Centre for Internet and Society

Wikisource Handbook for Indian Communities

Admin — 2018-09-19T01:52:09Z

For more details visit https://cis-india.org/a2k/files/wikisource-handbook-for-indian-communities

August 2018 Newsletter

praskrishna — 2018-09-16T05:08:39Z

CIS newsletter for the month of August 2018.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights

India houses the second largest population in the world at approximately 1.35 billion individuals. In such a diverse and dense context, law enforcement could be a challenging job. Elonnai Hickok and Vipul Kharbanda throw light on the CLOUD Act and its implifications for India in a blog post.
On August 9, 2018, the DNA Technology (Use and Application) Regulation Bill, 2018 was introduced in the Lok Sabha. CIS had commented on some key aspects of the bill in many forums earlier. Elonnai Hickok and Murali Neelakantan in an article published by Bloomberg Quint have voiced their opinion on the bill.
Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar in an Op-ed in Bloomberg Quint have examined the National Health Stack, an ambitious attempt by the government to to build a digital infrastructure with a “deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem. The authors have argued that collection of health data, without sensitisation and accountability, has the potential to deny healthcare to the vulnerable.
An article titled India's Contribution to Internet Governance Debates, co-authored by Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah and Akriti Bopanna, was published in the NLUD Student Law Journal, an annual peer-reviewed journal published by the National Law University, Delhi.
IT/IT-eS Sector and the Future of Work in India was organized at Omidyar Networks’ office in Bangalore, on June 29, 2018. Torsha Sarkar, Ambika Tandon and Aayush Rath co-authored a report.
Swaraj Barooah and Gurshabad Grover co-authored an article in Livemint that examines a few problematic provisions in the proposed Anti-trafficking Bill. The authors say that it may lead to censorship.
The Researchers at Work programme of CIS had invited abstracts for essays that explore dimensions of offline lives. Selected authors are expected to submit the first draft of the essay (2000-4000 words) by Friday, October 5, 2018.

Articles

Anti-trafficking Bill may lead to censorship (Swaraj Barooah and Gurshabad Grover; Livemint; July 24, 2018). The article was mirrored on CIS website in the month of August 2018.
The National Health Stack: An Expensive, Temporary Placebo (Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta, and Torsha Sarkar; Bloomberg Quint; August 6, 2018).
Digital Native: Double Speak (Nishant Shah; Indian Express; August 12, 2018).
India's Contribution to Internet Governance Debates (Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah and Akriti Bopanna; NLUD Student Law Journal; August 16, 2018).
National Health Stack: Data for Data's Sake, A Manmade Health Hazard (Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar; Bloomberg Quint; August 17, 2018).
DNA ‘Evidence’: Only Opinion, Not Science, And Definitely Not Proof Of Crime! (Elonnai Hickok and Murali Neelakantan; Bloomberg Quint; August 22, 2018).
Digital Native: Playing God (Nishant Shah; Indian Express; August 26, 2018).

CIS in the News

UNDP joins Tech Giants in Partnership on AI (UNDP; August 1, 2018). CIS is one of the partners.
UIDAI says asked nobody to add the helpline number to contacts (Komal Gupta; Livemint; August 3, 2018).
How Chinese apps are making inroads in Indian small towns (Mugdha Variyar; Economic Times; August 10, 2018).
The Big Eye: The tech is all ready for mass surveillance in India (Anand Murali; Factor Daily; August 13, 2018).
Centre draws red lines for Whatsapp over fake news, says must comply with Indian laws (Nakul Sridhar; Hindustan Times; August 21, 2018).
India steps up vigilance against WhatsApp abuse (Debashree Dasgupta; Straits Times; August 24, 2018).
India’s Biometric Database Is Creating A Perfect Surveillance State — And U.S. Tech Companies Are On Board (Paul Bluementhal and Gopal Sathe; Huffington Post; August 25, 2018).
20 years of Google: Privacy, fake news and the future (Rachel Lopez; Hindustan Times; August 26, 2018).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Wikipedia

Blog Entry

మిసిమి పత్రిక గ్రంథాలయంలో తెలుగు వికీపీడియన్ల కార్యక్రమం (Pavan Santhosh; August 22, 2018).

Events Organized

వికీపీడియా:సమావేశం/గుంటూరు/అన్నమయ్య గ్రంథాలయం - భాగస్వామ్య కార్యక్రమం జూలై 2018 (Organized by CIS-A2K; Annamaya Library; Guntur; July 10, 2018).
Workshop of Publishers and Writers on Unicode, Open Source and Wikimedia Projects (Organized by CIS-A2K; Pune; July 25, 2018).
Workshop of River activists for building Jal Bodh - Knowledge resource on Water (Organized by CIS-A2K; Pune; July 25, 2018).
ವಿಕಿಪೀಡಿಯ:ಸಂಪಾದನೋತ್ಸವಗಳು/ಸಂಪಾದನೋತ್ಸವ ತುಮಕೂರು ವಿಶ್ವವಿದ್ಯಾನಿಲಯ ೨೦೧೮ (Organized by CIS-A2K; Tumakur University; July 25, 2018).
Intensive Personalised Wiki Training Session at Pune (Organized by CIS-A2K; August 2018).
Wikisource and Wiki technical session at MKCL (Organized by CIS-A2K; Pune; August 2018).
Wiki technical orientation session with PyLadies group (Organized by CIS-A2K; Cummins College of Engineering, Pune; August 7, 2018).
Indian Independence Struggle Edit-a-thon on Marathi Wikipedia (Organized by CIS-A2K; August 10 - 20, 2018).

Event Participation

వికీపీడియా:సమావేశం/హైదరాబాదు/మిసిమి పత్రిక భాగస్వామ్య సమావేశం, జూలై 2018 (July 24, 2018). CIS-A2K held partnership discussions with Misimi Telugu monthly magazine.

Note: Event reports for all these were published in the month of August 2018.

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Privacy

Blog Entries

Use of Visuals and Nudges in Privacy Notices (Saumyaa Naidu; edited by Elonnai Hickok and Amber Sinha; August 18, 2018).
An Analysis of the CLOUD Act and Implications for India (Elonnai Hickok and Vipul Kharbanda; August 22, 2018).
Consumer Care Society: Silver Jubilee Year Celebrations (Arindrajit Basu; August 27, 2018).

Event Participation

Celebrating One Year of the Justice K.S. Puttaswamy v. Union of India Judgment (Organized by Indian Council for Research on International Economic Relations and Centre for Communication Governance at National Law University - Delhi; India International Centre; New Delhi; August 24, 2018). Shweta Mohandas was a panelist at the event.

Free Speech & Expression

Blog Entry

ICANN response to DIDP #31 on diversity (Akriti Bopanna and Akash Sriram; August 21, 2018).

Event Participation

Feminist Information Infrastructure Workshop with Blank Noise and Sangama (Organized by Sangama and Blank Noise; CIS, Bangalore; August 8, 2018). Akriti Bopanna, Swaraj Paul Barooah and Ambika Tandon conducted the workshop.
Summer School on Disinformation (Organized by Digital Asia Hub, Hans-Bredow-Institut, University of Hamburg, Institute for Technology & Society of Rio de Janeiro - ITS Rio and Berkman Klein Center for Internet and Society at Harvard University; Azure Room, Pullman, Jakarta; August 22 - 24, 2018). Sunil Abraham made a presentation on Disinformation and Online Recruitment.
World Library and Information Congress 2018 (Organized by International Federation of Library Associations and Institutions; Kuala Lumpur; August 26 - 27, 2018). Swaraj Paul Barooah was a speaker at two panels. Swaraj's first panel, titled "Intellectual Freedom in a Polarised World" was selected as one of 9 sessions to be live-streamed and recorded, out of 249 sessions in total. The recording can be accessed on YouTube.

Information Technology

Blog Entry

Future of Work: Report of the ‘Workshop on the IT/IT-eS Sector and the Future of Work in India’ (Torsha Sarkar, Ambika Tandon and Aayush Rath; edited by Elonnai Hickok. Akash Sriram and Divya Kushwaha; August 16, 2018).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Call for Essays: Offline (P.P. Sneha; August 6, 2018). Selected authors are expected to submit the first draft of the essay (2000-4000 words) by Friday, October 5, 2018.

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/august-2018-newsletter

Essays on 'Offline' - Selected Abstracts

sneha-pp — 2018-09-06T14:14:47Z

In response to a recent call for essays that explore various dimensions of offline lives, we received 22 abstracts. Out of these, we have selected 10 pieces to be published as part of a series titled 'Offline' on the upcoming r@w blog. Please find below the details of the selected abstracts.

1. Chinar Mehta

2. Cole Flor

3. Elishia Vaz

4. Karandeep Mehra

5. Preeti Mudliar

6. Rianka Roy

7. Simiran Lalvani

8. Srikanth Lakshmanan

9. Titiksha Vashist

10. Dr. Yenn Lee

Chinar Mehta

In September 2017, a student of Banaras Hindu University was allegedly sexually harassed by two persons on a motorcycle while she was walking back to her hostel. Taking the discourse around this event as the starting point, the essay argues that the solutions offered for the safety of women align with the patriarchal notions of surveillance of women. The victim is twice violated; once during the act of sexual harassment, and twice when bodily privacy is exchanged for safety (exemplified by security cameras across the BHU campus). In fact, the ubiquitous presence of security cameras in order to control crime rates makes the safety of the woman’s body contingent to her adherence to social rules.

The moral panic around the safety of women encourages ways to offer a technological solution to a sociological problem. The body is granted safety insofar as the body is not ‘deviant’. There is a fusion of a ‘synoptic-panoptic’ vision, where not only a few watch the many, but the many also watch the few. Additionally, the essay then engages with the politics of mobile applications like Harassmap or Safetipin, and how offline spaces become online entities with crowdsourced data about how safe it is. Mapping events like sexual harassment on an online map is inscribed with perceptions about class and caste. The caste-patriarchal ideas of the protection of upper-caste women is maintained within these applications. The location and the people who visit or reside in them often collapse as the same; as being perpetrators of sexual crimes, while decontextualising incidents. Instead of a focus on how to make areas safer for all women, the discourse becomes about the avoidance of certain spaces, which may not be an option for the majority of women, especially those belonging to certain castes and classes. Features in mobile applications, specifically to do with location mapping, like Google Maps or Uber, become vehicles for the narratives about gendered security.

In defining the ‘offline’, the ‘online’ already exists, and the dichotomy is strangely maintained by the use of interactive maps on personal devices. The essay argues for a more nuanced understanding of internalised constructions of safety, and proposes the idea that institutional surveillance has been a way to discipline gendered bodies historically, and that it is continued with the use of technologies. This may be due to state machinery, or even cultural consent, which would then show up the way that features of mobile applications are marketed.

Cole Flor

Deactivating: An Escape From the Realities of the Online World

A friend posts travels, unboxing the latest gadget, trying out makeup products even before theyÕre out in the market, and the audience hit ÔlikeÕ but deep inside suddenly feel inadequate about their own lives and ask, "What am I doing wrong? Why am I not happy like them?"

The year was 2012 when the earliest of studies on how Social Media contributes to Anxiety went viral.

Even with the complicated nature of mental illnesses the taboo of it all that kept people tiptoeing around the topic - the news was able to crack the glossy facade of online spaces. Back then, it was ridiculous to think that online content the very representation of freedom of expression, information-sharing, open communities caused users some level of distress that affects their mental state. However, with every story that comes out these days of or relating to mental illnesses and social media, people are no longer in denial that being online has become the worldÕs default state. With that primary connection comes a full spectrum of emotions and perspectives that shifted how society views the self, their community, and their roles in being a ÔnetizenÕ. The blurring of lines of whatÕs considered appropriate content, the multiple performances of everyday life, and the imagery that constitutes "happiness", "satisfaction", "significance", "purpose", and "validation" can be described as overwhelming, disconcerting, and stressful to an extent. For borderline Millennials like myself the generation Digital Natives being offline is now an escape from the harsh realities of the online society.

These studies shed light on new narratives that recognized how curating the perfect and seamless life online not only affects the users viewing the content but even the content producers themselves, cracking under pressure and giving into the expectation of "Keeping the Image Alive", whatever it takes. Online life gave "peer pressure" a new meaning.

But users can only deal with so much pressure without sacrificing a part of themselves. During the emergence of social media in early 2000s, users felt the need to go online to escape their personal problems and live in another world where everything seemed easy and possible; where anonymity was powerful and so was virtually traveling in a borderless space where a link opens doors for personal, professional, political, and socio-economic transformation. A quick turn of events, users now wish to escape from the clamor of Twitter threads, Instagram stories, Snaps, and political rants and fake news on Facebook. More and more users deactivate and hibernate, get on board a "social media detox" to rid of the "poison" online content and their [e]nvironments has caused them, all in search for a new something to be called "real".

This narrative essay explores several dimensions why users choose to deactivate, and how that very choice is more of a symptom of a societal anomaly rather than a simple "break" from the chaotic world of social media. It is written in the perspective of a Digital Native - a person who has an inextricable affinity to digital devices but at the same time, is in touch with the analog way of life. The choice of going offline is not only to focus on what used to be real (a life away from the Internet), but it is to gather wits together, stay away from perfectly curated lives to keep sane, and ultimately, to chase life's curiosities and ambitions without having the need to validate achievements with a Like.

Elishia Vaz

Dynamics of the ‘offline’ self-diagnosis, exploration of the corporeal and the politics of information

The corpus of information on health and related topics in the online sphere has caused much concern in relation to self-diagnosis. Concepts like cyberchondria have emerged with the medicalisation of behaviour that uses online health information to explore the corporeal disabilities of the body. While literature has largely concentrated on individual susceptibilities to Cyberchondria and corresponding negative and positive results of the behaviour, there is little that explores the politics of information that characterises this trope. The behaviours of self-diagnosis and exploration of the corporeal often challenge the symptomatology of the offline allopathic physician. The physician often deals with an informed patient. Yet, the questions remain. If online information drives such offline corporeal exploration, who is left out? Are behaviours analogous to cyberchondria a privilege when viewed from a lens of digital marginalization? Are only those who have access to and can make sense of the online health discourse afforded simultaneous access to their offline corporeal bodies in ways that the digitally marginalized are not? This article uses semi-structured qualitative in-depth interviews with doctors to explore the dynamics of exploring the offline corporeal in the presence of online health information.

Karandeep Mehra

The Shadow that Social Media Casts: The Doubled Offlines of Online Sociality

In William Gibson’s cyberpunk novel Neuromancer, the protagonist ‘Case’ ‘jacks in’ and ‘jacks out’ of ‘cyberspace’. Yet when ostracized from cyberspace, when there is no more a possibility of jacking in, Case suffers a withdrawal from the ‘SimStim’ – simulated stimulations of cyberspace – and he crumbles in the hollow ache of this isolation “as the dreams came on in the Japanese night like livewire voodoo, and he'd cry for it, cry in his sleep, and wake alone in the dark, curled in his capsule in some coffin hotel, hands clawed into the bedslab, temper foam bunched between his fingers, trying to reach the console that wasn't there.”

Neuromancer has already been deemed prophetic by critics and theorists, yet in beginning with Gibson, this paper seeks to throw into relief a problem that has now begun to receive scholarly and academic attention. Namely, the legitimacy of drawing a line between the online and offline, or the virtual and the real. With Case, the real or the offline only becomes possible within the capacity to access or enter the virtual or online. To think of an offline without this capacity, but after it has become possible, is to confront a detritus, a second offline – a hapless clawing dexterity, with dreams that overrun an articulated, identificatory imagination. Anthropologists like Boellstorff, and media theorists like Yuk Hui, have resolved this problem though they have left unexplained this detritus. Instead they resolve the problem through a tight coupling of the online and offline, and rightly so, dismiss any attempts to think of the real in any way unaffected by the virtual.

The purpose of this paper, though in agreement with the work of Hui and Boellstorff, and drawing from them, is to restage the problem to incorporate the unexplained detritus. That to understand how our conceptions of the subject must be recast to apprehend the transformations that the internet has wrought, must not resolve the opposition between offline and online. We must, instead, attend to the way the two offlines emerge, and the conceptualization of the threshold that oscillates to constitute them.

The paper understands these two offlines as emerging in what are called “shitstorms”, or moments of frenzy across social media that incite a whorl of discourse, where the speaking body becomes a medium for the propagation for viral forms. The threshold that constitutes them is the relation of the technical extension that makes this propagation possible. This relation leaves the body in a perpetual state of information entropy – that is as a disordered source of data - which must be ordered to be communicated successfully. This threshold that marks out the phase shift between disorder to order to make possible propagation, makes possible also the shadow of an incommunicable that it casts behind – an incommunicable that when understood through Walter Benjamin’s idea of “the torso of a symbol” can help us recast the subject of a network society, as a subject grounded on this shadow.

Preeti Mudliar

In WiFi Exile: The Offline Subjectivities of Online Women

In telecom policy imaginations that seek to bridge India’s digital divides, public WiFi hotspots are a particular favourite to ensure last mile Internet connectivity in rural areas. As infrastructures, WiFi networks are thought to privilege democratic notions of freedom and connectivity by rendering space salient as networked areas that only require users to have a WiFi enabled device to get online. However, the kind of spaces that WiFi networks occupy are not always accessible by women even though they are ostensibly public in nature. Social norms that restrict and confine women’s mobilities to certain sanctioned areas do not allow their Internet and digital literacies to be visible in the same way as men who are more easily recognized as active Internet and technology users.

The invisibility of women thus struggles to create a presence as desirable subjects of the Internet that WiFi infrastructures should also address. In a community where WiFi networks was hosted in public spaces, women reported hearing about WiFi and seeing men using WiFi, but had never used it themselves even though they were also active users of the Internet. With its inaccessibility, the WiFi infrastructure was a contradictory presence in the community for the women who found themselves confined to using the Internet with spotty prepaid mobile data plans. Their use and experience of the Internet was thus in many ways diminished and limited and they reported experiencing a state of offlineness in contrast to the men in their community who could frequent the WiFi hotspots and avail of high speed Internet leading to more expansive repertoires of use.

This essay proposes a reflection on how the offline can be relational and constituted by the way infrastructures compose certain user subjectivities even while they exile others from being a part of their networks. It expands on Brian Larkin’s contention that in addition to their technical affordances, infrastructures are also equally semiotic and aesthetic forms that are oriented towards creating and addressing certain subjects. It thus asks, how do public WiFi deployments unwittingly create and constitute, what Bardzell and Bardzell call, as ‘subject positions’ of WiFi Internet users and non-users? How do these subject positions inform subjectivities of felt experience of the WiFi that translate to experiencing the offline even while being online?

Rianka Roy

Information Offline: Labour, Surveillance and Activism in the Indian IT&ITES Industry

In India the public availability of the internet in the nineties coincided with the beginning of liberalisation. Online connectivity brought the aura of globalization to this country. The internet was a privilege of the few. The Information Technology sector (along with the IT-enabled service industry) had an elite status. Its employees visited, and immigrated to western countries. In fact, India still remains one the major suppliers of cheap labour in the global IT sector.

Over the years the aura of the internet waned. In Digital India the State now projects the internet as a necessity. However, IT&ITES companies still identify the labour of their ‘white collar’ employees as a superior vocation. This vague claim to sophistication strips the digitally-connected workforce of various labour rights. Long hours, working from home, and surveillance on personal social media are normative practices in this industry. I conducted a case study on Indian IT&ITES employees for my doctoral research (2013-2018). It showed that protocols of online conduct influence these employees’ offline behaviour. For example, even without digital intervention, employees engage in manual self-surveillance and peer-surveillance to complement the digital surveillance of their organisations. They defend this naturalised practice as employers’ prerogative. Offline attributes like reflective glass walls in the office interior and exterior, reinforce this organisational culture.

Online connectivity is so deeply entrenched in this industry that even dissent seeks digital representation. Activist groups like the Forum for IT Employees (FITE) and the Union for IT & ITES (UNITES) run online campaigns parallel to their offline activism—adopting a hybrid method of protest. They have not abandoned the networks that ensnare them. Paradoxically they embody the same principle of exclusivity that their employers enforce on them. In their interviews, some activists have condemned militant trade unionism prevalent in other industries. For them, their online access sets them apart, and above their industrial couterparts. The “salaried bourgeoisie” (Zizek, p.12) refuse to align themselves with other labour unions.

My paper examines the impact of the near-absence of offline parameters in this industry. On the basis of company policies and interviews of IT&ITES employees, it examines if employees can stand up to digital dominance and secure their rights without conventional modes of offline protests.

Simiran Lalvani

The Offline as a Place of Work: Examining Food Discovery and Delivery by Digital Platforms

Digital platforms for food discovery and delivery are generally viewed as convenient, efficient, allowing discovery of choices beyond the familiar and as reliable sources of information regarding credibility through ratings, comments and photographs.

The digital divide after demonetisation became more stark as those with access to the online abandoned the offline service providers for their digital counterparts. The adverse impact of this digital divide on offline, informal goods and service providers like local kirana stores, autorickshaw drivers, hawkers has been highlighted and the paradox of formalising the financial system while informalising labour has been pointed out too. In a similar vein, this essay examines continuities and changes in the practices of food discovery and delivery in the context of new digital platforms. How do practices of offline food discovery and delivery respond to the introduction of digital platforms?

Recently, the Food Safety and Standards Association of India (FSSAI) found that nearly 40 percent of listings on 10 digital platforms like Swiggy and Zomato were of unlicensed food operators. The FSSAI directed these digital platforms to delist these unlicensed entities and also commented that some of the platforms themselves did not have required licenses.

This essay therefore turns attention away from the impact of digital platforms on offline, informal food operators and towards the digital platforms themselves and the large swathes of informal labour employed in the offline by such platforms. It focuses on location-based gig work4 like delivery to highlight the role of these workers in running the online. It does so in order to avoid obfuscating the role of such workers in making the online seem formal, efficient and reliable. Finally, it asks how working for the online in the offline allows a denial of their status as employees and invisibilisation of such work and workers.

Srikanth Lakshmanan

The Cash Merchant

The paper explores the various reasons for merchants remaining offline and using cash over digital payments, both willingly and without a choice, various factors leading to it, the rationale for their choices, policy responses by the state and industry in furthering promotion of digital payments. Demonetisation not only made everyone including merchants seek alternatives to cash in order to continue the business but also provided a policy window for digital payments industry to get a faster regulatory, policy clearances, get the government to invest in incentivising digital payments. Despite these, the cash to digital shift has not taken place and the demonetisation trends in increased digital payments across modes reversed after cash was back in the system.

The paper attempts to document infrastructural, commercial, social issues preventing the adoption and the responses of merchants, industry to various policy prescription/enablement to increase adoption whose outcomes are unclear and have not been evaluated.

Infrastructural issues include technology, policy, regulatory, industry challenges in expanding the existing infrastructure. The lack of physical, regulatory, legal infrastructure prevents growth and merchants from adopting digital payments. Commercial issues include economics of direct and indirect costs to the merchant incurred in owning, accepting digital payments, commercial considerations of various ecosystem players including banks, payment processors that inhibit adoption. Social issues include awareness, literacy including digital, financial literacy, trust, behaviour shift, convenience, exercising choice towards cash.

Ever since the demonetisation, there is a heightened activity from industry and various arms of the government has been active in promoting digital payments. Industry-led by banks and fintech ecosystem has built a range of mobile-enabled digital payment platforms/products such wallets, BHIM-UPI, BHIM-Aadhaar, BharatQR to enable asset light merchant acceptance infrastructure, expanded merchant base in addition to catering to the surge in demand of card-accepting PoS machines. The government had undertaken a massive awareness program Digidhan soon after demonetisation and had also set up National Digital Payments Mission to promote, oversee the sustainable growth of digital payments. Various ministries are also adopting digital payments in their functioning. It also aided behavioural shift through cashback, incentivisation schemes, some specifically targeted at merchants, reimbursement of card processing charges for smaller merchants and even has in principle proposed a 20% discount on the GST. It has remained light touch on the regulation by not setting up the regulator even after 18 months of announcing the same.

The paper will analyse how the efforts of industry and government have been met by the merchant and look at factors which can and cannot be changed with policy interventions and real scope of digital payments in the merchant ecosystem.

Titiksha Vashist

Byung-Chul Han in his celebrated book “In the Swarm” warns us of the dangers of the mob that is increasingly replacing the ‘crowd’ or collective which constituted the mass of politics. He states that no true politics is possible in the digital era, where online communities lack a sense of spirit, a “we” that is now a swarm of individuals. Despite his theoretical brilliance, Han forgets that he cannot talk of the digital, the online without the offline. Politics has occurred, and continues to exist in the offline space, using the internet to spread its wings. It is not the online as-is, which has become the subject of philosophy, politics, art and aesthetics that characterises itself alone, sealed off as a space where events occur, identities formed and movements created. It is in fact, the offline that brings the online into being and gives it a myriad of meaning. While access, priviledge, commerce and capital are major themes while discussing internet access, we must not forget that the online is not merely a question of choice or access- but one that is often carefully disabled on purpose to control the offline. In India as well as other parts of the world, the internet has been interrupted for long durations to exercise political control and power, often crippling populations. According to a report by the Software Freedom Law Center (SFLC), an organisation that keeps a track on internet shutdowns in the country, India has seen 244 shutdowns in 2012, of which 108 have been enforced on 2018 alone. These have been concentrated in areas such as Jammu and Kashmir and the North-East, and in instances of violence and resistance as well.

An internet shutdown is the digital equivalent of a curfew, and its application raises questions regarding its cause, uses and political intent. The internet as means, as an enabler of political action is seen as threatening, given the shift in the way people today communicate with one another. Internet bans and shutdowns are not only matters of commerce, but also pose the question of politics to understand when and how power is exercised. An offline created out of a shutdown is different- it is curated on purpose and calls for alternative means by which functionalities of daily life, resistance, capital and media occur. This essay aims to explore how the political image of the “sovereign” also enters the digital space to carefully construct, cut- off and marginalized voices, all in the name of state security, and law and order. According to philosopher Carl Schmitt, the sovereign is he who decides on the exception, and the offline is increasingly becoming a space of exception where those who control the digital can influence the political in real time. In this context, how do we understand the relationship of power and digital access? This essay focuses on three broad questions: (a) Is there a community online capable of political action that is facilitated by the internet? (b) How does power function in internet shutdowns and are they threats to democratic freedom of expression? And finally, (c) How do we begin to unpack the ‘online’ and the ‘offline’ in such a context?

Dr. Yenn Lee

Online consequences of being offline: A gendered tale from South Korea

We hear numerous anecdotes of people facing the consequences of their online activity when offline. Some have lost jobs, have been disciplined in school, or have wound up in court for what they have posted online. However, in comparison, there has been somewhat limited discussion of the reverse scenario, where going about one's day-to-day life offline leads to violations of one's online self.

This essay is concerned with a new and unparalleled phenomenon in South Korea, locally termed molka. Literally meaning 'hidden camera', molka refers to the genre of women being filmed in the least expected of situations, including cubicles in public restrooms and in the midst of car accidents, and the footage being traded and consumed as entertainment. This is distinct from revenge porn or cyber-stalking where the perpetrators usually target a known or pre-determined individual with the intention of humiliating them or to exercise control. The subjects of molka are victimised for merely existing offline and are mostly unaware that their privacy has been violated until they are recognised by someone who knows them and informs them (or inflicts further harm). In response to the rising trend of molka, tens of thousands of frustrated and infuriated women have staged monthly protest rallies in central Seoul since May 2018, urging government intervention. Ironically, women gathered offline to protest against molka have been subjected to further molka crimes with unconsented photos of themselves at the rallies surfacing online and many have been the target of misogynous attacks.

Informed by the author's multi-year ethnographic study of technologically mediated and heightened tensions in contemporary South Korean society, this essay provides a succinct yet contextualised account of the molka phenomenon. With particular attention to the ways in which the phenomenon has developed while shifting between offline and online realms, the essay demonstrates the gendered nature of digital privacy and harassment, and the broader implications of this Korean phenomenon for women in other parts of the world.

For more details visit https://cis-india.org/raw/essays-on-offline-selected-abstracts

AI in India: A Policy Agenda

Amber Sinha, Elonnai Hickok and Arindrajit Basu — 2018-09-05T15:39:59Z

Click to download the file

Background

Over the last few months, the Centre for Internet and Society has been engaged in the mapping of use and impact of artificial intelligence in health, banking, manufacturing, and governance sectors in India through the development of a case study compendium.^{^[1]} Alongside this research, we are examining the impact of Industry 4.0 on jobs and employment and questions related to the future of work in India. We have also been a part of several global conversations on artificial intelligence and autonomous systems. The Centre for Internet and Society is part of the Partnership on Artificial Intelligence, a consortium which has representation from some of most important companies and civil society organisations involved in developments and research on artificial intelligence. We have contributed to the The IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems, and are also a part of a Big Data for Development Global Network, where we are undertaking research towards evolving ethical principles for use of computational techniques. The following are a set of recommendations we have arrived out of our research into artificial intelligence, particularly the sectoral case studies focussed on the development and use of artificial intelligence in India.

National AI Strategies: A Brief Global Overview

Artificial Intelligence is emerging as a central policy issue in several countries. In October 2016, the Obama White House released a report titled, “Preparing for the Future of Artificial Intelligence”^{^[2]} delving into a range of issues including application for public goods, regulation, economic impact, global security and fairness issues. The White House also released a companion document called the “National Artificial Intelligence Research and Development Strategic Plan”^{^[3]} which laid out a strategic plan for Federally-funded research and development in AI. These were the first of a series of policy documents released by the US towards the role of AI. The United Kingdom announced its 2020 national development strategy and issued a government report to accelerate the application of AI by government agencies while in 2018 the Department for Business, Energy, and Industrial Strategy released the Policy Paper - AI Sector Deal.^{^[4]} The Japanese government released it paper on Artificial Intelligence Technology Strategy in 2017.^{^[5]} The European Union launched "SPARC," the world’s largest civilian robotics R&D program, back in 2014.^{^[6]}

Over the last year and a half, Canada,^{^[7]} China,^{^[8]} the UAE,^{^[9]} Singapore,^{^[10]} South Korea^{^[11]}, and France^{^[12]} have announced national AI strategy documents while 24 member States in the EU have committed to develop national AI policies that reflect a “European” approach to AI ^{^[13]}. Other countries such as Mexico and Malaysia are in the process of evolving their national AI strategies. What this suggests is that AI is quickly emerging as central to national plans around the development of science and technology as well as economic and national security and development. There is also a focus on investments enabling AI innovation in critical national domains as a means of addressing key challenges facing nations. India has followed this trend and in 2018 the government published two AI roadmaps - the Report of Task Force on Artificial Intelligence by the AI Task Force constituted by the Ministry of Commerce and Industry^{^[14]} and the National Strategy for Artificial Intelligence by Niti Aayog.^{^[15]} Some of the key themes running across the National AI strategies globally are spelt out below.

Economic Impact of AI

A common thread that runs across the different national approaches to AI is the belief in the significant economic impact of AI, that it will likely increase productivity and create wealth. The British government estimated that AI could add $814 billion to the UK economy by 2035. The UAE report states that by 2031, AI will help boost the country’s GDP by 35 per cent, reduce government costs by 50 per cent. Similarly, China estimates that the core AI market will be worth 150 billion RMB ($25bn) by 2020, 400 billion RMB ($65bn) and one trillion RMB ($160bn) by 2030. The impact of adoption of AI and automation of labour and employment is also a key theme touched upon across the strategies. For instance, the White House Report of October 2016 states the US workforce is unprepared – and that a serious education programme, through online courses and in-house schemes, will be required.^{^[16]}

State Funding

Another key trend exhibited in all national strategies towards AI has been a commitment by the respective governments towards supporting research and development in AI. The French government has stated that it intends to invest €1.5 billion ($1.85 billion) in AI research in the period through to 2022. The British government’s recommendations, in late 2017, were followed swiftly by a promise in the autumn budget of new funds, including at least £75 million for AI. Similarly, the the Canadian government put together a $125-million ‘pan-Canadian AI strategy’ last year.

AI for Public Good

The use of AI for Public Good is a significant focus of most AI policies. The biggest justification for AI innovation as a legitimate objective of public policy is its promised impact towards improvement of people’s lives by helping to solve some of the world’s greatest challenges and inefficiencies, and emerge as a transformative technology, much like mobile computing. These public good uses of AI are emerging across sectors such as transportation, migration, law enforcement and justice system, education, and agriculture..

National Institutions leading AI research

Another important trend which was key to the implementation of national AI strategies is the creation or development of well-funded centres of excellence which would serve as drivers of research and development and leverage synergies with the private sector. The French Institute for Research in Computer Science and Automation (INRIA) plans to create a national AI research program with five industrial partners. In UK, The Alan Turing Institute is likely to emerge as the national institute for data science, and an AI Council would be set up to manage inter-sector initiatives and training. In Canada, Canadian Institute for Advanced Research (CIFAR) has been tasked with implementing their AI strategy. Countries like Japan has a less centralised structure with the creation of strategic council for AI technology’ to promote research and development in the field, and manage a number of key academic institutions, including NEDO and its national ICT (NICT) and science and tech (JST) agencies. These institutions are key to successful implementation of national agendas and policies around AI.

AI, Ethics and Regulation

Across the AI strategies — ethical dimensions and regulation of AI were highlighted as concerns that needed to be addressed. Algorithmic transparency and explainability, clarity on liability, accountability and oversight, bias and discrimination, and privacy are ethical and regulatory questions that have been raised. Employment and the future of work is another area of focus that has been identified by countries. For example, the US 2016 Report reflected on if existing regulation is adequate to address risk or if adaption is needed by examining the use of AI in automated vehicles. In the policy paper - AI Sector Deal - the UK proposes four grand challenges: AI and Data Economy, Future Mobility, Clean Growth, and Ageing Society. The Pan Canadian Artificial Intelligence Strategy focuses on developing global thought leadership on the economic, ethical, policy, and legal implications of advances in artificial intelligence.^{^[17]}

The above are important factors and trends to take into account and to different extents have been reflected in the two national roadmaps for AI. Without adequate institutional planning, there is a risk of national strategies being too monolithic in nature. Without sufficient supporting mechanisms in the form of national institutions which would drive the AI research and innovation, capacity building and re-skilling of workforce to adapt to changing technological trends, building regulatory capacity to address new and emerging issues which may disrupt traditional forms of regulation and finally, creation of an environment of monetary support both from the public and private sector it becomes difficult to implement a national strategy and actualize the potentials of AI . As stated above, there is also a need for identification of key national policy problems which can be addressed by the use of AI, and the creation of a framework with institutional actors to articulate the appropriate plan of action to address the problems using AI. There are several ongoing global initiatives which are in the process of trying to articulate key principles for ethical AI. These discussions also feature in some of the national strategy documents.

Key considerations for AI policymaking in India

As mentioned above, India has published two national AI strategies. We have responded to both of these here^{^[18]} and here.^{^[19]} Beyond these two roadmaps, this policy brief reflects on a number of factors that need to come together for India to leverage and adopt AI across sectors, communities, and technologies successfully.

Resources, Infrastructure, Markets, and Funding

Ensure adequate government funding and investment in R&D

As mentioned above, a survey of all major national strategies on AI reveals a significant financial commitment from governments towards research and development surrounding AI. Most strategy documents speak of the need to safeguard national ambitions in the race for AI development. In order to do so it is imperative to have a national strategy for AI research and development, identification of nodal agencies to enable the process, and creation of institutional capacity to carry out cutting edge research.

Most jurisdictions such as Japan, UK and China have discussed collaborations between the industry and government to ensure greater investment into AI research and development. The European Union has spoken using the existing public-private partnerships, particularly in robotics and big data to boost investment by over one and half times.^{^[20]} To some extent, this step has been initiated by the Niti Aayog strategy paper. The paper lists out enabling factors for the widespread adoption of AI and maps out specific government agencies and ministries that could promote such growth. In February 2018, the Ministry of Electronics and IT also set up four committees to prepare a roadmap for a national AI programme. The four committees are presently studying AI in context of citizen centric services; data platforms; skilling, reskilling and R&D; and legal, regulatory and cybersecurity perspectives.^{^[21]}

Democratize AI technologies and data

Clean, accurate, and appropriately curated data is essential for training algorithms. Importantly, large quantities of data alone does not translate into better results. Accuracy and curation of data should be prerequisites to quantity of data. Frameworks to generate and access larger quantity of data should not hinge on models of centralized data stores. The government and the private sector are generally gatekeepers to vast amounts of data and technologies. Ryan Calo has called this an issue of data parity,^{^[22]} where only a few well established leaders in the field have the ability to acquire data and build datasets. Gaining access to data comes with its own questions of ownership, privacy, security, accuracy, and completeness. There are a number of different approaches and techniques that can be adopted to enable access to data.

Open Government Data

Robust open data sets is one way in which access can be enabled. Open data is particularly important for small start-ups as they build prototypes. Even though India is a data dense country and has in place a National Data and Accessibility Policy India does not yet have robust and comprehensive open data sets across sectors and fields. Our research found that this is standing as an obstacle to innovation in the Indian context as startups often turn to open datasets in the US and Europe for developing prototypes. Yet, this is problematic because the demography represented in the data set is significantly different resulting in the development of solutions that are trained to a specific demographic, and thus need to be re-trained on Indian data. Although AI is technology agnostic, in the cases of different use cases of data analysis, demographically different training data is not ideal. This is particularly true for certain categories such as health, employment, and financial data.

The government can play a key role in providing access to datasets that will help the functioning and performance of AI technologies. The Indian government has already made a move towards accessible datasets through the Open Government Data Platform which provides access to a range of data collected by various ministries. Telangana has developed its own Open Data Policy which has stood out for its transparency and the quality of data collected and helps build AI based solutions.

In order to encourage and facilitate innovation, the central and state governments need to actively pursue and implement the National Data and Accessibility Policy.

Access to Private Sector Data

The private sector is the gatekeeper to large amounts of data. There is a need to explore different models of enabling access to private sector data while ensuring and protecting users rights and company IP. This data is often considered as a company asset and not shared with other stakeholders. Yet, this data is essential in enabling innovation in AI.

Amanda Levendowski states that ML practitioners have essentially three options in securing sufficient data— build the databases themselves, buy the data, or use data in the public domain. The first two alternatives are largely available to big firms or institutions. Smaller firms often end resorting to the third option but it carries greater risks of bias.

A solution could be federated access, with companies allowing access to researchers and developers to encrypted data without sharing the actual data. Another solution that has been proposed is ‘watermarking’ data sets.

Data sandboxes have been promoted as tools for enabling innovation while protecting privacy, security etc. Data sandboxes allow companies access to large anonymized data sets under controlled circumstances. A regulatory sandbox is a controlled environment with relaxed regulations that allow the product to be tested thoroughly before it is launched to the public. By providing certification and safe spaces for testing, the government will encourage innovation in this sphere. This system has already been adopted in Japan where there are AI specific regulatory sandboxes to drive society 5.0.160 data sandboxes are tools that can be considered within specific sectors to enable innovation. A sector wide data sandbox was also contemplated by TRAI.^{^[23]} A sector specific governance structure can establish a system of ethical reviews of underlying data used to feed the AI technology along with data collected in order to ensure that this data is complete, accurate and has integrity. A similar system has been developed by Statistics Norway and the Norwegian Centre for Research Data.^{^[24]}

AI Marketplaces

The National Roadmap for Artificial Intelligence by NITI Aayog proposes the creation of a National AI marketplace that is comprised of a data marketplace, data annotation marketplace, and deployable model marketplace/solutions marketplace.^{^[25]} In particular, it is envisioned that the data marketplace would be based on blockchain technology and have the features of: traceability, access controls, compliance with local and international regulations, and robust price discovery mechanism for data. Other questions that will need to be answered center around pricing and ensuring equal access. It will also be interesting how the government incentivises the provision of data by private sector companies. Most data marketplaces that are emerging are initiated by the private sector.^{^[26]} A government initiated marketplace has the potential to bring parity to some of the questions raised above, but it should be strictly limited to private sector data in order to not replace open government data.

Open Source Technology

A number of companies are now offering open source AI technologies. For example, TensorFlow, Keras, Scikit-learn, Microsoft Cognitive Toolkit, Theano, Caffe, Torch, and Accord.NET.^{^[27]} The government should incentivise and promote open source AI technologies towards harnessing and accelerating research in AI.

Re-thinking Intellectual Property Regimes

Going forward it will be important for the government to develop an intellectual property framework that encourages innovation. AI systems are trained by reading, viewing, and listening to copies of human-created works. These resources such as books, articles, photographs, films, videos, and audio recordings are all key subjects of copyright protection. Copyright law grants exclusive rights to copyright owners, including the right to reproduce their works in copies, and one who violates one of those exclusive rights “is an infringer of copyright.^{^[28]}

The enterprise of AI is, to this extent, designed to conflict with tenets of copyright law, and after the attempted ‘democratization’ of copyrighted content by the advent of the Internet, AI poses the latest challenge to copyright law. At the centre of this challenge is the fact that it remains an open question whether a copy made to train AI is a “copy” under copyright law, and consequently whether such a copy is an infringement.^{^[29]} The fractured jurisprudence on copyright law is likely to pose interesting legal questions with newer use cases of AI. For instance, Google has developed a technique called federated learning, popularly referred to as on-device ML, in which training data is localised to the originating mobile device rather than copying data to a centralized server.^{^[30]} The key copyright questions here is whether decentralized training data stored in random access memory (RAM) would be considered as “copies”.^{^[31]} There are also suggestions that copies made for the purpose of training of machine learning systems may be so trivial or de minimis that they may not qualify as infringement.^{^[32]} For any industry to flourish, there needs to be legal and regulatory clarity and it is imperative that these copyright questions emerging out of use of AI be addressed soon.

As noted in our response to the Niti Aayog national AI strategy “The report also blames the current Indian Intellectual Property regime for being “unattractive” and averse to incentivising research and adoption of AI. Section 3(k) of Patents Act exempts algorithms from being patented, and the Computer Related Inventions (CRI) Guidelines have faced much controversy over the patentability of mere software without a novel hardware component. The paper provides no concrete answers to the question of whether it should be permissible to patent algorithms, and if yes, to to what extent. Furthermore, there needs to be a standard either in the CRI Guidelines or the Patent Act, that distinguishes between AI algorithms and non-AI algorithms. Additionally, given that there is no historical precedence on the requirement of patent rights to incentivise creation of AI, innovative investment protection mechanisms that have lesser negative externalities, such as compensatory liability regimes would be more desirable. The report further failed to look at the issue holistically and recognize that facilitating rampant patenting can form a barrier to smaller companies from using or developing AI. This is important to be cognizant of given the central role of startups to the AI ecosystem in India and because it can work against the larger goal of inclusion articulated by the report.”^{^[33]}

National infrastructure to support domestic development

Building a robust national Artificial Intelligence solution requires establishing adequate indigenous infrastructural capacity for data storage and processing. While this should not necessarily extend to mandating data localisation as the draft privacy bill has done, capacity should be developed to store data sets generated by indigenous nodal points.

AI Data Storage

Capacity needs to increase as the volume of data that needs to be processed in India increases. This includes ensuring effective storage capacity, IOPS (Input/Output per second) and ability to process massive amounts of data.

AI Networking Infrastructure

Organizations will need to upgrade their networks in a bid to upgrade and optimize efficiencies of scale. Scalability must be undertaken on a high priority which will require a high-bandwidth, low latency and creative architecture, which requires appropriate last mile data curation enforcement.

Conceptualization and Implementation

Awareness, Education, and Reskilling

Encouraging AI research

This can be achieved by collaborations between the government and large companies to promote accessibility and encourage innovation through greater R&D spending. The Government of Karnataka, for instance, is collaborating with NASSCOM to set up a Centre of Excellence for Data Science and Artificial Intelligence (CoE-DS&AI) on a public-private partnership model to “accelerate the ecosystem in Karnataka by providing the impetus for the development of data science and artificial intelligence across the country.” Similar centres could be incubated in hospitals and medical colleges in India. Principles of public funded research such as FOSS, open standards, and open data should be core to government initiatives to encourage research. The Niti Aaayog report proposes a two tier integrated approach towards accelerating research, but is currently silent on these principles.^{^[34]}

Therefore,as suggested by the NITI AAYOG Report, the government needs to set up ‘centres of excellence’. Building upon the stakeholders identified in the NITI AAYOG Report, the centers of excellence should involve a wide range of experts including lawyers, political philosophers, software developers, sociologists and gender studies from diverse organizations including government, civil society,the private sector and research institutions to ensure the fair and efficient roll out of the technology.^{^[35]} An example is the Leverhulme Centre for the Future of Intelligence set up by the Leverhulme Foundation at the University of Cambridge^{^[36]} and the AI Now Institute at New York University (NYU)^{^[37]} These research centres bring together a wide range of experts from all over the globe.^{^[38]}

Skill sets to successfully adopt AI

Educational institutions should provide opportunities for students to skill themselves to adapt to adoption of AI, and also push for academic programmes around AI. It is also important to introduce computing technologies such as AI in medical schools in order to equip doctors to adopt the technical skill sets and ethics required to use integrate AI in their practices. Similarly, IT institutes could include courses on ethics, privacy, accountability etc. to equip engineers and developers with an understanding of the questions surrounding the technology and services they are developing.

Societal Awareness Building

Much of the discussion around skilling for AI is in the context of the workplace, but there is a need for awareness to be developed across society for a broader adaptation to AI. The Niti Aayog report takes the first steps towards this - noting the importance of highlighting the benefits of AI to the public. The conversation needs to go beyond this towards enabling individuals to recognize and adapt to changes that might be brought about - directly and indirectly - by AI - inside and outside of the workplace. This could include catalyzing a shift in mindset to life long learning and discussion around potential implications of human-machine interactions.

Early Childhood Awareness and Education

It is important that awareness around AI begins in early childhood. This is in part because children already interact with AI and increasingly will do so and thus awareness is needed in how AI works and can be safely and ethically used. It is also important to start building the skills that will be necessary in an AI driven society from a young age.

Focus on marginalised groups

Awareness, skills, and education should be targeted at national minorities including rural communities, the disabled, and women. Further, there should be a concerted focus on communities that are under-represented in the tech sector-such as women and sexual minorities-to ensure that the algorithms themselves and the community working on AI driven solutions are holistic and cohesive. For example, Iridescent focuses on girls, children, and families to enable them to adapt to changes like artificial intelligence through promoting curiosity, creativity, and perseverance to become lifelong learners.^{^[39]} This will be important towards ensuring that AI does not deepen societal and global inequalities including digital divides. Widespread use of AI will undoubtedly require re-skilling various stakeholders in order to make them aware of the prospects of AI.^{^[40]} Artificial Intelligence itself can be used as a resource in the re-skilling process itself-as it would be used in the education sector to gauge people’s comfort with the technology and plug necessary gaps.

Improved access to and awareness of Internet of Things

The development of smart content or Intelligent Tutoring Systems in the education can only be done on a large scale if both the teacher and the student has access to and feel comfortable with using basic IoT devices . A U.K. government report has suggested that any skilled workforce using AI should be a mix of those with a basic understanding responsible for implementation at the grassroots level , more informed users and specialists with advanced development and implementation skills.^{^[41]}The same logic applies to the agriculture sector, where the government is looking to develop smart weather-pattern tracking applications. A potential short-term solution may lie in ensuring that key actors have access to an IoT device so that he/she may access digital and then impart the benefits of access to proximate individuals. In the education sector, this would involve ensuring that all teachers have access to and are competent in using an IoT device. In the agricultural sector, this may involve equipping each village with a set of IoT devices so that the information can be shared among concerned individuals. Such an approach recognizes that AI is not the only technology catalyzing change - for example industry 4.0 is understood as comprising of a suite of technologies including but not limited to AI.

Public Discourse

As solutions bring together and process vast amounts of granular data, this data can be from a variety of public and private sources - from third party sources or generated by the AI and its interaction with its environment. This means that very granular and non traditional data points are now going into decision making processes. Public discussion is needed to understand social and cultural norms and standards and how these might translate into acceptable use norms for data in various sectors.

Coordination and collaboration across stakeholders

Development of Contextually Nuanced and Appropriate AI Solutions

Towards ensuring effectiveness and accuracy it is important that solutions used in India are developed to account for cultural nuances and diversity. From our research this could be done in a number of ways ranging from: training AI solutions used in health on data from Indian patients to account for differences in demographics^{^[42]}, focussing on natural language voice recognition to account for the diversity in languages and digital skills in the Indian context,^{^[43]} and developing and applying AI to reflect societal norms and understandings.^{^[44]}

Continuing, deepening, and expanding partnerships for innovation

Continued innovation while holistically accounting for the challenges that AI poses will be key for actors in the different sectors to remain competitive. As noted across case study reports partnerships is key in facilitating this innovation and filling capacity gaps. These partnerships can be across sectors, institutions, domains, geographies, and stakeholder groups. For example: finance/ telecom, public/private, national/international, ethics/software development/law, and academia/civil society/industry/government. We would emphasize collaboration between actors across different domains and stakeholder groups as developing holistics AI solutions demands multiple understandings and perspectives.

Coordinated Implementation

Key sectors in India need to begin to take steps to consider sector wide coordination in implementing AI. Potential stress and system wide vulnerabilities would need to be considered when undertaking this. Sectoral regulators such as RBI, TRAI, and the Medical Council of India are ideally placed to lead this coordination.

Develop contextual standard benchmarks to assess quality of algorithms

In part because of the nacency of the development and implementation of AI, towards enabling effective assessments of algorithms to understand impact and informing selection by institutions adopting solutions, standard benchmarks can help in assessing quality and appropriateness of algorithms. It may be most effective to define such benchmarks at a sectoral level (finance etc.) or by technology and solution (facial recognition etc.). Ideally, these efforts would be led by the government in collaboration with multiple stakeholders.

Developing a framework for working with the private sector for use-cases by the government

There are various potential use cases the government could adopt in order to use AI as a tool for augmenting public service delivery in India by the government. However, given lack of capacity -both human resource and technological-means that entering into partnerships with the private sector may enable more fruitful harnessing of AI- as has been seen with existing MOUs in the agricultural^{^[45]} and healthcare sectors.^{^[46]} However, the partnership must be used as a means to build capacity within the various nodes in the set-up rather than relying only on the private sector partner to continue delivering sustainable solutions.

Particularly, in the case of use of AI for governance, there is a need to evolve a clear parameter to do impact assessment prior to the deployment of the technology that clearly tries to map estimated impact of the technology of clearly defined objectives, which must also include the due process, procedural fairness and human rights considerations . As per Article 12 of the Indian Constitution, whenever the government is exercising a public function, it is bound by the entire gamut of fundamental rights articulated in Part III of the Constitution. This is a crucial consideration the government will have to bear in mind whenever it uses AI-regardless of the sector. In all cases of public service delivery, primary accountability for the use of AI should lie with the government itself, which means that a cohesive and uniform framework which regulates these partnerships must be conceptualised. This framework should incorporate : (a) Uniformity in the wording and content of contracts that the government signs, (b) Imposition of obligations of transparency and accountability on the developer to ensure that the solutions developed are in conjunction with constitutional standards and (c) Continuous evaluation of private sector developers by the government and experts to ensure that they are complying with their obligations.

Defining Safety Critical AI

The implications of AI differs according to use. Some countries, such as the EU, are beginning to define sectors where AI should play the role of augmenting jobs as opposed to functioning autonomously. The Global Partnership on AI is has termed sectors where AI tools supplement or replace human decision making in areas such as health and transportation as ‘safety critical AI’ and is researching best practices for application of AI in these areas. India will need to think through if there is a threshold that needs to be set and more stringent regulation applied. In addition to uses in health and transportation, defense and law enforcement would be another sector where certain use would require more stringent regulation.

Appropriate certification mechanisms

Appropriate certificate mechanisms will be important in ensuring the quality of AI solutions. A significant barrier to the adoption of AI in some sectors in India is acceptability of results, which include direct results arrived at using AI technologies as well as opinions provided by practitioners that are influenced/aided by AI technologies. For instance, start-ups in the healthcare sectors often find that they are asked to show proof of a clinical trial when presenting their products to doctors and hospitals, yet clinical trials are expensive, time consuming and inappropriate forms of certification for medical devices and digital health platforms. Startups also face difficulty in conducting clinical trials as there is lack of a clear regulation to adhere to. They believe that while clinical trials are a necessity with respect to drugs, the process often results in obsolescence of the technology by the time it is approved in the context of AI. Yet, medical practitioners are less trusting towards startups who do not have approval from a national or international authority. A possible and partial solution suggested by these startups is to enable doctors to partner with them to conduct clinical trials together. However, such partnerships cannot be at the expense of rigour, and adequate protections need to be built in the enabling regulation.

Serving as a voice for emerging economies in the global debate on AI

While India should utilise Artificial Intelligence in the economy as a means of occupying a driving role in the global debate around AI, it must be cautious before allowing the use of Indian territory and infrastructure as a test bed for other emerging economies without considering the ramifications that the utilisation of AI may have for Indian citizens. The NITI AAYOG Report envisions India as leverage AI as a ‘garage’ for emerging economies.^{^[47]} While there are certain positive connotations of this suggestion in so far as this propels India to occupy a leadership position-both technically and normatively in determining future use cases for AI in India,, in order to ensure that Indian citizens are not used as test subjects in this process, guiding principles could be developed such as requiring that projects have clear benefits for India.

Frameworks for Regulation

National legislation

Data Protection Law

India is a data-dense country, and the lack of a robust privacy regime, allows the public and private sector easier access to large amounts of data than might be found in other contexts with stringent privacy laws. India also lacks a formal regulatory regime around anonymization. In our research we found that this gap does not always translate into a gap in practice, as some start up companies have adopted self-regulatory practices towards protecting privacy such as of anonymising data they receive before using it further, but it does result in unclear and unharmonized practice..

In order to ensure rights and address emerging challenges to the same posed by artificial intelligence, India needs to enact a comprehensive privacy legislation applicable to the private and public sector to regulate the use of data, including use in artificial intelligence. A privacy legislation will also have to address more complicated questions such as the use of publicly available data for training algorithms, how traditional data categories (PI vs. SPDI - meta data vs. content data etc.) need to be revisited in light of AI, and how can a privacy legislation be applied to autonomous decision making. Similarly, surveillance laws may need to be revisited in light of AI driven technologies such as facial recognition, UAS, and self driving cars as they provide new means of surveillance to the state and have potential implications for other rights such as the right to freedom of expression and the right to assembly. Sectoral protections can compliment and build upon the baseline protections articulated in a national privacy legislation.^{^[48]} In August 2018 the Srikrishna Committee released a draft data protection bill for India. We have reflected on how the Bill addresses AI. Though the Bill brings under its scope companies deploying emerging technologies and subjects them to the principles of privacy by design and data impact assessments, the Bill is silent on key rights and responsibilities, namely the responsibility of the data controller to explain the logic and impact of automated decision making including profiling to data subjects and the right to opt out of automated decision making in defined circumstances.^{^[49]} Further, the development of technological solutions to address the dilemma between AI and the need for access to larger quantities of data for multiple purposes and privacy should be emphasized.

Discrimination Law

A growing area of research globally is the social consequences of AI with a particular focus on its tendency to replicate or amplify existing and structural inequalities. Problems such as data invisibility of certain excluded groups,^{^[50]} the myth of data objectivity and neutrality,^{^[51]} and data monopolization^{^[52]} contribute to the disparate impacts of big data and AI. So far much of the research on this subject has not moved beyond the exploratory phase as is reflected in the reports released by the White House^{^[53]} and Federal Trade Commission^{^[54]} in the United States. The biggest challenge in addressing discriminatory and disparate impacts of AI is ascertaining “where value-added personalization and segmentation ends and where harmful discrimination begins.”^{^[55]}

Some prominent cases where AI can have discriminatory impact are denial of loans based on attributes such as neighbourhood of residence as a proxies which can be used to circumvent anti-discrimination laws which prevent adverse determination on the grounds of race, religion, caste or gender, or adverse findings by predictive policing against persons who are unfavorably represented in the structurally biased datasets used by the law enforcement agencies. There is a dire need for disparate impact regulation in sectors which see the emerging use of AI.

Similar to disparate impact regulation, developments in AI, and its utilisation, especially in credit rating, or risk assessment processes could create complex problems that cannot be solved only by the principle based regulation. Instead, regulation intended specifically to avoid outcomes that the regulators feel are completely against the consumer, could be an additional tool that increases the fairness, and effectiveness of the system.

Competition Law

The conversation of use of competition or antitrust laws to govern AI is still at an early stage. However, the emergence of numerous data driven mergers or acquisitions such as Yahoo-Verizon, Microsoft-LinkedIn and Facebook-WhatsApp have made it difficult to ignore the potential role of competition law in the governance of data collection and processing practices. It is important to note that the impact of Big Data goes far beyond digital markets and the mergers of companies such as Bayer, Climate Corp and Monsanto shows that data driven business models can also lead to the convergence of companies from completely different sectors as well. So far, courts in Europe have looked at questions such as the impact of combination of databases on competition^{^[56]} and have held that in the context of merger control, data can be a relevant question if an undertaking achieves a dominant position through a merger, making it capable of gaining further market power through increased amounts of customer data. The evaluation of the market advantages of specific datasets has already been done in the past, and factors which have been deemed to be relevant have included whether the dataset could be replicated under reasonable conditions by competitors and whether the use of the dataset was likely to result in a significant competitive advantage.^{^[57]} However, there are limited circumstances in which big data meets the four traditional criteria for being a barrier to entry or a source of sustainable competitive advantage — inimitability, rarity, value, and non-substitutability.^{^[58]}

Any use of competition law to curb data-exclusionary or data-exploitative practices will first have to meet the threshold of establishing capacity for a firm to derive market power from its ability to sustain datasets unavailable to its competitors. In this context the peculiar ways in which network effects, multi-homing practices and how dynamic the digital markets are, are all relevant factors which could have both positive and negative impacts on competition. There is a need for greater discussion on data as a sources of market power in both digital and non-digital markets, and how this legal position can used to curb data monopolies, especially in light of government backed monopolies for identity verification and payments in India.

Consumer Protection Law

The Consumer Protection Bill, 2015, tabled in the Parliament towards the end of the monsoon session has introduced an expansive definition of the term “unfair trade practices.” The definition as per the Bill includes the disclosure “to any other person any personal information given in confidence by the consumer.” This clause excludes from the scope of unfair trade practices, disclosures under provisions of any law in force or in public interest. This provision could have significant impact on the personal data protection law in India. Alongside, there is also a need to ensure that principles such as safeguarding consumers personal information in order to ensure that the same is not used to their detriment are included within the definition of unfair trade practices. This would provide consumers an efficient and relatively speedy forum to contest adverse impacts on them of data driven decision-making.

Sectoral Regulation

Our research into sectoral case studies revealed that there are a number of existing sectoral laws and policies that are applicable to aspects of AI. For example, in the health sector there is the Medical Council Professional Conduct, Etiquette, and Ethics Regulations 2002, the Electronic Health Records Standards 2016, the draft Medical Devices Rules 2017, the draft Digital Information Security in Healthcare Act. In the finance sector there is the Credit Information Companies (Regulation) Act 2005 and 2006, the Securities and Exchange Board of India (Investment Advisers) Regulations, 2013, the Payment and Settlement Systems Act, 2007, the Banking Regulations Act 1949, SEBI guidelines on robo advisors etc. Before new regulations, guidelines etc are developed - a comprehensive exercise needs to be undertaken at a sectoral level to understand if 1. sectoral policy adequately addresses the changes being brought about by AI 2. If it does not - is an amendment possible and if not - what form of policy would fill the gap.

Principled approach

Transparency

Audits

Internal and external audits can be mechanisms towards creating transparency about the processes and results of AI solutions as they are implemented in a specific context. Audits can take place while a solution is still in ‘pilot’ mode and on a regular basis during implementation. For example, in the Payment Card Industry (PCI) tool, transparency is achieved through frequent audits, the results of which are simultaneously and instantly transmitted to the regulator and the developer. Ideally parts of the results of the audit are also made available to the public, even if the entire results are not shared.

Tiered Levels of Transparency

There are different levels and forms of transparency as well as different ways of achieving the same. The type and form of transparency can be tiered and dependent on factors such as criticality of function, potential direct and indirect harm, sensitivity of data involved, actor using the solution . The audience can also be tiered and could range from an individual user to senior level positions, to oversight bodies.

Human Facing Transparency

It will be important for India to define standards around human-machine interaction including the level of transparency that will be required. Will chatbots need to disclose that they are chatbots? Will a notice need to be posted that facial recognition technology is used in a CCTV camera? Will a company need to disclose in terms of service and privacy policies that data is processed via an AI driven solution? Will there be a distinction if the AI takes the decision autonomously vs. if the AI played an augmenting role? Presently, the Niti Aayog paper has been silent on this question.

Explainability

An explanation is not equivalent to complete transparency. The obligation of providing an explanation does not mean that the developer should necessarily know the flow of bits through the AI system. Instead, the legal requirement of providing an explanation requires an ability to explain how certain parameters may be utilised to arrive at an outcome in a certain situation.

Doshi-Velez and Kortz have highlighted two technical ideas that may enhance a developer's ability to explain the functioning of AI systems:^{^[59]}

1) Differentiation and processing: AI systems are designed to have the inputs differentiated and processed through various forms of computation-in a reproducible and robust manner. Therefore, developers should be able to explain a particular decision by examining the inputs in an attempt to determine which of them have the greatest impact on the outcome.

2) Counterfactual faithfulness: The second property of counterfactual faithfulness enables the developer to consider which factors caused a difference in the outcomes. Both these solutions can be deployed without necessarily knowing the contents of black boxes. As per Pasquale, ‘Explainability matters because the process of reason-giving is intrinsic to juridical determinations – not simply one modular characteristic jettisoned as anachronistic once automated prediction is sufficiently advanced.”^{^[60]}

Rules based system applied contextually

Oswald et al have suggested two proposals that might mitigate algorithmic opacity.by designing a broad rules-based system, whose implementation need to be applied in a context-specific manner which thoroughly evaluates the key enablers and challengers in each specific use case.^{^[61]}

Experimental proportionality was designed to enable the courts to make proportionality determinations of an algorithm at the experimental stage even before the impacts are fully realised in a manner that would enable them to ensure that appropriate metrics for performance evaluation and cohesive principles of design have been adopted. In such cases they recommend that the courts give the benefit of the doubt to the public sector body subject to another hearing within a stipulated period of time once data on the impacts of the algorithm become more readily available.
‘ALGO-CARE' calls for the design of a rules-based system which ensures that the algorithms^{^[62]} are:

(1) Advisory: Algorithms must retain an advisory capacity that augments existing human capability rather than replacing human discretion outright;

(2) Lawful: Algorithm's proposed function, application, individual effect and use of datasets should be considered in symbiosis with necessity, proportionality and data minimisation principles;

(3) Granularity: Issues such as data analysis issues such as meaning of data, challenges stemming from disparate tracts of data, omitted data and inferences should be key points in the implementation process;

(4) Ownership: Due regard should be given to intellectual property ownership but in the case of algorithms used for governance, it may be better to have open source algorithms at the default. Regardless of the sector,the developer must ensure that the algorithm works in a manner that enables a third party to investigate the workings of the algorithm in an adversarial judicial context.

(5)Challengeable:The results of algorithmic analysis should be applied with regard to professional codes and regulations and be challengeable. In a report evaluating the NITI AAYOG Discussion Paper, CIS has argued that AI that is used for governance , must be made auditable in the public domain,if not under Free and Open Source Software (FOSS)-particularly in the case of AI that has implications for fundamental rights.^{^[63]}

(6) Accuracy: The design of the algorithm should check for accuracy;

(7) Responsible: Should consider a wider set of ethical and moral principles and the foundations of human rights as a guarantor of human dignity at all levels and

(8) Explainable: Machine Learning should be interpretable and accountable.

A rules based system like ALGO-CARE can enable predictability in use frameworks for AI. Predictability compliments and strengthens transparency.

Accountability

Conduct Impact Assessment

There is a need to evolve Algorithmic Impact Assessment frameworks for the different sectors in India, which should address issues of bias, unfairness and other harmful impacts of use of automated decision making. AI is a nascent field and the impact of the technology on the economy, society, etc. is still yet to be fully understood. Impact assessment standards will be important in identifying and addressing potential or existing harms and could potentially be more important in sectors or uses where there is direct human interaction with AI or power dimensions - such as in healthcare or use by the government. A 2018 Report by the AI Now Institute lists methods that should be adopted by the government for conducting his holistic assessment^{^[64]}: These should include: (1) Self-assessment by the government department in charge of implementing the technology, (2)Development of meaningful inter-disciplinary external researcher review mechanisms, (3) Notice to the public regarding self-assessment and external review, (4)Soliciting of public comments for clarification or concerns, (5) Special regard to vulnerable communities who may not be able to exercise their voice in public proceedings. An adequate review mechanism which holistically evaluates the impact of AI would ideally include all five of these components in conjunction with each other.

Regulation of Algorithms

Experts have voiced concerns about AI mimicking human prejudices due to the biases present in the Machine Learning algorithms. Scientists have revealed through their research that machine learning algorithms can imbibe gender and racial prejudices which are ingrained in language patterns or data collection processes. Since AI and machine algorithms are data driven, they arrive at results and solutions based on available
and historical data. When this data itself is biased, the solutions presented by the AI will also be biased. While this is inherently discriminatory, scientists have provided solutions to rectify these biases which can occur at various stages by introducing a counter bias at another stage. It has also been suggested that data samples should be shaped in such a manner so as to minimise the chances of algorithmic bias. Ideally regulation of algorithms could be tailored - explainability, traceability, scrutability. We recommend that the national strategy on AI policy must take these factors into account and combination of a central agency driving the agenda, and sectoral actors framing regulations around specific uses of AI that are problematic and implementation is required.

As the government begins to adopt AI into governance - the extent to which and the circumstances autonomous decision making capabilities can be delegated to AI need to be questioned. Questions on whether AI should be autonomous, should always have a human in the loop, and should have a ‘kill-switch’ when used in such contexts also need to be answered. A framework or high level principles can help to guide these determinations. For example:

Modeling Human Behaviour: An AI solution trying to model human behaviour, as in the case of judicial decision-making or predictive policing may need to be more regulated, adhere to stricter standards, and need more oversight than an algorithm that is trying to predict ‘natural’ phenomenon such as traffic congestion or weather patterns.
Human Impact: An AI solution which could cause greater harm if applied erroneously-such as a robot soldier that mistakenly targets a civilian requires a different level and framework of regulation than an AI solution designed to create a learning path for a student in the education sector and errs in making an appropriate assessment..
Primary User: AI solutions whose primary users are state agents attempting to discharge duties in the public interest such as policemen, should be approached with more caution than those used by individuals such as farmers getting weather alerts

Fairness

It is possible to incorporate broad definitions of fairness into a wide range of data analysis and classification systems.^{^[65]} While there can be no bright-line rules that will necessarily enable the operator or designer of a Machine Learning System to arrive at an ex ante determination of fairness, from a public policy perspective, there must be a set of rules or best practices that explain how notions of fairness should be utilised in the real world applications of AI-driven solutions.^{^[66]} While broad parameters should be encoded by the developer to ensure compliance with constitutional standards, it is also crucial that the functioning of the algorithm allows for an ex-post determination of fairness by an independent oversight body if the impact of the AI driven solution is challenged.

Further, while there is no precedent on this anywhere in the world, India could consider establishing a Committee entrusted with the specific task of continuously evaluating the operation of AI-driven algorithms. Questions that the government would need to answer with regard to this body include:

What should the composition of the body be?
What should be the procedural mechanisms that govern the operation of the body?
When should the review committee step in? This is crucial because excessive review may re-entrench the bureaucracy that the AI driven solution was looking to eliminate.
What information will be necessary for the review committee to carry out its determination? Will there be conflicts with IP, and if so how will these be resolved?
To what degree will the findings of the committee be made public?
What powers will the committee have? Beyond making determinations, how will these be enforced?

Market incentives

Standards as a means to address data issues

With digitisation of legacy records and the ability to capture more granular data digitally, one of the biggest challenges facing Big Data is a lack of standardised data and interoperability frameworks. This is particularly true in the healthcare and medicine sector where medical records do not follow a clear standard, which poses a challenge to their datafication and analysis. The presence of developed standards in data management and exchange, interoperable Distributed Application Platform and Services, Semantic related standards for markup, structure, query, semantics, Information access and exchange have been spoken of as essential to address the issues of lack of standards in Big Data.^{^[67]}

Towards enabling usability of data, it is important that clear data standards are established. This has been recognized by Niti Aayog in its National Strategy for AI. On one hand, there can operational issues with allowing each organisation to choose their own specific standards to operate under, while on the other hand, non-uniform digitisation of data will also cause several practical problems, most primarily to do with interoperability of the individual services, as well as their usability. For instance, in the healthcare sector, though India has adopted an EHR policy, implementation of this policy is not yet harmonized - leading to different interpretations of ‘digitizing records (i.e taking snapshots of doctor notes), retention methods and periods, and comprehensive implementation across all hospital data. Similarly, while independent banks and other financial organisations are already following, or in the process of developing internal practices,there exist no uniform standards for digitisation of financial data. As AI development, and application becomes more mainstream in the financial sector, the lack of a fixed standard could create significant problems.

Better Design Principles in Data Collection

An enduring criticism of the existing notice and consent framework has been that long, verbose and unintelligible privacy notices are not efficient in informing individuals and helping them make rational choices. While this problem predates Big Data, it has only become more pronounced in recent times, given the ubiquity of data collection and implicit ways in which data is being collected and harvested. Further, constrained interfaces on mobile devices, wearables, and smart home devices connected in an Internet of Things amplify the usability issues of the privacy notices. Some of the issues with privacy notices include Notice complexity, lack of real choices, notices decoupled from the system collecting data etc. An industry standard for a design approach to privacy notices which includes looking at factors such as the timing of the notice, the channels used for communicating the notices, the modality (written, audio, machine readable, visual) of the notice and whether the notice only provides information or also include choices within its framework, would be of great help. Further, use of privacy by design principles can be done not just at the level of privacy notices but at each step of the information flow, and the architecture of the system can be geared towards more privacy enhanced choices.

^{^[1]} https://cis-india.org/internet-governance/blog/artificial-intelligence-in-india-a-compendium

^{^[2]} https://obamawhitehouse.archives.gov/sites/default/files/whitehouse_files/microsites/ostp/NSTC/preparing_for_the_future_of_ai.pdf

^{^[3]} https://www.nitrd.gov/PUBS/national_ai_rd_strategic_plan.pdf

^{^[4]} https://www.gov.uk/government/publications/artificial-intelligence-sector-deal/ai-sector-deal

^{^[5]} http://www.nedo.go.jp/content/100865202.pdf

^{^[6]} https://www.eu-robotics.net/sparc/10-success-stories/european-robotics-creating-new-markets.html?changelang=2

^{^[7]} https://www.cifar.ca/ai/pan-canadian-artificial-intelligence-strategy

^{^[8]} https://www.newamerica.org/cybersecurity-initiative/blog/chinas-plan-lead-ai-purpose-prospects-and-problems/

^{^[9]} http://www.uaeai.ae/en/

^{^[10]} https://www.aisingapore.org/

^{^[11]} https://news.joins.com/article/22625271

^{^[12]} https://www.aiforhumanity.fr/pdfs/MissionVillani_Report_ENG-VF.pdf

^{^[13]} https://ec.europa.eu/digital-single-market/en/news/communication-artificial-intelligence-europe https://www.euractiv.com/section/digital/news/twenty-four-eu-countries-sign-artificial-intelligence-pact-in-bid-to-compete-with-us-china/

^{^[14]} https://www.aitf.org.in/

^{^[15]} http://www.niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf

^{^[16]} https://obamawhitehouse.archives.gov/sites/default/files/whitehouse_files/microsites/ostp/NSTC/preparing_for_the_future_of_ai.pdf

^{^[17]} https://www.cifar.ca/ai/pan-canadian-artificial-intelligence-strategy

^{^[18]} https://cis-india.org/internet-governance/blog/the-ai-task-force-report-the-first-steps-towards-indias-ai-framework

^{^[19]} https://cis-india.org/internet-governance/blog/niti-aayog-discussion-paper-an-aspirational-step-towards-india2019s-ai-policy

^{^[20]} https://ec.europa.eu/digital-single-market/en/news/communication-artificial-intelligence-europe

^{^[21]} http://pib.nic.in/newsite/PrintRelease.aspx?relid=181007

^{^[22]} Ryan Calo, 2017 Artificial Intelligence Policy: A Primer and Roadmap. U.C. Davis L. Review,

Vol. 51, pp. 398 - 435.

^{^[23]} https://trai.gov.in/sites/default/files/CIS_07_11_2017.pdf

^{^[24]} https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf

^{^[25]} http://www.niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf

^{^[26]} https://martechtoday.com/bottos-launches-a-marketplace-for-data-to-train-ai-models-214265

^{^[27]} https://opensource.com/article/18/5/top-8-open-source-ai-technologies-machine-learning

^{^[28]} Amanda Levendowski, How Copyright Law Can Fix Artificial Intelligence’s

Implicit Bias Problem, 93 WASH. L. REV. (forthcoming 2018) (manuscript at 23, 27-32),

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3024938.

^{^[29]} Id.

^{^[30]} H. Brendan McMahan, et al., Communication-Efficient Learning of Deep Networks

from Decentralized Data, arXiv:1602.05629 (Feb. 17, 2016), https://arxiv.org/abs/1602.05629.

^{^[31]} Id.

^{^[32]} Pierre N. Leval, Nimmer Lecture: Fair Use Rescued, 44 UCLA L. REV. 1449, 1457 (1997).

^{^[33]} https://cis-india.org/internet-governance/blog/niti-aayog-discussion-paper-an-aspirational-step-towards-india2019s-ai-policy

^{^[34]} https://cis-india.org/internet-governance/blog/niti-aayog-discussion-paper-an-aspirational-step-towards-india2019s-ai-policy

^{^[35]} Discussion Paper on National Strategy for Artificial Intelligence | NITI Aayog | National Institution for Transforming India. (n.d.) p. 54. Retrieved from http://niti.gov.in/content/national-strategy-ai-discussion-paper.

^{^[36]} Leverhulme Centre for the Future of Intelligence, http://lcfi.ac.uk/.

^{^[37]} AI Now, https://ainowinstitute.org/.

^{^[38]} https://cis-india.org/internet-governance/ai-and-governance-case-study-pdf

^{^[39]} http://iridescentlearning.org/

^{^[40]} https://cis-india.org/internet-governance/ai-and-governance-case-study-pdf

^{^[41]} Points, L., & Potton, E. (2017). Artificial intelligence and automation in the UK.

^{^[42]} Paul, Y., Hickok, E., Sinha, A. and Tiwari, U., Artificial Intelligence in the Healthcare Industry in India, Centre for Internet and Society. Available at https://cis-india.org/internet-governance/files/ai-and-healtchare-report.

^{^[43]} Goudarzi, S., Hickok, E., and Sinha, A., AI in the Banking and Finance Industry in India, Centre for Internet and Society. Available at https://cis-india.org/internet-governance/blog/ai-in-banking-and-finance.

^{^[44]} Paul, Y., Hickok, E., Sinha, A. and Tiwari, U., Artificial Intelligence in the Healthcare Industry in India, Centre for Internet and Society. Available at https://cis-india.org/internet-governance/files/ai-and-healtchare-report.

^{^[45]} https://news.microsoft.com/en-in/government-karnataka-inks-mou-microsoft-use-ai-digital-agriculture/

^{^[46]} https://news.microsoft.com/en-in/government-telangana-adopts-microsoft-cloud-becomes-first-state-use-artificial-intelligence-eye-care-screening-children/

^{^[47]} NITI Aayog. (2018). Discussion Paper on National Strategy for Artificial Intelligence. Retrieved from http://niti.gov.in/content/national-strategy-ai-discussion-paper. 18

^{^[48]} https://edps.europa.eu/sites/edp/files/publication/16-10-19_marrakesh_ai_paper_en.pdf

^{^[49]} https://cis-india.org/internet-governance/blog/the-srikrishna-committee-data-protection-bill-and-artificial-intelligence-in-india

^{^[50]} J. Schradie, The Digital Production Gap: The Digital Divide and Web 2.0 Collide. Elsevier Poetics, 39 (1).

^{^[51]} D Lazer, et al., The Parable of Google Flu: Traps in Big Data Analysis. Science. 343 (1).

^{^[52]} Danah Boyd and Kate Crawford, Critical Questions for Big Data. Information, Communication & Society. 15 (5).

^{^[53]} John Podesta, (2014) Big Data: Seizing Opportunities, Preserving Values, available at

http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf

^{^[54]} E. Ramirez, (2014) FTC to Examine Effects of Big Data on Low Income and Underserved Consumers at September Workshop, available at http://www.ftc.gov/news-events/press-releases/2014/04/ftc-examine-effects-big-data-lowincome-underserved-consumers

^{^[55]} M. Schrage, Big Data’s Dangerous New Era of Discrimination, available at http://blogs.hbr.org/2014/01/bigdatas-dangerous-new-era-of-discrimination/.

^{^[56]} Google/DoubleClick Merger case

^{^[57]} French Competition Authority, Opinion n°10-A-13 of 1406.2010,

http://www.autoritedelaconcurrence.fr/pdf/avis/10a13.pdf. That opinion of the Authority aimed at

giving general guidance on that subject. It did not focus on any particular market or industry

although it described a possible application of its analysis to the telecom industry.

^{^[58]} http://www.analysisgroup.com/is-big-data-a-true-source-of-market-power/#sthash.5ZHmrD1m.dpuf

^{^[59]} Doshi-Velez, F., Kortz, M., Budish, R., Bavitz, C., Gershman, S., O'Brien, D., ... & Wood, A. (2017). Accountability of AI under the law: The role of explanation. arXiv preprint arXiv:1711.01134.

^{^[60]} Frank A. Pasquale ‘Toward a Fourth Law of Robotics: Preserving Attribution, Responsibility, and Explainability in an Algorithmic Society’ (July 14, 2017). Ohio State Law Journal, Vol. 78, 2017; U of Maryland Legal Studies Research Paper No. 2017-21, 7.

^{^[61]} Oswald, M., Grace, J., Urwin, S., & Barnes, G. C. (2018). Algorithmic risk assessment policing models: lessons from the Durham HART model and ‘Experimental’ proportionality. Information & Communications Technology Law, 27(2), 223-250.

^{^[62]} Ibid.

^{^[63]} Abraham S., Hickok E., Sinha A., Barooah S., Mohandas S., Bidare P. M., Dasgupta S., Ramachandran V., and Kumar S., NITI Aayog Discussion Paper: An aspirational step towards India’s AI policy. Retrieved from https://cis-india.org/internet-governance/files/niti-aayog-discussion-paper.

^{^[64]} Reisman D., Schultz J., Crawford K., Whittaker M., (2018, April) Algorithmic Impact Assessments: A Practical Framework For Public Agency Accountability. Retrieved from https://ainowinstitute.org/aiareport2018.pdf.

^{^[65]} Sample I., (2017, November 5) Computer says no: why making AIs fair, accountable and transparent is crucial. Retrieved from https://www.theguardian.com/science/2017/nov/05/computer-says-no-why-making-ais-fair-accountable-and-transparent-is-crucial.

^{^[66]} Kroll, J. A., Barocas, S., Felten, E. W., Reidenberg, J. R., Robinson, D. G., & Yu, H. (2016). Accountable algorithms. U. Pa. L. Rev., 165, 633.

^{^[67]} http://www.iso.org/iso/big_data_report-jtc1.pdf

For more details visit https://cis-india.org/internet-governance/blog/ai-in-india-a-policy-agenda

AI in India a Policy Agenda

elonnai — 2018-09-05T15:26:08Z

For more details visit https://cis-india.org/internet-governance/files/ai-in-india-a-policy-agenda

India’s Biometric Database Is Creating A Perfect Surveillance State — And U.S. Tech Companies Are On Board

Admin — 2018-09-04T14:40:51Z

The Aadhaar program offers a glimpse of the tech world's latest quest to control our lives, where dystopias are created in the name of helping the impoverished.

The article by Paul Bluementhol and Gopal Sathe was published in Huffington Post on August 25, 2018. Sunil Abraham was quoted.

Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history.

For the past nine years, India has been building the world’s biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means “proof” or “basis” in Hindi), could be a gold mine.

The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company ― Google ― gave a definitive response.

That’s because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India’s poor, the database has become Indians’ gateway to nearly any type of service ― from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.

A Scheme Born In The U.S.

Tapping into Aadhaar would help big tech companies access the data and transactions of millions of users in the second most populous country on earth, explained Usha Ramanathan, a Delhi-based lawyer, legal researcher and one of Aadhaar’s most vocal critics.

The idea for India’s national biometric identification team wasn’t unprecedented, and in fact, it has strong parallels with a system proposed for the United States. Following the Sept. 11, 2001, attacks, the CEO of Oracle, Larry Ellison, offered to build the U.S. government software for a national identification system that would include a centralized computer database of all U.S. citizens. The program never got off the ground amid objections from privacy and civil liberties advocates, but India’s own Ellison figure, Nandan Nilekani, had a similar idea. The billionaire founder of IT consulting giant Infosys, Nilekani conceptualized Aadhaar as a way to eliminate waste and corruption in India’s social welfare programs. He lobbied the government to bring in Aadhaar, and went on to run the project under the administration of Manmohan Singh. Nilekani gained even more influence under current Prime Minister Narendra Modi, who moved to make Aadhaar necessary for almost any kind of business in India.

The first 12-digit Aadhaar ID was issued in 2010. Today, over a billion people (around 89 percent of India’s population) have been included in the system ― from India’s unimaginably wealthy billionaires to the homeless, from residents of the country’s sprawling cities to remote inaccessible villages. While initially a voluntary program, the database is now linked to just about all government programs. You need an Aadhaar ID to get a passport issued or renewed. Aadhaar was made mandatory for operating a bank account, using a cell phone or investing in mutual funds, only for the proposals to be rolled back pending the Supreme Court verdict on the constitutionality of the project.

As Aadhaar identification became integrated into other systems like banking, cell phones and government programs, tech companies can use the program to cross-reference their datasets against other databases and assemble a far more detailed and intrusive picture of Indians’ lives. That would allow them, for example, to better target products or advertising to the vast Indian population. “You can take a unique identifying number and use it to find data in different sectors,” explained Pam Dixon, executive director of the World Privacy Forum, an American public interest research group. “That number can be cross-walked across all the different parts of their life.”

Microsoft, which uses Aadhaar in a new version of Skype to verify users, declined to talk about its work integrating products with the Aadhaar database. But Bill Gates, Microsoft’s founder, has publicly endorsed Aadhaar and his foundation is funding a World Bank program to bring Aadhaar-like ID programs to other countries. Gates has also argued that ID verification schemes like Aadhaar in itself don’t pose privacy issues. Microsoft CEO Satya Nadella has repeatedly praised Aadhaar in both his recent book and a tour across India.

Amazon did not respond to a request for comment, but according to a BuzzFeed report, the company told Indian customers not uploading a copy of Aadhaar “might result in a delay in the resolution or no resolution” of cases where packages were missing.

Facebook, too, failed to respond to repeated requests for comment, though the platform’s prompts for users to log in with the same name as their Aadhaar card prompted suspicions from users that it wanted everyone to use their Aadhaar-verified names and spellings so they could later build in Aadhaar functionality with minimal problems.

A spokesman for Google, which has its own payments platform in India called Tez, told HuffPost that the company has not integrated any of its products with Aadhaar. But there was outrage earlier in August when the Aadhaar helpline was added to Android phones without informing users. Google claimed in a statement to the Economic Times this happened “inadvertently”

Privacy Jeopardized For Millions

But the same features that are set to make tech companies millions are are also the ones that threaten the privacy and security of millions of Indians.

“As long as [the data] is being shared with so many people and services and companies, without knowing who has what data, it will always be an issue,” said Srinivas Kodali, an independent security researcher. “They can’t protect it until they encrypt it and stop sharing data.”

One government website allowed users to search and geolocate homes on the basis of caste and religion ― sparking fears of ethnic and religious violence in a country where lynchings, beatings and mob violence are commonplace. Another website broadcast the names, phone numbers and medical purchases — like generic Viagra and HIV medication — of anyone who buys medicines from government stores. In another leak, a Google search for phone numbers of farmers in Andhra Pradesh would reveal their Aadhaar numbers, address, fathers’ names and bank account numbers.

The leaks are aggravated by “a Star Trek-type obsession” with data dashboards, said Sunil Abraham, executive director of the Center for Internet and Society. Many government departments each created an online data dashboard with detailed personal records on individuals, he explained. The massive centralization of personal data, he said, created a huge security risk as these dashboards were accessible to any government official and in many cases, were even left open to the public.

Authentication failures have led to deaths among the poorest sections of Indian society when people were denied government food rations.

And much like the tech companies, some local governments are using the system to connect data sets and build expansive surveillance. In the state of Andhra Pradesh in India, there’s a war room next to the state chief minister’s office, where a wall of screens shows details from databases that collect information from every department. There are security cameras and dashboards that track every mention of the chief minister on the news. There’s a separate team watching what’s being said about him on social media and there are also dashboards that collect information from IoT [Internet of Things] sensors across the state.

Court Ruling Could Halt Rollout

Those issues around privacy are why the dreams of government bureaucrats and large tech companies to build a perfect surveillance apparatus around Aadhaar may ultimately fall apart. The Supreme Court of India is set to decide on a case that could decide the future of the program.

The court is set to review 27 petitions, including whether requiring an Aadhaar for government subsidies and benefits makes access to these programs conditional, even though the state is constitutionally bound to deliver them. The petitioners include lawyers, academics and a 92-year-old retired judge whose petition also secured the right to privacy as a fundamental right in August 2017. Petitioners also argue that the ability for Aadhaar to be used to track and profile people is unconstitutional.

In its judgment, due any day now, the court will rule on all 27 petitions together. It will decide not only the fate of the Aadhaar Act of 2016, but likely the future involvement of some of tech’s biggest companies in one of the world’s most ambitious and divisive IT projects.

For more details visit https://cis-india.org/internet-governance/news/huffington-post-august-25-2018-paul-bluementhal-and-gopal-sathe-indias-biometric-database-is-creating-a-perfect-surveillance-state

World Library and Information Congress 2018

Admin — 2018-08-31T02:23:29Z

Swaraj Paul Barooah was a speaker at two panels during the World Library and Information Congress 2018 (WLIC2018), organised by the International Federation of Library Associations and Institutions (IFLA) in Kuala Lumpur on August 26 and 27, 2018.

Swaraj's first panel, titled "Intellectual Freedom in a Polarised World" was selected as one of 9 sessions to be live-streamed and recorded, out of 249 sessions in total. The recording can be accessed on YouTube.

Session 123 Intellectual Freedom in a Polarised World - Freedom of Access to Information and Freedom of Expression (FAIFE) Advisory Committee (SI)

Chair: Martyn Wade, United Kingdom

In many national contexts, citizens are seen to be either “with the government or against it,” leaving little opportunity to freely and safely express more nuanced views of current social, political or economic issues. While notable authoritarian regimes quite transparently monitor and limit societal discussion, others, ostensibly democratic, may work in practice to blunt potentially unfavourable social commentary on the pretence of defending political stability or public morality. IFLA’s Freedom of Access to Information and Freedom of Expression (FAIFE) Advisory Committee explores this phenomenon--and the potential role of civil society and information professionals in advancing freedom of expression--through the experience and insights of an NGO leader, an academic public intellectual, and an officer of UNESCO.

Presentations

Internet and the freedom of expression in Indonesia: opportunity and challenges - Indriaswati Dyah Saptaningrum, University of New South Wales; former Executive Director of the ELSAM human rights organization (Indonesia), Australia
Freedom of Expression in Malaysia - Azmi Bin Sharom, Faculty of Law, University of Malaysia, Malaysia
What's up with WhatsApp - polarisation and lynchings in India - Swaraj Paul Barooah, The Centre for Internet and Society, India
How to align national laws with international standards on freedom of expression? - Ming-Kuok Lim, Programme Specialist for Communication and Information, UNESCO, Indonesia

Session 140 To Have and not to Hold: The End of Ownership - CLM and FAIFE

The shift from buying physical library media to licensing digital content has profound impacts on the way libraries acquire and give access to content. From e-books that can disappear at the whim (or the mistake) of the owners of a server far away, to the limits on sharing and archiving imposed by some contracts. From the potential monitoring of reader behaviour, to the criminalisation of those who simply want to improve user experience. The dominance of digital media in information provision has both broadened the field of information to which we have access, but potentially made it shallower in terms of the use that libraries, and their users, can make of it. The joint CLM-FAIFE session will look at the question of the end of ownership from a legal and an ethical point of view, drawing on the experience and knowledge of the two communities.

Tomas A. Lipinski, School of Information Studies, University of Wisconsin, Milwaukee, USA – The Limits of Licensing.
Ann Okerson, Centre for Research Libraries, Chicago, USA – The Possibilities of Licensing.
Swaraj Paul Barooah, Centre for Internet and Society – The Balance among Licenses and Exceptions and Limitations to Copyright.
Brent Roe - Laurentian University, Sudbury, Canada – Privacy Concerns and Other Side Effects of Licensing.
Jonathan Hernandez-Perez, Researcher, Instituto de Investigaciones Bibilotecologicas, UNAM, Mexico City, Mexico (Invited) – Special Issues in the Developing World; Open Access as a Recapturing of Ownership.

For more details visit https://cis-india.org/internet-governance/news/world-library-and-information-congress-2018

Analysis of CLOUD Act and Implications for India

elonnai — 2018-08-22T14:53:50Z

For more details visit https://cis-india.org/internet-governance/files/analysis-of-cloud-act-and-implications-for-india

India's Contribution to Internet Governance Debates

sunil — 2018-08-16T13:32:54Z

For more details visit https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates

Workshop of Publishers and Writers on Unicode, Open Source and Wikimedia Projects

Admin — 2018-08-11T02:08:53Z

CIS-A2K team organized a workshop on unicode, open source and wikimedia projects at Pune on July 25, 2018.

CIS-A2K has started dialogue with the publishers for the last 6 months regarding FOSS, Open knowledge and content donation to Wikimedia Projects. As a result, various publishers and writers associated with social sector have taken initiative to organise workshops. Parisar, NGO working on environmental issues organised this orientation session for 4 activists, 5 publishers and 6 writers.

The following issues were discussed with demonstrations -

Adoption of Unicode and open source softwares
Make available old reference books, out of print books on web using new technology
Strengthening of Marathi Wikipedia, Wikisource, Wiktionary etc.
Social marketing of literary books
Explore the new medium of e books
To establish a company on lines of Amazon for e-selling of marathi books

Read the event details on Wikimedia Blog

For more details visit https://cis-india.org/a2k/blogs/workshop-of-publishers-and-writers-on-unicode-open-source-and-wikimedia-projects

AI and Governance Case Study pdf

pranav — 2018-08-01T02:06:47Z

For more details visit https://cis-india.org/internet-governance/ai-and-governance-case-study-pdf

Normative Regulation of Cyber Space Report

pranav — 2018-07-31T23:42:42Z

For more details visit https://cis-india.org/internet-governance/files/normative-regulation-of-cyber-space-report

July 2018 Newsletter

praskrishna — 2018-08-11T02:50:52Z

CIS July 2018 newsletter.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights

Paul Kurien and Akriti Bopanna carried out an analysis of the diversity of participation at the ICANN processes by taking a close look at their mailing lists.
CIS-A2K organized 6 events: partnership discussions with Misimi Telugu monthly magazine; partnership activity in Annamayya Library, Guntur, a workshop in Tumakur University; a workshop of river activists for building Jal Bodh; a workshop of publishers and writers on unicode, open source and wikimedia projects; and a Telugu literary conference.
CIS had worked with the Research and Advisory Group (RAG) of the Global Commission on the Stability of Cyberspace (GCSC). The work looked at the negotiation processes and strategies that various players may adopt as they drive the cyber norms agenda. In continuation CIS has brought out a report which focuses more extensively on the substantive law and principles at play and looks closely at what the global state of the debate means for India.
The debate surrounding privacy has in recent times gained momentum due to the Aadhaar judgement and the growing concerns around the use of personal data by corporations and governments. In this light CIS has made comments and recommendations to the India Privacy Code, 2018.
CIS drafted a response to a Notice of Inquiry (NOI) issued by the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA) on "International Internet Policy Priorities." CIS commented on the free flow of information and jurisdiction, mult-stakeholder approach to internet governance, privacy and security.
Elonnai Hickok, Shweta Mohandas and Swaraj Paul Barooah compiled the AI Task Force Report, India's first step towards an AI framework. The Task Force on Artificial Intelligence was established by the Ministry of Commerce and Industry to leverage AI for economic benefits, and provide policy recommendations on the deployment of AI for India.
Paul Kurian and Akriti Bopanna carried out an analysis of the diversity of participation at the ICANN processes by taking a close look at their mailing lists.

Articles

Digital Native: The bigger picture (Nishant Shah; Indian Express; July 1, 2018).
The Problems That Should Occupy Our Electioneers (Shyam Ponappa; Business Standard; July 6, 2018).
Digital Native: How smart cities can make criminals out of denizens (Nishant Shah; Indian Express; July 15, 2018).
Anti-trafficking Bill may lead to censorship (Swaraj Barooah and Gurshabad Grover; Livemint; July 24, 2018).
Digital Native: Hashtag Along With Me (Nishant Shah; Indian Express; July 29, 2018).
Lining up the data on the Srikrishna Privacy Draft Bill (Sunil Abraham; Economic Times; July 30, 2018).
Spreading unhappiness equally around (Business Standard; July 31, 2018).

CIS in the News

Smartphone rumours spark series of mob killings in India (Samanth Subramanian; The National; July 2, 2018).
Government Gives Nod To Bill For Building DNA Databases In India, For 'Criminal Investigation And Justice Delivery' (Huffington Post; July 5, 2018).
'Hope for such swift crackdowns for everyone' (Times of India; July 6, 2018).
Child-lifting rumours caused 69 mob attacks, 33 deaths in last 18 months (Business Standard; July 9, 2018).
Death by Social Media (Pretika Khanna, Abhiram Ghadyalpatil and Shaswati Das; Livemint; July 9, 2018).
India's Latest Data Leak: People's Aadhaar Number And Bank Account Are Just One Google Search Away (Gopal Sathe; Huffington Post; July 12, 2018).
People Should Have Right To Their Data, Not Companies, Says TRAI (Bloomberg Quint; July 16, 2018).
After Securing Net Neutrality In India, TRAI Goes To Bat For Data Privacy (Gopal Sathe; Huffington Post; July 16, 2018).
TRAI recommendations on data privacy raises eyebrows (Surabhi Agarwal and Gulveen Aulakh; Economic Times; July 18, 2018).
Srikrishna panel upset at timing of Trai suggestions (Megha Mandavia; Economic Times; July 19, 2018).
Firms find wealth in your data (Rajitha Menon; Deccan Herald; July 20, 2018).
WhatsApp races against time to fix fake news mess ahead of 2019 general elections (Venkat Ananth; Economic Times; July 24, 2018).
The crown of thorns that awaits Facebook’s India MD hire (Sunny Sen and Jayadevan PK; Factory Daily; July 25, 2018).
Bit by byte protecting her privacy (Mihir Dalal and Anirban Sen; Livemint; July 26, 2018).
Govt asks CBI to probe Cambridge Analytica in data breach case (Komal Gupta; Livemint; July 27, 2018).
Data localisation may pinch startups, payments firms (Mugdha Variyar and Pratik Bhakta; Economic Times; July 28, 2018).

Access to Knowledge

Wikipedia

Blog Entries

ವಿಕಿಪೀಡಿಯ ತರಬೇತಿ ೨೦೧೮ @ ರಾಂಚಿ (Vikas Hegde; July 4, 2018).
How to write differently for different Telugu digital platforms - awareness session to Indu Gnana Vedika (Pavan Santosh; July 19, 2018).
వాట్సాప్ సాహిత్య వేదిక నుంచి వికీసోర్సుకు (Pavan Santosh; July 31, 2018).

Events Organized

Partnership activity in Annamayya Library (Guntur; July 10, 2014).
Partnership discussions with Misimi Telugu Monthly Magazine (July 24, 2018).
Tumakur University Workshop (Tumkur; July 25, 2018).
Workshop of River activists for building Jal Bodh - Knowledge resource on Water (Pune; July 25, 2018).
Workshop of Publishers and Writers on Unicode, Open Source and Wikimedia Projects (Pune; July 25, 2018).

Internet Governance

Privacy

Submissions

Response to a Notice of Enquiry by the US Government on International Internet Policy Priorities (Swagam Dasgupta; July 18, 2018).
The Centre for Internet and Society’s Comments and Recommendations to the: Indian Privacy Code, 2018 (Shweta Mohandas, Elonnai Hickok, Amber Sinha and Shruti Trikanand; July 20, 2018).

Blog Entry

The AI Task Force Report - The first steps towards India’s AI framework (Elonnai Hickok, Shweta Mohandas and Swaraj Paul Barooah; June 27, 2018). The blog post was edited by Swagam Dasgupta.

Participation in Events

IETF 102 Montreal (Organized by Internet Engineering Task Force; Fairmont Queen Elizabeth Montreal in Canada; July 14 - 20, 2018). Gurshabad Grover presented a review of the human rights considerations in the drafts of the Software Update for IoT Devices (SUIT) Working Group in the meeting of the HRPC research group.
Ethical Data Design Practices in the AI (Artificial Intelligence) Age (Organized by Startup Grind, Bangalore at NUMA Bangalore; July 28, 2018). Shweta Mohandas was a panelist.

Cyberspace and Cyber Security

Analysis

The Potential for the Normative Regulation of Cyberspace: Implications for India (Arindrajit Basu; July 30, 2018). The report was edited by Elonnai Hickok, Sunil Abraham and Udbhav Tiwari with research assistance from Tejas Bharadwaj.

Blog Entry

CIS contributes to the Research and Advisory Group of the Global Commission on the Stability of Cyberspace (GCSC) (Arindrajit Basu; July 5, 2018).

Participation in Event

IEEE-SA InDITA Conference 2018 (Organized by IEEE Standards Association; IIIT-Bangalore; July 10 - 11, 2018). Gurshabad Grover gave a brief presentation on how we could apply or reject 'Trust Through Technology' principles in the design of public biometric authentication.

Free Speech & Expression

Blog Entries

ICANN Diversity Analysis (Paul Kurian and Akriti Bopanna; July 16, 2018).
DIDP #31 Diversity of employees at ICANN (Akash Sriram; July 19, 2018).

Participation in Event

26th AMIC Annual Conference – India 2018 (Organized by Manipal Academy of Higher Education; Fortune Inn Valley View, Manipal, Karnataka; June 7 - 9, 2018). Swaraj Paul Barooah was a speaker. An article announcing the event by Kevin Mendonsa was published in the Times of India on June 5, 2018.

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

The Problems That Should Occupy Our Electioneers (Shyam Ponappa; Business Standard; July 5, 2018 and Organizing India Blogspot; July 6, 2018).

About CIS

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/july-2018-newsletter

Workshop of River activists for building Jal Bodh - Knowledge resource on Water

Admin — 2018-08-11T01:45:18Z

To build knowledge resource on rivers in Pune district, CIS-A2K team organized a workshop in Pune on July 25, 2018.

After the River Dialogue, Jeevit nadi organisation has taken initiative to train their team of activists in open knowledge and Wikimedia Projects. Activists and researchers from Jeevit Nadi, EcoUniv, Jal Biradari, Ecological Society, Sagarmitra organisations participated in the workshop. The groups presented their work, the database and the resources with them. These include photographs, videos, training material and data collected on site. Extensive discussion was made for evolving methodology to integrate in Wikimedia Projects. This was the first iteration in the series of workshops.

The second iteration of building content on rivers in Pune district was organised on 25th July by Jeevit Nadi organisation. In this 4 hour session, 5 participants worked on category tree and structure of article on river. The editing skills for this were imparted. The images and videos available in the repository were analysed for uploading. The categorisation of media was also planned. The issues like maps of rivers and heritage places on the banks were also discussed. This team will prepare the database and organise the media files available for uploading in respective categories. The next iteration is planned in September.

Read the full details on Wikimedia Blog

For more details visit https://cis-india.org/a2k/blogs/workshop-of-river-activists-for-building-jal-bodh-knowledge-resource-on-water

The Centre for Internet and Society’s Comments and Recommendations to the: Indian Privacy Code, 2018

Shweta Mohandas, Elonnai Hickok, Amber Sinha and Shruti Trikanand — 2018-07-20T13:55:46Z

The debate surrounding privacy has in recent times gained momentum due to the Aadhaar judgement and the growing concerns around the use of personal data by corporations and governments.

Click to download the file here

As India moves towards greater digitization, and technology becomes even more pervasive, there is a need to ensure the privacy of the individual as well as hold the private and public sector accountable for the use of personal data. Towards enabling public discourse and furthering the development a privacy framework for India, a group of lawyers and policy analysts backed by the Internet Freedom Foundation (IFF) have put together a draft a citizen's bill encompassing a citizen centric privacy code that is based on seven guiding principles.^{^[1]} This draft builds on the Citizens Privacy Bill, 2013 that had been drafted by CIS on the basis of a series of roundtables conducted in India.^{^[2]} Privacy is one of the key areas of research at CIS and we welcome this initiative and hope that our comments make the Act a stronger embodiment of the right to privacy.

Section by Section Recommendations

Preamble

Comment: The Preamble specifies that the need for privacy has increased in the digital age, with the emergence of big data analytics.

Recommendation: It could instead be worded as ‘with the emergence of technologies such as big data analytics’, so as to recognize the impact of multiple technologies and processes including big data analytics.

Comment: The Preamble states that it is necessary for good governance that all interceptions of communication and surveillance be conducted in a systematic and transparent manner subservient to the rule of law.

Recommendation: The word ‘systematic’ is out of place, and can be interpreted incorrectly. It could instead be replaced with words such as ‘necessary’, ‘proportionate’, ‘specific’, and ‘narrow’, which would be more appropriate in this context.

Chapter 1 Preliminary

Section 2: This Section defines the terms used in the Act.

Comment: Some of the terms are incomplete and a few of the terms used in the Act have not been included in the list of definitions.

Recommendations:

The term “effective consent” needs to be defined. The term is first used in the Proviso to Section 7(2), which states “Provided that effective consent can only be said to have been obtained where...:”It is crucial that the Act defines effective consent especially when it is with respect to sensitive data.
The term “open data” needs to be defined. The term is first used in Section 5 that states the exemptions to the right to privacy. Subsection 1 clause ii states as follows “the collection, storage, processing or dissemination by a natural person of personal data for a strictly non-commercial purposes which may be classified as open data by the Privacy Commission”. Hence the term open data needs to be defined in order to ensure that there is no ambiguity in terms of what open data means.
The Act does not define “erasure”, although the term erasure does come under the definition of destroy (Section 2(1)(p)). There are some provisions that use the word erasure , hence if erasure and destruction mean different acts then the term erasure needs to be defined, otherwise in order to maintain uniformity the sections where erasure is used could be substituted with the term “destroy” as defined under this Act.
The definition of “sensitive personal data” does not include location data and identification numbers. The definition of sensitive data must include location data as the Act also deals in depth with surveillance. With respect to identification numbers, the Act needs to consider identification numbers (eg. the Aadhaar number, PAN number etc.) as sensitive information as this number is linked to a person's identity and can reveal sensitive personal data such as name, age, location, biometrics etc. Example can be taken from Section 4(1) of the GDPR^{^[3]} which identifies location data as well as identification numbers as sensitive personal data along with other identifies such as biometric data, gender race etc.
The Act defines consent as the “unambiguous indication of a data subject’s agreement” however, the definition does not indicate that there needs to be an informed consent. Hence the revised definition could read as follows “the informed and unambiguous indication of a data subject’s agreement”. It is also unclear how this definition of consent relates to ‘effective consent’. This relationship needs to be clarified.
The Act defines ‘data controller’ in Section 2(1)(l) as “ any person including appropriate government..”. In order to remove any ambiguity over the definition of the term person, the definition could specify that the term person means any natural or legal person.
The Act defines ‘data processor’ in Section (2(1)(m) as “means any person including appropriate government”. In order to remove any ambiguity over the definition of the term ‘any person’, the definition could specify that the term person means any natural or legal person.

CHAPTER II

Right to Privacy

Section 5: This section provides exemption to the rights to privacy.

Comment: Section 5(1)(ii) states that the collection, storage, processing or dissemination by a natural person of personal data for a strictly non-commercial purposes are exempted from the provisions of the right to privacy. This clause also states that this data may be classified as open data by the Privacy Commission. This section hence provides individuals the immunity from collection, storage, processing and dissemination of data of another person. However this provision fails to state what specific activities qualify as non commercial use.

Recommendation: This provision could potentially be strengthened by specifying that the use must be in the public interest. The other issue with this subsection is that it fails to define open data. If open data was to be examined using its common definition i.e “data that can be freely used, modified, and shared by anyone for any purpose”^{^[4]} then this section becomes highly problematic. As a simple interpretation would mean that any personal data that is collected, stored, processed or disseminated by a natural person can possibly become available to anyone. Beyond this, India has an existing framework governing open data. Ideally the privacy commissioner could work closely with government departments to ensure that open data practices in India are in compliance with the privacy law.

CHAPTER III

Protection of Personal Data

PART A

Notice by data controller

Section 6: This section specifies the obligations to be followed by data controllers in their communication, to maintain transparency and lays down provisions that all communications by Data Controllers need to be complied with.

Comment: There seems to be a error in the Proviso to this section. The proviso states “Provided that all communications by the Data Controllers including but not limited to the rights of Data Subjects under this part shall may be refused when the Data Controller is, unable to identify or has a well founded basis for reasonable doubts as to the identity of the Data Subject or are manifestly unfounded, excessive and repetitive, with respect to the information sought by the Data Subject ”.

Recommendation: The proviso could read as follows “The proviso states “Provided that all communications by the Data Controllers including but not limited to the rights of Data Subjects under this part may be refused when the Data Controller is…”. We suggest the use of the ‘may’ as this makes the provision less limiting to the rights of the data controller.

Additionally, it is not completely clear what ‘included but not limited to...’ would entail. This could be clarified further.

PART B

CONSENT OF DATA SUBJECTS

Section 10: This section talks about the collection of personal data.

Comment: Section 10(3) lays down the information that a person must provide before collecting the personal data of an individual.

Comment: Section 10(3)(xi) states as follows “the time and manner in which it will be destroyed, or the criteria used to Personal data collected in pursuance of a grant of consent by the data subject to whom it pertains shall, if that consent is subsequently withdrawn for any reason, be destroyed forthwith: determine that time period;”. There seems to be a problem with the sentence construction and the rather complex sentence is difficult to understand.

Recommendation: This section could be reworked in such as way that two conditions are clear, one - the time and manner in which the data will be destroyed and two the status of the data once consent is withdrawn.

Comment: Section 10(3)(xiii) states that the identity and contact details of the data controller and data processor must be provided. However it fails to state that the data controller should provide more details with regard to the process for grievance redressal. It does not provide guidance on what type of information needs to go into this notice and the process of redressal. This could lead to very broad disclosures about the existence of redress mechanisms without providing individuals an effective avenue to pursue.

Recommendation: As part of the requirement for providing the procedure for redress, data controllers could specifically be required to provide the details of the Privacy Officers, privacy commissioner, as well as provide more information on the redressal mechanisms and the process necessary to follow.

Section 11:This section lays out the provisions where collection of personal data without prior consent is possible.

Comment: Section 11 states “Personal data may be collected or received from a third party by a Data Controller the prior consent of the data subject only if it is:..”. However as the title of the section suggests the sentence could indicate the situations where it is permissible to collect personal data without prior consent from the data subject”. Hence the word “without” is missing from the sentence. Additionally the sentence could state that the personal data may be collected or received directly from an individual or from a third party as it is possible to directly collect personal data from an individual without consent.

Recommendation:The sentence could read as “Personal data may be collected or received from an individual or a third party by a Data Controller without the prior consent of the data subject only if it is:..”.

Comment: Section 11(1)(i) states that the collection of personal data without prior consent when it is “necessary for the provision of an emergency medical service or essential services”. However it does not specify the kind or severity of the medical emergency.

Recommendation: In addition to medical emergency another exception could be made for imminent threats to life.

Section 12: This section details the Special provisions in respect of data collected prior to the commencement of this Act.

Comment: This section states that all data collected, processed and stored by data controllers and data processors prior to the date on which this Act comes into force shall be destroyed within a period of two years from the date on which this Act comes into force. Unless consent is obtained afresh within two years or that the personal data has been anonymised in such a manner to make re-identification of the data subject absolutely impossible. However this process can be highly difficult and impractical in terms of it being time consuming, expensive particularly, in cases of analog collections of data. This is especially problematic in cases where the controller cannot seek consent of the data subject due to change in address or inavailability or death. This will also be problematic in cases of digitized government records.

Recommendation: We suggest three ways in which the issue of data collected prior to the Act can be handled. One way is to make a distinction on the data based on whether the data controller has specified the purpose of the collection before collecting the data. If the purpose was not defined then the data can be deleted or anonymised. Hence there is no need to collect the data afresh for all the cases. The purpose of the data can also be intimated to the data subject at a later stage and the data subject can choose if they would like the controller to store or process the data.The second way is by seeking consent afresh only for the sensitive data. Lastly, the data controller could be permitted to retain records of data, but must necessarily obtain fresh consent before using them. By not having a blanket provision of retrospective data deletion the Act can address situations where deletion is complicated or might have a potential negative impact by allowing storage, deletion, or anonymisation of data based on its purpose and kind.

Comment: Section (2)(1)(i) of the Act states that the data will not be destroyed provided that effective consent is obtained afresh within two years. However as stated earlier the Act does not define effective consent.

Recommendation: The term effective consent needs to be defined in order to bring clarity to this provision.

PART C

FURTHER LIMITATIONS ON DATA CONTROLLERS

Section 16: This section deals with the security of personal data and duty of confidentiality.

Comment: Section 16(2) states “ Any person who collects, receives, stores, processes or otherwise handles any personal data shall be subject to a duty of confidentiality and secrecy in respect of it.” Similarly Section 16(3) states “data controllers and data processors shall be subject to a duty of confidentiality and secrecy in respect of personal data in their possession or control. However apart from the duty of confidentiality and secrecy the data collectors and processors could also have a duty to maintain the security of the data.” Though it is important for confidentiality and secrecy to be maintained, ensuring security requires adequate and effective technical controls to be in place.

Recommendation: This section could also emphasise on the duty of the data controllers to ensure the security of the data. The breach notification could include details about data that is impacted by a breach or attach as well as the technical details of the infrastructure compromised.

Section 17: This section details the conditions for the transfer of personal data outside the territory of India.

Comment: Section 17 allows a transfer of personal data outside the territory of India in 3 situations- If the Central Government issues a notification deciding that the country/international organization in question can ensure an adequate level of protection, compatible with privacy principles contained in this Act; if the transfer is pursuant to an agreement which binds the recipient of the data to similar or stronger conditions in relation to handling the data; or if there are appropriate legal instruments and safeguards in place, to the satisfaction of the data controller. However, there is no clarification for what would constitute ‘adequate’ or ‘appropriate’ protection, and it does not account for situations in which the Government has not yet notified a country/organisation as ensuring adequate protection. In comparison, the GDPR, in Chapter V^{^[5]}, contains factors that must be considered when determining adequacy of protection, including relevant legislation and data protection rules, the existence of independent supervisory authorities, and international commitments or obligations of the country/organization. Additionally, the GDPR allows data transfer even in the absence of the determination of such protection in certain instances, including the use of standard data protection clauses, that have been adopted or approved by the Commission; legally binding instruments between public authorities; approved code of conduct, etc. Additionally, it allows derogations from these measures in certain situations: when the data subject expressly agrees, despite being informed of the risks; or if the transfer is necessary for conclusion of contract between data subject and controller, or controller and third party in the interest of data subject; or if the transfer is necessary for reasons of public interest, etc. No such circumstances are accounted for in Section 17.

Recommendation: Additionally, data controllers and processors could be provided with a period to allow them to align their policies towards the new legislation. Making these provisions operational as soon as the Act is commenced might put the controllers or processors guilty of involuntary breaching the provisions of the Act.

Section 19: This section states the special provisions for sensitive personal data.

Comment: Section 19(2) states that in addition to the requirements set out under sub-clause (1), the Privacy Commission shall set out additional protections in respect of:i.sensitive personal data relating to data subjects who are minors; ii.biometric and deoxyribonucleic acid data; and iii.financial and credit data.This however creates additional categories of sensitive data apart from the ones that have already been created.^{^[6]} These additional categories can result in confusion and errors.

Recommendation: Sensitive data must not be further categorised as this can lead to confusion and errors. Hence all sensitive data could be subject to the same level of protection.

Section 20: This section states the special provisions for data impact assessment.

Comment: This section states that all data impact assessment reports will be submitted periodically to the State Privacy commission. This section does not make provisions for instances of circumstances in which such records may be made public. Additionally the data impact assessment could also include a human rights impact assessment.

Recommendation: The section could also have provisions for making the records of the impact assessment or relevant parts of the assessment public. This will ensure that the data controllers / processors are subjected to a standard of accountability and transparency. Additionally as privacy is linked to human rights the data impact assessment could also include a human rights impact assessment. The Act could further clarify the process for submission to State Privacy Commissions and potential access by the Central Privacy Commission to provide clarity in process.

Section 20 requires controllers who use new technology to assess the risks to the data protection rights that occur from processing. ‘New technology’ is defined to include pre-existing technology that is used anew. Additionally, the reports are required to be sent to the State Privacy Commission periodically. However, there is no clarification on the situations in which such an assessment becomes necessary, or whether all technology must undergo such an assessment before their use. Additionally, the differentiation between different data processing activities based on whether the data processing is incidental or a part of the functioning needs to be clarified. This differentiation is necessary as there are some data processors and controllers who need the data to function; for instance an ecommerce site would require your name and address to deliver the goods, although these sites do not process the data to make decisions. This can be compared to a credit rating agency that is using the data to make decisions as to who will be given a loan based on their creditworthiness. Example can taken from the GDPR, which in Article 35, specifies instances in which a data impact assessment is necessary: where a new technology, that is likely to result in a high risk to the rights of persons, is used; where personal aspects related to natural persons are processed automatically, including profiling; where processing of special categories of data (including data revealing ethnic/racial origin, sexual orientation etc), biometric/genetic data; where data relating to criminal convictions is processed; and with data concerning the monitoring of publicly accessible areas. Additionally, there is no requirement to publish the report, or send it to the supervising authority, but the controller is required to review the processor’s operations to ensure its compliance with the assessment report.

Recommendation: The reports could be sent to a central authority, which according to this Act is the Privacy Commission, along with the State Privacy Commission. Additionally there needs to be a differentiation between the incidental and express use of data. The data processors must be given at least a period of one year after the commencement of the Act to present their impact assessment report. This period is required for the processors to align themselves with the provisions of the Act as well as conduct capacity building initiatives.

PART C

RIGHTS OF A DATA SUBJECT

Section 21: This section explains the right of the data subject with regard to accessing her data. It states that the data subject has the right to obtain from the data controller information as to whether any personal data concerning her is collected or processed. The data controller also has to not only provide access to such information but also the personal data that has been collected or processed.

Comment: This section does not provide the data subject the right to seek information about security breaches.

Recommendation: This section could state that the data subject has the right to seek information about any security breaches that might have compromised her data (through theft, loss, leaks etc.). This could also include steps taken by the data controller to address the immediate breach as well as steps to minimise the occurrence of such breaches in the future.^{^[7]}

CHAPTER IV

INTERCEPTION AND SURVEILLANCE

Section 28: This section lists out the special provisions for competent organizations.

Comment: Section 28(1) states ”all provisions of Chapter III shall apply to personal data collected, processed, stored, transferred or disclosed by competent organizations unless when done as per the provisions under this chapter ”.This does not make provisions for other categories of data such as sensitive data.

Recommendation: This section needs to include not just personal data but also sensitive data, in order to ensure that all types of data are protected under this Act.

Section 30: This section states the provisions for prior authorisation by the appropriate Surveillance and Interception Review Tribunal.

Comment: Section 30(5) states “any interception involving the infringement of the privacy of individuals who are not the subject of the intended interception, or where communications relate to medical, journalistic, parliamentary or legally privileged material may be involved, shall satisfy additional conditions including the provision of specific prior justification in writing to the Office for Surveillance Reform of the Privacy Commission as to the necessity for the interception and the safeguards providing for minimizing the material intercepted to the greatest extent possible and the destruction of all such material that is not strictly necessary to the purpose of the interception.” This section needs to state why these categories of communication are more sensitive than others. Additionally, interceptions typically target people and not topics of communication - thus medical may be part of a conversation between two construction workers and a doctor will communicate about finances.

Recommendation: The section could instead of singling out “medical, journalistic, parliamentary or legally privileged material” state that “any interception involving the infringement of the privacy of individuals who are not the subject of the intended interception may be involved, shall satisfy additional conditions including the provision of specific prior justification in writing to the Office for Surveillance Reform of the Privacy Commission.

Section 37: This section details the bar against surveillance.

Comment: Section 37(1) states that “no person shall order or carry out, or cause or assist the ordering or carrying out of, any surveillance of another person”. The section also prohibits indiscriminate monitoring, or mass surveillance, unless it is necessary and proportionate to the stated purpose. However, it is unclear whether this prohibits surveillance by a resident of their own residential property, which is allowed in Section 5, as the same could also fall within ‘indiscriminate monitoring/mass surveillance’. For instance, in the case of a camera installed in a residential property, which is outward facing, and therefore captures footage of the road/public space.

Recommendation: The Act needs to bring more clarity with regard to surveillance especially with respect to CCTV cameras that are installed in private places, but record public spaces such as public roads. The Act could have provisions that clearly define the use of CCTV cameras in order to ensure that cameras installed in private spaces are not used for carrying out mass surveillance. Further, the Act could address the use of emerging techniques and technology such as facial recognition technologies, that often rely on publicly available data.

CHAPTER V

THE PRIVACY COMMISSION

Section 53: This section details the powers and functions of the Privacy Commission.

Comment: Section 53(2)(xiv) states that the Privacy Commission shall publish periodic reports “providing description of performance, findings, conclusions or recommendations of any or all of the functions assigned to the Privacy Commission”. However this Section does not make provisions for such reporting to happen annually and to make them publicly available, as well as contain details including financial aspects of matters contained within the Act.

Recommendation: The functions could include a duty to disclose the information regarding the functioning and financial aspects of matters contained within the Act. Categories that could be included in such reports include: the number of data controllers, number of data processors, number of breaches detected and mitigated etc.

CHAPTER IX

OFFENCES AND PENALTIES

Sections 73 to 80: These sections lay out the different punishments for controlling and processing data in contravention to the provisions of this Act.

Comment: These sections, while laying out different punishments for controlling and processing data in contravention to the provisions of this Act, mets out a fine extending upto Rs. 10 crore. This is problematic as it does not base these penalties on the finer aspects of proportionality, such as offences that are not as serious as the others.

Recommendation: There could be a graded approach to the penalties based on the degree of severity of the offence.This could be in the form of name and shame, warnings and penalties that can be graded based on the degree of the offence.
----------------------------------------------------------------------

Additional thoughts: As India moves to a digital future there is a need for laws to be in place to ensure that individual's rights are not violated. By riding on the push to digitization, and emerging technologies such as AI, a strong all encompassing privacy legislation can allow India to leapfrog and use these emerging technologies for the benefit of the citizens without violating their privacy. A robust legislation can also ensure a level playing field for data driven enterprises within a framework of openness, fairness, accountability and transparency.

^{^[1]} These seven principles include: Right to Access, Right to Rectification, Right to Erasure And Destruction of Personal Data,Right to Restriction Of Processing, Right to Object, Right to Portability of Personal Data,Right to Seek Exemption from Automated Decision-Making.

^{^[2]}The Privacy (Protection) Bill 2013: A Citizen’s Draft, Bhairav Acharya, Centre for Internet & Society, https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-citizens-draft

^{^[3]}General Data Protection Regulation, available at https://gdpr-info.eu/art-4-gdpr/.

^{^[4]} Antonio Vetro, Open Data Quality Measurement Framework: Definition and Application to Open Government Data, available at https://www.sciencedirect.com/science/article/pii/S0740624X16300132

^{^[5]} General Data Protection Regulation, available at https://gdpr-info.eu/chapter-5/.

^{^[6]} Sensitive personal data under Section 2(bb) includes, biometric data; deoxyribonucleic acid data;
sexual preferences and practices;medical history and health information;political affiliation;
membership of a political, cultural, social organisations including but not limited to a trade union as defined under Section 2(h) of the Trade Union Act, 1926;ethnicity, religion, race or caste; and
financial and credit information, including financial history and transactions.

^{^[7]} Submission to the Committee of Experts on a Data Protection Framework for India, Amber Sinha, Centre for Internet & Society, available at https://cis-india.org/internet-governance/files/data-protection-submission

For more details visit https://cis-india.org/internet-governance/blog/the-centre-for-internet-and-society2019s-comments-and-recommendations-to-the-indian-privacy-code-2018