phil Muncaster, The Register, June 27, 2013). Sunil Abraham is quoted.
Concerns over central snoop (by Aloke Tikku, Hindustan Times, June 28, 2013). Sunil Abraham is quoted.
Internet users enraged over US online spying (by Maitreyee Boruah, Times of India, June 29, 2013). Sunil Abraham is quoted.
Issue of duplication of identities of users under control: Nilekani (by Anirban Sen, Livemint, June 29, 2013). Sunil Abraham is quoted.
In India, Prism-like Surveillance Slips Under the Radar (by Anjan Trivedi, Time World, June 30, 2013). Sunil Abraham is quoted.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access. It will also touch upon various policies and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation of policies related to internet access. The blog posts and modules are being published in the Internet Institute website:

Event Organised

Institute on Internet and Society (supported by Ford Foundation, Golden Palms Resort, Bangalore, June 8 – 14, 2013). Pranesh Prakash, Bernadette Längle, Vir Kamal Chopra, AK Bhargava, Ananth Guruswamy, Archana Gulati, Chakshu Roy, Elonnai Hickok, Gaurab Raj Upadhaya, Helani Galpaya, Michael Ginguld, Dr. Nadeem Akhtar, C. Nandini, Dr. Nirmita Narasimhan, Dr. Nishant Shah, Parminder Jeet Singh, Ravikiran Annaswamy, Dr. Ravina Aggarwal, Satyen Gupta, Dr. Subbiah Arunachalam, Sunil Abraham, Tulika Pandey and T. Vishnu Vardhan were speakers at the event. The presentations can be accessed here.

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Law & Order through Traffic Systems (by Shyam Ponappa, Business Standard, June 5, 2013 and cross-posted in Organizing India Blogspot).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:

White Paper

Whose Change is it Anyway? (by Nishant Shah, Hivos, June 18, 2013).

Digital Humanities

We are building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia.

Blog Entries

Mapping the Field of Digital Humanities (by Sara Morais, June 11, 2013).
A Suggested Set of Values for the Digital Humanities (by Sara Morais, June 12, 2013).
Archive Practice and Digital Humanities (by Sara Morais, June 24, 2013).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/june-2013-bulletin

National Resource Kit: The Jharkhand Chapter (Call for Comments)

Manojna Yeluri — 2013-11-07T06:14:16Z

The National Resource Kit team is pleased to bring you its research on the state of laws, policies and programmes for persons with disabilities in the state of Jharkhand.

Executive Summary

According to the 2001 Census, the number of persons with disability i Jharkhand amounted to about 4,48,377 which is roughly 3% of the total population of Jharkhand.[1] The largest section of the disabled population in Jharkhand is visually impaired, constituting about 41.53%. Statistics indicate that Jharkhand houses approximately 2.04% of the total disabled population of the country.

Quick Statistics:

Capital: Ranchi
Population: 32,966,238 (2011 Census)
Population of Persons with Disabilities: 448,377 (2001 Census)
Literacy: 67.63%

The Nodal Department in charge of the implementation and enforcement of the Rules and Acts concerning Persons with Disabilities is the Department of Social Welfare, Women and Child Development. The Jharkhand State Policy on Disability Rights seeks to ensure, inter alia, Participation, Inclusion, Barrier free environment, Empowerment and Self Advocacy.

Legal Provisions

The Jharkhand State Policy on Disability has been formulated under the provisions enshrined in the Central Policies and laws.

The State Policy seeks to facilitate the inclusion of disability rights in the strategies of the Government, to develop an integrated management system for the coordination of disability planning and its implementation, and finally, to develop a comprehensive plan of action that will include among other things, a strong public education system and awareness raising programmes. The Policy focuses mainly on the following areas:

Public Education and Awareness Raising
Prevention of Disabilities through Early Identification and Intervention, immunisation, healthy lifestyle promotion and so on.
Health Care and Nutrition
Community Based Rehabilitation
Barrier Free Access
Accessible and Flexible Public Transport System
Inclusive Education
Employment and Economic Empowerment
Participation in Public Life
Skill Development through special vocation training services
Human Resource Development to ensure access to the necessary rehabilitation services
Social Security
Housing
Cultural and Creative Activities and Sports
Data Gathering and Research on Persons with Disabilities
Special Focus areas: Mental Illness, Sensory and Multiple Disabilities, Women and Girls with Disabilities and Certification

Additionally, a new policy is set to be passed which will ensure a three per cent fund allotment in the State’s annual budget, for the upliftment of people with disability.[2]

Accessibility

The Department of Social Welfare, Jharkhand has not made any schemes under this category except for the following:

Concessions on Tickets: For persons with blindness, physical or mental disability, 75% concession on the price of tickets is given in sleeper class and 3^rd AC compartment while 50% concession is given in 2^nd and 1^st AC. For persons who are hearing and speech impaired, a 50% concession is provided. A concession is also provided for any helper traveling with the person with disability.[3]

Tricycles and Wheelchairs: Tricycles, wheelchairs and other aids and appliances are to be provided to the physically challenged, however there is no specific scheme for the same.[4]

No other provisions have been made with regard to travel allowances.

Education

The state government provides for scholarships, reserevations and other facilities for stidents with disabilities. The benefits provided are as follows:

Scholarships and Stipends for students with disabilities:

Class 1- 8 in Govt schools: Stipend of Rs. 50/- per student per month.

Class 9 to Undergraduate degree in Govt school/ college: Stipend of Rs.250/- per student per month.

Postgraduate degree in a Govt college: Stipend of Rs. 260/- per student per college.

Boarders from Class 1-8 in a Govt school: Stipend of Rs. 100/- per student per month.
Additionally, if any registered Non Governmental Organisation sets up a school for children with disabilities, students of that school are also to be taken care of. It is to be ensured that the schools have trained teachers and the necessary equipments.[5]

Reservation in Educational Institutions: As per Section 39 of the PWD Act, reservation of 3% is provided in government educational institutions as well as educational institutions funded by the government for persons with disabilities.

Non Formal education: 5^th class dropout students with disabilities are to be given Non Formal education and children over the age of 16 are to be given special books, desired equipments and are to be taught through open schools and universities in order for them to attain functional literacy.[6]

Grants in Aid Schemes: The Department of Social Welfare runs various bodies and institutions through grants in aid to Non Governmental Organisations for the welfare of its target groups. Few of such schemes are as follows.

Establishment of Schools for Spastic Children: The scheme for the spastic children is being implemented in this State through Non Governmental Organisations in different blocks of the State. For this scheme funds are provided to those Non Governmental Organisations that wish to open special schools for the benefit of spastic children.
Schools for the Blind, Hearing and Speech Impaired: The State government has set up construction and renovation work for schools for the blind, hearing and speech impaired. In addition to these, 3 new schools and hostels have been completed. It is proposed to run these institutions with the help of capable Non Governmental Organisations.

Employment

Reservation in Government Jobs: As per Notification No. 728 dated 01/11/2007 read with Notification No. 5776 dated 10/10/2002 and Notification No. 5795 dated 10/10/2002, 3% of Government jobs have been reserved for persons with disabilities in the State.[7] Within this 3%, 1% of the jobs is reserved for persons with partial or complete blindness, 1% for people with hearing disability and 1% for people who are orthopaedically disabled.[8]

Health and Rehabilitation

No health and rehabilitation schemes have been formulated except for provision of equipment and aids and appliances.

Equipments for persons with disabilities: Equipments such as crutches, hearing aids, tricycles are being provided by the State government to persons with disabilities.

Social Protection

Swami Vivekananda Nisshakta Svawalamban Protsahan Yojana: This is a flagship scheme promulgated by the Jharkhand State Government with regard to the welfare of persons with disabilities in the State. Since the financial year 2006-07 the Government has started this scheme where an amount of Rs. 200/- per month is given to every person with disability living in the State and is above the age of 5 years as a stipend through Anganwadi workers. This amount has now been increased to Rs. 400/- per month.[9]

Minor Disability Sector scheme: Apart from the scheme of Swami Vivekananda Nisshakta Svawalamban Protsahan Yojana there are a few minor schemes relating to disability which are run by the Department of Social Welfare. They are as follows:

Special Equipment for Disabled

Scholarship to Handicapped

Economic & Social Survey of the Disabled

Workshop for the Disabled[10]

Reservation in Poverty Alleviation Programmes: Notification No. 3260 dated 06/06/2003 provides that any poverty alleviation programme of the Government must have a 3% reservation for persons with disabilities.[11]

Workshop for the Disabled: Under this scheme funds are provided to Non Governmental Organisations for conducting workshops, seminars etc. on disability, and also for organizing Abilympics and related events.[12] Abilympics is a vocational skills competition on the lines of the Olympics, held for persons with disabilities to showcase their talents.

Central Schemes

Cash Transfer Scheme: Jharkhand government has decided to bring all 24 districts of the state under Direct Cash Transfer scheme of the Central Government by May 2013. The Direct Cash Transfer scheme will start in four districts of Jharkhand- Ranchi, Ramgarh, Hazaribagh and Saraikela Kharsawan. The scheme would provide cash directly to persons with disability, in addition to scholarships and pensions for the elderly and other welfare schemes of Central Government through Aadhar cards.

Deendayal Disabled Rehabilitation Scheme to promote Voluntary Action for Persons with Disabilities: This is an umbrella scheme by the Central Government for the effective rehabilitation of persons with disabilities. The Jharkhand Government, under this scheme, provides assistance to Non Governmental Organisations for provision of a wide range of services to the disabled such as early intervention, programmes for pre school, vocational training, special education, community based rehabilitation, manpower development and so on.[13]

Assistance to Disabled Persons for Purchase/Fitting of Aids/Appliances (ADIP) Scheme: This scheme of the Central Government has been implemented by the Jharkhand Government. Funds are provided to the state notionally which are then allocated to Implementing Agencies for the purpose of assisting persons with disabilities to promote their physical, social and psychological rehabilitation by helping them.[14]

Scheme for providing Employment to Persons with Disabilities in the Private Sector: Incentives are being provided by the Government to the private sector employers in order to promote employment in the private sector as well.[15]

[1].http://www.jharkhand.gov.in/new_depts/socwf/Social%20Welfare%20Annual%20Plan%2009-10.pdf

[2].http://articles.timesofindia.indiatimes.com/2012-09-05/ranchi/33614847_1_state-disability-commissioner-pwd-act-disability-act

[3].Directory for the Empowerment of Persons with Disabilities through Government and Non Governmental Organisations, pp.25-26.

[4].http://www.telegraphindia.com/1130302/jsp/jharkhand/story_16623167.jsp#.UYc8tLW7KAg

[5].http://socialwelfarejhar.com/ap12-13.pdf, p.5.

[6].Section 27 of the PWD Act.

[7].Directory for the Empowerment of Persons with Disabilities through Government and Non Governmental Organisations, p. 33.

[8]. Office Memorandum No.36035/3/2004-Estt.(Res.) dated 29.12.2005.

[9].http://socialwelfarejhar.com/

[10].http://www.jharkhand.gov.in/new_depts/ap201011/Social_welfare201011.pdf

[11].Supra, n.7.

[12].http://www.jharkhand.gov.in/new_depts/socwf/Social%20Welfare%20Annual%20Plan%2009-10.pdf

[13].http://socialjustice.nic.in/ddrs.php?pageid=6

[14].http://socialjustice.nic.in/adipjh.php

[15].http://socialjustice.nic.in/incentdd.php

For more details visit https://cis-india.org/accessibility/blog/national-resource-kit-jharkhand-call-for-comments

Issue of duplication of identities of users under control: Nilekani

praskrishna — 2013-07-02T10:13:10Z

Nandan Nilekani says UIDAI system almost completely accurate, duplication of identities virtually negligible.

The article by Anirban Sen was published in Livemint on June 29, 2013. Sunil Abraham is quoted.

The Unique Identification Authority of India (UIDAI) chief Nandan Nilekani said the government agency was in preliminary discussions with some embassies to use the Aadhaar project to simplify visa application procedures and that the issue of duplication of identities of users was well under control.

In March, a UIDAI spokesperson told Mint that it had detected 34,015 cases where one person had been issued two Aadhaar numbers. The figures represented a little over 0.01% of the 290 million people who had been enrolled at the time.

Nilekani, who was delivering a keynote address at a three-day conference on the success and failures of information technology (IT) in the public and private sector at the Indian Institute of Management in Bangalore, said the UIDAI system was almost completely accurate and duplication of identities was virtually negligible.

“Knowing what we know now, we believe we have accuracy of upto 99.99%,” said Nilekani, chairman of the Unique Identification Authority of India (UIDAI).

Nilekani, on Saturday, assured that the project was completely secure and user data and biometrics were safe in the hands of the agencies it works with and brushed aside any concerns on security of user data that have been widely raised by Internet security groups and activists.

“We’re not giving any access to data, except when it is resident authorized. It is shared only when a resident participates in a transaction and authorizes the data which is shared,” said Nilekani, who was one of the seven co-founders of India’s second largest software exporter Infosys Ltd. He served as CEO of Infosys from 2002 to 2007.

“The system is also not open to the internet—the system has rings of authentications of service agencies. There are lots of concentric rings of security,” he added. “The biometric data is not used except for enrolment, re-duplication and authentication.”

Internet rights groups and activists such as Sunil Abraham of the Centre for Internet and Society (CIS), a research thinktank that focuses on issues of Internet governance, have often raised concerns over UID’s overtly broad scope and privacy issues in the project.

“We don’t need Aadhaar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the Internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies,” Abraham wrote in a blog post on the CIS website last year.

Nilekani also acknowledged that the department had faced several challenges, due to the sheer scale of the project that aims to cover the country’s entire population of 1.2 billion.

“We have had lots of challenges on this project—we have backlogs of enrolment because we have more packets than we can process, we backlogs of letter deliveries because we cannot handle so many letters…but fundamentally notwithstanding those challenges, we believe we are on the right track,” said Nilekani.

Both UIDAI and the census department under the National Population Register project are recording biometric data, which includes fingerprint and iris data. Even though both the agencies reached a truce after a cabinet decision in January 2012 and were allowed to co-exist, there have been several reports of duplication between the two agencies in biometric collection.

UIDAI is not just being used as the main platform for rolling out the government’s direct cash transfer scheme, but is also being regarded as an important authentication scheme for financial transactions and other security measures.

For more details visit https://cis-india.org/news/livemint-anirban-sen-june-29-2013-issue-of-duplication-of-identities-of-users-under-control

A 'Kannada' Wikipedia Workshop for Bloggers

pavanaja — 2013-07-03T10:19:56Z

On Sunday, June 23, 2013, a day-long Kannada Wikipedia workshop was conducted at Suchitra, Bengaluru for Kannada bloggers by the Centre for Internet and Society's Access to Knowledge (CIS-A2K) team. This blog post gives a report on the workshop.

There was a demand from Kannada bloggers that they need some orientation on editing Kannada Wikipedia. There were informal talks on this since the last 2-3 months on when and how the event should be organised. CIS-A2K collaborated with Suchitra Film and Cultural Society, Bengaluru and Avadhi. G N Mohan of Avadhi and Prakash Belavadi of Suchitra helped in getting the conference room of Suchitra available for the workshop.

Announcement was made in the KannadaWikipedia group of Facebook. This group has more than 2000 members. One member even sent a message questioning the wisdom of inviting everyone for the workshop. He asked, "can we accommodate all the people if they turn up?" However, I was quite sure that not more than 25 will turn up. The reason being the condition that participants should come with their own laptops and internet connections. As the workshop date neared, more and more people began registering for participation. The number reached 56 on the previous night. I sent a message requesting people to reconfirm the participation as the conference room could accommodate 25 people only. Few people withdrew and only 13 persons reconfirmed.

June 23, being a Sunday, the personnel at Suchitra came to open the room only at 9.50 a.m. Myself and some participants were there at 9.20 a.m. itself. Once everyone settled down, there was an issue with the projector. My ultrabook has only a mini HDMI port. I keep an HDMI-to-VGA converter and have been using it from the last 2-3 workshops. It worked well at those places. But on June 23, it refused to work. I then exchanged my ultrabook with another participant and the presentation and workshop begun. I had sent some tutorial files to all those who confirmed participation. All of them came and surprisingly, there were two more participants, who hadn't confirmed their participation. That accelerated the participation by them. This itself was very encouraging. That means the participants who came that day were really serious of editing Wikipedia.

The workshop was conducted intermixing presentation and hands-on. By evening everyone had learnt how to edit Wikipedia, how to create headings, sub-headings, bulleted lists, text, numbered text, how to insert Wiki links as well as external links, etc. People picked up inserting reference as well quite quickly. Since majority of them were bloggers, they already knew the concepts but wanted to know the Wiki syntax which they picked up by the end of the workshop.

Harish M G, who is an admin with Kannada Wikipedia joined the workshop and helped in clearing many advanced doubts.

The result of the workshop is quite encouraging. Most of them have added contents and edited some existing pages as well. Thanks are due to Suchitra for sponsoring the venue and to Avadhi for co-organising this event.

Additional photos are here - https://commons.wikimedia.org/wiki/Category:Kannada_Wikipedia_workshop_for_bloggers_at_Suchitra

For more details visit https://cis-india.org/openness/blog-old/kannada-wikipedia-workshop-bloggers

A Treat for the Blind

praskrishna — 2013-07-11T06:02:27Z

The WIPO treaty will provide copyright exceptions on books making them available to blind people in formats they can use.

The article by Chitra Narayanan was published in Business World on June 26, 2013. Pranesh Prakash is quoted.

For millions of visually impaired people around the globe, it’s a landmark treaty that could open up the kingdom of books for them. After days of intense deliberations at Marrakesh in Morrocco, about 600 World Intellectual Property Organisation (Wipo) negotiators, including delegates from India, reached a consensus on a treaty that will provide copyright exceptions on books making them available to blind people in formats they can use.

Wipo, a United Nations agency, is dedicated to the use of intellectual property as a means of stimulating innovation and creativity. The agency has 186 member states.

Sure, content is king. But for the visually impaired, the right platform for accessing content is what makes the difference. Thanks to audio books, a host of apps, and digital platforms such as Bookshare, which provides content in accessible formats, the technology is already there to bring the rich world of 'hardcovers' and 'paperbacks' alive for those who cannot see. What’s more, these books are compatible with all kinds of devices from mobile phones to tablets to PCs.

Now, at last, there is legal sanction as well to content that was not being made available in accessible formats by the copyrights holders. For the 15 million people who are blind in India, the treaty is expected to open education doors as well as provide entertainment needs. India has the world’s largest number of blind people.

Bangalore-based Centre for Internet Society, a policy research organisation, has been at the forefront of negotiations at WIPO to get the treaty through. Minutes after the session concluded, Pranesh Prakash, policy Director at CIS and his colleague Sunil Abraham were tweeting ecstatically about the “win”.

For five long years, this Wipo treaty has witnessed contentious discussions on issues such as including exports of copyrighted works, translations of copyrighted works and so on. According to Prakash, who responded over twitter, “On Exports we won, but re-exports which was earlier permitted has become much more difficult.”

There are also other grainy areas such as commercial availability of the books. According to a post on the Intellectual Property Watch website, soon after the agreement was reached, commercial availability still stands under Article 4 (National Law Limitations and Exceptions on Accessible Format Copies) but has disappeared from Article 5 (cross border exchange of accessible format copies).

Although blind music legend Stevie Wonder, one of the most ardent supporters of the treaty, must be crooning Signed, Sealed, Delivered... it’s early days yet. The draft of the treaty has to be ratified by governments before being adopted.

But for five long years, it has been a long hard battle between copyright owners and those fighting for human rights of the visually impaired. Finally, as one observer, put it: 'a rare victory is in sight for human rights'.

For more details visit https://cis-india.org/news/business-world-june-26-2013-chitra-narayanan-a-treat-for-the-blind

The State is Snooping: Can You Escape?

snehashish — 2019-04-29T15:09:18Z

Blanket surveillance of the kind envisaged by India's Centralized Monitoring System achieves little, but blatantly violates the citizen's right to privacy; Snehashish Ghosh explores why it may be dangerous and looks at potential safeguards against such intrusion.

The Snowden Leaks have made it amply clear that the covert surveillance conducted by governments is no longer covert. Information by its very nature is prone to leaks. The discretion lies completely in the hands of the personnel handling your data or information. Whether it is through knowledge obtained by an intelligence analyst about the US Government conducting indiscriminate surveillance, or hackers infiltrating a secure system and leaking personal information, stored information has a tendency to come out in the open sooner or later.

This raises the question whether, with the advancement of technologies, we should trust our personal information and data with computers. Should we have more stringent laws and procedural safeguards to protect our personal information? Of course, the broader question that remains is whether we have a ‘Right to be Forgotten’.

Similar to PRISM in the US, India is also implementing a Centralized Monitoring System (CMS) which would have the capabilities to conduct multiple privacy-intrusive activities, ranging from call data record analysis to location based monitoring. Given the circumstances and the current revelations by a whistleblower in the US, it is more than imperative to take a closer look at the surveillance technologies which are being deployed by India and question what implications it might have in the future.

Technological shift and procedural safeguards
The need for procedural safeguards was brought to light in the Supreme Court case, when news reports surfaced about the tapping of politicians' phones by the CBI. The Court while deciding on the issue of phone tapping in the case of People’s Union of Civil Liberties v. Union of India (1996), observed that the Indian Telegraph Act, 1885 is an ancient legislation and does not address the issue of telephone tapping. Thereafter, the court issued guidelines, which were implemented by the Government by amending and inserting Rule 419A of the Indian Telegraph Rules, 1951. These procedural safeguards ensure that due process will be followed by any law enforcement agency, while conducting surveillance.

Section 5(2) of the Indian Telegraph Act, 1885 grants the power to the Government to conduct surveillance provided that there is an occurrence of any public emergency or public safety. If and only if the conditions of public safety and public emergency are compromised, and if the concerned authority is convinced that it is expedient to issue such an order for interception in the interest of “the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence” is surveillance legitimized. The same was reaffirmed by the Supreme Court in the 1996 judgment on wire tapping.

Now, as the Government of India is planning to launch a new technology, the Centralized Monitoring System (CMS) which would snoop, track and monitor communication data flowing through telecom and data networks, the question arises: can we have procedural safeguards which would protect our right to privacy against technologies such as the CMS?

The key component of a procedural safeguard is human discretion; either a court authorization or an order from a high ranking government official is necessary to conduct targeted surveillance and the reasons for conducting surveillance have to be recorded in writing. This is the procedure which is ordinarily followed by law enforcement agencies before conducting any form of surveillance. However, with the computational turn, governments have resorted to practices which would do away with the human discretion. Dragnet surveillance allows for blanket surveillance. Before getting to the problems in evolving a due process for systems like CMS, it is imperative to examine the capabilities of the system.

Centralized Monitoring System and death of due process
Setting up of a CMS was conceptualized in India after the 2008 Mumbai attacks. It was further consolidated and found a place in the Report of the Telecom Working Group on the Telecom Sector for the Twelfth Five Year Plan (2012-2017). The Report was published in August, 2011 and goes into the details of the CMS.

When machines and robots are deployed to conduct blanket surveillance and impinge on the most fundamental right to life and liberty, and also violate the basic tenets of due process, then much cannot be done by way of procedures. What then do we resort to, is the primary question. Can there be a compromise between the right to privacy and security?

The Report indicates that the technology will cater to “the requirements of security management for law enforcement agencies for interception, monitoring, data analysis/mining, antiâ€socialâ€networking using the country’s telecom infrastructure for unlawful activities.”

The CMS will also be capable of running algorithms for interception of connection oriented networks, algorithms for interception of voice over internet protocol (VoIP), video over IP and GPS based monitoring systems. These algorithms would be able to intercept any communication without any intervention from the telecom or internet service provider. It would also have the capability to intercept and analyze data on any communication network as well as to conduct location based monitoring by tracking GPS locations. Given such capabilities, it is clear that a computer system will be sifting through the internet/communication data and will conduct surveillance as instructed through algorithms. This would include identifying patterns, profiling and also storing data for posterity. Moreover, the CMS will have direct access to the telecommunication infrastructure and would be monitoring all forms of communication.

With the introduction of CMS, state surveillance will shift to blanket surveillance from the current practice of targeted surveillance which can be carried out under specific circumstances that are well defined in the law and in judgments. Moreover, when it comes to current means of surveillance, there are well-defined procedures under the law which have the ability to prevent misuse of the surveillance systems. This is not to say that the current procedural safeguards under the laws are not prone to abuse, but if implemented properly, there is less chance of them being misused. Furthermore, with strong privacy and data protection laws, unlawful and illegal surveillance can be minimized.

In the current legal framework, with respect to surveillance, if CMS is implemented then it will be in violation of the fundamental right to privacy and freedom of speech as guaranteed under our Constitution. It will be also in contravention of the procedural safeguards laid down in the Supreme Court judgement and the Rule 419A of Indian Telegraph Rules, thereof. Strong privacy laws and data protection laws may be put in place, which are completely absent now. But at the end of the day, a machine will be spying on every citizen of India or anyone using any communication services, without any specific targets or suspects.

In the People’s Union of Civil Liberties v. Union of India (1996), the Supreme Court laid down that “the substantive law as laid down in Section 5(2) of the [Indian Telegraph Act, 1885] must have procedural backing so that the exercise of power is fair and reasonable.” But with technologies such as CMS, it will be very difficult to have any form of procedural backing because the system would do away with human discretion which happens to be a key ingredient of any legal procedure.

The argument which can be made in favour of CMS, if any, is that a machine will be going through personal data and it will not be available to any personnel or law enforcement agency without authorization and therefore, it will adhere to the due process. However, such a system will be keeping track of all personal information. Right to privacy is the right to be left alone and any incursion on this fundamental right can only be allowed in special cases, in cases of public emergency or threat of public safety. So, electronic blanket surveillance without human intervention also amounts to violation of the substantive law, which specifically allows surveillance only to be conducted under certain conditions, and not through a system such as CMS that is designed to keep a constant watch on everyone, irrespective of the fact whether there is a need to do so.

Additionally, there exists a strong, pre-established notion that whatever comes out of a computer is bound to be true and authentic and there cannot be any mistakes. We have witnessed this in the past where an IT professional from Bangalore was arrested and detained by the Maharashtra Police for posting derogatory content on Orkut about Shivaji. Later, it was found that the records acquired from the Internet Service Provider were incorrect and the individual had been arrested and detained illegally.

Telephone bills, credit card bills coming out from a computer system are often held to be authentic and error-free. With UID, our identity has been reduced to a number and biometrics stored in a database corresponding to that number. It is this trust in anything which comes out of a computer or a machine that can lead to massive abuse of the system in the absence of any form of checks and balance in place. Artificial things taking control over human lives and our almost unflinching trust in technology will not only cause gross violations of privacy but will also be the death of due process and basic human rights as we know it.

In this regard, due emphasis should be given to the landmark Supreme Court judgment in the case of Maneka Gandhi v. Union of India (1978) which deals with issues related to due process and privacy. It states that "procedure which deals with the modalities of regulating, restricting or even rejecting a fundamental right falling within Article 21 has to be fair, not foolish, carefully designed to effectuate, not to subvert, the substantive right itself. Thus, understood, ‘procedure’ must rule out anything arbitrary, freakish or bizarre. A valuable constitutional right can be canalised only by canalised processes".

When machines and robots are deployed to conduct blanket surveillance and impinge on the most fundamental right to life and liberty and also violate the basic tenets of due process, then much cannot be done by way of procedures. What then do we resort to, is the primary question. Can there be a compromise between the right to privacy and security?

A no-win situation
In reality, dragnet surveillance or blanket surveillance is not very useful for gathering valuable intelligence to prevent instances of threat to national security, public safety and public emergency. For example, if the CMS is used to mine data, analyse content related to anti-social activities and even if the system is 99 per cent accurate, the remaining 1 per cent which is a false positive happens to be a large set. So, 1 out of every 100 individuals identified as an anti-social element by CMS may actually be an innocent citizen. Given the possibility of false positives and which may be more than 1 per cent, the number of innocent citizens caught in the terrorist net would be much higher.

Even though blanket surveillance or dragnet surveillance can keep a tab on everyone, it is nearly impossible for an algorithm to separate the terrorists from the rest. Moreover, the data set collected by the machine is too big for any human analyst, to actually analyze and identify the terrorist in the midst of a deluge of information. Therefore, the argument that a system like CMS will ensure security in lieu of minor intrusions of privacy is a flawed one. Implementation of CMS will not really ensure security but will be a case of blatant violation of individual’s right to privacy anyway.

What is perhaps more shocking is that not only will CMS be futile in preventing security breaches or neutralizing security threats, it will on the contrary expose individual Indian citizens to breach of personal security. If personal data and information are stored for future reference through a centralized mechanism, which is also the case with UID, it will be highly susceptible to attacks and security threats. It will be a Pandora’s Box with a potential to create havoc the moment someone is able to gain access to the information with intention to misuse that. Leaking of personal information and data on a large scale can be detrimental to society and give rise to instances of public emergency.

The ‘Right to be Forgotten’

Currently, the European Union is engulfed in the debate on the “Right to be Forgotten” laws. The Right to be Forgotten finds its origins in the French Law le droit Ã l’oubli or the right of oblivion, where a convict who has served his sentence can object to the publication of facts of his conviction and imprisonment or penalty. This law has a new found meaning in the context of social media and the internet, where we have the right to delete all our personal information permanently. This is an important issue which India should debate and discuss, as we live in an era where privacy comes at a cost.

On the one hand, technology has made it easier to track, trace, monitor and snoop, on the other it has also seen innovation in the field of encryption and anonymity tools. Encryption tools such as Open PGP exist online, which can secure information from third party access. Tor Browser, allows an user to surf the web anonymously. The use of such technologies should be encouraged as there is no law which prohibits their use. If systems are being built to spy on us, it will be better if we use technologies which protect our personal information from such surveillance technologies.

For more details visit https://cis-india.org/internet-governance/blog/india-together-june-26-2013-snehashish-ghosh-the-state-is-snooping-can-you-escape