Centre for Internet and Society

Submission to UN High Level Panel on Digital Cooperation

Admin — 2019-02-19T00:55:04Z

For more details visit https://cis-india.org/internet-governance/files/submission-to-un-high-level-panel-on-digital-cooperation

Civil Liberties Groups Warn Proposed EU 'Terrorist Content' Rule a Threat to Democratic Values

Admin — 2019-02-19T00:49:00Z

Requiring filtering tools would be "a gamble with European Internet users' rights to privacy and data protection, freedom of expression and information, and non-discrimination and equality before the law."

The blog post by Jessica Corbett was published by Common Dreams on February 5, 2019. Centre for Internet & Society was a signatory.

Dozens of human rights groups and academics have signed on to an open letter (pdf) raising alarm about the European Union's proposed Regulation on Preventing the Dissemination of Terrorist Content Online, warning that its call for Internet hosts to employ "proactive measures" to censor such content "will almost certainly lead platforms to adopt poorly understood tools" at the expense of democratic values across the globe.

One of those tools is the Hash Database developed by Facebook, YouTube, Microsoft, and Twitter. The 13 companies that use the database—which supposedly contains 80,000 images and videos—can automatically filter out material deemed "extreme" terrorist content. However, as the letter explains, "almost nothing is publicly known about the specific content that platforms block using the database, or about companies' internal processes or error rates, and there is insufficient clarity around the participating companies' definitions of 'terrorist content.'"

"Countering terrorist violence is a shared priority, and our point is not to question the good intentions of the database operators. But lawmakers and the public have no meaningful information about how well the database or any other existing filtering tool serves this goal, and at what cost to democratic values and individual human rights," notes the letter, whose signatories include the American Civil Liberties Union (ACLU), the Brennan Center for Justice, the Electronic Frontier Foundation (EFF), and the European Digital Rights (EDRi).

As an EDRi statement outlines, among the groups' main concerns are the following:

Lack of transparency of how the database works, and its effectiveness, proportionality, and appropriateness to achieve the goals the Terrorist Content Regulation aims to achieve;
How filters are unable to understand the context and therefore they are error-prone; and
Regardless of the possibility of filters to be accurate in the future, the pervasive online monitoring on disadvantaged and marginalized individuals.

Given the uncertainties over the effectiveness and societal costs of such tools, the letter charges that "requiring all platforms to use black-box tools like the database would be a gamble with European Internet users' rights to privacy and data protection, freedom of expression and information, and non-discrimination and equality before the law."

With those fundamental rights under threat, the groups are calling on members of the European Parliament "to reject proactive filtering obligations; provide sound, peer-reviewed research data supporting policy recommendations and legal mandates around counter-terrorism; and refrain from enacting laws that will drive Internet platforms to adopt untested and poorly understood technologies to restrict online expression."

Read the full letter:

Dear Members of the European Parliament,

The undersigned organizations write to share our concerns about the EU’s proposed Regulation on Preventing the Dissemination of Terrorist Content Online, and in particular the Regulation’s call for Internet hosts to use “proactive measures” to detect terrorist content. We are concerned that if this Regulation is adopted, it will almost certainly lead platforms to adopt poorly understood tools, such as the Hash Database referenced in the Explanatory Memorandum to the Regulation and currently overseen by the Global Internet Forum to Counter Terrorism. Countering terrorist violence is a shared priority, and our point is not to question the good intentions of the Database operators. But lawmakers and the public have no meaningful information about how well the Database or any other existing filtering tool serves this goal, and at what cost to democratic values and individual human rights. We urge you to reject proactive filtering obligations; provide sound, peer-reviewed research data supporting policy recommendations and legal mandates around counter-terrorism; and refrain from enacting laws that will drive Internet platforms to adopt untested and poorly understood technologies to restrict online expression.

The Database was initially developed by Facebook, YouTube, Microsoft, and Twitter as a voluntary measure, and announced to the public in 2016. It contains digital hash “fingerprints” of images and4videos that platforms have identified as “extreme” terrorist material, based not on the law but on their own Community Guidelines or Terms of Service. The platforms can use automated filtering tools to identify and remove duplicates of the hashed images or videos. As of 2018, the Database was said to contain hashes representing over 80,000 images or videos. At least thirteen companies now use the Database, and some seventy companies have reportedly discussed adopting it.

Almost nothing is publicly known about the specific content that platforms block using the Database, or about companies’ internal processes or error rates, and there is insufficient clarity around the participating companies’ definitions of “terrorist content.” Furthermore, there are no reports about how many legal processes or investigations were opened after the content was blocked. This data would be crucial to understand to what extent the measures are effective and necessary in a democratic society, which are some of the sine qua non requisites for restrictions of fundamental rights. We do know, however, of conspicuous problems that seemingly result from content filtering gone awry. The Syrian Archive, a civil society organization preserving evidence of human rights abuses in Syria, for example, reports that YouTube deleted over 100,000 of its videos. Videos and other content which may be used in one context to advocate terrorist violence may be essential elsewhere for news reporting, combating terrorist recruitment online, or scholarship. Technical filters are blind to these contextual differences. As three United Nations special rapporteurs noted in a December 2018 letter, this problem raises serious concerns about free expression rights under the proposed Regulation. It is far from clear whether major platforms like YouTube or Facebook adequately correct for this through employees’ review of filtering decisions—and it seems highly unlikely that smaller platforms could even attempt to do so, if required to use the Database or other filtering tools.

Failures of this sort seriously threaten Internet users’ rights to seek and impart information. The pervasive monitoring that platforms carry out in order to filter users’ communications also threatens privacy and data protection rights. Moreover, these harms do not appear to be equally distributed, but instead disproportionately disadvantage individual Internet users based on their ethnic background, religion, language, or location—in other words, harms fall on users who might already be marginalized. More extensive use of the Database and other automated filtering tools will amplify the risk of harms to users whose messages and communications about matters of urgent public concern may be wrongly removed by platforms. The United Nations Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism has expressed concern about this lack of clarity, and said that Facebook’s rules for classifying organizations as terrorist are “at odds with international humanitarian law”.

Due to the opacity of the Database’s operations, it is impossible to assess the consequences of its nearly two years of operation. The European public is being asked to rely on claims by platforms or vendors about the efficacy of the Database and similar tools—or else to assume that any current problems will be solved by hypothetical future technologies or untested, post-removal appeal mechanisms. Such optimistic assumptions cannot be justified given the serious problems researchers have found with the few filtering tools available for independent review. Requiring all platforms to use black-box tools like the Database would be a gamble with European Internet users’ rights to privacy and data protection, freedom of expression and information, and non-discrimination and equality before the law. That gamble is neither necessary nor proportionate as an exercise of state power.

EU institutions’ embrace of the database and other filtering tools will also have serious consequences for Internet users all over the world, including in countries where various of the undersigned organizations work to protect human rights. For one thing, when platforms filter a video or image in response to a European authority’s request, it will likely disappear for users everywhere—even if it is part of critical news reporting or political discourse in other parts of the world. For another, encoding proactive measures to filter and remove content in an EU regulation gives authoritarian and authoritarian-leaning regimes the cover they need to justify their own vaguely worded and arbitrarily applied anti-terrorism legislation. Platforms that have already developed content filtering capabilities in order to comply with EU laws will find it difficult to resist demands to use them in other regions and under other laws, to the detriment of vulnerable Internet users around the globe. Your decisions in this area will have global consequences.

Signatories:
Access Now; Africa Freedom of Information Centre; Agustina Del Campo, in an individual capacity (Center for Studies on Freedom of Expression CELE); American Civil Liberties Union (ACLU); ApTI Romania; Article 19; Bits of Freedom; Brennan Center for Justice; Catalina Botero Marino, in an individual capacity (Former Special Rapporteur of Freedom of Expression of the Organization of American States; Center for Democracy & Technology (CDT); Centre for Internet and Society; Chinmayi Arun, in an individual capacity; Damian Loreti, in an individual capacity; Daphne Keller, in an individual capacity (Stanford CIS); Derechos Digitales · América Latina; Digital Rights Watch; Electronic Frontier Finland; Electronic Frontier Foundation (EFF); Electronic Frontier Norway; Elena Sherstoboeva, in an individual capacity (Higher School of Economics); European Digital Rights (EDRi); Hermes Center; Hiperderecho; Homo Digitalis; IT-Pol; Joan Barata, in an individual capacity (Stanford CIS); Krisztina Rozgonyi, in an individual capacity (University of Vienna); Open Rights Group; Open Technology Institute at New America; Ossigeno; Pacific Islands News Association (PINA); People Over Politics; Prostasia Foundation; R3D: Red en Defensa de los Derechos Digitales; Sarah T. Roberts, Ph.D., in an individual capacity; Southeast Asian Press Alliance; Social Media Exchange (SMEX), Lebanon; WITNESS; and Xnet.

For more details visit https://cis-india.org/internet-governance/news/jessica-corbett-common-dreams-february-5-2019-civil-liberties-groups-warn-proposed-eu-terrorist-content-rule-threat-democratic

Even years later, Twitter doesn't delete your direct messages

Zack Whittaker and Natasha Lomas — 2019-02-18T14:17:54Z

When does “delete” really mean delete? Not always, or even at all, if you’re Twitter .

The blog post by Zack Whittaker and Natasha Lomas was published in Tech Crunch on February 15, 2019. Karan Saini was quoted.

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini.

Saini found years-old messages in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also reported a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts.

Saini told TechCrunch that he had “concerns” that the data was retained by Twitter for so long.

Direct messages once let users “unsend” messages from someone else’s inbox, simply by deleting it from their own. Twitter changed this years ago, and now only allows a user to delete messages from their account. “Others in the conversation will still be able to see direct messages or conversations that you have deleted,” Twitter says in a help page. Twitter also says in its privacy policy that anyone wanting to leave the service can have their account “deactivated and then deleted.” After a 30-day grace period, the account disappears, along with its data.

But, in our tests, we could recover direct messages from years ago — including old messages that had since been lost to suspended or deleted accounts. By downloading your account’s data, it’s possible to download all of the data Twitter stores on you.

A conversation, dated March 2016, with a suspended Twitter account was still retrievable today (Image: TechCrunch)

Saini says this is a “functional bug” rather than a security flaw, but argued that the bug allows anyone a “clear bypass” of Twitter mechanisms to prevent accessed to suspended or deactivated accounts.

But it’s also a privacy matter, and a reminder that “delete” doesn’t mean delete — especially with your direct messages. That can open up users, particularly high-risk accounts like journalist and activists, to government data demands that call for data from years earlier.

That’s despite Twitter’s claim that once an account has been deactivated, there is “a very brief period in which we may be able to access account information, including tweets,” to law enforcement.

A Twitter spokesperson said the company was “looking into this further to ensure we have considered the entire scope of the issue.”

Retaining direct messages for years may put the company in a legal grey area ground amid Europe’s new data protection laws, which allows users to demand that a company deletes their data.

Neil Brown, a telecoms, tech and internet lawyer at U.K. law firm Decoded Legal, said there’s “no formality at all” to how a user can ask for their data to be deleted. Any request from a user to delete their data that’s directly communicated to the company “is a valid exercise” of a user’s rights, he said.

Companies can be fined up to four percent of their annual turnover for violating GDPR rules.

“A delete button is perhaps a different matter, as it is not obvious that ‘delete’ means the same as ‘exercise my right of erasure’,” said Brown. Given that there’s no case law yet under the new General Data Protection Regulation regime, it will be up to the courts to decide, he said.

When asked if Twitter thinks that consent to retain direct messages is withdrawn when a message or account is deleted, Twitter’s spokesperson had “nothing further” to add.

For more details visit https://cis-india.org/internet-governance/news/zack-whittaker-natasha-lomas-february-15-2019-tech-crunch-even-years-later-twitter-doesnt-delete-your-direct-messages

Data Infrastructures and Inequities: Why Does Reproductive Health Surveillance in India Need Our Urgent Attention?

Aayush Rathi and Ambika Tandon — 2019-12-30T16:44:32Z

In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article by Aayush Rathi and Ambika Tandon posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices unveils the gendered power differentials wedded into taken-for-granted “benign” monitoring processes. The unpacking of the Mother and Child Tracking System and the National Health Stack reveals the neo-liberal aspirations of the Indian state.

The article was first published by EPW Engage, Vol. 54, Issue No. 6, on 9 February 2019.

Framing Reproductive Health as a Surveillance Question

The approach of the postcolonial Indian state to healthcare has been Malthusian, with the prioritisation of family planning and birth control (Hodges 2004). Supported by the notion of socio-economic development arising out of a “modernisation” paradigm, the target-based approach to achieving reduced fertility rates has shaped India’s reproductive and child health (RCH) programme (Simon-Kumar 2006).

This is also the context in which India’s abortion law, the Medical Termination of Pregnancy (MTP) Act, was framed in 1971, placing the decisional privacy of women seeking abortions in the hands of registered medical practitioners. The framing of the MTP act invisibilises females seeking abortions for non-medical reasons within the legal framework. The exclusionary provisions only exacerbated existing gaps in health provisioning, as access to safe and legal abortions had already been curtailed by severe geographic inequalities in funding, infrastructure, and human resources. The state has concomitantly been unable to meet contraceptive needs of married couples or reduce maternal and infant mortality rates in large parts of the country, mediating access along the lines of class, social status, education, and age (Sanneving et al 2013).

While the official narrative around the RCH programme transitioned to focus on universal access to healthcare in the 1990s, the target-based approach continues to shape the reality on the ground. The provision of reproductive healthcare has been deeply unequal and, in some cases, in hospitals. These targets have been known to be met through the practice of forced, and often unsafe, sterilisation, in conditions of absence of adequate provisions or trained professionals, pre-sterilisation counselling, or alternative forms of contraception (Sama and PLD 2018). Further, patients have regularly been provided cash incentives, foreclosing the notion of free consent, especially given that the target population of these camps has been women from marginalised economic classes in rural India.

Placing surveillance studies within a feminist praxis allows us to frame the reproductive health landscape as more than just an ill-conceived, benign monitoring structure. The critical lens becomes useful for highlighting that taken-for-granted structures of monitoring are wedded with power differentials: genetic screening in fertility clinics, identification documents such as birth certificates, and full-body screeners are just some of the manifestations of this (Adrejevic 2015). Emerging conversations around feminist surveillance studies highlight that these data systems are neither benign nor free of gendered implications (Andrejevic 2015). In continual remaking of the social, corporeal body as a data actor in society, such practices render some bodies normative and obfuscate others, based on categorisations put in place by the surveiller.

In fact, the history of surveillance can be traced back to the colonial state where it took the form of systematic sexual and gendered violence enacted upon indigenous populations in order to render them compliant (Rifkin 2011; Morgensen 2011). Surveillance, then, manifests as a “scientific” rationalisation of complex social hieroglyphs (such as reproductive health) into formats enabling administrative interventions by the modern state. Lyon (2001) has also emphasised how the body emerged as the site of surveillance in order for the disciplining of the “irrational, sensual body”—essential to the functioning of the modern nation-state—to effectively happen.

Questioning the Information and Communications Technology for Development (ICT4D) and Big Data for Development (BD4D) Rhetoric

Information and Communications Technology (ICT) and data-driven approaches to the development of a robust health information system, and by extension, welfare, have been offered as solutions to these inequities and exclusions in access to maternal and reproductive healthcare in the country.

The move towards data-driven development in the country commenced with the introduction of the Health Management Information System in Andhra Pradesh in 2008, and the Mother and Child Tracking System (MCTS) nationally in 2011. These are reproductive health information systems (HIS) that collect granular data about each pregnancy from the antenatal to the post-natal period, at the level of each sub-centre as well as primary and community health centre. The introduction of HIS comprised cross-sectoral digitisation measures that were a part of the larger national push towards e-governance; along with health, thirty other distinct areas of governance, from land records to banking to employment, were identified for this move towards the digitalised provisioning of services (MeitY 2015).

The HIS have been seen as playing a critical role in the ecosystem of health service provision globally. HIS-based interventions in reproductive health programming have been envisioned as a means of: (i) improving access to services in the context of a healthcare system ridden with inequalities; (ii) improving the quality of services provided, and (iii) producing better quality data to facilitate the objectives of India’s RCH programme, including family planning and population control. Accordingly, starting 2018, the MCTS is being replaced by the RCH portal in a phased manner. The RCH portal, in areas where the ANMOL (ANM Online) application has been introduced, captures data real-time through tablets provided to health workers (MoHFW 2015).

A proposal to mandatorily link the Aadhaar with data on pregnancies and abortions through the MCTS/RCH has been made by the union minister for Women and Child Development as a deterrent to gender-biased sex selection (Tembhekar 2016). The proposal stems from the prohibition of gender-biased sex selection provided under the Pre-Conception and Pre-Natal Diagnostics Techniques (PCPNDT) Act, 1994. The approach taken so far under the PCPNDT Act, 2014 has been to regulate the use of technologies involved in sex determination. However, the steady decline in the national sex ratio since the passage of the PCPNDT Act provides a clear indication that the regulation of such technology has been largely ineffective. A national policy linking Aadhaar with abortions would be aimed at discouraging gender-biased sex selection through state surveillance, in direct violation of a female’s right to decisional privacy with regards to their own body.

Linking Aadhaar would also be used as a mechanism to enable direct benefit transfer (DBT) to the beneficiaries of the national maternal benefits scheme. Linking reproductive health services to the Aadhaar ecosystem has been critiqued because it is exclusionary towards women with legitimate claims towards abortions and other reproductive services and benefits, and it heightens the risk of data breaches in a cultural fabric that already stigmatises abortions. The bodies on which this stigma is disproportionately placed, unmarried or disabled females, for instance, experience the harms of visibility through centralised surveillance mechanisms more acutely than others by being penalised for their deviance from cultural expectations. This is in accordance with the theory of "data extremes,” wherein marginalised communities are seen as living on the extremes of data capture, leading to a data regime that either refuses to recognise them as legitimate entities or subjects them to overpolicing in order to discipline deviance (Arora 2016). In both developed and developing contexts, the broader purpose of identity management has largely been to demarcate legitimate and illegitimate actors within a population, either within the framework of security or welfare.

Potential Harms of the Data Model of Reproductive Health Provisioning

Informational privacy and decisional privacy are critically shaped by data flows and security within the MCTS/RCH. No standards for data sharing and storage, or anonymisation and encryption of data have been implemented despite role-based authentication (NHSRC and Taurus Glocal 2011). The risks of this architectural design are further amplified in the context of the RCH/ANMOL where data is captured real-time. In the absence of adequate safeguards against data leaks, real-time data capture risks the publicising of reproductive health choices in an already stigmatised environment. This opens up avenues for further dilution of autonomy in making future reproductive health choices.

Several core principles of informational privacy, such as limitations regarding data collection and usage, or informed consent, also need to be reworked within this context.^[1] For instance, the centrality of the requirement of “free, informed consent” by an individual would need to be replaced by other models, especially in the context of reproductive health of rape survivors who are vulnerable and therefore unable to exercise full agency. The ability to make a free and informed choice, already dismantled in the context of contemporary data regimes, gets further precluded in such contexts. The constraints on privacy in decisions regarding the body are then replicated in the domain of reproductive data collection.

What is uniform across these digitisation initiatives is their treatment of maternal and reproductive health as solely a medical event, framed as a data scarcity problem. In doing so, they tend to amplify the understanding of reproductive health through measurable indicators that ignore social determinants of health. For instance, several studies conducted in the rural Indian context have shown that the degree of women’s autonomy influences the degree of usage of pregnancy care, and that the uptake of pregnancy care was associated with village-level indicators such as economic development, provisioning of basic infrastructure and social cohesion. These contextual factors get overridden in pervasive surveillance systems that treat reproductive healthcare as comprising only of measurable indicators and behaviours, that are dependent on individual behaviour of practitioners and women themselves, rather than structural gaps within the system.

While traditionally associated with state governance, the contemporary surveillance regime is experienced as distinct from its earlier forms due to its reliance on a nexus between surveillance by the state and private institutions and actors, with both legal frameworks and material apparatuses for data collection and sharing (Shepherd 2017). As with historical forms of surveillance, the harms of contemporary data regimes accrue disproportionately among already marginalised and dissenting communities and individuals. Data-driven surveillance has been critiqued for its excesses in multiple contexts globally, including in the domains of predictive policing, health management, and targeted advertising (Mason 2015). In the attempts to achieve these objectives, surveillance systems have been criticised for their reliance on replicating past patterns, reifying proximity to a hetero-patriarchal norm (Haggerty and Ericson 2000). Under data-driven surveillance systems, this proximity informs the preexisting boxes of identity for which algorithmic representations of the individual are formed. The boxes are defined contingent on the distinct objectives of the particular surveillance project, collating disparate pieces of data flows and resulting in the recasting of the singular offline self into various 'data doubles' (Haggerty and Ericson 2000). Refractive, rather than reflective, the data doubles have implications for the physical, embodied life of individual with an increasing number of service provisioning relying on the data doubles (Lyon 2001). Consider, for instance, apps on menstruation, fertility, and health, and wearables such as fitness trackers and pacers, that support corporate agendas around what a woman’s healthy body should look, be or behave like (Lupton 2014). Once viewed through the lens of power relations, the fetishised, apolitical notion of the data “revolution” gives way to what we may better understand as “dataveillance.”

Towards a Networked State and a Neo-liberal Citizen

Following in this tradition of ICT being treated as the solution to problems plaguing India’s public health information system, a larger, all-pervasive healthcare ecosystem is now being proposed by the Indian state (NITI Aayog 2018). Termed the National Health Stack, it seeks to create a centralised electronic repository of health records of Indian citizens with the aim of capturing every instance of healthcare service usage. Among other functions, it also envisions a platform for the provisioning of health and wellness-based services that may be dispensed by public or private actors in an attempt to achieve universal health coverage. By allowing private parties to utilise the data collected through pullable open application program interfaces (APIs), it also fits within the larger framework of the National Health Policy 2017 that envisions the private sector playing a significant role in the provision of healthcare in India. It also then fits within the state–private sector nexus that characterises dataveillance. This, in turn, follows broader trends towards market-driven solutions and private financing of health sector reform measures that have already had profound consequences on the political economy of healthcare worldwide (Joe et al 2018).

These initiatives are, in many ways, emblematic of the growing adoption of network governance reform by the Indian state (Newman 2001). This is a stark shift from its traditional posturing as the hegemonic sovereign nation state. This shift entails the delayering from large, hierarchical and unitary government systems to horizontally arranged, more flexible, relatively dispersed systems.^[2] The former govern through the power of rules and law, while the latter take the shape of self-regulating networks such as public–private contractual arrangements (Snellen 2005). ICTs have been posited as an effective tool in enabling the transition to network governance by enhancing local governance and interactive policymaking enabling the co-production of knowledge (Ferlie et al 2011). The development of these capabilities is also critical to addressing “wicked problems” such as healthcare (Rittel and Webber 1973).^[3] The application of the techno-deterministic, data-driven model to reproductive healthcare provision, then, resembles a fetishised approach to technological change. The NHSRC describes this as the collection of data without an objective, leading to a disproportional burden on data collection over use (NHSRC and Taurus Glocal 2011).

The blurring of the functions of state and private actors is reflective of the neo-liberal ethic, which produces new practices of governmentality. Within the neo-liberal framework of reproductive healthcare, the citizen is constructed as an individual actor, with agency over and responsibility for their own health and well-being (Maturo et al 2016).

“Quantified Self” of the Neo-liberal Citizen

Nowhere can the manifestation of this neo-liberal citizen can be seen as clearly as in the “quantified self” movement. The quantified self movement refers to the emergence of a whole range of apps that enable the user to track bodily functions and record data to achieve wellness and health goals, including menstruation, fertility, pregnancies, and health indicators in the mother and baby. Lupton (2015) labels this as the emergence of the “digitised reproductive citizen,” who is expected to be attentive to her fertility and sexual behaviour to achieve better reproductive health goals. The practice of collecting data around reproductive health is not new to the individual or the state, as has been demonstrated by the discussion above. What is new in this regime of datafication under the self-tracking movement is the monetisation of reproductive health data by private actors, the labour for which is performed by the user. Focusing on embodiment draws attention to different kinds of exploitation engendered by reproductive health apps. Not only is data about the body collected and sold, the unpaid labour for collection is extracted from the user. The reproductive body can then be understood as a cyborg, or a woman-machine hybrid, systematically digitising its bodily functions for profit-making within the capitalist (re)production machine (Fotoloulou 2016). Accordingly, all major reproductive health tracking apps have a business model that relies on selling information about users for direct marketing of products around reproductive health and well-being (Felizi and Varon nd).

As has been pointed out in the case of big data more broadly, reproductive health applications (apps) facilitate the visibility of the female reproductive body in the public domain. Supplying anonymised data sets to medical researchers and universities fills some of the historical gaps in research around the female body and reproductive health. Reproductive and sexual health tracking apps globally provide their users a platform to engage with biomedical information around sexual and reproductive health. Through group chats on the platform, they are also able to engage with experiential knowledge of sexual and reproductive health. This could also help form transnational networks of solidarity around the body and health (Fotopoulou 2016).

This radical potential of network-building around reproductive and sexual health is, however, tempered to a large extent by the reconfiguration of gendered stereotypes through these apps. In a study on reproductive health apps on Google Play Store, Lupton (2014) finds that products targeted towards female users are marketed through the discourse of risk and vulnerability, while those targeted towards male users are framed within that of virility. Apart from reiterating gendered stereotypes around the male and female body, such a discourse assumes that the entire labour of family planning is performed by females. This same is the case with the MCTS/RCH.

Technological interventions such as reproductive health apps as well as HIS are based on the assumption that females have perfect control over decisions regarding their own bodies and reproductive health, despite this being disproved in India. The Guttmacher Institute (2014) has found that 60% of women in India report not having control over decisions regarding their own healthcare. The failure to account for the husband or the family as stakeholder in decision-making around reproductive health has been a historical failure of the family planning programme in India, and is now being replicated in other modalities. This notion of an autonomous citizen who is able to take responsibility of their own reproductive health and well-being does not hold true in the Indian context. It can even be seen as marginalising females who have already been excluded from the reproductive health system, as they are held responsible for their own inability to access healthcare.

Concluding Remarks

The interplay that emerges between reproductive health surveillance and data infrastructures is a complex one. It requires the careful positioning of the political nature of data collection and processing as well as its hetero-patriarchal and colonial legacies, within the need for effective utilisation of data for achieving developmental goals. Assessing this discourse through a feminist lens identifies the web of power relations in data regimes. This problematises narratives of technological solutions for welfare provision.

The reproductive healthcare framework in India then offers up a useful case study to assess these concerns. The growing adoption of ICT-based surveillance tools to equalise access to healthcare needs to be understood in the socio-economic, legal, and cultural context where these tools are being implemented. Increased surveillance has historically been associated with causing the structural gendered violence that it is now being offered as a solution to. This is a function of normative standards being constructed for reproductive behaviour that necessarily leave out broader definitions of reproductive health and welfare when viewed through a feminist lens. Within the larger context of health policymaking in India, moves towards privatisation then demonstrate the peculiarity of dataveillance as it functions through an unaccountable and pervasive overlapping of state and private surveillance practises. It remains to be seen how these trends in ICT-driven health policies affect access to reproductive rights and decisional privacy for millions of females in India and other parts of the global South.

For more details visit https://cis-india.org/internet-governance/blog/data-infrastructures-inequities-reproductive-health-surveillance-india

Intermediary Liability Rules 2018.pdf

karan — 2019-02-07T07:32:23Z

For more details visit https://cis-india.org/internet-governance/resources/Intermediary%20Liability%20Rules%202018.pdf

Submission to UN High Level Panel on Digital Co-operation.pdf

karan — 2019-02-07T07:18:44Z

For more details visit https://cis-india.org/internet-governance/submission-to-un-high-level-panel-on-digital-co-operation.pdf

Dissent on Aadhaar: New book highlights limitations of ID project, legal and tech opposition to it

Admin — 2019-02-02T13:13:07Z

In 2010, a year after the UIDAI was constituted, three of its functionaries visited internationally-renowned developmental economist Professor Reetika Khera.

The article by Partha P Chakrabartty was published in First Post on February 2, 2019.

They were hoping to get her endorsement on how Aadhaar would prove ‘transformational’ for reducing corruption in social schemes like PDS and NREGA. Khera writes, ‘Upon reading their policy documents on PDS and NREGA, I was aghast because they betrayed a complete lack of understanding of the problem they were trying to address’. What had begun as a PR exercise by the UIDAI ended up creating one of its most acute critics. Professor Khera’s latest salvo, Dissent on Aadhaar: Big Data Meets Big Brother, has just been published by Orient BlackSwan, and is on shelves now.

Dissent on Aadhaar, edited by Professor Khera, brings together in one volume an array of experts commenting on the universal ID project. Given its many facets, she has included Anumeha Yadav, a journalist, who has been tirelessly reporting on Aadhar from the field; economists, including the celebrated Jean Drèze; lawyers, including civil liberties expert Dr Usha Ramanathan; and technologists like Sunil Abraham, of Mozilla Foundation and the Center for Internet and Society. The book is rounded off by international experts comparing Aadhaar to digital/universal ID projects in other countries. The picture they paint is not rosy.

‘Dissent’ on Aadhaar might not seem new to us, the English-speaking population of India. We all remember the storm of tweets and memes when Aadhaar was declared mandatory for everything from bank accounts to a mobile phone connection. We also saw through the September 2018 Supreme Court verdict, where Aadhaar was ruled optional for opening a bank account, but secretly remained mandatory due to its link with the PAN card. While some of the themes mentioned in this book, like concerns over privacy, have filtered down to our conversations, the book reveals that we haven’t even begun to scratch the surface.

Khera debunks the prevailing popular wisdom around Aadhaar in the opening chapters, sometimes even using the Government’s own data. Was Aadhaar necessary to create because there were many Indians without a legal ID? Aadhaar data says, only 0.03 percent of Aadhaar enrollments were by people without existing IDs, using the ‘introducer’ system. Were existing IDs compromised, necessitating an overhaul of our national ID systems? If so, how is it that those very compromised IDs were used to create the Aadhaar database? And what of the loopholes in the Aadhaar system, like cards for dogs and gods? These egregious pranks may have been caught, but what of less obvious aberrations?

Does Aadhaar prevent fraud? Here, Khera points out there are three kinds of fraud: identity fraud, eligibility fraud, and quantity fraud; Aadhaar only provides some measure of protection against the first. Khera’s previous studies have shown that the most prominent kind of fraud in India’s social schemes is quantity fraud. Even eligibility fraud, where citizens claim benefits reserved for others, cannot be checked by Aadhaar, as eligibility depends upon a separate set of documents.

Finally, does Aadhaar ease access to government schemes and benefits for the poorest? Here, what has seemed farcical quickly becomes tragic.

In a country where basic infrastructure in terms of electricity and mobile phone connections is poor, can a digital ID system like Aadhaar really ease the process of disbursement? Anumeha Yadav provides the on-ground reality — in Bhim Block, Rajsamand District, Rajasthan, 1,799 pensioners were declared dead because they failed to open Aadhaar-linked bank accounts in time. A door-to-door campaign conducted by the Mazdoor Kisan Shakti Sanghatan found that 1,308 of these were actually alive, and had been denied their rightful pensions. Yadav quotes a Dainik Bhaskar estimate that 1 lakh of Rajasthan’s 2.97 lakh pensioners had been inaccurately declared dead.

If these ideas are so far off the mark, how did they come to take root in our minds? How come there was no meaningful opposition to prevent this Himalayan blunder? Khera quotes the father of Aadhaar himself, Nandan Nilekani, who outlined his three-point strategy to overwhelm opposition: Do it quickly, do it quietly, and build a coalition of powerful interests who will overpower any opposition.

Nilekani’s strategy worked beautifully. A damning 2011 Parliamentary Standing Committee on Finance Report, which deemed UIDAI categorically unacceptable, was mostly ignored. The Rajya Sabha’s concerns and suggested amendments were circumvented by passing off the Aadhaar bill as a Money bill (requiring passage only in the Lok Sabha), even though its ambit was much wider than just allotment of financial resources. The Supreme Court itself had a lone dissenter, Justice Chandrachud, who published a note to that effect.

Opposition has not come just from activist, legal and parliamentary sources. Sunil Abraham, a technologist, speaks of the many alternatives UIDAI had to its present system of a centralised biometric database, and its many vulnerabilities, including the theft of data, and the difficulty of correcting input errors. An alternative would have been to have smart cards that stored encrypted biometric information on the card itself, instead of in a centralised database; a conjunction of card-and-fingerprint would make the system secure from identity fraud. Abraham warns of high-resolution cameras that can be used by governments and private interests to identify fingerprints even at a distance, for instance of protestors in a marching crowd.

But what happened when Abraham’s Centre for Internet and Society (CIS) published a report stating the Government had inadvertently leaked millions of identification numbers? The Government sent them several legal notices. A researcher from CIS also spoke of visits from officials from the Home Ministry and from the police. One policeman even asked the researcher, ‘How was that trip to Turkey?’, demonstrating the extent of their surveillance.

If Aadhaar was not created for all the things the UIDAI claimed, what was its true intent? We can guess from the way Aadhaar insiders, like ex-Chief Product Manager Vivek Raghavan, who ‘volunteered’ for Aadhaar between October 2010 and June 2013, went on to found Khosla Labs, with its for-profit Aadhaar Bridge product. When the Supreme Court struck down the sharing of Aadhaar data with private companies in its September 2018 judgment, private interests dropped their masks and have started campaigning for a reversal. Dr Usha Ramanathan covers this in her chapter, making sense of the new, hybrid public-private entity that UIDAI represented, and its consequences.

And what did the government get out of it? Considering how it used its existing might to harass CIS, can you imagine what its expanded capabilities with Aadhaar will achieve for anyone who critiques their functioning? And how many critics who see something wrong in policy or execution will hesitate before saying something for fear of persecution? This ‘chilling effect’ is already spreading — just speak to anyone who critiques the government, and how often they have been advised to stop doing so.

Many of the big battles when it comes to Aadhaar have already been lost. 1.2 billion people have yielded up their biometric information; Aadhaar, which had started off as voluntary, has become mandatory to access basic rights of citizenship, and this has been upheld by the Supreme Court; India has ignored best practices from other countries and lessons from other such attempts, and has therefore squandered a historic opportunity to do this digital ID right.

Far though this juggernaut has rolled, the experts in this book are still offering warnings; while there has been substantial harm already, especially to the rural poor and the elderly, the worst damage is yet to occur. While the State has power to gain from defending UIDAI, and private interests have millions in profits to reap, the scholars and activists in this book have no millions to make, and are indeed staking both their personal safety, and their professional reputations in putting forward a narrative that goes so far against the dominant one. I trust readers will give their thoroughly-researched essays a fair hearing.

The writer wishes to acknowledge the contribution of Prasun Chakrabartty in researching and clarifying this piece.

For more details visit https://cis-india.org/a2k/news/first-post-partha-p-chakrabartty-february-2-2019-dissent-on-aadhaar

Marathi Wikipedia Workshop & 1lib1ref session at Goa University

subodh — 2019-03-01T00:35:44Z

Marathi language department of Goa University has initiated the process to document the culture of Goa on Marathi Wikipedia and Commons.

As this was the first exposure to Wikimedia projects, a two day extensive training workshop was planned. In the same event, a three hour session in library as part of 1lib1ref session was also conducted. CIS-A2K has partnered Goa University for conducting the event which attracted a footfall of 36 participants.

Primary objectives

The following objectives were broadly covered in the sessions held at Goa University campus on 31 January and 1 February 2019:

Awareness about digital knowledge in Marathi, Open knowledge resources and Wikimedia projects.
Explain participants the history of Wiki movement and the pillars of Wikipedia.
Train the participants in basic editing skills in Wikipedia.
Explore the ways to find reliable and verifiable references.
Present the article structure, manual of style, and categorization.
Explain copyright, Commons guidelines and uploading images on Wikipedia.
Discuss follow-up plan and integration with academic activities.
Add reliable references as part of 1lib1ref session in library.

The Workshop

The practice of Marathi typing in Unicode was carried out through preparing articles as Word document. The students selected the articles on history of Goa, writers and artists of Goa, tourism in Goa and villages in Goa. Participants learnt basic editing skills, adding references and uploading on Commons. They worked first in sandboxes on their new articles. The content addition is in progress. The verified content would be moved to main namespace under the guidance of experienced editors.

The concept of 1lib1ref campaign was shared with Chief Librarian of Goa University. The response was very positive. As a result, in the last two sessions of the workshop on 1 February, the participants added references to the articles. The session was conducted in the library. The library staff and faculty facilitated the process.

Follow-up

The editors are preparing the articles in sandboxes and offline also. It is proposed to conduct another iteration to verify and publish this content in main namespace. The students are also taking the images of issues related to Goan culture. The exclusive session on Commons is also proposed. The librarian has suggested making separate rack of reference books related to Goa culture and heritage for utility. This idea will be explored in the next 1lib1ref iteration in May-June 2019.

For more info see the Meta report

For more details visit https://cis-india.org/a2k/blogs/marathi-wikipedia-workshop-1lib1ref-session-at-goa-university

India’s largest bank SBI leaked account data on millions of customers

Admin — 2019-02-01T15:13:15Z

India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions.

The blog post by Zack Whittaker was published Tech Crunch on January 30, 2019. Karan Saini was quoted.

The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500.

But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.

It’s not known for how long the server was open, but long enough for it to be discovered by a security researcher, who told TechCrunch of the leak, but did not want to be named for the story.

SBI Quick allows SBI’s banking customers to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts. It’s ideal for millions of the banking giant’s customers who don’t use smartphones or have limited data service. By using predefined keywords, like “BAL” for a customer’s current balance, the service recognizes the customer’s registered phone number and will send back the current amount in that customer’s bank account. The system can also be used to send back the last five transactions, block an ATM card and make inquiries about home or car loans.

It was the back-end text message system that was exposed, TechCrunch can confirm, storing millions of text messages each day.

A redacted example of some of the banking and credit information found in the database (Image: TechCrunch)

The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer’s partial bank account number. Some would say when a check had been cashed, and many of the bank’s sent messages included a link to download SBI’s YONO app for internet banking.

The bank sent out close to three million text messages on Monday alone.

The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers’ finances.

We verified the data by asking India-based security researcher Karan Saini to send a text message to the system. Within seconds, we found his phone number in the database, including the text message he received back.

“The data available could potentially be used to profile and target individuals that are known to have high account balances,” said Saini in a message to TechCrunch. Saini previously found a data leak in India’s Aadhaar, the country’s national identity database, and a two-factor bypass bug in Uber’s ridesharing app.

Saini said that knowing a phone number “could be used to aid social engineering attacks — which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

SBI claims more than 500 million customers across the glob,e with 740 million accounts.

Just days earlier, SBI accused Aadhaar’s authority, UIDAI, of mishandling citizen data that allowed fake Aadhaar identity cards to be created, despite numerous security lapses and misuse of the system. UIDAI denied the report, saying there was “no security breach” of its system. (UIDAI often uses the term “fake news” to describe coverage it doesn’t like.)

TechCrunch reached out to SBI and India’s National Critical Information Infrastructure Protection Centre, which receives vulnerability reports for the banking sector. The database was secured overnight.

Despite several emails, SBI did not comment prior to publication.

For more details visit https://cis-india.org/internet-governance/news/tech-crunch-zak-whittaker-january-30-2019-indias-largest-bank-sbi-leaked-account-data-on-millions-of-customers

January 2019 Newsletter

praskrishna — 2019-03-03T16:34:21Z

The Centre for Internet & Society (CIS) welcomes you to the first issue of its e-Newsletter for 2019.

The CIS newsletter aims to highlight developments in copyright and patent, free speech and expression, privacy, cyber security, telecom, etc. as well as Industry 4.0, big data, additive manufacturing and so on which are revolutionizing and moving the digital world forward. Through this newsletter we look to engage you with our research and build a strong bond by bringing you insightful articles and blog posts which will be beneficial for you and your business. Throughout the year we will send you stories and insights from our board, staff and community leaders. We welcome your feedback, suggestions or comments regarding our newsletter or any other aspect of our research.

Welcome to r@w blog!

CIS researchers@work programme (RAW) is delighted to announce the launch of its new blog hosted on Medium. The RAW blog will feature works by researchers and practitioners working in India and elsewhere at the intersections of internet, digital media, and society. The blog will also feature highlights and materials from ongoing research and events at the researchers@work programme.

Highlights for January 2019

Ambika Tandon and Aayush Rathi have produced a research paper that contextualises the narrative around Industry 4.0 and the future of work with reference to the female labour force in India.
Gurshabad Grover, Nikhil Srinath and Aayush Rathi (with inputs from Anubha Sinha and Sai Shakti) presented a response to the Telecom Regulatory Authority of India’s Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services. CIS appreciates the continual efforts of TRAI to have consultations on the regulatory framework that should be applicable to OTT services and Telecom Service Providers (TSPs).
Pranesh Prakash, Karan Saini and Elonnai Hickok authored a policy brief that recommends several changes pertaining to current legislation, policy and practice to the Government of India regarding coordinated vulnerability disclosure (“CVD”) for improving the overarching information and cyber security posture of the country.
The Global Commission on the Stability of Cyberspace, a multi-stakeholder initiative comprised of eminent individuals across the globe opened a public comment procedure to solicit comments and obtain additional feedback. Arindrajit Basu, Gurshabad Grover and Elonnai Hickok responded to the public call-offering comments on all six norms and proposing two further norms.

CIS and the News

The following news pieces were authored by CIS and published on its website in January:

How to make EVMs hack-proof, and elections more trustworthy (Pranesh Prakash; Times of India; December 9, 2018).
Registering for Aadhaar in 2019 (Sunil Abraham; Business Standard; January 2, 2019).
The DNA Bill has a sequence of problems that need to be resolved (Shweta Mohandas and Elonnai Hickok; Newslaundry; January 15, 2019).
India should reconsider its proposed regulation of online content (Gurshabad Grover; Hindustan Times; January 24, 2019). Akriti Bopanna and Aayush Rathi provided feedback for the article.
India’s proposed new internet bill is as repressive as the worst of Chinese laws (Nishant Shah; Indian Express; January 27, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Creeped out by Netflix's 'You'? Here's how you can avoid online stalkers, data thieves (Sanyukta Dharmadhikari; The News Minute; January 10, 2019).
Civic activism over WhatsApp and stories of and from cab drivers are part of a new narrative in Bengaluru (Sowmya Rajaram; Bangalore Mirror; January 13, 2019).
They know where you are (Tini Sara Anien; Deccan Herald; January 17, 2019).
Oyo Hotels’ Real-Time Digital Record Database Sparks Privacy Fears (Nishant Sharma; Bloomberg Quint; January 16, 2019).
Is the viral #10YearChallenge just another sneaky way for tech firms to gather users’ personal data? (Devarsi Ghosh; Scroll.in; January 18, 2019).
Google Gives Wikimedia Millions—Plus Machine Learning Tools (Wired; January 22, 2019).
New movies lose out due to piracy (Surupasree Sarmmah; Deccan Herald; January 23, 2019).
Submitted Your Biometrics for Aadhaar? Here’s How You Can Lock/Unlock That Data (Vidya Raja; Better India; January 24, 2019).
India’s largest bank SBI leaked account data on millions of customers (Zack Whittaker; Tech Crunch; January 30, 2019).
Open standards can disrupt Facebook’s messaging monopoly (Abhimanyu Ghoshal; The Next Web; January 30, 2019).
Conmen seed fake phone numbers in Google to trap people looking for customer care details (Tushar Kaushik; Economic Times; January 30, 2019).
Amazon and Walmart are about to take a big hit in India (Q13 Fox; January 31, 2019).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Cyber Security

Submission

Response to GCSC on Request for Consultation: Norm Package Singapore (Gurshabad Grover, Arindrajit Basu and Elonnai Hickok; January 22, 2019).

Policy Brief

Leveraging the Coordinated Vulnerability Disclosure Process to Improve the State of Information Security in India (Pranesh Prakash; Karan Saini and Elonnai Hickok; January 23, 2019).

Privacy

Submission

CIS Submission to UN High Level Panel on Digital Co-operation (Aayush Rathi, Ambika Tandon, Arindrajit Basu and Elonnai Hickok; January 30, 2019).

Gender

Research Paper

A Gendered Future of Work (Ambika Tandon and Aayush Rathi; December 19, 2018).

Event Organized

RFCs We Love meetup (Organized by CIS and India Internet Engineering Society; CIS, Bangalore; January 19, 2019).

Events Participated / Partnered In

Webinar on the draft Intermediary Guidelines Amendment Rules (Organized by CCAOI and the ISOC Delhi Chapter; New Delhi; January 10, 2019). Gurshabad Grover was a discussant in the panel.
MediaNama roundtables on intermediary liability rules (St. Marks Hotel, Bangalore; January 25, 2019). CIS was a community partner. Gurshabad Grover participated in the meeting.
DSCI's Bangalore chapter meet (Organized by Data Security Council of India; Bangalore; January 29, 2019). Karan Saini and Gurshabad Grover participated in the meet.

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions.

Submission

Response to TRAI Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services (Gurshabad Grover, Nikhil Srinath and Aayush Rathi with inputs from Anubha Sinha and Sai Shakti; January 10, 2019).

Researchers at Work (RAW)

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Announcement

Internet Researchers' Conference 2019 (IRC19): #List, Jan 30 - Feb 1, Lamakaan (P.P. Sneha; January 9, 2019).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/january-19-newsletter

Open standards can disrupt Facebook’s messaging monopoly

Admin — 2019-02-02T01:59:37Z

Facebook made the news last week when The New York Times’ Mike Isaac reported that CEO Mark Zuckerberg intended to integrate the company’s three messaging platforms: WhatsApp, Messenger, and Instagram.

The blog post by Abhimanyu Ghoshal was published in The Next Web on January 30, 2019. Pranesh Prakash was quoted.

We don’t have all the details of exactly how this will work. The plan is still in its early stages, and there are plenty of moving parts – legal and technical – to take care of. What’s clear is this: with more than 2.6 billion users between the platforms, this is set to impact a lot of people if it goes through – and potentially many hundreds of millions more in the following years.

While the specifics of the move are yet to be revealed, a move like this could help Facebook create more detailed profiles of its users. Even if the company encrypts communications end-to-end as it seemed to imply in its responses to NYT, it could still leverage communications metadata to target ads more accurately than you might think.

Here’s an example: without looking at your messages (because they’re encrypted), Facebook could gather data on who you chat with most often and for how long, later correlating that with the recipients’ interests from Instagram. It could then show you ads for gifts that contact may like, right around the time their birthday comes up.

Integrating these platforms could also bolster Facebook’s efforts to keep users tied into its ecosystem. That’s problematic, when you consider the larger your network of contacts is on the company’s services, the harder it is for you to leave them and use an alternative you’re more comfortable with.

Is there a way out? Pranesh Prakash – a Fellow at the Center for Internet and Society, as well as a Fellow at the New America think tank – believes that the answer lies not in breaking up Facebook over privacy laws, but in competition, and regulators at the government level should demand Facebook use open standards for its messaging platforms.

Prakash explained that standards like SMTP and IMAP, which are used for facilitating email exchanges, allow for interoperability between services run by different organizations. They also let users choose the client apps they prefer for accessing their inboxes.

Facebook’s messaging services, meanwhile, run on closed standards and don’t play nice with platforms created by third parties.

This results in people becoming trapped in Facebook’s ecosystem: even if you’re opposed to using the company’s products, you can’t realistically ditch them all because your friends and family are all using its platforms.

In case you’re worried about open-source protocols not being up to the task of serving massive networks like the ones Facebook operates, consider the fact that WhatsApp runs on FunXMPP, a customized version of the open XMPP set of standards that anyone can use for their own projects.

If Facebook is doing the difficult legwork of unifying the underlying technical infrastructure of its three apps, Prakash argues, it’d do well to make its new protocol public and open-source. That way, anyone should be able to use the company’s services to reach people just the same as when they choose to use a service created by a separate entity.

Prakash said that the only way diminishing Facebook’s power in this regard is to open up access to its network of users. In doing so, it will see people stick with the company’s services because they like using them, not because they can’t stay in touch with their contacts.

Questions surrounding Facebook’s monopolistic domination of the messaging space will inevitably crop up when the company implements Zuckerberg’s plan, and this sounds like a healthy way to tackle those issues.

Naturally, that seems like it’d hurt Facebook’s bottom line – but it’s important to start thinking about realistic measures to comply with antitrust law – or risk being booted from countries that don’t appreciate the way the company does business.

For more details visit https://cis-india.org/internet-governance/news/the-next-web-abhimanyu-ghoshal-january-30-2019-open-standards-can-disrupt-facebooks-messaging-monopoly

Google Gives Wikimedia Millions—Plus Machine Learning Tools

Admin — 2019-02-02T12:52:37Z

Google is pouring an additional $3.1 million into Wikipedia, bringing its total contribution to the free encyclopedia over the past decade to more than $7.5 million, the company announced at the World Economic Forum Tuesday.

The article was published by WIRED on January 22, 2019.

A little over a third of those funds will go toward sustaining current efforts at the Wikimedia Foundation, the nonprofit that runs Wikipedia, and the remaining $2 million will focus on long-term viability through the organization’s endowment.

Google will also begin allowing Wikipedia editors to use several of its machine learning tools for free, the tech giant said. What's more, Wikimedia and Google will soon broaden Project Tiger, a joint initiative they launched in 2017 to increase the number of Wikipedia articles written in underrepresented languages in India, and to include 10 new languages in a handful of countries and regions. It will now be called GLOW, Growing Local Language Content on Wikipedia.

It’s certainly positive that Google is investing more in Wikipedia, one of the most popular and generally trustworthy online resources in the world. But the decision isn’t altruistic: Supporting Wikipedia is also a shrewd business decision that will likely benefit Google for years to come. Like other tech companies, including Amazon, Apple, and Facebook, Google already uses Wikipedia content in a number of its own products. When you search Google for “Paris,” a “knowledge panel” of information about the city will appear, some of which is sourced from Wikipedia. The company also has used Wikipedia articles to train machine learning algorithms, as well as fight misinformation on YouTube.

Even efforts like GLOW—which will now expand to Indonesia, Mexico, and Nigeria, as well as the Middle East and North Africa—can help Google’s own bottom line. When the initiative first launched in India, Google provided Chromebooks and internet access to editors, while the Centre for Internet and Society and the Wikimedia India Chapter organized a three-month article writing competition that resulted in nearly 4,500 new Wikipedia articles in 12 different Indic languages. Smartphone penetration in India is only around 27 percent; as more people in the country start using Android smartphones and Google Search, those articles will make the tech giant’s products more useful. Wikipedia’s blog post announcing Google’s new investment makes this strategy fairly clear, noting that the company also provided Project Tiger with “insights into popular search topics on Google for which no or limited local language content exists on Wikipedia.”

Google is also providing Wikipedia free access to its Custom Search API and its Cloud Vision API, which will help the encyclopedia’s volunteer editors more easily cite the facts they use. Each time a Wikipedia editor adds a new piece of information to an article, they need to cite the source where they learned it. The Search API will allow them quickly look up sources on the web without having to leave Wikipedia, while the vision tool will let editors automatically digitize books so they can be used to support Wikipedia articles too. Earlier this month, Wikimedia also announced Google Translate was coming to Wikipedia, allowing editors to convert content into 15 additional languages, bringing the total available to 121.

These machine learning tools will absolutely make it easier for Wikipedia to reach people who speak languages currently underrepresented on the web. But the encyclopedia is also the reason many AI programs exist in the first place. For example, Google-owned Jigsaw has used Wikipedia, in part, to train its open source troll-fighting AI. The encyclopedia is also used by hundreds of other AI platforms, particularly because every Wikipedia article is under Creative Commons—meaning it can be reproduced for free without copyright restrictions. Apple’s Siri and Amazon’s Alexa smart assistants use information from Wikipedia to answer questions, for instance. (Both companies also have donated to the Wikimedia Foundation as well.)

Google’s new investments in Wikipedia, specifically in GLOW, will address a genuine problem. The majority of Wikipedia’s tens of millions of articles are in English or European languages like French, German, and Russian. (There are also lots of articles in Swedish and two versions of Filipino, but most of these pages were created by a prolific bot). As the estimated half of Earth’s population that still lacks an internet connection comes online, it will be important that reliable information is available in the native languages people speak. That doesn’t mean, though, that in helping solve these issues companies like Google—or Facebook—don’t also have something to gain.

For more details visit https://cis-india.org/a2k/news/wired-january-22-2019-google-wikipedia-machine-learning-glow-languages

GCSC_RFC-CIS.pdf

Arindrajit Basu, Gurshabad Grover and Elonnai Hickok — 2019-01-22T08:12:38Z

For more details visit https://cis-india.org/response-to-gcsc-on-request-for-consultation-norm-package-singapore

IRC19: #List - Conference Programme

sumandro — 2019-01-31T06:33:28Z

For more details visit https://cis-india.org/raw/irc19-list-conference-programme

The DNA Bill has a sequence of problems that need to be resolved

Shweta Mohandas and Elonnai Hickok — 2019-01-15T02:36:11Z

In its current form, it’s far from comprehensive and fails to adequately address privacy and security concerns.

The opinion piece was published by Newslaundry on January 14, 2019.

On January 9, Science and Technology Minister Harsh Vardhan introduced the DNA Technology (Use and Application) Regulation Bill, 2018, amidst opposition and questions about the Bill’s potential threat to privacy and the lack of security measures. The Bill aims to provide for the regulation of the use and application of DNA technology for certain criminal and civil purposes, such as identifying offenders, suspects, victims, undertrials, missing persons and unknown deceased persons. The Schedule of the Bill also lists civil matters where DNA profiling can be used. These include parental disputes, issues relating to immigration and emigration, and establishment of individual identity. The Bill does not cover the commercial or private use of DNA samples, such as private companies providing DNA testing services for conducting genetic tests or for verifying paternity.

The Bill has seen several iterations and revisions from when it was first introduced in 2007. However, after repeated expert consultations, the Bill even at its current stage is far from a comprehensive legislation. Experts have articulated concerns that the version of the Bill that was presented post the Puttaswamy judgement still fails to make provisions that fully uphold the privacy and dignity of the individual. The hurry to pass the Bill by pushing for it by extending the winter session and before the Personal Data Protection Bill is brought before Parliament is also worrying. The Bill was passed in the Lok Sabha with only one amendment: which changed the year of the Bill from 2018 to 2019.

Need for a better-drafted legislation

Although the Schedule of the Bill includes certain civil matters under its purview, some important provisions are silent on the procedure that is to be followed for these civil matters. For example, the Bill necessitates the consent of the individual for DNA profiling in criminal investigation and for identifying missing persons. However, the Bill is silent on the requirement for consent in all civil matters that have been brought under the scope of the Bill.

The omission of civil matters in the provisions of the Bill that are crucial for privacy is just one of the ways the Bill fails to ensure privacy safeguards. The civil matters listed in the Bill are highly sensitive (such as paternity/maternity, use of assisted reproductive technology, organ transplants, etc.) and can have a far-reaching impact on a number of sections of society. For example, the civil matters listed in the Bill affect women not just in the case of paternity disputes but in a number of matters concerning women including the Domestic Violence Act and the Prenatal Diagnostic Techniques Act. Other matters such as pedigree, immigration and emigration can disproportionately impact vulnerable groups and communities, raising raises concerns of discrimination and abuse.

Privacy and security concerns

Although the Bill makes provisions for written consent for the collection of bodily substances and intimate bodily substances, the Bill allows non-consensual collection for offences punishable by death or imprisonment for a term exceeding seven years. Another issue with respect to collection with consent is the absence of safeguards to ensure that consent is given freely, especially when under police custody. This issue was also highlighted by MP NK Premachandran when he emphasised that the Bill be sent to a Parliamentary Standing Committee.

Apart from the collection, the Bill fails to ensure the privacy and security of the samples. One such example of this failure is Section 35(b), which allows access to the information contained in the DNA Data Banks for the purpose of training. The use of these highly sensitive data—that carry the risk of contamination—for training poses risks to the privacy of the people who have deposited their DNA both with and without consent.

An earlier version of the Bill included a provision for the creation of a population statistics databank. Though this has been removed now, there is no guarantee that this provision will not make its way through regulation. This is a cause for concern as the Bill also covers certain civil cases including those relating to immigration and emigration.

Conclusion

In July 2018, the Justice Sri Krishna Committee released the draft Personal Data Protection Bill. The Bill was open for public consultation and is now likely to be introduced in Parliament in June. The PDP Bill, while defining “sensitive personal data”, provides an exhaustive list of data that can be considered sensitive, including biometric data, genetic data and health data. Under the Bill, sensitive personal data has heightened parameters for collection and processing, including clear, informed, and specific consent. Ideally, the DNA Bill should be passed after ensuring that it is in line with the PDP Bill.

The DNA Bill, once it becomes a law, will allow for law enforcement authorities to collect sensitive DNA data and database the same for forensic purposes without a number of key safeguards in place with respect to security and the rights of individuals. In 2016 alone, 29,75,711 crimes under various provisions the Indian Penal Code were reported. One can only guess the sheer number of DNA profiles and related information that will be collected from both criminal and specified civil cases. The Bill needs to be revised to reduce all ambiguity with respect to the civil cases, and also to ensure that it is in line with the data protection regime in India. A comprehensive privacy legislation should be enacted prior to the passing of this Bill.

There are still studies and cases that show that DNA testing can be fallible. The Indian government needs to ensure that there is proper sensitisation and training on the collection, storage and use of DNA profiles as well as the recognition and awareness of the fact that the DNA tests are not infallible amongst key stakeholders, including law enforcement and the judiciary.

For more details visit https://cis-india.org/internet-governance/blog/newslaundry-elonnai-hickok-and-shweta-mohandas-january-14-2019-dna-bill-has-a-sequence-of-problems-that-need-to-be-resolved