Centre for Internet and Society

Big Brother is here: Amid snooping row, govt report says monitoring system 'practically complete'

Admin — 2018-12-26T15:22:27Z

The recently released 2017-18 annual report of the Centre for Development of Telematics (C-DOT) says that surveillance equipment is being rolled out in 21 service areas across the country.

The article by Keerthana Sankaran was published in New Indian Express on December 26, 2018.

While last week's government order on snooping caused an uproar, the Centre's plans for a far-reaching monitoring system have been in the making for almost a decade -- with the groundwork being done by the previous UPA regime. The recently released 2017-18 annual report of the Centre for Development of Telematics (C-DOT) says that India’s ‘Central Monitoring System’ (CMS) is “practically complete”, confirming that the Orwellian ‘Big Brother’ is here.

The report says that surveillance equipment is being rolled out in 21 service areas across the country and operations have commenced in 12 service areas. The system will monitor and intercept calls and messages.

The government claims the CMS is based on the Telegraph Act of 1885 which states that the central or state government may intercept messages if the government is “satisfied that it is necessary or expedient to do so in the interests of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence.”

Even though the surveillance system was publicly announced in 2009, C-DOT’s annual report of 2007-2008 had hinted at a testing phase for a “lawful interception, monitoring” system.

A post from the website of the Centre for Internet and Society describes how the CMS could work. Network providers are all required to give interconnected Regional Monitoring Centres access to their network servers. The article also points out that there is no law that describes the CMS.

The CMS was approved by the Cabinet Committee on Security during the UPA government in 2011, receiving flak from experts and the press for not safeguarding the citizen’s right to privacy. However, in a Lok Sabha session in May 2016, Telecom Minister Ravi Shankar Prasad said that the system is for the “process of lawful interception”, adding that regional monitoring centres in Delhi and Mumbai had been operationalised.

The latest C-DOT report also talks about a Centre of Excellence for Lawful Interception being set up, which would use high-end technologies - such as open source intelligence, image processing and search engine tools to scan Twitter and Facebook - for surveillance.

On Thursday, the Ministry of Home Affairs released a notification, authorising 10 central agencies to intercept, monitor and decrypt any "information generated, transmitted, received or stored in any computer." While the public and opposition parties expressed alarm over the new order, the C-DOT report clearly shows that state surveillance plans are already in an advanced stage.

These government moves are taking place despite the August 2017 landmark judgement by the Supreme Court, which declared the right to privacy as a fundamental right which will protect citizens from intrusive activities by the state.

For more details visit https://cis-india.org/internet-governance/news/new-indian-express-keerthana-sankaran-december-26-2018-big-brother-is-here-amid-snooping-row-govt-report-says-monitoring-system-practically-complete

Feminist Methodology in Technology Research

ambika — 2018-12-25T15:17:02Z

For more details visit https://cis-india.org/internet-governance/feminist-methodoloty-in-technology-research.pdf

European E-Evidence Proposal and Indian Law

vipul — 2018-12-23T16:45:02Z

In April of 2018, the European Union issued the proposal for a new regime dealing with cross border sharing of data and information by issuing two draft instruments, an E-evidence Regulation (“Regulation”) and an E-evidence Directive (“Directive”), (together the “E-evidence Proposal”). The Regulation is a direction to states to put in place the proper legislative and regulatory machinery for the implementation of this regime while the Directive requires the states to enact laws governing service providers so that they would comply with the proposed regime.

The main feature of the E-evidence Proposal is twofold: (i) establishment of a legal regime whereunder competent authorities can issue European Production Orders (EPOs) and European Preservation Orders (EPROs) to entities in any other EU member country (together the “Data Orders”); and (ii) an obligation on service providers offering services in any of the EU member countries to designate legal representatives who will be responsible for receiving the Data Orders, irrespective of whether such entity has an actual physical establishment in any EU member country.

In this article we will briefly discuss the framework that has been proposed under the two instruments and then discuss how service providers based in India whose services are also available in Europe would be affected by these proposals. The authors would like to make it clear that this article is not intended to be an analysis of the E-evidence Proposal and therefore shall not attempt to bring out the shortcomings of the proposed European regime, except insofar as such shortcomings may affect the service providers located in India being discussed in the second part of the article.

Part I - E-evidence Directive and Regulation

The E-evidence Proposal introduces the concept of binding EPOs and EPROs. Both Data Orders need to be issued or validated by a judicial authority in the issuing EU member country. A Data Order can be issued to seek preservation or production of data that is stored by a service provider located in another jurisdiction and that is necessary as evidence in criminal investigations or a criminal proceeding. Such Data Orders may only be issued if a similar measure is available for the same criminal offence in a comparable domestic situation in the issuing country. Both Data Orders can be served on entities offering services such as electronic communication services, social networks, online marketplaces, other hosting service providers and providers of internet infrastructure such as IP address and domain name registries. Thus companies such as Big Rock (domain name registry), Ferns n Petals (online marketplace providing services in Europe), Hike (social networking and chatting), etc. or any website which has a subscription based model and allows access to subscribers in Europe would potentially be covered by the E-evidence Proposal. The EPRO, similarly to the EPO, is addressed to the legal representative outside of the issuing country’s jurisdiction to preserve the data in view of a subsequent request to produce such data, which request may be issued through MLA channels in case of third countries or via a European Investigation Order (EIO) between EU member countries. Unlike surveillance measures or data retention obligations set out by law, which are not provided for by this proposal, the EPRO is an order issued or validated by a judicial authority in a concrete criminal proceeding after an individual evaluation of the proportionality and necessity in every single case.^{^[1]} Like the EPO, it refers to the specific known or unknown perpetrators of a criminal offence that has already taken place. The EPRO only allows preserving data that is already stored at the time of receipt of the order, not the access to data at a future point in time after the receipt of the EPRO.

While EPOs to produce subscriber data^{^[2]} and access data^{^[3]} can be issued for any criminal offence an EPO for content data^{^[4]} and transactional data^{^[5]} may only be issued by a judge, a court or an investigating judge competent in the case. In case the EPO is issued by any other authority (which is competent to issue such an order in the issuing country), such an EPO has to be validated by a judge, a court or an investigating judge. In case of an EPO for subscriber data and access data, the EPO may also be validated by a prosecutor in the issuing country.

To reduce obstacles to the enforcement of the EPOs, the Directive makes it mandatory for service providers to designate a legal representative in the European Union to receive, comply with and enforce Data Orders. The obligation of designating a legal representative for all service providers that are operating in the European Union would ensure that there is always a clear addressee of orders aiming at gathering evidence in criminal proceedings. This would in turn make it easier for service providers to comply with those orders, as the legal representative would be responsible for receiving, complying with and enforcing those orders on behalf of the service provider.

Grounds on which EPOs can be issued

The grounds on which Data Orders may be issued are contained in Articles 5 and 6 of the Regulation which makes it very clear that a Data Order may only be issued in a case if it is necessary and proportionate for the purposes of a criminal proceeding. The Regulation further specifies that an EPO may only be issued by a member country if a similar domestic order could be issued by the issuing state in a comparable situation. By using this device of linking the grounds to domestic law, the Regulation tries to skirt around the thorny issue of when and on what basis an EPO may be issued. The Regulation also assigns greater weight (in terms of privacy) to transactional and content data as opposed to subscriber and access data and subjects the production and preservation of the former to stricter requirements. Therefore while Data Orders for access and subscriber data may be issued for any criminal offence, orders for transactional and content data can only be issued in case of criminal offences providing for a maximum punishment of atleast 3 years and above. In addition to that EPOs for producing transactional or content data can also be issued for offences specifically listed in Article 5(4) of the Regulation. These offences have been specifically provided for since evidence for such cases would typically be available mostly only in electronic form. This is the justification for the application of the Regulation also in cases where the maximum custodial sentence is less than three years, otherwise it would become extremely difficult to secure convictions in those offences.^{^[6]}

The Regulation also requires the issuing authority to take into account potential immunities and privileges under the law of the member country in which the service provider is being served the EPO, as well as any impact the EPO may have on fundamental interests of that member country such as national security and defence. The aim of this provision is to ensure that such immunities and privileges which protect the data sought are respected, in particular where they provide for a higher protection than the law of the issuing member country. In such situations the issuing authority “has to seek clarification before issuing the European Production Order, including by consulting the competent authorities of the Member State concerned, either directly or via Eurojust or the European Judicial Network.”

Grounds to Challenge EPOs

Service Providers have been given the option to object to Data Orders on certain limited grounds specified in the Regulation such as, if it was not issued by a proper issuing authority, if the provider cannot comply because of a de facto impossibility or force majeure, if the data requested is not stored with the service provider or pertains to a person who is not the customer of the service provider.^{^[7]} In all such cases the service provider has to inform the issuing authority of the reasons for the inability to provide the information in the specified form. Further, in the event that the service provider refuses to provide the information on the grounds that it is apparent that the EPO “manifestly violates” the Charter of Fundamental Rights of the European Union or is “manifestly abusive”, the service provider shall send the information in specified Form to the competent authority in the member state in which the Order has been received. The competent authority shall then seek clarification from the issuing authority through Eurojust or via the European Judicial Network.^{^[8]}

If the issuing authority is not satisfied by the reasons given and the service provider still refuses to provide the information requested, the issuing authority may transfer the EPO Certificate along with the reasons given by the service provider for non compliance, to the enforcing authority in the addressee country. The enforcing authority shall then proceed to enforce the Order, unless it considers that the data concerned is protected by an immunity or privilege under its national law or its disclosure may impact its fundamental interests such as national security and defence; or the data cannot be provided due to one of the following reasons:

(a) the European Production Order has not been issued or validated by an issuing authority as provided for in Article 4;

(b) the European Production Order has not been issued for an offence provided for by Article 5(4);

(c) the addressee could not comply with the EPOC because of de facto impossibility or force majeure, or because the EPOC contains manifest errors;

(d) the European Production Order does not concern data stored by or on behalf of the service provider at the time of receipt of EPOC;

(e) the service is not covered by this Regulation;

(f) based on the sole information contained in the EPOC, it is apparent that it manifestly violates the Charter or that it is manifestly abusive.

In addition to the above mechanism the service provider may refuse to comply with an EPO on the ground that disclosure would force it to violate a third-country law that either protects “the fundamental rights of the individuals concerned” or “the fundamental interests of the third country related to national security or defence.” Where a provider raises such a challenge, issuing authorities can request a review of the order by a court in the member country. If the court concludes that a conflict as claimed by the service provider exists, the court shall notify authorities in the third-party country and if that third-party country objects to execution of the EPO, the court must set it aside.^{^[9]}

A service provider may also refuse to comply with an order because it would force the service provider to violate a third-country law that protects interests other than fundamental rights or national security and defense. In such cases, the Regulation provides that the same procedure be followed as in case of law protecting fundamental rights or national security and defense, except that in this case the court, rather than notifying the foreign authorities, shall itself conduct a detailed analysis of the facts and circumstances to decide whether to enforce the order.^{^[10]}

Service Provider “Offering Services in the Union”

As is clear from the discussion above, the proposed regime puts an obligation on service providers offering services in the Union to designate a legal representative in the European Union, whether the service provider is physically located in the European Union or not. This appears to be a fairly onerous obligation for small technology companies which may involve a significant cost to appoint and maintain a legal representative in the European Union, especially if the service provider is not located in the EU. Therefore the question arises as to which service providers would be covered by this obligation and the answer to that question lies in the definitions of the terms “service provider” and “offering services in the Union”.

The term service provider has been defined in Article 2(2) of the Directive as follows:

“‘service provider’ means any natural or legal person that provides one or more of the following categories of services:

(a) electronic communications service as defined in Article 2(4) of [Directive establishing the European Electronic Communications Code];^{^[11]}

(b) information society services as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council^{^[12]} for which the storage of data is a defining component of the service provided to the user, including social networks, online marketplaces facilitating transactions between their users, and other hosting service providers;

(c) internet domain name and IP numbering services such as IP address providers, domain name registries, domain name registrars and related privacy and proxy services;”

Thus broadly speaking the service providers covered by the Regulation would include providers of electronic communication services, social networks, online marketplaces, other hosting service providers and providers of internet infrastructure such as IP address and domain name registries, or on their legal representatives where they exist. An important qualification that has been added in the definition is that it covers only those services where “storage of data is a defining component of the service”. Therefore, services for which the storage of data is not a defining component are not covered by the proposal. The Regulation also recognizes that most services delivered by providers involve some kind of storage of data, especially where they are delivered online at a distance; and therefore it specifically provides that services for which the storage of data is not a main characteristic and is thus only of an ancillary nature would not be covered, including legal, architectural, engineering and accounting services provided online at a distance.^{^[13]}

This does not mean that all such service providers offering the type of services in which data storage is the main characteristic, in the EU, would be covered by the Directive. The term “offering services in the Union” has been defined in Article 2(3) of the Directive as follows:

“‘offering services in the Union’ means:

(a) enabling legal or natural persons in one or more Member State(s) to use the services listed under (3) above; and

(b) having a substantial connection to the Member State(s) referred to in point (a);”

Clause (b) of the definition is the main qualifying factor which would ensure that only those entities whose offering of services has a “substantial connection” which the member countries of the EU would be covered by the Directive. The Regulation recognizes that mere accessibility of the service (which could also be achieved through mere accessibility of the service provider’s or an intermediary’s website in the EU) should not be a sufficient condition for the application of such an onerous condition and therefore the concept of a “substantial connection” was inserted to ascertain a sufficient relationship between the provider and the territory where it is offering its services. In the absence of a permanent establishment in an EU member country, such a “substantial connection” may be said to exist if there are a significant number of users in one or more EU member countries, or the “targeting of activities” towards one or more EU member countries. The “targeting of activities” may be determined based on various circumstances, such as the use of a language or a currency generally used in an EU member country, the availability of an app in the relevant national app store, providing local advertising or advertising in the language used in an EU member country, making use of any information originating from persons in EU member countries in the course of its activities, or from the handling of customer relations such as by providing customer service in the language generally used in EU member countries. A substantial connection can also be assumed where a service provider directs its activities towards one or more EU member countries as set out in Article 17(1)(c) of Regulation 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.^{^[14]}

Part II - EU Directive and Service Providers located in India

In this part of the article we will discuss how companies based in India and running websites providing any “service” such as social networking, subscription based video streaming, etc. such as Hike or AltBalaji, Hotstar, etc. and how such companies would be affected by the E-evidence Proposal. At first glance a website providing a video streaming service may not appear to be covered by the E-evidence Proposal since one would assume that there may not be any storage of data. But if it is a service which allows users to open personal accounts (with personal and possibly financial details such as in the case of TVF, AltBalaji or Hotstar) and uses their online behaviour to push relevant material and advertisements to their accounts, whether that would make the storage of data a defining component of the website’s services as contemplated under the proposal is a question that may not be easy to answer.

Even if it is assumed that the services of an Indian company can be classified as information society services for which the storage of data is a defining component, that by itself would not be sufficient to make the E-evidence Proposal applicable to it. The services of an Indian company would still need to have a “substantial connection” with an EU member country. As discussed above, this substantial connection may be said to exist based on the existence of (i) a significant number of users in one or more EU member countries, or (ii) the “targeting of activities” towards one or more EU member countries. The determination of whether a service provider is targeting its services towards an EU member country is to be made based on a number of factors listed above and is a subjective determination with certain guiding factors.

There does not seem to be clarity however on what would constitute a significant number of users and whether this determination is to be based upon the total number of users in an EU member country as a proportion of the population of the country or is it to be considered as a proportion of the total number of customers the service provider has worldwide. To explain this further let us assume that an Indian company such as Hotstar has a total user base of 100 million customers.^{^[15]} If there is a situation where 10 million of these 100 million subscribers are located in countries other than India, out of which there are about 40 thousand customers in France and another 40 thousand in Malta; then it would lead to some interesting analysis. Now 40 thousand customers in a customer base of 100 million is 0.04% of the total customer base of the service provider which generally speaking would not constitute a “significant number”. However if we reckon the 40 thousand customers from the point of view of the total population of the country of Malta, which is approximately 4.75 Lakh,^{^[16]} it would mean approx. 8.4% of the total population of Malta. It is unlikely that any service affecting almost a tenth of the population of the entire country can be labeled as not having a significant number of users in Malta. If the same math is done on the population of a country such as France, which has a population of approx. 67.3 million,^{^[17]} then the figure would be 0.05% of the total population; would that constitute a significant number as per the E-evidence Proposal.

The issues discussed above are very important for any service provider, specially a small or medium sized company since the determination of whether the E-evidence Proposal applies to them or not, apart from any potential legal implications, imposes a direct economic cost for designating a legal representative in an EU member country. Keeping in mind this economic burden and how it might affect the budget of smaller companies, the Explanatory Memorandum to the Regulation clarifies that this legal representative could be a third party, which could be shared between several service providers, and further the legal representative may accumulate different functions (e.g. the General Data Protection Regulation or e-Privacy representatives in addition to the legal representative provided for by the E-evidence Directive).^{^[18]}

In case all the above issues are determined to be in favour of the E-evidence Directive being applicable to an Indian company and the company designates a legal representative in an EU member country, then it remains to be seen how Indian laws relating to data protection would interact with the obligations of the Indian company under the E-evidence Directive. As per Rule 6 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) service providers are not allowed to disclose sensitive personal data or information except with the prior permission of the except disclosure to mandated government agencies. The Rule provides that “the information shall be shared, without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences….”. Although the term “government agency mandated under law” has not been defined in the SPDI Rules, the term “law” has been defined in the Information Technology Act, 2000 (“IT Act”) as under:

“’law’ includes any Act of Parliament or of a State Legislature, Ordinances promulgated by the President or a Governor, as the case may be. Regulations made by the President under article 240, Bills enacted as President's Act under sub-clause (a) of clause (1) of article 357 of the Constitution and includes rules, regulations, byelaws and orders issued or made thereunder;”^{^[19]}

Since the SPDI Rules are issued under the IT Act, therefore the term “law” referred as used in the would have to be read as defined in the IT Act (unless court holds to the contrary). This would mean that Rule 6 of the SPDI Rules only recognises government agencies mandated under Indian law and therefore information cannot be disclosed to agencies not recognised by Indian law. In such a scenario an Indian company may not have any option except to raise an objection and challenge an EPO issued to it on the grounds provided in Article 16 of the Regulation, which process itself could mean a significant expenditure on the part of such a company.

Conclusion

The framework sought to be established by the European Union through the E-evidence Proposal seeks to establish a regime different from those favoured by countries such as the United States which favours Mutual Agreements with (presumably) key nations or the push for data localisation being favoured by countries such as India, to streamline the process of access to digital data. Since the regime put forth by the EU is still only at the proposal stage, there may yet be changes which could clarify the regime significantly. However, as things stand Indian companies may be affected by the E-evidence Proposal in the following ways:

Companies offering services outside India may inadvertently trigger obligations under the E-evidence Proposal if their services have a substantial connection with any of the member states of the European Union;
Indian companies offering services overseas will have to make an internal determination as to whether the E-evidence Proposal applies to them or not;
In case of Indian companies which come under the E-evidence Proposal, they would be obligated to designate a legal representative in an EU member state for receiving and executing Data Orders as per the E-evidence Proposal.
If a legal representative is designated by the Indian company they may have to incur significant costs on maintaining a legal representative especially in a situation where they have to object to the implementation of an EPO. The company would also have to coordinate with the legal representative to adequately put forth their (Indian law related) concerns before the competent authority so that they are not forced to fall foul of their legal obligations in either jurisdiction. It is also unclear the extent to which appointed legal representatives from Indian companies could challenge or push back against requests received.

Disclaimer: The author of this Article is an Indian trained lawyer and not an expert on European law. The author would like to apologise for any incorrect analysis of European law that may have crept into this article despite best efforts.

^{^[1]} Explanatory Memorandum to the Proposal for Regulation of the European Parliament and of the Council on European Production and Preservation Orders for Electronic Evidence in Criminal Matters, Pg. 4, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52018PC0225&from=EN.

^{^[2]} Subscriber data means data which is used to identify the user and has been defined in Article 2 (7) as follows:

“‘subscriber data’ means any data pertaining to:

(a) the identity of a subscriber or customer such as the provided name, date of birth, postal or geographic address, billing and payment data, telephone, or email;

(b) the type of service and its duration including technical data and data identifying related technical measures or interfaces used by or provided to the subscriber or customer, and data related to the validation of the use of service, excluding passwords or other authentication means used in lieu of a password that are provided by a user, or created at the request of a user;”

^{^[3]} The term access data has been defined in Article 2(8) as follows:

“‘access data’ means data related to the commencement and termination of a user access session to a service, which is strictly necessary for the sole purpose of identifying the user of the service, such as the date and time of use, or the log-in to and log-off from the service, together with the IP address allocated by the internet access service provider to the user of a service, data identifying the interface used and the user ID. This includes electronic communications metadata as defined in point (g) of Article 4(3) of Regulation concerning the respect for private life and the protection of personal data in electronic communications;”

^{^[4]} The term content data has been defined in Article 2 (10) as follows:

“‘content data’ means any stored data in a digital format such as text, voice, videos, images, and sound other than subscriber, access or transactional data;”

^{^[5]} The term transactional data has been defined in Article 2(9) as follows:

“‘transactional data’ means data related to the provision of a service offered by a service provider that serves to provide context or additional information about such service and is generated or processed by an information system of the service provider, such as the source and destination of a message or another type of interaction, data on the location of the device, date, time, duration, size, route, format, the protocol used and the type of compression, unless such data constitues access data. This includes electronic communications metadata as defined in point (g) of Article 4(3) of [Regulation concerning the respect for private life and the protection of personal data in electronic communications];”

^{^[6]} Explanatory Memorandum to the Proposal for Regulation of the European Parliament and of the Council on European Production and Preservation Orders for Electronic Evidence in Criminal Matters, Pg. 17, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52018PC0225&from=EN.

^{^[7]} Articles 9(4) and 10(5) of the Regulation.

^{^[8]} Article 10(5) of the Regulation.

^{^[9]} Article 15 of the Regulation.

^{^[10]} Article 16 of the Regulation. Also see https://www.insideprivacy.com/uncategorized/eu-releases-e-evidence-proposal-for-cross-border-data-access/.

^{^[11]} Article 2(4) of the Directive establishing European Electronic Communications Code provides as under:

‘electronic communications service’ means a service normally provided for remuneration via electronic communications networks, which encompasses 'internet access service' as defined in Article 2(2) of Regulation (EU) 2015/2120; and/or 'interpersonal communications service'; and/or services consisting wholly or mainly in the conveyance of signals such as transmission services used for the provision of machine-to-machine services and for broadcasting, but excludes services providing, or exercising editorial control over, content transmitted using electronic communications networks and services;”

^{^[12]} Information Society Services have been defined in the Directive specified as “any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”

^{^[13]} Proposal for a Directive of the European Parliament and of the Council Laying Down Harmonised Rules on the Appointment of Legal Representatives for the Purpose of Gathering Evidence in Criminal Proceedings, Pg 8, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52018PC0226&from=EN.

^{^[14]} Proposal for a Directive of the European Parliament and of the Council Laying Down Harmonised Rules on the Appointment of Legal Representatives for the Purpose of Gathering Evidence in Criminal Proceedings, Pg 9, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52018PC0226&from=EN.

^{^[15]} Hotstar already has an active customer base of 75 million, as of December, 2017; https://telecom.economictimes.indiatimes.com/news/netflix-restricted-to-premium-subscribers-hotstar-leads-indian-ott-content-market/62351500

^{^[16]} https://en.wikipedia.org/wiki/Malta

^{^[17]} https://en.wikipedia.org/wiki/France

^{^[18]} Proposal for a Directive of the European Parliament and of the Council Laying Down Harmonised Rules on the Appointment of Legal Representatives for the Purpose of Gathering Evidence in Criminal Proceedings, Pg 5, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52018PC0226&from=EN.

^{^[19]} Section 2(y) of the Information Technology Act, 2000.

For more details visit https://cis-india.org/internet-governance/blog/vipul-kharbanda-december-23-2018-european-e-evidence-proposal-and-indian-law

CIS Signs MoU with Odia Virtual Academy

sailesh — 2018-12-20T00:24:44Z

On October 26, 2018, the Centre for Internet and Society (CIS) signed a Memorandum of Understanding with the Odia Virtual Academy (OVA) to work on drafting an open content policy for the state, to promote use of Wikimedia projects by various user types and to ensure sustainability of Wikimedia projects, and to facilitate development of relevant free and open source software projects. This partnership between OVA and CIS will be carried out from December 2018 to November 2019, and we are sharing an overview of the activities and their objectives in this post.

The internet is increasingly significant as a knowledge repository today. Especially relevant in this context is the online encyclopedia Wikipedia, which contains information on almost every topic under the sun, across many languages spoken globally, and is used extensively all people to seek information and produce knowledge.

From past one year (since July 2017), The Government of Odisha has been actively participating in the open knowledge movement by publishing the content of their seven websites and eight social media accounts under Creative Commons 4.0 International license. This active collaboration with Government of Odisha and an active Odia Wikimedia community seeking to create and distribute knowledge in Odia language over the internet has resulted in improving 1,200 articles on different Wikimedia projects, and together has received a near about 16 Million page views. Further, the Government of Odisha adopting an open content policy will provide a significant boost in institutionalising creation, sharing, and re-use of open knowledge resources - including government documents, official statistics, open educational resources, and open cultural resources - in Odia language.

Odia Virtual Academy (OVA) is an organisation established by Government of Odisha for development, promotion and popularization of Odia language, literature, and lexicography for general use. It is an organised initiative to encourage expeditious evolution and popularisation of Odia books, magazines, journals, old songs, manuscripts, assembly speeches, and archival records by digitising and providing internet based resources and opportunities for all odia people living across the globe.

On October 26, 2018, the Centre for Internet and Society (CIS) signed a MoU with the Odia Virtual Academy to work on drafting an open content policy for the state, to promote use of Wikimedia projects by various user types and to ensure sustainability of Wikimedia projects, and to facilitate development of relevant free and open source software projects.

This partnership between OVA and CIS will be carried out from December 2018 to November 2019, and its activities are structured by the following objectives:

Open Content Policy for the Government of Odisha: The open content policy will include guidelines for the use of open licenses and open standards to enable the resource (text, resources or otherwise) publishing entity to share resources in a manner that it can be easily and freely be accessed, shared, and re-used by entities, without asking for prior permission, while ensuring that full attribution to the creator/publisher is provided and the resources are not misused, or the creator/publisher is not misrepresented in the process.
Developing Digital and Open Knowledge Resources in Odia Language: The CIS team will undertake awareness-building, training, and outreach activities to develop Odia language content on Wikimedia ecosystem, as well as to enable content creators from across institutions, with a focus on state government officials at district headquarters and college students. The broad mandate of the digital resource generation workshop is to introduce teachers, students, and interested citizens to tools of collaborative knowledge production on the internet and methods for generating new online content or reintroduce offline content in Odia language.
‘Revive Odia’ Activities: Odia as a language has a long tradition and has been medium of expression for the native speakers of Odisha. While Odia as a language of communication is not under any immediate threat, its role and responsibility as a language of Knowledge needs to be examined carefully. ‘Revive Odia’ activities have a simple objective: To bring Odia under limelight in the digital domain. Wikimedia projects in Odia language are working actively to increase the presence of Odia language on the Internet. If such projects can be supported new projects can be incubated, Odia will emerge as the language of knowledge production and distribution as well.
GLAM (Galleries, Libraries, Archives, and Museums) Partnerships: Wikimedia ecosystem offer several platforms for using the power and opportunities of internet to (digitally) preserve, enable access to, and creative re-use of historical, cultural, and social artefacts, and channel the expertise of local populations to build narratives around these artefacts. The CIS team is particularly interested in initiating engagement with public GLAM institutions at various locations and levels, and work with academic and research community to build scientific metadata of these objects. The metadata will be used to represent the tangible and intangible cultural heritage of Odisha in projects such as Wikidata.
Building and Supporting FOSS for Odia Language: To promote and enable usage of Odia language on the web, the CIS team will facilitate development of an Odia font, an input tool, and a spell-check dictionary - all of which will be released as FOSS (Free and Open Source Software) resources.

To undertake these activities, CIS will receive a grant of Rs 20,00,000 (~$28,000) from OVA.

For more details visit https://cis-india.org/a2k/blogs/cis-signs-mou-with-odia-virtual-academy

Internet Researchers' Conference 2019 (IRC19): #List - Call for Papers

sneha-pp — 2018-12-06T07:00:30Z

Who makes lists? How are lists made? Who can be on a list, and who is missing? What new subjectivities - indicative of different asymmetries of power/knowledge - do list-making, and being listed, engender? What makes lists legitimate information artifacts, and what makes their knowledge contentious? Much debate has emerged about specificities and implications of the list as an information artifact, especially in the case of #LoSHA and NRC - its role in creation and curation of information, in building solidarities and communities of practice, its dependencies on networked media infrastructures, its deployment by hegemonic entities and in turn for countering dominant discourses. For the fourth edition of the Internet Researchers’ Conference (IRC19), we invite papers that engage critically with the form, imagination, and politics of the *list*.

Call for Papers

For the fourth edition of the Internet Researchers’ Conference (IRC19), we invite papers that engage critically with the form, imagination, and politics of the list - to present or propose academic, applied, or creative works that explore its social, economic, cultural, material, political, affective, or aesthetic dimensions.

Paper abstracts (of not more than 500 words) are to be submitted by Sunday, December 23 via email sent to raw@cis-india.org.

Authors of selected paper abstracts will be informed by Monday, December 31, and will be expected to present the full paper (either in person, or remotely) at the IRC19 - #List, to be held in Hyderabad during Jan 31 - Feb 2, 2019.

Selected paper authors, who are unemployed or underemployed, will be offered support to cover travel expenses fully/partially.

The only eligibility criteria for submitting papers is that they must engage with the thematic of the conference - *list*.

IRC19: List

For the last several years, #MeToo and #LoSHA have set the course for rousing debates within feminist praxis and contemporary global politics. It also foregrounded the ubiquitous presence of the list in its various forms, not only on the internet but across diverse aspects of media culture. Much debate has emerged about specificities and implications of the list as an information artifact, especially in the case of #LoSHA and NRC - its role in creation and curation of information, in building solidarities and communities of practice, its dependencies on networked media infrastructures, its deployment by hegemonic entities and in turn for countering dominant discourses. Directed by the Supreme Court, the Government of India has initiated the National Register of Citizens process of creating an updated list of all Indian citizens in the state of Assam since 2015. This is a list that sets apart legal citizens from illegal immigrants, based on an extended and multi-phase process of announcement of draft lists and their revisions. NRC is producing a list with a specific question: who is a citizen and who is not? UIDAI has produced a list of unique identification number assigned to individuals: a list to connect/aggregate other lists, a meta-list.

From Mailing Lists to WhatsApp Broadcast Lists, lists have been the very basis of multi-casting capabilities of the early and the recent internets. The list - in terms of list of people receiving a message, list of machines connecting to a router or a tower, list of ‘friends’ and ‘followers’ ‘added’ to your social media persona - structures the open-ended multi-directional information flow possibilities of the internet. It simultaneously engenders networks of connected machines and bodies, topographies of media circulation, and social graphs of affective connections and consumptions. The epistemological, constitutive, and inscriptive functions of the list, as Liam Young documents, have been crucial to the creation of new infrastructures of knowledge, and to understand where the internet emerges as a challenge to these.

As a media format that is easy to create, circulate, and access (as seen in the number of rescue and relief lists that flood the web during national disasters) or one that is essential in classification and cross-referencing (such as public records and memory institutions), the list becomes an essential trope to understand new media forms today, as the skeletal frame on which much digital content and design is structured and consumed through.

Who makes lists?
How are lists made?
Who can be on a list, and who is missing?
Who gets counted on lists, and who is counting?
What new subjectivities - indicative of different asymmetries of power/knowledge - do list-making, and being listed, engender?
What modalities of creation and circulation of lists affords its authority, its simultaneous revelations and obfuscations?
What makes lists legitimate information artifacts, and what makes their knowledge contentious?
What makes lists ephemeral, and what makes their content robust?
What makes lists hegemonic, and what makes them intersectional?
What makes lists ordered, and what makes them unordered?
What do listicles do to habits of reading and creation of knowledge?
What new modes of questioning and meaning-making have manifested today in various practices of list-making?
How and when do lists became digital, and whatever happened to lists on paper?
Are there cultural economies of lists, list-making, and getting listed?
Are lists content or carriage, are they medium or message?

For more details visit https://cis-india.org/raw/irc19-list-call-papers

From Opression to Liberation

Admin — 2018-12-05T02:45:04Z

For more details visit https://cis-india.org/internet-governance/files/from-opression-to-liberation

Regulating the Internet

gurshabad — 2018-12-20T00:29:06Z

For more details visit https://cis-india.org/internet-governance/files/regulating-the-internet

Data for the Benefit of People

amber — 2018-12-01T04:21:32Z

For more details visit https://cis-india.org/internet-governance/files/data-for-the-benefit-of-people

Cyberspace and External Affairs

basu — 2018-12-01T03:59:17Z

For more details visit https://cis-india.org/internet-governance/files/cyberspace-and-external-affairs

November 2018 Newsletter

praskrishna — 2018-12-19T02:41:01Z

Our newsletter for the month of November.

Highlights

CIS has published a statement on its website in response to the serious allegations against CIS members and the CIS workplace on social media. CIS has taken note of the concern raised on a social platform, and its Internal Committee (IC), constituted as per the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, has taken some critical steps. CIS has engaged POSH at Work to review the case and make recommendations to the Executive Director of CIS.
Anubha Sinha attended the 37th meeting of WIPO SCCR held in Geneva in the month of November 2018. During the week she made two statements on behalf of CIS and participated in a panel discussion and a closed door meeting to brief government delegates from the Asia pacific region on the WIPO limitations and exceptions agenda. CIS made statements on limitations and exceptions and the proposed treaty for the protection of broadcasting organizations. Transcript of her talk can be accessed here.
A memorandum outlining India's strategy to global cyber norms formulation processes authored by Elonnai Hickok and Arindrajit Basu and edited by Aayush Rathi and Shruti Trikanad. The memorandum seeks to summarise the state of the global debate in cyberspace; outline how India can craft it’s global strategic vision and finally, provides a set of recommendations for the Ministry of External Affairs as they craft their cyber diplomacy strategy.
The institution of open standards is as a formidable regulatory regime governing the Internet while facilitating its growth as a network of networks. As a nation digitising rapidly and facing concerns in cybersecurity and Internet governance, there is a need for the Government of India to meaningfully participate at standards development organisations to represent the interests of the Indian populace and become a voice for the global South. Authors Aayush Rathi, Gurshabad Grover and Sunil Abraham examine this in a policy brief.
The Convention on Cybercrime adopted in Budapest (“Convention”) is the first and one of the most important multilateral treaties addressing the issue of internet and computer crimes. Vipul Kharbanda has analyzed this in his research paper titled Budapest Convention and the Information Technology Act.
Amber Sinha was one of the stakeholders who provided inputs to the Danish Expert Group on Data Ethics in June 2018 during their visit to New Delhi. The Expert Group has prepared and submitted its final report.
For the fourth edition of the Internet Researchers’ Conference (IRC19), CIS invited sessions that engage critically with the form, imagination, and politics of the *list*. The list of proposed sessions are finalized and posted on this page.

Articles

Lessons from US response to cyber attacks (Arindrajit Basu; edited by Elonnai Hickok; Hindu Businessline; October 30, 2018). Mirrored on CIS website on November 1.
Digital Native: One Selfie Does a Tragedy Make (Nishant Shah; Indian Express; November 11, 2018).

CIS in the Media

Open Street Maps help tackle disasters: Experts (Deccan Chronicle; November 21, 2018).
Are connected tech toys too smart for their own good? (Abhijit Ahaskar; Livemint; November 22, 2018).
Girls' schools, women's PGs: The shocking results when you Google 'bitches near me' (News Minute; November 26, 2018).
Amazon launches Machine Learning-based platform for healthcare space (Kul Bhushan; Hindustan Times; November 28, 2018).
Report: From Oppression to Liberation: Reclaiming the Right to Privacy (Privacy International; November 28, 2018).
Are Chinese video apps violating the Indian law? (Nilesh Christopher; Economic Times; November 30, 2018).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright and Patent

Blog Entries

37th SCCR: CIS Statement on the Proposed Treaty for the Protection of Broadcasting Organizations (Anubha Sinha; November 29, 2018).
37th SCCR: CIS Statement on the Agenda on Limitations and Exceptions (Anubha Sinha; November 29, 2018).
Views on on the proposed WIPO Treaty for the Protection of Broadcasting Organizations at side-event organised by Knowledge Ecology International (Anubha Sinha; November 29, 2018).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entry

Aditya 365 (Pavan Santhosh; November 7, 2018).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.
Teaching

Lecture on Open Access and Open Content Licensing at ICAR (short course) (ICAR-Indian Institute of Horticultural Research; Bangalore; November 13 - 22, 2018). Anubha Sinha delivered a lecture.

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Cyber Security

Research Papers

Budapest Convention and the Information Technology Act (Vipul Kharbanda; November 20, 2018).
Cyberspace and External Affairs:A Memorandum for India Summary (Arindrajit Basu and Elonnai Hickok; edited by Aayush Rathi and Shruti Trikanad; November 30, 2018).
Regulating the Internet: The Government of India & Standards Development at the IETF (Aayush Rathi, Gurshabad Grover and Sunil Abraham; November 30, 2018).

Event Co-organized

Workshop on Cybersecurity Illustrations (CIS, Bangalore; November 15, 2018).

Participation in Events

Connections 2018 (Organized by Internet Engineering Task Force; Bangalore; October 31 - November 1, 2018). Gurshabad Grover attended the event.
IETF103 (Organized by Internet Engineering Task Force; Bangkok; November 3 - 9, 2018). Gurshabad Grover attended the event.

►Free Speech and Expression

Research Paper

ICANN Workstream 2 Recommendations on Accountability (Akriti Bopanna; November 23, 2018).

Blog Entry

DIDP #32 On ICANN's Fellowship Program (Akriti Bopanna; November 12, 2018).

Participation in Event

Internet Freedom at Crossroads - Common Paths towards Strengthening Human Rights Online (Organized by Freedom Online; Berlin; November 28 - 30, 2018). Elonnai Hickok was a speaker.

►Privacy

Blog Entry

Clarification on the Information Security Practices of Aadhaar Report (Amber Sinha and Srinivas Kodali; November 5, 2018).

Participation in Events

Building a Community of Practice: Reflections from 2nd All Partners (Organized by Partnership on AI; San Francisco, California; November 14 - 15, 2018). Elonnai Hickok spoke on the panel on the PAI working groups and co-lead the AI Labor and Economy working group meeting as co-chair of the group.
Briefing on BBC News pan-India research on how 'fake news' / digital misinformation spreads (Organized by BBC; New Delhi; November 16, 2018).
DSCI Bangalore Chapter meet (Organized by Data Security Council of India; 10K NASSCOM Startup Warehouse; Bangalore; November 22, 2018). Gurshabad Grover and Karan Saini attended the DSCI Bangalore Chapter meet.
Informational Privacy in India: An Emerging Discourse (Organized by Centre for Policy Research and supported by Omidyar Network; New Delhi; November 29, 2018). Amber Sinha was a speaker on the first panel on privacy and its tradeoffs.
Facebook Privacy Design Sprint (Organized by Facebook and Quicksand; WeWork, Bangalore; November 30, 2018). Pranav Bidare and Saumyaa Naidu participated in the event.

►Miscellaneous

Event Co-organized

SOTM Asia 2018 (Co-organized by CIS and Indian Institute of Management, Bangalore; November 17-18, 2018). Saumyaa Naidu, Aayush Rathi and Ambika Tandon participated in the event.

Participation in Events

Speculative Futures Lab on Artificial Intelligence in Media, Entertainment, and Gaming (Organized by Quicksand; Bangalore; November 16 - 18, 2018). Pranav Bidare was a panelist.
Future Tech and Future Law (Organized by Dept. of IT & BT, Government of Karnataka as part of Bengaluru Tech Summit; November 29 - December 1, 2018). Aayush Rathi was a speaker.

►Gender

Statement

Statement on Serious Allegations against CIS Members and the CIS Workplace on Social Media (Sunil Abraham; November 24, 2018).

Participation in Events

Roundtable on Intermediary Liability and Gender Based Violence at the Digital Citizen Summit, 2018 (Organized by Digital Empowerment Foundation; India International Centre, New Delhi; November 1, 2018).
International Network on Feminist Approaches to Bioethics 2018 (Co-organized by Feminist Approaches to Bioethics and Sama - A Resource Centre for Women and Health; St. John's Medical College; Bangalore; December 3 - 5, 2018). Aayush Rathi and Ambika Tandon participated in the event as speakers. Aayush presented a paper 'Sexual Surveillance and Data Regimes: Development in the Data Economy' co-authored by himself and Ambika.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

A great start on Wi-Fi reforms (Shyam Ponappa; Business Standard; November 1, 2018 and Organizing India Blogspot; November 1, 2018).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

IRC19

List of proposed sessions:

#AyushmanBhavah - Arya Lakshmi and Adrij Chakraborty
#ButItIsNotFunny - Madhavi Shivaprasad and Sonali Sahoo
#CallingOutAndIn - Usha Raman, Radhika Gajjala, Riddhima Sharma, Tarishi Varma, Pallavi Guha, Sai Amulya Komarraju, and Sugandha Sehgal
#DigitalPlatformAttributes - Nandakishore K N and Dr. V. Sridhar
#EnlistingPrivacy - Pawan Singh and Pranjal Jain
#FOMO - Pritha Chakrabarti and Dr. Baidurya Chakrabarti
#LegitLists - Form follows function: List by design - Akriti Rastogi, Ishani Dey, and Sagorika Singha
#ListInterface - Bharath Sivakumar, Rakshita Siva, and Deepak Prince
#ListsAsDatabase - Ria De and Samata Biswas
#LoSHAandWhatFollowed - Anannya Chatterjee, Arunima Singh, Bhanu Priya Gupta, Renu Singh, and Rhea Bose
#PowerListing - Dr. Shubhda Arora, Dr. Smitana Saikia, Prof. Nidhi Kalra, and Prof. Ravikant Kisana
#SocialMediationAsGenderedJustice - Esther Anne Victoria Moraes and Manasa Priya Vasudevan
#StoriesRecordsLegendsRituals - Priyanka, Aditya, Bhanu Prakash GS, Aishwarya, and Dinesh

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/november-2018-newsletter

Are Chinese video apps violating the Indian law?

Admin — 2018-12-04T15:11:03Z

The apps have benefited mightily from the short-video craze that’s taken hold among preteens and adolescents but this is putting them in danger from predators, experts said.

The article by Nilesh Christopher was published in Economic Times on November 30, 2018.

Chinese video apps have cracked the Bharat code, but that may not be such a good thing. TikTok, Kwai and LIKE have been downloaded by millions of smartphone users in small-town India who are using them to share personal videos, away from the glare of scrutiny that falls on more mainstream social media platforms.

The apps have benefited mightily from the short-video craze that’s taken hold among preteens and adolescents but this is putting them in danger from predators, experts said. Given the mature nature of much of the content and the age of users, the content on these apps could be in violation of the law, they said.

ET reviewed more than 20 Chinese video apps that dominate the mobile entertainment network of tier-2 and tier-3 cities mostly thanks to titillating videos, suggestive notifications, risqué humour and raunchy content.

TikTok, the popular lip-sync app, is filled with 15-second clips of meme-friendly content featuring its youthful users miming to their favorite songs. The videos range from the harmless to the explicit, depending upon the users followed. The app has gone viral, having racked up close to 100 million downloads and with 20 million monthly active users in India.

The Chinese video apps have their own regional stars such as TikTok’s Awez Darbar, who has 4.2 million fans on the platform. TikTok pays creators anywhere between Rs 5,000 and Rs 50,000 per video, depending upon the kind of content and the sphere of influence, said people with knowledge of the matter.

While all the platforms carry a disclaimer stating that they are not directed at children, their target audience encompasses preteens and adolescents in tier-2 and tier-3 cities, experts said.

“If (these apps) are operating in a manner that under-18 children use it, then one needs to check what are the other safeguards they have built for parental consent--this is definitely something that has to be looked into,” said Supratim Chakraborty, associate partner at law firm Khaitan & Co. “From a national security standpoint, children fall under the sensitive category. Today, there is a lack of law to put forward strict compliance.”

Another expert said the user profile violates the stated policy of the apps and IT law.

“Be it TikTok, LIKE, Kwai or any of these video apps, (they) have a significant number of young girls, boys and preteens using the application,” the person said.

Live-streaming applications such as Bigo Live and UpLive focus more on personal interaction but these appear to skirt dangerously close to breaking the law, exposing children to nudity and possibly those who seek to coerce or groom underage users into committing explicit acts.

Users are encouraged to explore further through the notifications. “Press here! Surprising gift waiting for you,” is one sent by Uplive when a user logs on. “Sweet is waiting for you in MeMe live <3, Watch magical girl’s LIVE, Come see me now! Sonam who you’re following posted a new video,” are a few other notifications from the app. These notifications are accompanied by a thumbnail of scantily clad women and an ‘invitation’ to open the app. Users get three to five of these every time they clear the screen.

The apps are available in Indian languages, making them easier to use than Facebook or Instagram. However, the privacy policies are in English, making them that much more difficult to understand if users in such locations want to take the trouble of checking the terms and conditions.

Despite the rapidly growing user base, apps like TikTok don’t have a grievance redressal officer in India. The government is insisting on this for all major social media platforms.

A government official said users should flag concerns over such apps so that the state can take action.

“Even if people upload obscene content with their consent, it still does not absolve (you) of the crime,” said a senior bureaucrat with the ministry of electronics and information technology. “One is ignorance, then there is a burgeoning of technology leading to all these. Somebody must start reporting these cases, be it a victim or a well-wisher of the society for the government to take note.”

As with Indian apps, apart from generic privacy policies that aren’t available in local languages, the Chinese ones don’t have layered consent—allowing users to opt out of certain obligations if they wish to do so. ShareChat is the only Indian regional social media app that has its privacy policy in 10 regional languages.

A reading of the privacy policies of the Chinese apps also suggests that they hoover up a vast quantity of data with a one-click, opt-in button. This includes sharing location, contacts, allowing audio and video recording and full network access.

Apps such as Nonolive do not mention any India-specific clauses in their privacy policy. A few like video chat app Tango comply with the General Data Protection Regulation (GDPR), the European privacy law that has stipulated 13+ as the age of use.

TikTok, which has faced temporary bans in other countries in the past, is an exception with a specific India clause offering limited rights to users. It has an exhaustive 5,000-word privacy policy outlining the data collection, processing and sharing practices it follows. TikTok previously sparked outrage in Hong Kong for not protecting the privacy of children under 10, exposing their identities and uploading inappropriate content.

The Chinese apps pose several potential risks, said Swetha Mohandas, policy officer at the Center for Internet and Society, an advocacy group.

“The draft DP (data protection) Bill in the current stage provides greater responsibility on data fiduciaries to maintain the privacy of the individual and the security of the data,” she said. “There are a lot of questions that these apps pose with respect to the Bill, some of them being the security, the data storage provision, the personal data of children, and most importantly that these apps might have recordings that might be sensitive personal data.”

Most of these apps including TikTok explicitly state that though they have appropriate technical and organisational measures in place, “they cannot guarantee the security of your information transmitted through the platform”. Dubsmash said that it complies with local laws and allows users only above 14 to use its app. The other apps ET reached out to did not respond to queries.

For more details visit https://cis-india.org/internet-governance/news/economic-times-nilesh-christopher-november-30-2018-are-chinese-video-apps-violating-the-indian-law

IRC19 - Proposed Session - #SocialMediationAsGenderedJustice

sumandro — 2018-11-26T13:22:52Z

Details of a session proposed by Esther Anne Victoria Moraes and Manasa Priya Vasudevan for the Internet Researchers' Conference 2019 - #List.

Internet Researchers' Conference 2019 - #List - Call for Sessions

Session Plan

2017 saw the sudden emergence of the hashtag #metoo, both in India and across the world. This has impacted not just the general public of the internet, but also the global movement women's rights movement and feminist discourse around sexual assault, gender and consent. #MeToo allowed (female) survivors of harassment to resort to social media platforms such as Twitter and Facebook as a tool to accuse powerful men of sexual harassment. In 2017, we saw this with Rose McGowan who tweeted about Harvey Weinstein or Raya Sarkar who released #LoSHA, which further erupted in late 2018 into a larger wave of ‘outing’ of Indian perpetrators in media, politics, and other areas of work.

With #LoSHA and the 2018 wave of #metoo in India, there have been a gamut of responses, even some amount of polarisation, especially among Indian civil society. During #LoSHA, we observed resistance from traditional legal and Human Rights activists and practitioners against acknowledging the unique impact of ‘survivors’ testimonies on social media’ for fear of validating a method that lies outside of ‘due process’ and ‘fair trial’. They reason that due to the ungoverned nature of social media, its platforms are without checks and balances and therefore cannot regulate arbitrary misuse. However, one can argue that social media platforms are indeed regulated by the service providers who have the ultimate power to censor complainants by simply suspending or expelling them from the platform altogether. This became evident when Twitter silenced Rose McGowan and Facebook, Raya Sarkar, promptly after their testimonies began to gather accelerated traction. Thus, the accused may always appeal to the ultimate gatekeepers, the platform providers themselves. It is precisely due to the above stated reasons, that the 2017-2018 wave of social media testimonies has garnered considerable support from a typically contemporary civil society, who recognise the disruption as powerful despite the gaps in the methodology.

Our Proposal

The tentative proposal is for our team of 2 researchers to carry out a 15-20 minute lightning talk (a conversation or debate) providing a landscape analysis of #metoo, raising specific points of discussion and interest. Following this, we will open up the discussion with the audience in the form of multiple roundtable conversations, which will seek to address the following 2 questions:

If survivors of sexual harassment are resorting to social media as a ‘means’, or their choice of instrument, what does this imply about the existing fora for due process?
New and emergent imaginaries/perspectives around the end of ‘justice’ that may lie outside the contours of conventional legal frameworks i.e. to what ‘end’ are these survivors disposed?

Our session aims at working towards the following outcomes:

A comprehensive analysis of the advantages and disadvantages of phenomenon of social media - mediation of justice
A current and expanded understanding of 'justice' that is not bound by legal recourse

Session Team

Esther Anne Victoria Moraes (Communications Manager, The YP Foundation) is a feminist activist and researcher who is passionate about expanding the discourse on the evolving forms of rights-based movements. At TYPF, Esther works on building feminist leadership through on-ground programming and on research on youth movements. Esther also works with on communication and public advocacy around issues of health, rights and youth leadership with a focus on young girls and adolescents. She coordinates online and on-ground public advocacy on sexual and reproductive health and rights and access to information through TYPF's national-level campaign, Know Your Body, Know Your Rights.

Manasa Priya Vasudevan (Programme Manager, The YP Foundation) is a feminist activist researcher who is passionate about the theory and praxis of social justice in an increasingly internet-mediated world, especially in the context of urbanization and datafication. She has undertaken research and advocacy on issues at the intersections of information communication technologies and social justice, primarily in the area of internet governance. She has actively engaged with international multi-sectoral movement building and strategy, both online and offline. At TYPF, she manages the Know your body know your rights programme. Prior to this, she worked at IT for Change in Bengaluru.

For more details visit https://cis-india.org/raw/irc19-proposed-session-socialmediationasgenderedjustice

IRC19 - Proposed Session - #ListsAsDatabase

sumandro — 2018-11-26T13:20:14Z

Details of a session proposed by Ria De and Samata Biswas for the Internet Researchers' Conference 2019 - #List.

Internet Researchers' Conference 2019 - #List - Call for Sessions

Session Plan

The internet-based List of Sexual Harassers in Academia (LoSHA), initiated by Dalit feminist and lawyer activist Raya Sarkar in 2017 anonymously crowd-sourced names of academics and activists who were accused of harassing women colleagues and students. While a large number of women in the academia rallied in support of the list and its motivations, it also unleashed anxieties about how the list was put together, and the kind of impact it was feared to have. Variously, it has been equated to Khap Panchayats, vigilantism, mob lynchings etc. Last month, the government of India launched an online National Database on Sexual Offenders (NDSO), which will contain the details—names, photographs, residential address, fingerprints, DNA samples, PAN and Aadhar numbers—of individuals convicted on charges of sexual offences against women and children. An associated portal, the Cyber Crime Prevention Against Women and Children (CCPWC) was also launched where citizens can enter complaints against child pornography and other sexually explicit material. Both are modes of digital enlisting through the use of new media technologies, one that is open access and therefore available for modification, co-option and critique, while the other is to be accessible only to law personnel. This two-member panel locates the list in the context of ongoing debates about the conversion of social justice and rights issues in to data repositories. We take in to account the debates on the Right to be Forgotten or the right to delist from the internet, as a specific concern raised in the Personal Data Protection Bill 2018 submitted by the Justice B.N. Krishna Committee. The Bill recognises data principals (or the individuals to whom personal data belongs) as a central component of the legal framework, and subjects data fiduciaries (or agencies seeking to collect, use and process personal data) to the free, informed and explicit consent of the data principals. Right to be Forgotten has clearly emerged as a logical extension of the demands for one’s Right to Privacy. Given that a number of logics, that of ‘naming and shaming’ of offenders, a digital list (database) as a means of communication, dissemination of information and surveillance etc. underscore both the #LoSHA and the NDSO, how do we navigate the messy terrain of human rights concerns about the freedom of speech and expression on the one hand, and the rights to privacy on the other hand? We also think about this vis-a-vis the larger issues related to the data economy and those of data ownership. We refer to studies on state-generated data on crime in India and elsewhere to understand how such data artefacts can be monopolised and processed by private and non-governmental agencies, and how they co-opt contemporary feminist politics and articulations?

We, Samata Biswas and Ria De, will present a collaborative study, organised across two 30 minute long papers, plus a 15 minute discussion time for each totalling to the mandated 90 minute session. The first paper will study the form and scope of the list as a digital artefact through a detailed analysis of the #LoSHA and the NDSO. The second paper will configure the two lists in terms of their status within the data economy.

Session Team

Ria De is pursuing her PhD in Film Studies at the English and Foreign Languages University, Hyderabad. Her doctoral research was about stardom and intermediality. She is interested in popular culture, network and media studies and gender. Currently, she is interested in the women’s movements in the Indian film industries.

Samata Biswas teaches English Literature at Bethune College, Kolkata, India. Her doctoral research was about body cultures in contemporary India, analysing fitness, weight loss, and diet discourses as present in popular media as well as through narratives of participants. She is interested in visual culture, gender studies, and literature and migration. At present, she is trying to map Kolkata as a sanitary city, focusing on access to clean sanitation or the lack thereof. She runs the blog ‘Refugee Watch Online’. Her latest publication is on “Haldia: Logistics and Its Other(s)” in Brett Neilson, Ned Rossiter, Ranabir Samaddar (Edited) Logistical Asia: The Labour of Making a World Region. (Palgrave Mcmillan, 2018)

For more details visit https://cis-india.org/raw/irc19-proposed-session-listsasdatabase

Lecture on Open Access and Open Content Licensing at ICAR (short course)

Admin — 2018-12-05T16:19:56Z

The ICAR-Indian Institute of Horticultural Research (IIHR) a constituent establishment of Indian Council of Agricultural Research (ICAR) organised a short course on 'ICTs for Improving Efficiency and Effectiveness in Agricultural Research, Education and Extension of NARES' during November 13-22, 2018 in Bangalore. Anubha Sinha delivered a lecture to the participants.

Read for more information about the programme.

For more details visit https://cis-india.org/openness/news/lecture-on-open-access-and-open-content-licensing-at-icar-short-course

DCS 2018 Agenda

ambika — 2018-11-07T02:51:36Z

For more details visit https://cis-india.org/internet-governance/files/dcs-2018-agenda