Centre for Internet and Society

P.P. Sneha - Mapping Digital Humanities in India

sneha-pp — 2016-12-31T05:56:49Z

It gives us great pleasure to publish the second title of the CIS Papers series. This report by P.P. Sneha comes out of an extended research project supported by the Kusuma Trust. The study undertook a detailed mapping of digital practices in arts and humanities scholarship, both emerging and established, in India. Beginning with an understanding of Digital Humanities as a 'found term' in the Indian context, the study explores the discussion and debate about the changes in humanities practice, scholarship and pedagogy that have come about with the digital turn. Further it inquires about the spaces and roles of digital technologies in the humanities, and by extension in the arts, media, and creative practice today; transformations in the objects and methods of study and practice in these spaces; and the shifts in the imagination of the ‘digital’ itself, and its linkages with humanities practices.

Download: Mapping Digital Humanities in India (PDF)

Foreword

What different forms do digital humanities (DH) research and expertise take around the world? My colleagues and I investigated this question for our report on Building Expertise to Support Digital Scholarship: A Global Perspective. In some places, we struggled to find resources on local practices in DH, but fortunately in India we could draw upon the excellent work of P.P. Sneha and the Centre for Internet and Society. In a series of insightful blog posts, Sneha explored the implications of technology for humanities scholarship and surveyed digital humanities practices in India.

Now Sneha has brought this work together in “Mapping Digital Humanities in India.” Rather than falling into naive boosterism or superficial critique, this report plumbs deep questions about humanistic knowledge in a digital age: What do we make of textuality in a digital environment? How might digital tools and platforms contribute to conflicts about authority? How does digital infrastructure affect how humanities research can be practiced? Sneha probes the complexities of these questions, drawing from theorists such as Benjamin, Derrida and Foucault as well as digital humanities scholars such as Franco Moretti and Patrik Svensson.

From this strong theoretical foundation, “Mapping Digital Humanities in India” explores specific challenges and possibilities for DH in India, synthesizing rich interviews with a range of Indian scholars. Sneha notes that digital humanities is in an “incipient stage” in India, given the persistence of the digital divide in much of the country, the association of the term with a specific history in the Anglo-American context, and concerns about the uncritical embrace of technology. The report highlights several Indian projects that demonstrate how technology can be used to create and disseminate humanistic knowledge. Creating online resources in Indic languages poses challenges, especially inputting languages and translating between them. To create an online variorum of Nobel prize-winning author Rabindranath Tagore’s works, Bichitra had to develop a Bangla character set. Bichitra enables readers to collate texts at the level of the chapter/canto, paragraph/stanza or word. In the realm of film and video, Indiancine.ma (which archives Indian films from the pre-copyright period) and Pad.ma (which houses found and deposited audio, video, and allied materials) offer powerful annotation tools and open up the archive into a space for interpretation and collaboration.

As digital humanities scholars attempt to move past a limited, Anglo-American perspective, “Mapping Digital Humanities in India” provides a model for how we can understand local practices in DH and connect them to ongoing discussions about humanistic knowledge. Through this report, readers can navigate central issues in digital humanities, explore the Indian context, and critically examine culturally based assumptions about DH practices.

- Lisa Spiro, Executive Director, Digital Scholarship Services, Rice University, Texas, USA

Executive Summary

In the short time span that the term ‘digital humanities’ (henceforth DH) has been around in the Indian academic landscape, it had generated much discussion and debate about the changes in humanities practice, scholarship and pedagogy that have come about with the digital turn. What are the spaces and roles of digital technologies in the humanities, and by extension in the arts, media, and creative practice today? How has it transformed objects and methods of study and practice in these spaces? What does it tell us about the relationship between the humanities and technology? Perhaps most importantly, what is our imagination of the ‘digital’ itself, and how does it shape our humanities practices?

These are but a few of the questions that this study on mapping key conversations and actors around the term DH tries to explore in some detail. While the study began as an attempt to understand the growing interest around the term itself in India, its scope has extended to explore what specific contexts and conditions are in place in India that give it critical purchase. Five universities now offer various programmes in DH in India - ranging from a Master’s degree to certificate courses, and there have been several workshops, winter schools, seminars and one national level consultation over the last five years. Academic and applied practices focus on building of digital archives, film studies, game studies, textual studies, cultural heritage and critical making to name just a few. While these efforts have managed to create a growing interest in DH, there is still a lack of consensus on what exactly constitutes the field in India. Thus, questions around definition, ontology, and method remain pertinent, as does the need for recognition by the national academic bureaucracy.

Context is another important factor here - most global narratives of DH reiterate a predominantly Anglo-American narrative that draws from a history in the field of humanities computing, as well as a crisis in higher education, particularly in the humanities and liberal arts. The efforts to map different histories of DH in the last couple of years, seen in the emergence of fields such as postcolonial DH and feminist DH, then point to diverse locations, and more intersectional perspectives from which the discourse around the field is being shaped. This is an important opportunity to better contextualise the debates around the digital as well – where conditions and hierarchies of access and usage, transition from analogue to the digital, and the notion of ‘digitality’ itself need to be defined and understood better. In India, with initiatives such as the Digital India programme, and the increasing push for the adoption of digital technologies in every sphere from education to governance, and now a steady push towards a digital economy, there is already a tremendous amount of investment in the idea of the digital by a diverse group of stakeholders. These advancements, and the enthusiasm, must be read within the context of a rather chequered and uneven history of the growth of science and technology in India, the advent of the internet and adoption of ICT4D, and existence of digital divides at different levels. The changing higher education system in India, and criticism around a profit-driven model of education, along with the entry of a large number of private actors in the field in the form of MOOCs and other online platforms in the last few years also contribute to this growing interest in DH, as also much of its criticism. In fact, the global discourse on DH and its linkages with shifts in government funding has seen increasingly polarized positions, with many humanities scholars being uncertain about the political or critical stake of the field, and a concern about the its focus on certain kinds of methods and skill sets at the expense of more traditional ones.

In India, the discourse around DH has largely remained within an academic context so far, although emerging creative practices in art, design and media may have been asking questions of a similar nature for some time now. These include efforts to understand changes in objects of enquiry from analogue to digitised and born digital artifacts, and the need for new methods of work and study that are necessitated by these new digital objects. The process of ‘digitisation’ itself is one fraught with several challenges, and demands a closer look – what are tools, resources and skills available for digitisation or creation of new digital cultural artifacts, and the context that facilitates their creation and active use in humanities research and practice. The ‘text’ as the primary cultural artifact or object of enquiry in the humanities, has undergone several changes with digitisation. Working with digital texts that are fluid and networked, and most often in languages other than English bring forth several new questions that are not only technological but also conceptual. The emergence of new digital cultural archives and online repositories, owing to the (marginally) increased access to internet and digital technologies and the growth of a culture that facilitates collecting and sharing, has greatly expanded the scope of engagement with these questions. The archive in fact forms a significant part of the discourse around DH in India - the challenges and prospects offered by digital cultural artifacts are quite diverse, ranging from modes of documentation, preservation and curation to dissemination over online spaces, and there is a need to understand these in greater detail. Infrastructure emerges as an important political and conceptual question here – while an interest in technological advancement and innovation, and the growth of a culture of free and open access to knowledge to some extent has helped facilitate work in the humanities at large, the lack of access to funding, expertise, and of course adequate, and advanced physical and technological infrastructure , such as computational methods often limits the kind of work that can be done with digital artifacts.

The implications of these changes for the study and practice of humanities are several, particularly with respect to traditional methods of pedagogy and scholarship. The access to resources like Wikipedia and devices like the mobile phone have facilitated a move towards more distributed, non-hierarchical, and individualised models and practices of learning, which simultaneously are premised upon new kinds of centralisation, hierarchies, and aggregation of information. The need to develop new forms of digital pedagogy as well as creating more spaces for such conversations within and outside the academic context would be crucial here. This growth of digitally-engaged humanities practice raises pertinent questions about how exactly the “digital turn” is transforming the humanities, its practice and politics. DH being an interdisciplinary field also offers the possibilities to engage with creative, often alternative practices that exist at the margins of mainstream academia, thus trying to encourage collaborative work across different domains of expertise. The inherited separation of disciplines, or even humanities and technology as suggested by the term DH, may then be contentious here, as it creates the opportunity to explore a twinned history of humanities and technology.

While the field of DH in India continues to develop slowly but surely, and hopefully widely, as more institutions and individuals become engaged with DH and related works, these key questions around its history, methods, and scope will continue to remain pertinent over the next years. For us at the Centre for Internet and Society, studying DH at this historical juncture when the Indian state is rushing towards embracing the “digital” provides a critical lens to understand and engage with the reconfigurations in modes and practices of arts and humanities scholarship and pedagogy in particular, and digital economies of knowledge in general.

CIS Papers

The CIS Papers series publishes open access monographs and discussion pieces that critically contribute to the debates on digital technologies and society. It includes publication of new findings and observations, of work-in-progress, and of critical review of existing materials. These may be authored by researchers at or affiliated to CIS, by external researchers and practitioners, or by a group of discussants. CIS offers editorial support to the selected monographs and discussion pieces. The views expressed, however, are of the authors' alone.

For more details visit https://cis-india.org/papers/mapping-digital-humanities-in-india

Multistakeholder Consultation on Encryption

praskrishna — 2016-12-17T01:22:35Z

The Centre for Internet & Society (CIS) in collaboration with ORF and Takshashila Institution is organizing a Multi-Stakeholder Consultation on Encryption on December 17, 2016 at TERI in Bengaluru.

The consultation is intended to help shape the discussions around the new draft encryption policy slated to be released sometime early next year. The consultation will be divided into two segments: an open house and a panel discussion with high-level government representatives, including Dr. Gulshan Rai, the National Cyber Security Coordinator. The sessions start at 10.30 a.m. on December 17, 2016 and will go on for until approximately 4.30 p.m.

The discussions themselves will highlight inputs from the three main constituents affected by an encryption policy: civil society and end users, the private sector and government. The range of civil liberties and constitutional rights implicated by encryption, as well as the needs of businesses to secure data flows will be discussed. Government officials too are expected to join the consultation and will provide perspectives on encryption and legitimate access to data for law enforcement purpose.

For more info reach out to Udbhav Tiwari (udbhav@cisindia.org) or Bedavyasa Mohanty (bedavyasam@orfonline.org)

For more details visit https://cis-india.org/internet-governance/events/multistakeholder-consultation-on-encryption

Myanmar Digital Rights Forum Agenda

praskrishna — 2016-12-17T00:32:46Z

For more details visit https://cis-india.org/internet-governance/files/myanmar-digital-rights-forum-agenda.pdf

Marathi Wikipedia Edit-a-thon in Kolhapur

subodh — 2016-12-16T23:34:10Z

On behalf of CIS-A2K team Subodh Kulkarni conducted a Marathi Wikipedia Edit-a-thon at Shivaji University in Kolhapur on 15 December 2016. The goal of the Wikipedia edit-a-thon was to build resources in the field of Political Science on Marathi Wikipedia and equip its participants with the process of contributing to Wikipedia, and to introduce it as a concept to them.

The workshop was conducted at the Political Science Department of Shivaji University for post graduate and research students and professors. The Head of the Political Science Department, Dr. Prakash Pawar actively took part in all the process. In all 22 new editors began their contribution on Wikipedia. The effort is the first step towards building long term institutional partnership with Shivaji University where many courses are run in Marathi language.

The Department of Mass Communication and the Department of Environment and Science have also evinced interest for conducting edit-a-thons for their students.

Overall the primary goals of the project include:

To introduce Wikipedia as an encyclopedia for research and a concept to new editors.
To Promote Marathi Wikipedia Community & promote the use of regional languages in Wikipedia.
To have an open interaction within the editors, existing as well as new.
To spread the awareness of Wikipedia as a powerful tool.

For more info, read the meta page

For more details visit https://cis-india.org/a2k/blogs/marathi-wikipedia-edit-a-thon-in-kolhapur

Deep Packet Inspection: How it Works and its Impact on Privacy

amber — 2016-12-16T23:14:49Z

In the last few years, there has been extensive debate and discussion around network neutrality in India. The online campaign in favor of Network Neutrality was led by Savetheinternet.in in India. The campaign was a spectacular success and facilitated sending over a million emails supporting the cause of network neutrality, eventually leading to ban on differential pricing. Following in the footsteps of the Shreya Singhal judgement, the fact that the issue of net neutrality has managed to attract wide public attention is an encouraging sign for a free and open Internet in India. Since the debate has been focused largely on zero rating, other kinds of network practices impacting network neutrality have yet to be comprehensively explored in the Indian context, nor their impact on other values. In this article, the author focuses on network management, in general, and deep packet inspection, in particular and how it impacts the privacy of users.

Background

In the last few years, there has been extensive debate and discussion around network neutrality in India. The online campaign in favor of Network Neutrality was led by Savetheinternet.in in India. The campaign, captured in detail by an article in Mint, ^{^[1]} was a spectacular success and facilitated sending over a million emails supporting the cause of network neutrality, eventually leading to ban on differential pricing. Following in the footsteps of the Shreya Singhal judgement, the fact that the issue of net neutrality has managed to attract wide public attention is an encouraging sign for a free and open Internet in India. Since the debate has been focused largely on zero rating, other kinds of network practices impacting network neutrality have yet to be comprehensively explored in the Indian context, nor their impact on other values. In this article, I focus on network management, in general, and deep packet inspection, in particular and how it impacts the privacy of users.

The Architecture of the Internet

The Internet exists as a network acting as an intermediary between providers of content and it users. ^{^[2]} Traditionally, the network did not distinguish between those who provided content and those who were recipients of this service, in fact often, the users also functioned as content providers. The architectural design of the Internet mandated that all content be broken down into data packets which were transmitted through nodes in the network transparently from the source machine to the destination machine.^{^[3]} As discussed in detail later, as per the OSI model, the network consists of 7 layers. We will go into each of these layers in detail below, however is important to understand that at the base is the physical layer of cables and wires, while at the top is application layer which contains all the functions that people want to perform on the Internet and the content associated with it. The layers in the middle can be characterised as the protocol layers for the purpose of this discussion. What makes the architecture of the Internet remarkable is that these layers are completely independent of each other, and in most cases, indifferent to the other layers. The protocol layer is what impacts net neutrality. It is this layer which provides the standards for the manner in which the data must flow through the network. The idea was for the it to be as simple and feature free as possible such that it is only concerned with the transmission data as fast as possible ('best efforts principle') while innovations are pushed to the layers above or below it.^{^[4]}

This aspect of the Internet's architectural design, which mandates that network features are implemented as the end points only (destination and source machine), i.e. at the application level, is called the 'end to end principle'.^{^[5]} This means that the intermediate nodes do not differentiate between the data packets in any way based on source, application or any other feature and are only concerned with transmitting data as fast as possible, thus creating what has been described as a 'dumb' or neutral network. ^{^[6]} This feature of the Internet architecture was also considered essential to what Jonathan Zittrain has termed as the 'generative' model of the Internet.^{^[7]} Since, the Internet Protocol remains a simple layer incapable of discrimination of any form, it meant that no additional criteria could be established for what kind of application would access the Internet. Thus, the network remained truly open and ensured that the Internet does not privilege or become the preserve of a class of applications, nor does it differentiate between the different kinds of technologies that comprise the physical layer below.

While the above model speaks of a dumb network not differentiating between the data packets that travel through it, in truth, the network operators engage in various kinds of practices that priorities, throttle or discount certain kinds of data packets. In her thesis essay at the Oxford Internet Institute, Alissa Cooper^{^[8]} states that traffic management involves three different set of criteria- a) Some subsets of traffic needs to be managed, and arriving at a criteria to identify those subsets the criteria can be based on source, destination, application or users, b) Trigger for the traffic management measure which - could be based upon time of the day, usage threshold or a specific network condition, and c) the traffic treatment put into practice when the trigger is met. The traffic treatment can be of three kinds. The first is Blocking, in which traffic is prevented from being delivered. The second is Prioritization under which identified traffic is sent sooner or later. This is usually done in cases of congestion and one kind of traffic needs to be prioritized. The third kind of treatment is Rate limiting where identified traffic is limited to a defined sending rate.^{^[9]} The dumb network does not interfere with an application's operation, nor is it sensitive to the needs of an application, and in this way it treats all information sent over it as equal. In such a network, the content of the packets is not examined, and Internet providers act according to the destination of the data as opposed to any other factor. However, in order to perform traffic management in various circumstances, Deep packet Inspection technology, which does look at the content of data packets is commonly used by service providers.

Deep Packet Inspection

Deep packet inspection (DPI) enables the examination of the content of a data packets being sent over the Internet. Christopher Parsons explains the header and the payload of a data packet with respect to the OSI model. In order to understand this better, it is more useful to speak of network in terms of the seven layers in the OSI model as opposed to the three layers discussed above.^{^[10]}

Under the OSI model, the top layer, the Application Layer is in contact with the software making a data request. For instance, if the activity in question is accessing a webpage, the web-browser makes a request to access a page which is then passed on to the lower layers. The next layer is the Presentation Layer which deals with the format in which the data is presented. This lateral performs encryption and compression of the data. In the above example, this would involve asking for the HTML file. Next comes the Session Layer which initiates, manages and ends communication between the sender and receiver. In the above example, this would involve transmitting and regulating the data of the webpage including its text, images or any other media. These three layers are part of the 'payload' of the data packet.^{^[11]}

The next four layers are part of the 'header' of the data packet. It begins with the Transport Layer which collects data from the Payload and creates a connection between the point of origin and the point of receipt, and assembles the packets in the correct order. In terms of accessing a webpage, this involves connecting the requesting computer system with the server hosting the data, and ensuring the data packets are put together in an arrangement which is cohesive when they are received. The next layer is the Data Link Layer. This layer formats the data packets in such a way that that they are compatible with the medium being used for their transmission. The final layer is the Physical Layer which determines the actual media used for transmitting the packets.^{^[12]}

The transmission of the data packet occurs between the client and server, and packet inspect occurs through some equipment placed between the client and the server. There are various ways in which packet inspection has been classified and the level of depth that the inspection needs to qualify in order to be categorized as Deep Packet Inspection. We rely on Parson's classification system in this article. According to him, there are three broad categories of packet inspection - shallow, medium and deep.^{^[13]}

Shallow packet inspection involves the inspection of the only the header, and usually checking it against a blacklist. The focus in this form of inspection is on the source and destination (IP address and packet;s port number). This form of inspection primarily deals with the Data Link Layer and Network Layer information of the packet. Shallow Packet Inspection is used by firewalls.^{^[14]}

Medium Packet Inspection involves equipment existing between computers running the applications and the ISP or Internet gateways. They use application proxies where the header information is inspected against their loaded parse-list and used to look at a specific flows. These kinds of inspections technologies are used to look for specific kinds of traffic flows and take pre-defined actions upon identifying it. In this case, the header and a small part of the payload is also being examined.^{^[15]}

Finally, Deep Packet Inspection (DPI) enables networks to examine the origin, destination as well the content of data packets (header and payload). These technologies look for protocol non-compliance, spam, harmful code or any specific kinds of data that the network wants to monitor. The feature of the DPI technology that makes it an important subject of study is the different uses it can be put to. The use cases vary from real time analysis of the packets to interception, storage and analysis of contents of a packets.^{^[16]}

The different purposes of DPI

Network Management and QoS

The primary justification for DPI presented is network management, and as a means to guarantee and ensure a certain minimum level of QoS (Quality of Service). Quality of Service (QoS) as a value conflicting with the objectives of Network Neutrality, has emerged as a significant discussion point in this topic. Much like network neutrality, QoS is also a term thrown around in vague, general and non-definitive references. The factors that come into play in QoS are network imposed delay, jitter, bandwidth and reliability. Delay, as the name suggests, is the time taken for a packet to be passed by the sender to the receiver. Higher levels of delay are characterized by more data packets held 'in transit' in the network. ^{^[17]} A paper by Paul Ferguson and Geoff Huston described the TCP as a 'self clocking' protocol.^{^[18]} This enables the transmission rate of the sender to be adjusted as per the rate of reception by the receiver. As the delay and consequent stress on the protocol increases, this feedback ability begins to lose its sensitivity. This becomes most problematic in cases of VoIP and video applications. The idea of QoS generally entails consistent service quality with low delay, low jitter and high reliability through a system of preferential treatment provided to some traffic on a criteria formulated around the need of such traffic to have greater latency sensitivity and low delay and jitter. This is where Deep Packet Inspection comes into play. In 1991, Cisco pioneered the use of a new kind of router that could inspect data packets flowing through the network. DPI is able to look inside the packets and its content, enabling it to classify packets according to a formulated policy. DPI, which was used a security tool, to begin with, is a powerful tool as it allows ISPs to limit or block specific applications or improve performances of applications in telephony, streaming and real-time gaming. Very few scholars believe in an all-or-nothing approach to network neutrality and QoS and debate often comes down to what forms of differentiations are reasonable for service providers to practice. ^{^[19]}

Security

Deep Packet inspection was initially intended as a measure to manage the network and protect it from transmitting malicious programs . As mentioned above, Shallow Packet Inspection was used to secure LANs and keep out certain kinds of unwanted traffic. ^{^[20]} Similarly, DPI is used for identical purposes, where it is felt useful to enhance security and complete a 'deeper' inspection that also examines the payload along with the header information.

Surveillance

The third purpose of DPI is what concerns privacy theorists the most. The fact that DPI technologies enable the network operators to have access to the actual content of the data packets puts them a position of great power as well as making them susceptible to significant pressure from the state. ^{^[21]} For instance, in US, the ISPs are required to conform to the provisions of the Communications Assistance for Law Enforcement Act (CALEA) which means they need to have some surveillance capacities designed into their systems. What is more disturbing for privacy theorists compared to the use of DPI for surveillance under legislation like CALEA, are the other alleged uses by organisation like the National Security Agency through back end access to the information via the ISPs. Aside from the US government, there have been various reports of use of DPI by governments in countries like China,^{^[22]} Malaysia^{^[23]} and Singapore. ^{^[24]}

Behavioral targeting

DPI also enables very granular tracking of the online activities of Internet users. This information is invaluable for the purposes of behavioral targeting of content and advertising. Traditionally, this has been done through cookies and other tracking software. DPI allows new way to do this, so far exercised only through web-based tools to ISPs and their advertising partners. DPI will enable the ISPs to monitor contents of data packets and use this to create profiles of users which can later be employed for purposes such as targeted advertising. ^{^[25]}

Impact on Privacy

Each of the above use-cases has significant implications for the privacy of Internet users as the technology in question involves access, tracking or retention of their online communication and usage activity.

Alyssa Cooper compares DPI with other technologies carrying out content inspection such as caching services and individual users employing firewalls or packet sniffers. She argues that one of the most distinguishing feature of DPI is the potential for "mission-creep." ^{^[26]} Kevin Werbach writes that while networks may deploy DPI for implementation under CALEA or traffic peer-to-peer shaping, once deployed DPI techniques can be used for completely different purposes such as pattern matching of intercepted content and storage of raw data or conclusions drawn from the data.^{^[27]} This scope of mission creep is even more problematic as it is completely invisible. As opposed to other technologies which rely on cookies or other web-based services, the inspection occurs not at the end points, but somewhere in the middle of the network, often without leaving any traces on the user's system, thus rendering them virtually undiscoverable.

Much like other forms of surveillance, DPI threatens the sense that the web is a space where people can engage freely with a wide range of people and services. For such a space to continue to exist, it is important for people to feel secure about their communication and transaction on medium. This notion of trust is severely harmed by a sense that users are being surveilled and their communication intercepted. This has obvious chilling effect on free speech and could also impact electronic commerce.^{^[28]}

Allyssa Cooper also points out another way in which DPI differs from other content tracking technologies. As the DPI is deployed by the ISPs, it creates a greater barrier to opting out and choosing another service. There are only limited options available to individuals as far as ISPs are concerned. Christopher Parsons does a review of ISPs using DPI technology in UK, US and Canada and offers that various ISPs do provide in their terms of services that they use DPI for network management purposes. However, this information is often not as easily accessible as the terms and conditions of online services. A;so, As opposed to online services, where it is relatively easier to migrate to another service, due to both presence of more options and the ease of migration, it is a much longer and more difficult process to change one's ISP.^{^[29]}

Measures to mitigate risk

Currently, there are no existing regulatory frameworks in India which deal govern DPI technology in any way. The International Telecommunications Union (ITU) prescribes a standard for DPI^{^[30]} however, the standard does not engage with any questions of privacy and requires all DPI technologies to be capable of identifying payload data, and prescribing classification rules for specific applications, thus, conflicting with notions of application agnosticism in network management. More importantly, the requirements to identify, decrypt and analyse tunneled and encrypted data threaten the reasonable expectation of privacy when sending and receiving encrypted communication. In this final section, I look at some possible principles and practices that may be evolved in order to mitigate privacy risks caused due to DPI technology.

Limiting 'depth' and breadth

It has been argued that inherently what DPI technology intends to do is matching of patterns in the inspected content against a pre-defined list which is relevant to the purpose how which DPI is employed. Much like data minimization principles applicable to data controllers and data processors, it is possible for network operators to minimize the depth of the inspection (restrict it to header information only or limited payload information) so as to serve the purpose at hand. For instance, in cases where the ISP is looking to identify peer-to-peer traffic, there are protocols which declare their names in the application header itself. Similarly, a network operators looking to generate usage data about email traffic can do so simply by looking at port number and checking them against common email ports.^{^[31]} However, this mitigation strategy may not work well for other use-cases such as blocking malicious software or prohibited content or monitoring for the sake of behavioral advertising.

While depth referred to the degree of inspection within data packets, breadth refers to the volume of packets being inspected. Alyssa Cooper argues that for many DPI use cases, it may be possible to rely on pattern matching on only the first few data packets in a flow, in order to arrive at sufficient data to take appropriate response. Cooper uses the same example about peer-to-peer traffic. In some cases, the protocol name may appear on the header file of only the first packet of a flow between two peers. In such circumstances, the network operators need not look beyond the header files of the first packet in a flow, and can apply the network management rule to the entire flow.^{^[32]}

Data retention

Aside from the depth and breadth of inspection, another important question whether and for along is there a need for data retention. All use cases may not require any kind of data retention and even in case where DPI is used for behavioral advertising, only the conclusions drawn may be retained instead of retaining the payload data.

Transparency

One of the issues is that DPI technology is developed and deployed outside the purview of standard organizations like ISO. Hence, there has been a lack of open, transparent standards development process in which participants have deliberated the impact of the technology. It is important for DPI to undergo these process which are inclusive, in that there is participation by non-engineering stakeholders to highlight the public policy issues such as privacy. Further, aside from the technology, the practices by networks need to be more transparent. ^{^[33]} Disclosure of the presence of DPI, the level of detail being inspected or retained and the purpose for deployment of DPI can be done. Some ISPs provide some of these details in their terms of service and website notices. ^{^[34]} However, as opposed to web-based services, users have limited interaction with their ISP. It would be useful for ISPs to enable greater engagement with their users and make their practices more transparent.

Conclusion

The very nature of of the DPI technology renders some aspects of recognized privacy principles like notice and consent obsolete. The current privacy frameworks under FIPP^{^[35]} and OECD ^{^[36]} rely on the idea of empowering the individual by providing them with knowledge and this knowledge enables them to make informed choices. However, for this liberal conception of privacy to function meaningfully, it is necessary that there are real and genuine choices presented to the alternatives. While some principles like data minimisation, necessity and proportionality and purpose limitation can be instrumental in ensuring that DPI technology is used only for legitimate purposes, however, without effective opt-out mechanisms and limited capacity of individual to assess the risks, the efficacy of privacy principles may be far from satisfactory.

The ongoing Aadhaar case and a host of surveillance projects like CMS, NATGRID, NETRA^{^[37]} and NMAC ^{^[38]} have raised concerns about the state conducting mass-surveillance, particularly of online content. In this regard, it is all the more important to recognise the potential of Deep Packet Inspection technologies for impact on privacy rights of individuals. Earlier, the Centre for Internet and Society had filed Right to Information applications with the Department of Telecommunications, Government of India regarding the use of DPI, and the government had responded that there was no direction/reference to the ISPs to employ DPI technology. ^{^[39]} Similarly, MTNL also responded to the RTI Applications and denied using the technology.^{^[40]} It is notable though, that they did not respond to the questions about the traffic management policies they follow. Thus, so far there has been little clarity on actual usage of DPI technology by the ISPs.

^{^[1]} Ashish Mishra, "India's Net Neutrality Crusaders", available at http://mintonsunday.livemint.com/news/indias-net-neutrality-crusaders/2.3.2289565628.html

^{^[2]} http://www.livinginternet.com/i/iw_arch.htm

^{^[3]} Vinton Cerf and Robert Kahn, "A protocol for packet network intercommunication", available at https://www.semanticscholar.org/paper/A-protocol-for-packet-network-intercommunication-Cerf-Kahn/7b2fdcdfeb5ad8a4adf688eb02ce18b2c38fed7a

^{^[4]} Paul Ganley and Ben Algove, "Network Neutrality-A User's Guide", available at http://wiki.commres.org/pds/NetworkNeutrality/NetNeutrality.pdf

^{^[5]} J H Saltzer, D D Clark and D P Reed, "End-to-End arguments in System Design", available at http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf

^{^[6]} Supra Note 4.

^{^[7]} Jonathan Zittrain, The future of Internet - and how to stop it, (Yale University Press and Penguin UK, 2008) available at https://dash.harvard.edu/bitstream/handle/1/4455262/Zittrain_Future%20of%20the%20Internet.pdf?sequence=1

^{^[8]} Alissa Cooper, How Regulation and Competition Influence Discrimination in Broadband Traffic Management: A Comparative Study of Net Neutrality in the United States and the United Kingdom available at http://ora.ox.ac.uk/objects/uuid:757d85af-ec4d-4d8a-86ab-4dec86dab568

^{^[9]} Id .

^{^[10]} Christopher Parsons, "The Politics of Deep Packet Inspection: What Drives Surveillance by Internet Service Providers?", available at https://www.christopher-parsons.com/the-politics-of-deep-packet-inspection-what-drives-surveillance-by-internet-service-providers/ at 15.

^{^[11]} Ibid at 16.

^{^[12]} Id .

^{^[13]} Ibid at 19.

^{^[14]} Id .

^{^[15]} Id .

^{^[16]} Jay Klein, "Digging Deeper Into Deep Packet Inspection (DPI)", available at http://spi.unob.cz/papers/2007/2007-06.pdf

^{^[17]} Tim Wu, "Network Neutrality: Broadband Discrimination", available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=388863

^{^[18]} Paul Ferguson and Geoff Huston, "Quality of Service on the Internet: Fact, Fiction,

or Compromise?", available at http://www.potaroo.net/papers/1998-6-qos/qos.pdf

^{^[19]} Barbara van Schewick, "Network Neutrality and Quality of Service: What a non-discrimination Rule should look like", available at http://cyberlaw.stanford.edu/downloads/20120611-NetworkNeutrality.pdf

^{^[20]} Supra Note 14.

^{^[21]} Paul Ohm, "The Rise and Fall of Invasive ISP Surveillance," available at http://paulohm.com/classes/infopriv10/files/ExcerptOhmISPSurveillance.pdf

^{^[22]} Ben Elgin and Bruce Einhorn, "The great firewall of China", available at http://www.bloomberg.com/news/articles/2006-01-22/the-great-firewall-of-china .

^{^[23]} Mike Wheatley, "Malaysia's Web Heavily Censored Before Controversial Elections", available at http://siliconangle.com/blog/2013/05/06/malaysias-web-heavily-censored-before-controversial-elections/

^{^[24]} Fazal Majid, "Deep packet inspection rears it ugly head" available at https://majid.info/blog/telco-snooping/.

^{^[25]} Alissa Cooper, "Doing the DPI Dance: Assessing the Privacy Impact of Deep Packet Inspection," in W. Aspray and P. Doty (Eds.), Privacy in America: Interdisciplinary Perspectives, Plymouth, UK: Scarecrow Press, 2011 at 151.

^{^[26]} Ibid at 148.

^{^[27]} Kevin Werbach, "Breaking the Ice: Rethinking Telecommunications Law for the Digital Age", Journal of Telecommunications and High Technology, available at http://www.jthtl.org/articles.php?volume=4

^{^[28]} Supra Note 25 at 149.

^{^[29]} Supra Note 25 at 147.

^{^[30]} International Telecommunications Union, Recommendation ITU-T.Y.2770, Requirements for Deep Packet Inspection in next generation networks, available at https://www.itu.int/rec/T-REC-Y.2770-201211-I/en.

^{^[31]} Supra Note 25 at 154.

^{^[32]} Ibid at 156.

^{^[33]} Supra Note 10.

^{^[34]} Paul Ohm, "The Rise and Fall of Invasive ISP Surveillance", available at http://paulohm.com/classes/infopriv10/files/ExcerptOhmISPSurveillance.pdf .

^{^[35]} http://www.nist.gov/nstic/NSTIC-FIPPs.pdf

^{^[36]} https://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm

^{^[37]} "India's Surveillance State" Software Freedom Law Centre, available at http://sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india/

^{^[38]} Amber Sinha, "Are we losing our right to privacy and freedom on speech on Indian Internet", DNA, available at http://www.dnaindia.com/scitech/column-are-we-losing-the-right-to-privacy-and-freedom-of-speech-on-indian-internet-2187527

^{^[39]} http://cis-india.org/telecom/use-of-dpi-technology-by-isps.pdf

^{^[40]} Smita Mujumdar, "Use of DPI Technology by ISPs - Response by the Department of Telecommunications" available at http://cis-india.org/telecom/dot-response-to-rti-on-use-of-dpi-technology-by-isps

For more details visit https://cis-india.org/internet-governance/blog/deep-packet-inspection-how-it-works-and-its-impact-on-privacy

Protection of Privacy in Mobile Phone Apps

Hitabhilash Mohanty and Edited by Leilah Elmokadem — 2016-12-15T14:18:43Z

The term “Fintech” refers to technology-based businesses that compete against, enable and/or collaborate with financial institutions. The year 2015 was a critical year for the Indian fintech industry, which saw the rise of numerous fintech start-ups, incubators and investments from the public and private sector.

According to NASSCOM, the Indian fintech market is worth an estimated USD 1.2 billion, and is predicted to reach USD 2.4 billion by 2020.[1] The services brought forth by Fintech, such as digital wallets, lending, and insurance, have transformed the ways in which businesses and institutions execute dayto-day transactions. The rise of fintech in India has rendered the nation’s market a point of attraction for global investment.[2] Fintech in India is perceived both as a catalyst for economic growth and innovation, as well as a means of financial inclusion for the millions of unbanked individuals and businesses. The government of India, along with regulators such as SEBI (Securities and Exchange Board of India) and RBI (Reserve Bank India), has consistently supported the digitalization of the nation’s economy and the formation of a strong fintech ecosystem through funding and promotional initiatives.[3]

The RBI has been pivotal in enabling the development of India’s fintech sector and adopting a cautious approach in addressing concerns around consumer protection and law enforcement. Its key objective as a regulator has been to create an environment for unimpeded innovations by fintech, expanding the reach of banking services for unbanked populations, regulating an efficient electronic payment system and providing alternative options for consumers. The RBI’s prime focus areas for enabling fintech have been around payment, lending, security/biometrics and wealth management. For example, the RBI has introduced “Unified Payment Interface” with the NPCI (National Payments Corporation of India), which has been critical in revolutionizing digital payments and pushing India closer to the objective of a cash-less society. It has also released a consultation paper on regulating Peer 2 Peer (P2P) lending market in India, highlighting the advantages and disadvantages of regulating the sector.[4]

The consultation paper offers a definition of P2P lending as well as a general explanation of the activity and the digital platforms that facilitate transactions between lenders and borrowers. It also provides a set of arguments for and against regulating P2P lending. The arguments against regulating the sector mainly pertain to the risk of stifling the growth of an innovative, efficient and accessible avenue for borrowers who either lack access to formal financial channels or are denied loans by them.[5]

This is the general consensus around the positive impact of the Fintech sector in India: its facilitation of financial inclusion and economic opportunity. However, the paper lists many more arguments for regulation than against. One of the main points made is with regards to P2P lending’s potential to disrupt the financial sector by challenging traditional banking channels. There is also the argument that, if properly regulated, the P2P lending platforms can more efficiently and effectively exercise their potential of promoting alternative forms of finance.[6]

The paper concludes that the balance of advantage would lie in developing an appropriate regulatory and supervisory toolkit that facilitates the orderly growth of the P2P lending sector in order to harness its ability to provide an alternative avenue for credit for the right borrowers[7]

The RBI’s regulatory framework for P2P lending platforms encompasses the permitted activity, prudential regulations on capital, governance, business continuity plan (BCP) and customer interface, apart from regulatory reporting.[8]

The Securities and Exchange Board of India (SEBI) is also a prominent regulator of the Indian fintech sector. They issued a consultation paper on “crowdfunding”, which is defined as the solicitation of funds (small amounts) from multiple investors through a web-based platform or social networking site for a specific project, business venture or social cause. P2P lending is then a form of crowdfunding, which can be understood as an umbrella term that covers fintech lending practices. SEBI’s paper aimed to provide a brief overview of the global scenario of crowdfunding including the various prevalent models under it, the associated benefits and risks, the regulatory approaches in different jurisdictions, etc. It also discusses the legal and regulatory challenges in implementing the framework for crowdfunding. The paper proposes a framework for ushering in crowdfunding by giving access to capital markets to provide an additional channel of early stage funding to Start-ups and SME’s and seeks to balance the same with investor protection.[9] Unlike RBI’s consultation paper on P2P lending, SEBI’s paper on crowdfunding was intended mainly to invite discussion and not necessarily to implement a framework for regulation.

Some of the benefits cited in SEBI’s crowdfunding paper pertain to the commonly mentioned advantages of fintech: economic opportunity for the SME sector and start-ups, alternative lending systems to keep SMEs alive when traditional banks crash, new investment avenues for the local economy and increased competition in the financial sector.[10]

The paper also lists a set of risks that suggest the need for a regulatory framework for crowdfunding. For example, it mentions the “substitution of institutional risk by retail risk”, meaning that individual lenders, who’s risk tolerance may be low, bear the risk of low/no return investors when they lend to SMEs without adequate assessment of credit worthiness. Also, there is the risk that the digital platform that facilitates lending and issues all the transactions, may not conduct proper due diligence. If the platform is temporarily shut down or closed permanently, no recourse is available to the investors.[11]

The SEBI paper mentions a long list of other risks associated with crowdfunding, mostly associated with systemic failures, loan defaults, fraud practices, and information asymmetry. Information asymmetry refers partially to the chance that lending decisions are made based on incomplete data sets that are based on social networking platforms. There is a lack of transparency and reporting obligations in issuers including with respect to the use of funds raised.[12]

Similar to the RBI consultation paper, SEBI makes a decent effort to weigh the costs and benefits of crowdfunding practices but only does this from an economic/financial perspective. Most of the cited risks, benefits and concerns tend to overlook information security and risks of privacy breaches of the implicated borrowers.

India Stack is a paperless and cashless service delivery system that has been supported by the Indian government as part of the fintech sector. It is a new technology paradigm that is designed to handle massive data inflows, and is poised to enable entrepreneurs, citizens and governments to interact with one another transparently. It is intended to be an open system to electronically verify businesses, people and services. It allows the smartphone to become the delivery platform for services such as digital payments, identification and digital lockers. The vision of India Stack is to shift India towards a paperless economy.[13]

The central government, based on its experience with the Aadhaar project, decided to launch the opendata initiative in 2012 supported by an open API policy, which would pave the way for private technology solutions to build services on top of Aadhaar and to make India a digital cash economy. Unified Payments Interface (UPI), which will make mobile payments card-less and completely digital, allows consumers to transact directly through their bank account with a unique UPI identity that syncs to Aadhaar’s verification and connects to the merchant, the settlement and the issuing bank to close transactions.[14]

It is suspected that India Stack will shift in business models in banking from low-volume, high-value, high-cost and high fees to high-volume, low-value, low cost and no fees. This well lead to a drastic increase in accessibility and affordability, and the market force of consumer acquisition and the social purpose of mass inclusion will converge.[15]

India Stack serves as an example of how the Government of India has supported initiatives that would promote the fintech sector while facilitating economic growth and financial opportunity for unbanked individuals. However, there is continuous discussion around India Stack’s attachment to the Aadhaar system, which can lead to the exclusion of unregistered individuals from the benefits that would otherwise be reaped from the open-data initiative. It can also result in many privacy and security breaches when records of individuals’ daily transactions are attached to their Aadhaar numbers, which carry their biometric information and is linked to other personal data that is held by the government such as health records.

Download the Full Report

[1]. KPMG: https://assets.kpmg.com/content/dam/kpmg/pdf/2016/06/FinTech-new.pdf

[2]. Id.

[3]. Id.

[4]. Id.

[5]. RBI 2P2 Consultation Paper, https://rbidocs.rbi.org.in/rdocs/content/pdfs/CPERR280416.pdf

[6]. Id.

[7]. Id.

[8]. Id.

[9]. SEBI Crowdfunding consultation paper, http://www.sebi.gov.in/cms/sebi_data/attachdocs/1403005615257.pdf

[10]. Id.

[11]. Id.

[12]. Id.

[13]. Krishna, https://yourstory.com/2016/07/india-stack/

[14]. Id.

[15]. Nilekani, http://indianexpress.com/article/opinion/columns/the-coming-revolution-in-indian-banking-2924534/

For more details visit https://cis-india.org/internet-governance/blog/protection-of-privacy-in-mobile-phone-apps

Protection of Privacy in Mobile Phone Apps

praskrishna — 2016-12-15T14:17:20Z

For more details visit https://cis-india.org/internet-governance/files/protection-of-privacy-in-mobile-phones.pdf

Workshop Report - UIDAI and Welfare Services: Exclusion and Countermeasures

vanya — 2019-03-16T04:34:11Z

This report presents summarised notes from a workshop organised by the Centre for Internet and Society (CIS) on Saturday, August 27, 2016, to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services.

Introduction

The Centre for Internet and Society organised a workshop on "UIDAI and Welfare Services: Exclusion and Countermeasures" at the Institution of Agricultural on Technologists on August 27 in Bangalore to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services [1]. This was a follow-up to the workshop held in Delhi on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26th and 27th 2016 [2]. In this report we summarise the key concerns raised and the case studies presented by the participants at the workshop held on August 27, 2016.

Implementation of the UID Project

Question of Consent: The Aadhaar Act [3] states that the consent of the individual must be taken at the time of enrollment and authentication and it must be informed to him/her the purpose for which the data would be used. However, the Act does not provide for an opt-out mechanism and an individual is compelled to give consent to continue with the enrollment process or to complete an authentication.

Lack of Adherence to Court Orders: Despite of several orders by Supreme Court stating that use of Aadhaar cannot be made mandatory for the purpose of availing benefits and services, multiple state governments and departments have made it mandatory for a wide range of purposes like booking railway tickets [4], linking below the poverty line ration cards with Aadhaar [5], school examinations [6], food security, pension and scholarship [7], to name a few.

Misleading Advertisements: A concern was raised that individuals are being mislead in the necessity and purpose for enrollment into the project. For example, people have been asked to enrol by telling them that they might get excluded from the system and cannot get services like passports, banks, NREGA, salaries for government employees, denial of vaccinations, etc. Furthermore, the Supreme Court has ordered Aadhaar not be mandatory, yet people are being told that documentation or record keeping cannot be done without UID number.

Hybrid Governance: The participants pointed out that with the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 (hereinafter referred to as Aadhaar Act, 2016 ) being partially enforced, multiple examples of exclusion as reported in the news are demonstrating how the Aadhaar project is creating a case of hybrid governance i.e private corporations playing a significant role in Governance. This can be seen in case of Aadhaar where we see many entities from private sector being involved in its implementation, as well as many software and hardware companies.

Lack of Transparency around Sharing of Biometric Data: The fact how and why the Government is relying on biometrics for welfare schemes is unclear and not known. Also, there is no information on how biometric data that is collected through the project is being used and its ability as an authenticating device. Along with that, there is very little information on companies that have been enlisted to hold and manage data and perform authentication.

Possibility of Surveillance: Multiple petitions and ongoing cases have raised concerns regarding the possibility of surveillance, tracking, profiling, convergence of data, and the opaque involvement of private companies involved in the project.

Denial of Information: In an RTI filed by one of the participant requesting to share the key contract for the project, it was refused on the grounds under section 8(1) (d) of the RTI Act, 2005. However, it was claimed that the provision would not be applicable since the contract was already awarded and any information disclosed to the Parliament should be disclosed to the citizens. The Central Information Commission issued a letter stating that the contractual obligation is over and a copy of the said agreement can be duly shared. However, it was discovered by the said participant that certain pages of the same were missing , which contained confidential information. When this issue went before appeal before the Information Commissioner, the IC gave an order to the IC in Delhi to comply with the previous order. However, it was communicated that limited financial information may be given, but not missing pages. Also, it was revealed that the UIDAI was supposed to share biometric data with NPR (by way of a MoU), but it has refused to give information since the intention was to discontinue NPR and wanted only UIDAI to collect data.

Concerns Arising from the Report of the Comptroller and Auditor General of India (CAG) on Implementation of PAHAL (DBTL) Scheme

A presentation on the CAG compliance audit report of PAHAL on LPG [8] revealed how the society was made to believe that UID will help deal with the issue of duplication and collection as well as use of biometric data will help. The report also revealed that multiple LPG connections have the same Aadhaar number or same bank account number in the consumer database maintained by the OMCs, the bank account number of consumers were also not accurately recorded, scrutiny of the database revealed improper capture of Aadhaar numbers, and there was incorrect seeding of IFSC codes in consumer database. The participants felt that this was an example of how schemes that are being introduced for social welfare do not necessarily benefit the society, and on the contrary, has led to exclusion by design. For example, in the year 2011, by was of the The Liquefied Petroleum Gas (Regulation of Supply and Distribution) Amendment Order, 2011 [9], the Ministry of Petroleum and Natural Gas made the Unique Identification Number (UID) under the Aadhaar project a must for availing LPG refills. This received a lot of public pushback, which led to non-implementation of the order. In October 2012, despite the UIDAI stating that the number was voluntary, a number of services began requiring the provision of an Aadhaar number for accessing benefits. In September 2013, when the first order on Aadhaar was passed by court [10], oil marketing companies and UIDAI approached the Supreme Court to change the same and allow them to make it mandatory, which was refused by the Court. Later in the year 2014, use of Aadhaar for subsidies was made mandatory. The participants further criticised the CAG report for revealing the manner in which linking Aadhaar with welfare schemes has allowed duplication and led to ghost beneficiaries where there is no information about who these people are who are receiving the benefits of the subsidies. For example, in Rajasthan, people are being denied their pension as they are being declared dead due to absence of information from the Aadhaar database.

It was said that the statistics of duplication mentioned in the report show how UIDAI (as it claims to ensure de-duplication of beneficiaries) is not required for this purpose and can be done without Aadhaar as well. Also, due to incorrect seeding of Aadhaar number many are being denied subsidy where there is no information regarding the number of people who have been denied the subsidy because of this. Considering these important facts from the audit report, the discussants concluded how the statistics reflect inflated claims by UIDAI and how the problems which are said to be addressed by using Aadhaar can be dealt without it. In this context, it is important to understand how the data in the aadhaar database maybe wrong and in case of e-governance the citizens suffer. Also, the fact that loss of subsidy-not in cash, but in use of LPG cylinder - only for cooking, is ignored. In addition to that, there is no data or way to check if the cylinder is being used for commercial purposes or not as RTI from oil companies says that no ghost identities have been detected.

UID-linked Welfare Delivery in Rajasthan

One speaker presented findings on people's experiences with UID-linked welfare services in Rajasthan, collected through a 100 days trip organised to speak to people across the state on problems related to welfare governance. This visit revealed that people who need the benefits and access to subsidies most are often excluded from actual services. It was highlighted that the paperless system is proving to be highly dangerous. Some of the cases discussed included that of a disabled labourer, who was asked to get an aadhaar card, but during enrollment asked the person standing next to him to put all his 5 fingers for biometric data collection. Due to this incorrect data, he is devoid of all subsidies since the authentication fails every time he goes to avail it. He stopped receiving his entitlements. Though problems were anticipated, the misery of the people revealed the extent of the problems arising from the project. In another case, an elderly woman living alone, since she could not go for Aadhaar authentication, had not been receiving the ration she is entitled to receive for the past 8 months. When the ration shop was approached to represent her case, the dealers said that they cannot provide her ration since they would require her thumb print for authentication. Later, they found out that on persuading the dealer to provide her with ration since Aadhaar is not mandatory, they found out that in their records they had actually mentioned that she was being given the ration, which was not the case. So the lack of awareness and the fact that people are entitled to receive the benefits irrespective of Aadhaar is something that is being misused by dealers. This shows how this system has become a barrier for the people, where they are also unaware about the grievance redressal mechanism.

Aadhaar and e-KYC

In this session, the use of Aadhaar for e-KYC verification was discussed The UID strategy document describes how the idea is to link UIDAI with money enabled Direct Benefit Transfer (DBT) to the beneficiaries without any reason or justification for the same. It was highlighted by one of the participants how the Reserve Bank of India (RBI) believed that making Aadhaar compulsory for e-KYC and several other banking services was a violation of the Money Laundering Act as well as its own rules and standards, however, later relaxed the rules to link Aadhaar with bank accounts and accepted its for e-KyC with great reluctance as the Department of Revenue thought otherwise. It was mentioned how allowing opening of bank accounts remotely using Aadhaar, without physically being present, was touted as a dangerous idea. However, the restrictions placed by RBI were suddenly done away with and opening bank accounts remotely was enabled via e-KYC.

A speaker emphasised that with emerging FinTech services in India being tied with Aadhaar via India Stack, the following concerns are becoming critical:

With RBI enabling creation of bank accounts remotely, it becomes difficult to to track who did e-KYC and which bank did it and hold the same accountable.
The Aadhaar Act 2016 states that UIDAI will not track the queries made and will only keep a record of Yes/No for authentication. For example, the e-KYC to open a bank account can now be done with the help of an Aadhaar number and biometric authentication. However, this request does not get recorded and at the time of authentication, an individual is simply told whether the request has been matched or not by way of a Yes/No [11]. Though UIDAI will maintain the authentication record, this may act as an obstacle since in case the information from the aadhaar database does not match, the person would not be able to open a bank account and would only receive a yes/no as a response to the request.
Further, there is a concern that the Aadhaar Enabled Payment System being implemented by the National Payment Corporation of India (NCPI) would allow effectively hiding of source and destination of money flow, leading to money laundering and cases of bribery. This possible as NCPI maintains a mapper where each bank account is linked (only the latest one). However, Aadhaar number can be linked with multiple bank accounts of an individual. So when a transaction is made, the mapper records the transaction only from that 1 account. But if another transaction takes place with another bank account, that record is not maintained by the mapper at NCPI since it records only transactions of the latest account seeded in that. This makes money laundering easy as the money moves from aadhaar number to aadhaar number now rather than bank account to bank account.

Endnotes

[1] See: http://cis-india.org/internet-governance/events/uidai-and-welfare-services-exclusion-and-countermeasures-aug-27.

[2] See: http://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges.

[3] See: https://uidai.gov.in/beta/images/the_aadhaar_act_2016.pdf.

[4] See: http://scroll.in/latest/816343/aadhaar-numbers-may-soon-be-compulsory-to-book-railway-tickets.

[5] See: http://www.thehindu.com/news/national/karnataka/linking-bpl-ration-card-with-aadhaar-made-mandatory/article9094935.ece.

[6] See: http://timesofindia.indiatimes.com/india/After-scam-Bihar-to-link-exams-to-Aadhaar/articleshow/54000108.cms.

[7] See: http://www.dailypioneer.com/state-editions/cs-calls-for-early-steps-to-link-aadhaar-to-ac.html.

[8] See: http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf.

[9] See: http://petroleum.nic.in/docs/lpg/LPG%20Control%20Order%20GSR%20718%20dated%2026.09.2011.pdf.

[10] See: http://judis.nic.in/temp/494201232392013p.txt.

[11] Section 8(4) of the Aadhaar Act, 2016 states that "The Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information."

For more details visit https://cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016

Enlarging the Small Print: A Study on Designing Effective Privacy Notices for Mobile Applications

Meera Manoj — 2016-12-14T16:27:54Z

The Word’s biggest modern lie is often wholly considered to lie in the sentence “I haveread and agreed to the Terms and Conditions.” It is a well-known fact, backed by empirical research that consumers often skip reading cumbersome privacy notices. The reasons for these range from the lengthy nature, complicated legal jargon and inopportune moments when these notices are displayed. This paper seeks to compile and analyse the different simplified designs of privacy notices that have been proposed for mobile applications that encourage consumers to make informed privacy decisions.

Introduction: Ideas of Privacy and Consent Linked with Notices

The Notice and Choice Model

Most modern laws and data privacy principles seek to focus on individual control. As Alan Westin of Columbia University characterises privacy, "it is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to other," [1] Or simply put, personal information privacy is "the ability of the individual to personally control information about himself."[2]

The preferred mechanism for protecting online privacy that has emerged is that of Notice and Choice.[3] The model, identified as "the most fundamental principle" in online privacy,[4] refers toconsumers consenting to privacy policies before availing of an online service. [5]

The following 3 standards of expectations of privacy in electronic communications have emerged in the United States courts:

KATZ TEST: Katz v. United States,[6] a wiretap case, established expectation of privacy as one society is prepared to recognize as ―reasonable. [7]This concept is critical to a court's understanding of a new technology because there is no established precedent to guide its analysis[8]
KYLLO/ KYLLO-KATZ HYBRID TEST: Society's reasonable expectation of privacy is higher when dealing with a new technology that is not ―generally available to the public.[9]This follows the logic that it is reasonable to expect common data collection practices to be used but not rare ones. [10] In Kyllo v. United States [11] law enforcement used a thermal imaging device to observe the relative heat levels inside a house. Though as per Katz the publicly available thermal radiation technology is reasonable, the uncommon means of collection was not. This modification to the Katz standard is extremely important in the context of mobile privacy. Mobile communications may be subdivided into smaller parts of audio from a phone call, e-mail, and data related to a user's current location. Following an application of the hybrid Katz/Kyllo test, the reasonable expectation of privacy in each of those communications would be determined separately[12], by evaluating the general accessibility of the technology required to capture each stream.[13]
DOUBLE CLICK TEST: DoubleClick[14] illustrates the potential problems of transferring consent to a third party, one to whom the user never provided direct consent or is not even aware of. The court held that for DoubleClick, an online advertising network, to collect information from a user it needed only to obtain permission from the website that user accessed, and not from the user himself. The court reasoned that the information the user disclosed to the website was analogous to information one discloses to another person during a conversation. Just as the other party to the conversation would be free to tell his friends about anything that was said, a website should be free to disclose any information it receives from a user's visit after the user has consented to use the website's services.

These interpretations have weakened the standards of online privacy. While the Katz test vaguely hinges on societal expectations, the Kyllo Test to an extent strengthens privacy rights by disallowing uncommon methods of collection, but as the DoubleClick Test illustrates, once the user has consented to such practices he cannot object to the same. There have been sugestions to consider personal information as property when it shares features of property like location data.[15] It is fixed when it is in storage, it has a monetary value, and it is sold and traded on a regular basis. This would create a standard where consent is required for third-party access. [16] Consent will then play a more pivotal role in affixing liability.

The notice and choice mechanism is designed to put individuals in charge of the collection and use of their personal information. In theory, the regime preserves user autonomy by putting the individual in charge of decisions about the collection and use of personal information. [17] Notice and choice is asserted as a substitute for regulation because it is thought to be more flexible, inexpensive to implement, and easy to enforce.[18] Additionally, notice and choice can legitimize an information practice, whatever it may be, by obtaining an individual's consent and suit individual privacy preferences. [19]

However, the notice and choice mechanism is often criticized for leaving users uninformed-or misinformed, at least-as people rarely see, read, or understand privacy notices. [20] Moreover, few people opt out of the collection, use, or disclosure of their data when presented with the choice to do so.[21]

Amber Sinha of the Centre for Internet and Society argues that consent in these scenarios Is rarely meaningful as consumers fail to read/access privacy policies, understand the consequences and developers do not provide them the choice to opt out of a particular data practice while still being allowed to use their services. [22]

Of particular concern is the use of software applications (apps) designed to work on mobile devices. Estimates place the current number of apps available for download at more than 1.5 million, and that number is growing daily.[23] A 2011 Google study, "The Mobile Movement," identified that mobile devices are viewed as extensions of ourselves that we share with deeply personal relations with, raising fundamental questions of how apps and other mobile communications influence our privacy decision-making.

Recent research indicates that mobile device users have concerns about the privacy implications of using apps. [24] The research finds that almost 60 percent of respondents ages 50 and older decided not to install an app because of privacy concerns (see figure 1).[25]

Because no standards currently exist for providing privacy notice disclosure for apps, consumers may find it difficult to understand what data the app is collecting, how those data will be used, and what rights users have in limiting the collection and use of their data. Many apps do not provide users with privacy policy statements, making it impossible for app users to know the privacy implications of using a particular app. [26]Apps can make use of any or all of the device's functions, including contact lists, calendars, phone and messaging logs, locational information, Internet searches and usage, video and photo galleries, and other possibly sensitive information. For example, an app that allows the device to function as a scientific calculator may be accessing contact lists, locational data, and phone records even though such access is unnecessary for the app to function properly. [27]

Other apps may have privacy policies that are confusing or misleading. For example, an analysis of health and fitness apps found that more than 30 percent of the apps studied shared data with someone not disclosed in the app's privacy policy.[28]

Types of E-Contracts

Margaret Radin distinguishes two models of direct e-contracts based on consent as -"contract-as-consent" and "contract-as-product." [29]

The contract-as-consent model is the traditional picture of how binding commitment is arrived at between two humans. It involves a meeting of the minds which implies that terms be understood, alternatives be available, and probably that bargaining be possible.

In the contract-as-product model, the terms are part of the product, not a conceptually separate bargain; physical product plus terms are a package deal. For example the fact that a chip inside an electronics item will wear out after a year is an unseen contract creating a take-it-or-leave-it choice not to buy the package.

The product-as-consent model defies traditional ideas of consent and raises questions of whether consent is meaningful. Modern day e-contracts such as click wrap, shrink wrap, viral contracts and machine-made contracts which form the privacy policy of several apps have a product-as-consent approach where consumers are given the take-it-or-leave-it option.

Mobile application privacy notices fall into the product-as-consent model. Consumers often have to click "I agree" to all the innumerable Terms and Conditions in order to install the app. For instance terms that the fitness app will collect biometric data is a feature of the product that is non-negotiable. It is a classic take-it-or-leave-it approach where consumers compromise on privacy to avail services.

Contracts that facilitate these transactions are generally long and complicated and often agreed to by consumers without reading them.

Craswell strikes a balance in applying the liability rule to point out that as explaining the meaning of extensive fine print would be very costly to point out it could be efficient to affix the liability rule not as a written contract but rather on "reasonable" terms. This means that if a fitness app collects sensitive financial information, which is unreasonable given its core activities, then even if the user has consented to the same in the privacy policy's fine print the contract should be capable of being challenged.

The Concept of Privacy by Design

Privacy needs to be considered from the very beginning of system development. For this reason, Dr. Anne Cavoukian [30] coined the term "Privacy by Design", that is, privacy should be taken into account throughout the entire engineering process from the earliest design stages to the operation of the productive system. This holistic approach is promising, but it does not come with mechanisms to integrate privacy in the development processes of a system. The privacy-by-design approach, i.e. that data protection safeguards should be built into products and services from the earliest stage of development, has been addressed by the European Commission in their proposal for a General Data Protection Regulation. This proposal uses the terms "privacy by design" and "data protection by design" synonymously.

The 7 Foundational Principles[31] of Privacy by Design are:

Proactive not Reactive; Preventative not Remedial
Privacy as the Default Setting
Privacy Embedded into Design
Full Functionality - Positive-Sum, not Zero-Sum
End-to-End Security - Full Lifecycle Protection
Visibility and Transparency - Keep it Open
Respect for User Privacy - Keep it User-Centric

Several terms have been introduced to describe types of data that need to be protected. A term very prominently used by industry is "personally identifiable information (PII)", i.e., data that can be related to an individual. Similarly, the European data protection framework centres on "personal data". However, some authors argue that this falls short since also data that is not related to a single individual might still have an impact on the privacy of groups, e.g., an entire group might be discriminated with the help of certain information. For data of this category the term "privacy-relevant data" has been used. [32]

An essential part of Privacy by Design is that data subjects should be adequately informed whenever personal data is processed. Whenever data subjects use a system, they should be informed about which information is processed, for what purpose, by which means and who it is shared is with. They should be informed about their data access rights and how to exercise them.[33]

Whereas system design very often does not or barely consider the end-users' interests, but primarily focuses on owners and operators of the system, it is essential to account the privacy and security interests of all parties involved by informing them about associated advantages (e.g. security gains) and disadvantages (e.g. costs, use of resources, less personalisation). By creating this system of "multilateral security" the demands of all parties must be realized.[34]

The Concept of Data Minimization

The most basic privacy design strategy is MINIMISE, which states that the amount of personal data that is processed should be restricted to the minimal amount possible. By ensuring that no, or no unnecessary, data is collected, the possible privacy impact of a system is limited. Applying the MINIMISE strategy means one has to answer whether the processing of personal data is proportional (with respect to the purpose) and whether no other, less invasive, means exist to achieve the same purpose. The decision to collect personal data can be made at design time and at run time, and can take various forms. For example, one can decide not to collect any information about a particular data subject at all. Alternatively, one can decide to collect only a limited set of attributes.^{^[35]}

If a company collects and retains large amounts of data, there is an increased risk that the data will be used in a way that departs from consumers' reasonable expectations.^{^[36]}

There are three privacy protection goals^{^[37]} that data minimization and privacy by design seek to achieve. These privacy protection goals are:

Unlinkability - To prevent data being linked to an identifiable entity
Transparency - The information has to be available before, during and after the processing takes place.
Intervenability - Those who provide their data must have means of intervention into all ongoing or planned privacy-relevant data processing

Spiekermann and Cranor raised an intriguing point in their paper, they argued that those companies that employ privacy by design and data minimization practices in their applications should be allowed to skip the need for privacy policies and forgo need for notice and choice features. ^{^[38]}

To Summarise: The emerging model and legal dialogue that regulates online privacy is that of Notice and Choice which has been severely criticised for not creating informed choice making processes. E-contracts such as agreeing to privacy notices follow the consent-as-product model. When there is extensive fine print liability must be affixed on the basis of reasonable terms. Privacy notices must incorporate the concepts of Privacy by Design through providing complete information and collecting minimum data.

Features of Privacy Notices in the Current Mobile Ecosystem

A privacy notice inform a system's users or a company's customers of data practices involving personal information. Internal practices with regard to the collection, processing, retention, and sharing of personal information should be made transparent.

Each app a user chooses to install on his smartphone can access different information stored on that device. There is no automatic access to user information. Each application has access only to the data that it pulls into its own 'sandbox'.

The sandbox is a set of fine-grained controls limiting an application's access to files, preferences, network resources, hardware etc. Applications cannot access each other's sandboxes.[39] The data that makes it into the sandbox is normally defined by user permissions.[40] These are a set of user defined controls[41]and evidence that a user consents to the application accessing that data. [42]

To gain permission mobile apps generally display privacy notices that explicitly seek consent. These can leverage different channels, including a privacy policy document posted on a website or linked to from mobile app stores or mobile apps. For example, Google Maps uses a traditional clickwrap structure that requires the user to agree to a list of terms and conditions when the program is initially launched. [43] Foursquare, on the other hand, embeds its terms in a privacy policy posted on its website, and not within the app. [44]

This section explains the features of current privacy notices on the 4 parameters of stage (at which the notice is given), content, length and user comprehension. Under each of these parameters the associated problems are identified and alternatives are suggested.

(1) Timing and Frequency of Notice:

This sub-section identifies the various stages that notices are given and highlights their advantages, disadvantages and makes recommendations. It concludes with the findings of a study on what the ideal stage to provide notice is. This is supplemented with 2 critical models to address the common problems of habituation and contextualization.

Studies indicate that timing of notices or the stage at which they are given impact how consumer's recall and comprehend them and make choices accordingly. [45] I ntroducing only a 15-second delay between the presentation of privacy notices and privacy relevant choices can be enough to render notices ineffective at driving user behaviour.[46]

Google Android and Apple iOS provide notices at different times. At the time of writing, Android users are shown a list of requested permissions while the app is being installed, i.e., after the user has chosen to install the app. In contrast, iOS shows a dialog during app use, the first time a permission is requested by an app. This is also referred to as a "just-in-time" notification. [47]

The following are the stages in which a notice can be given:

1) NOTICE AT SETUP: Notice can be provided when a system is used for the first time[48]. For instance, as part of a software installation process users are shown and have to accept the system's terms of use.

a) Advantages: Users can inspect a system's data practices before using or purchasing it. The system developer is benefitted due to liability and transparency reasons that gain user trust. It provides the opportunity to explain unexpected data practices that may have a benign purpose in the context of the system[49]. It can even impact purchase decisions. Egelman et al. found that participants were more likely to pay a premium at a privacy-protective website when they saw privacy information in search results, as opposed to on the website after selecting a search result[50].

b) Disadvantages: Users have become largely habituated to install time notices and ignore them[51]. Users may have difficulty making informed decisions because they have not used the system yet and cannot fully assess its utility or weigh privacy trade-offs. They may also be focused on the primary task, namely completing the setup process to be able to use the system, and fail to pay attention to notices [52].

c) Recommendations: Privacy notices provided at setup time should be concise and focus on data practices immediately relevant to the primary user rather than presenting extensive terms of service. Integrating privacy information into other materials that explain the functionality of the system may further increase the chance that users do not ignore it.[53]

2) JUST IN TIME NOTICE: A privacy notice can be shown when a data practice is active, for example when information is being collected, used, or shared. Such notices are referred to as "contextualized" or "just-in-time" notices[54].

a) Advantages: They enhance transparency and enable users to make privacy decisions in context. Users have also been shown to more freely share information if they are given relevant explanations at the time of data collection[55].

b) Disadvantages: Habituation can occur if these are shown too frequently. Moreover in apps such as gaming apps users generally tend to ignore notices displayed during usage.

c) Recommendations: Consumers can be given notice the first time a particular type of information is accessed such as email and then be given the option to opt out of further notifications. A Consumer may then seek to opt out of notices on email but choose to view all notices on health information that is accessed depending on his privacy priorities.

3) CONTEXT-DEPENDENT NOTICES: The user's and system's context can also be considered to show additional notices or controls if deemed necessary [56]. Relevant context may be determined by a change of location, additional users included in or receiving the data, and other situational parameters. Some locations may be particularly sensitive, therefore users may appreciate being reminded that they are sharing their location when they are in a new place, or when they are sharing other information that may be sensitive in a specific context. Facebook introduced a privacy checkup message in 2014 that is displayed under certain conditions before posting publicly. It acts as a "nudge" [57] to make users aware that the post will be public and to help them manage who can see their posts.

a) Advantages: It may help users make privacy decisions that are more aligned with their desired level of privacy in the respective situation and thus foster trust in the system.

b) Disadvantages: Challenges in providing context-dependent notices are detecting relevant situations and context changes. Furthermore, determining whether a context is relevant to an individual's privacy concerns could in itself require access to that person's sensitive data and privacy preferences. [58]

c) Recommendations: Standards must be evolved to determine a contextual model based on user preferences.

4) PERIODIC NOTICES: These are shown the first couple of times a data practice occurs, or every time. The sensitivity of the data practice may determine the appropriate frequency.

a) Advantages: It can further help users maintain awareness of privacy-sensitive information flows especially when data practices are largely invisible [59]such as in patient monitoring apps. This helps provide better control options.

b) Disadvantages: Repeating notices can lead to notice fatigue and habituation[60].

c) Recommendations: Frequency of these notices needs to be balanced with user needs. [61] Data practices that are reasonably expected as part of the system may require only a single notice, whereas practices falling outside the expected context of use which the user is potentially unaware of may warrant repeated notices. Periodic notices should be relevant to users in order to be not perceived as annoying. A combined notice can remind about multiple ongoing data practices. Rotating warnings or changing their look can also further reduce habituation effects [62]

5) PERSISTENT NOTICES: A persistent indicator is typically non-blocking and may be shown whenever a data practices is active, for instance when information is being collected continuously or when information is being transmitted[63]. When inactive or not shown, persistent notices also indicate that the respective data practice is currently not active. For instance, Android and iOS display a small icon in the status bar whenever an application accesses the user's location.

a) Advantages: These are easy to understand and not annoying increasing their functionality.

b) Disadvantages: These ambient indicators often go unnoticed.[64] Most systems can only accommodate such indicators for a small number of data practices.

c) Recommendations: Persistent indicators should be designed to be noticeable when they are active. A system should only provide a small set of persistent indicators to indicate activity of especially critical data practices which the user can also specify.

6) NOTICE ON DEMAND: Users may also actively seek privacy information and request a privacy notice. A typical example is posting a privacy policy at a persistent location[65] and providing links to it from the app. [66]

a) Advantages: Privacy sensitive users are given the option to better explore policies and make informed decisions.

b) Disadvantages: The current model of a link to a long privacy policy on a website will discourage users from requesting for information that they cannot fully understand and do not have time to read.

c) Recommendations: Better option are privacy settings interfaces or privacy dashboards within the system that provide information about data practices; controls to manage consent; summary reports of what information has been collected, used, and shared by the system; as well as options to manage or delete collected information. Contact information for a privacy office should be provided to enable users to make written requests.

Which of these Stages is the Most Ideal?

In a series of experiments, Rebecca Balekabo and others [67] have identified the impact of timing on smartphone privacy notices. The following 5 conditions were imposed on participants who were later tested on their levels of recall of the notices through questions:

Not Shown: The participants installed and used the app without being shown a privacy notice
App Store: Notice was shown at the time of installation at the app store
App store Big: A large notice occupying more screen space was shown at the app store
App Store Popup: A smaller popup was displayed at the app Store
During use: Notice was shown during usage of the app

The results (Figure) suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store and more effective when shown during app usage.

Seeing the app notice during app usage resulted in better recall. Although participants remembered the notice shown after app use as well as in other points of app use, they found that it was not a good point for them to make decisions about the app because they had already used it, and participants preferred when the notice was shown during or before app usage.

Hence depending on the app there are optimal times to show smartphone privacy notices to maximize attention and recall with preference being given to the beginning of or during app use.

However several of these stages as outlined baove face the disadvantages of habituation and uncertainty on contextualization. The following 2 models have been proposed to address this:

Habituation

When notices are shown too frequently, users may become habituated. Habituation may lead to users disregarding warnings, often without reading or comprehending the notice[68]. To reduce habituation from app permission notices, Felt et al. identified a tested method to determine which permission requests should be emphasized [69]

They categorized actions on the basis of revertibility, severability, initiation, alterable and approval nature (Explained in figure) and applied the following permission granting mechanisms :

Automatic Grant: It must be requested by the developer, but it is granted without user involvement.
Trusted UI elements: They appear as part of an application's workflow, but clicking on them imbues the application with a new permission. To ensure that applications cannot trick users, trusted UI elements can be controlled only by the platform. For example, a user who is sending an SMS message from a third-party application will ultimately need to press a button; using trusted UI means the platform provides the button.
Confirmation Dialog: Runtime consent dialogs interrupt the user's flow by prompting them to allow or deny a permission and often contain descriptions of the risk or an option to remember the decision.
Install-time warning: These integrate permission granting into the installation flow. Installation screens list the application's requested permissions. In some platforms (e.g., Facebook), the user can reject some install-time permissions. In other platforms (e.g., Android and Windows 8 Metro), the user must approve all requested permissions or abort installation.[70]

Based on these conditions the following sequential model that the system must adopt was proposed to determine frequency of displaying notices:

Initial tests have proven to be successful in reducing habituation effects and it is an important step towards designing and displaying privacy notices.

Contextualization

Bastian Koning and others, in their paper "Towards Context Adaptive Privacy Decisions in Ubiquitous Computing" [71] propose a system for supporting a user's privacy decisions in situ, i.e., in the context they are required in, following the notion of contextual integrity. It approximates the user's privacy preferences and adapts them to the current context. The system can then either recommend sharing decisions and actions or autonomously reconfigure privacy settings. It is divided into the following stages:

Context Model: A distinction is created between the decision level and system level. The system level enables context awareness but also filters context information and maps it to semantic concepts required for decisions. Semantic mappings can be derived from a pre-defined or learnt world model. On the decision level, the context model only contains components relevant for privacy decision making. For example: An activity involves the user, is assigned a type, i.e., a semantic label, such as home or work, based on system level input.

Privacy Decision Engine : The context model allows to reason about which context items are affected by a context transition. When a transition occurs, the privacy decision engine (PDE) evaluates which protection worthy context items are affected. Protection worthiness (or privacy relevance) of context items for a given context are determined by the user's privacy preferences that are This serves as a basis for adapting privacy preferences and is subsequently further adjusted to the user by learning from the user's explicit decisions, behaviour, and reaction to system actions. [72] approximated by the system from the knowledge base.

The user's personality type is determined before initial system use to select a basic privacy profile.

It may also be possible that the privacy preference cannot be realized in the current context. In that case, the privacy policy would suggest terminating the activity. For each privacy policy variant a confidence score is calculated based on how well it fits the adapted privacy preference. Based on the confidence scores, the PDE selects the most appropriate policy candidate or triggers user involvement if the confidence is below a certain threshold determined by the user's personality and previous privacy decisions.

Realization and Enforcement: The selected privacy policy must be realized on the system level. This is by combining territorial privacy and information privacy aspects. The private territory is defined by a territorial privacy boundary that separates desired and undesired entities.

Granularity adjustments for specific Information items is defined. For example, instead of the user's exact position only the street address or city can be provided.

ADVANTAGES: The personalization to a specific user has the advantage of better emulating that user's privacy decision process. It also helps to decide when to involve the user in the decision process by providing recommendations only and when privacy decisions can be realized autonomously.

DISADVANTAGES: The entire model hinges on the ability of the system to accurately determine user profile before the user starts using it and not after, when preferences can be more accurately determined. There is no provision for the user to pick his own privacy profile, it is all system determined taking away an element of consent in the very beginning. As all further preferences are adapted on this base, it is possible that the system may not deliver. The use of confident scores is an approximation that can compromise privacy by a small numerical margin of difference.

However it is a useful insight on techniques of contextualization. Depending on the environment, different strategies for policy realization and varying degrees of enforcement are possible[73].

Length

The length of privacy policies is often cited as one reason they are so commonly ignored. Studies show privacy policies are hard to read, read infrequently, and do not support rational decision making. [74] Aleecia M. McDonald and Lorrie Faith Cranor in their seminal study, "The Cost of Reading Privacy Policies" estimated that the the average length of privacy policies is 2,500 words. Using the reading speed of 250 words per minute which is typical for those who have completed secondary education, the average policy would take 10 minutes to read.

The researchers also investigated how quickly people could read privacy policies when they were just skimming it for pertinent details. They timed 93 people as they skimmed a 934-word privacy policy and answered multiple choice questions on its content.

Though some people took under a minute and others up to 42 minutes, the bulk of the subjects of the research took between three and six minutes to skim the policy, which itself was just over a third of the size of the average policy.

The researchers used their data to estimate how much it costs to read the privacy policy of every site they visit once a year if their time was charged for and arrived at a mind boggling figure of $652 billion.

Problems

Though the figure of $652 billion has limited usefulness, because people rarely read whole policies and cannot charge anyone for the time it takes to do this, the researchers concluded that readers who do conduct a cost-benefit analysis might decide not to read any policies.

"Preliminary work from a small pilot study in our laboratory revealed that some Internet users believe their only serious risk online is they may lose up to $50 if their credit card information is stolen. For people who think that is their primary risk, our point estimates show the value of their time to read policies far exceeds this risk. Even for our lower bound estimates of the value of time, it is not worth reading privacy policies though it may be worth skimming them," said the research. This implies that seeing their only risk as credit card fraud suggests Internet users likely do not understand the risks to their privacy. As an FTC report recently stated, "it is unclear whether consumers even understand that their information is being collected, aggregated, and used to deliver advertising."[75]"

Recommendations

If the privacy community can find ways to reduce the time cost of reading policies, it may be easier to convince Internet users to do so. For example, if consumers can move from needing to read policies word-for-word and only skim policies by providing useful headings, or with ways to hide all but relevant information in a layered format and thus reduce the effective length of the policies, more people may be willing to read them. [76] Apps can also adopt short form notices that summarize and link to the larger more complete notice displayed elsewhere. These short form notices need not be legally binding and must candidate that it does not cover all types of data collection but only the most relevant ones. [77]

Content

In an attempt to gain permission most privacy policies inform users about: (1) the type of information collected; and (2) the purpose for collecting that information.

Standard privacy notices generally cover the points of:

Methods Of Collection And Usage Of Personal Information
The Cookie Policy

Sharing Of Customer Information [78]

Certified Information Privacy Professionals divide notices into the following sequential sections[79]:

i. Policy Identification Details: Defines the policy name, version and description.

ii. P3P-Based Components: Defines policy attributes that would apply if the policy is exported to a P3P format. [80] Such attributes would include: policy URLs, organization information, PII access and dispute resolution procedures.

iii. Policy Statements and Related Elements: Groups, Purposes and PII Types-Policy statements define the individuals able to access certain types of information, for certain pre-defined purposes.

Problems

Applications tend to define the type of data broadly in an attempt to strike a balance between providing enough information so that application may gain consent to access a user's data and being broad enough to avoid ruling out specific information.[81]

This leads to usage of vague terms like "information collected may include."[82]

Similarly the purpose of the data acquisition is also very broad. For example, a privacy policy may state that user data can be collected for anything related to ―"improving the content of the Service." As the scope of ―improving the content of the Service is never defined, any usage could conceivably fall within that category.[83]

Several apps create user social profiles based on their online preferences to promote targeted marketing which is cleverly concealed in phrases like "we may also draw upon this Personal Information in order to adapt the Services of our community to your needs". [84] For instance Bees & Pollen is a "predictive personalization" platform for games and apps that "uses advanced predictive algorithms to detect complex, non-trivial correlations between conversion patterns and users' DNA signatures, thus enabling it to automatically serve each user a personalized best-fit game options, in real-time." In reality it analyses over 100 user attributes, including activity on Facebook, spending behaviours, marital status, and location.[85]

Notices also often mislead consumers into believing that their information will not be shared with third parties using the terms "unaffiliated third parties." Other affiliated companies within the corporate structure of the service provider may have access to user's data for marketing and other purposes. [86]

There are very few choices to opt-out of certain practices, such as sharing data for marketing purposes. Thus, users are effectively left with a take-it-or-leave-it choice - give up your privacy or go elsewhere.[87]Users almost always grant consent if it is required to receive the service they want which raises the query if this consent is meaningful[88].

Recommendations

The following recommendations have emerged:

Notice - Companies should provide consumers with clear, conspicuous notice that accurately describe their information practices.

Consumer Choice - Companies should provide consumers with the opportunity to decide (in the form of opting-out) if it may disclose personal information to unaffiliated third parties.
Access and Correction - Companies should provide consumers with the opportunity to access and correct personal information collected about the consumer.
Security - Companies must adopt reasonable security measures in order to protect the privacy of personal information. Possible security measures include: administrative security, physical security and technical security.
Enforcement - Companies should have systems through which they can enforce the privacy policy. This may be managed by the company, or an independent third party to ensure compliance. Examples of popular third parties include BBBOnLine and TRUSTe.[89]
Standardization : Several researchers and organizations have recommended a standardized privacy notice format that covers certain essential points. [90] However as displaying a privacy notice in itself is voluntary it is unpredictable whether companies would willingly adopt a standardized model. Moreover with the app market burgeoning with innovations a standard format may not cover all emergent data practices.

Comprehension

The FTC states that "the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand. the question is not whether consumers should be given a say over unexpected uses of their data; rather, the question is how to provide simplified notice and choice"[91].

Notably, in a survey conducted by Zogby International, 93% of adults - and 81% of teens - indicated they would take more time to read terms and conditions for websites if they were written in clearer language.[92]

Most privacy policies are in natural language format: companies explain their practices in prose. One noted disadvantage to current natural language policies is that companies can choose which information to present, which does not necessarily solve the problem of information asymmetry between companies and consumers. Further, companies use what have been termed "weasel words" - legalistic, ambiguous, or slanted phrases - to describe their practices [93].

In a study by Aleecia M. McDonald and others[94], it was found that accuracy in what users comprehend span a wide range. An average of 91% of participants answered correctly when asked about cookies, 61% answered correctly about opt out links, 60% understood when their email address would be "shared" with a third party, and only 46% answered correctly regarding telemarketing. Participants found those questions harder which substituted vague or complicated terms to refer to practices such as telemarketing by "the information you provide may be used for marketing services." Overall accuracy was a mere 33%.

Problems

Natural language policies are often long and require college-level reading skills. Furthermore, there are no standards for which information is disclosed, no standard place to find particular information, and data practices are not described using consistent language. These policies are "long, complicated, and full of jargon and change frequently."[95]

Kent Walker list five problems that privacy notices typically suffer from -

a) overkill - long and repetitive text in small print,

b) irrelevance - describing situations of little concern to most consumers,

c) opacity - broad terms the reflect the truth that is impossible to track and control all the information collected and stored,

d) non-comparability - simplification required to achieve comparability will lead to compromising accuracy, and

e) inflexibility - failure to keep pace with new business models. [96]

Recommendations

Researchers advocate a more succinct and simpler standard for privacy notices,[97] such as representing the information in the form of a table. [98] However, studies show only an insignificant improvement in the understanding by consumers when privacy policies are represented in graphic formats like tables and labels. [99]

There are also recommendations to adopt a multi-layered approach where the relevant information is summarized through a short notice.[100] This is backed by studies that consumers find layered policies easier to understand. [101] However they were less accurate in the layered format especially with parts that were not summarized. This suggests participants that did not continue to the full policy when the information they sought was not available on the short notice. Unless it is possible to identify all of the topics users care about and summarize to one page, the layered notice effectively hides information and reduces transparency. It has also been pointed out that it is impossible to convey complex data policies in simple and clear language. [102]

Consumers often struggle to map concepts such as third party access to the terms used in policies. This is also because companies with identical practices often convey different information, and these differences reflected in consumer's ability to understand the policies. These policies may need an educational component so readers understand what it means for a site to engage in a given practice[103]. However it is unlikely that when readers fail to take time to read the policy that they will read up on additional educational components.

[1] Amber Sinha http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy

[2] Wang, et al., 1998) Milberg, et al. (1995)

[3] See e.g., White House, Consumer Privacy Bill of Rights (2012) http://www.whitehouse.gov/the-pressoffice/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights; Fed. Trade Comm'n, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policy Makers (2012) http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commissionreport-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf.

[4] Fed. Trade Comm'n, Privacy Online: A Report to Congress 7 (June 1998), available at www.ftc.gov/reports/privacy3/priv-23a.pdf.

[5] U.S. Department of Commerce , Internet Policy Task Force, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework 20 (Dec. 16, 2010) (full-text).

[6] 389 U.S. 347 (1967).

[7] Dow Chem. Co. v. United States, 476 U.S. 227, 241 (1986)

[8] http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1600&context=iplj

[9] Dow Chem. Co. v. United States, 476 U.S. 227, 241 (1986)

[10] Kyllo, 533 U.S. at 34 (―[T]he technology enabling human flight has exposed to public view (and hence, we have said, to official observation) uncovered portions of the house and its curtilage that once were private.‖).

[11] Kyllo v. United States, 533 U.S. 27

[12] See Katz, 389 U.S. at 352 (―But what he sought to exclude when he entered the booth was not the intruding eye-it was the uninvited ear. He did not shed his right to do so simply because he made his calls from a place where he might be seen.‖).

[13] See United States v. Ahrndt, No. 08-468-KI, 2010 WL 3773994, at *4 (D. Or. Jan. 8, 2010).

[14] In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497 (S.D.N.Y. 2001).

[15] http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1600&context=iplj

[16] See Michael A. Carrier, Against Cyberproperty, 22 BERKELEY TECH. L.J. 1485, 1486 (2007) (arguing against creating a right to exclude users from making electronic contact to their network as one that exceeds traditional property notions).

[17] See M. Ryan Calo, Against Notice Skepticism in Privacy (and Elsewhere), 87 NOTRE DAME L. REV. 1027, 1049 (2012) (citing Paula J. Dalley, The Use and Misuse of Disclosure as a Regulatory System, 34 FLA. ST. U. L. REV. 1089, 1093 (2007) ("[D]isclosure schemes comport with the prevailing political philosophy in that disclosure preserves individual choice while avoiding direct governmental interference.")).

[18] See Calo, supra note 10, at 1048; see also Omri Ben-Shahar & Carl E. Schneider, The Failure of Mandated Disclosure, 159 U. PA. L. REV. 647, 682 (noting that notice "looks cheap" and "looks easy").

[19] Mark MacCarthy, New Directions in Privacy: Disclosure, Unfairness and Externalities, 6 I/S J. L. & POL'Y FOR INFO. SOC'Y 425, 440 (2011) (citing M. Ryan Calo, A Hybrid Conception of Privacy Harm Draft-Privacy Law Scholars Conference 2010, p. 28).

[20] Daniel J. Solove, Introduction: Privacy Self-Management and the Consent Dilemma, 126 HARV. L. REV. 1879, 1885 (2013) (citing Jon Leibowitz, Fed. Trade Comm'n, So Private, So Public: Individuals, the Internet & the Paradox of Behavioral Marketing, Remarks at the FTC Town Hall Meeting on Behavioral Advertising: Tracking, Targeting, & Technology (Nov. 1, 2007), available at http://www.ftc.gov/speeches/leibowitz/071031ehavior/pdf). Paul Ohm refers to these issues as "information-quality problems." See Paul Ohm, Branding Privacy, 97 MINN. L. REV. 907, 930 (2013). Daniel J. Solove refers to this as "the problem of the uninformed individual." See Solove, supra note 17

[21] See Edward J. Janger & Paul M. Schwartz, The Gramm-Leach-Bliley Act, Information Privacy, and the Limits of Default Rules, 86 MINN. L. REV. 1219, 1230 (2002) (stating that according to one survey, "only 0.5% of banking customers had exercised their opt-out rights").

[22] See Amber Sinha A Critique of Consent in Information Privacy http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy

[23] Leigh Shevchik, "Mobile App Industry to Reach Record Revenue in 2013," New Relic (blog), April 1, 2013, http://blog.newrelic.com/2013/04/01/mobile-apps-industry-to-reach-record-revenue-in-2013/.

[24] Jan Lauren Boyles, Aaron Smith, and Mary Madden, "Privacy and Data Management on Mobile Devices," Pew Internet & American Life Project, Washington, DC, September 5, 2012.

[25] http://www.aarp.org/content/dam/aarp/research/public_policy_institute/cons_prot/2014/improving-mobile-device-privacy-disclosures-AARP-ppi-cons-prot.pdf

[26] "Mobile Apps for Kids: Disclosures Still Not Making the Grade," Federal Trade Commission, Washington, DC, December 2012

[27] http://www.aarp.org/content/dam/aarp/research/public_policy_institute/cons_prot/2014/improving-mobile-device-privacy-disclosures-AARP-ppi-cons-prot.pdf

[28] Linda Ackerman, "Mobile Health and Fitness Applications and Information Privacy," Privacy Rights Clearinghouse, San Diego, CA, July 15, 2013.

[29] Margaret Jane Radin, Humans, Computers, and Binding Commitment, 75 IND. L.J. 1125, 1126 (1999). http://www.repository.law.indiana.edu/cgi/viewcontent.cgi?article=2199&context=ilj

[30] William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. Just fast keying: Key agreement in a hostile internet. ACM Trans. Inf. Syst. Secur., 7(2):242-273, 2004.

[31] Privacy By Design The 7 Foundational Principles by Anne Cavoukian https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf

[32] G. Danezis, J. Domingo-Ferrer, M. Hansen, J.-H. Hoepman, D. Le M´etayer, R. Tirtea, and S. Schiffner. Privacy and Data Protection by Design - from policy to engineering. report, ENISA, Dec. 2014.

[33] G. Danezis, J. Domingo-Ferrer, M. Hansen, J.-H. Hoepman, D. Le M´etayer, R. Tirtea, and S. Schiffner. Privacy and Data Protection by Design - from policy to engineering. report, ENISA, Dec. 2014.

[34] G. Danezis, J. Domingo-Ferrer, M. Hansen, J.-H. Hoepman, D. Le M´etayer, R. Tirtea, and S. Schiffner. Privacy and Data Protection by Design - from policy to engineering. report, ENISA, Dec. 2014.

^{^[35]} John Frank Weaver, We Need to Pass Legislation on Artificial Intelligence Early and Often, SLATE FUTURE TENSE (Sept. 12, 2014),http://www.slate.com/blogs/future_tense/2014/09/12/we_need_to_pass_artificial_intelligence_laws_early_and_often.html

^{^[36]} Margaret Jane Radin, Humans, Computers, and Binding Commitment, 75 IND. L.J. 1125, 1126 (1999).

^{^[37]} Richard Warner & Robert Sloan, Beyond Notice and Choice: Privacy, Norms, and Consent, J. High Tech. L. (2013). Available at: http://scholarship.kentlaw.iit.edu/fac_schol/568

^{^[38]} Engineering Privacy by Sarah Spiekermann, Lorrie Faith Cranor :: SSRN

[39] iOS Application Programming Guide: The Application Runtime Environment, APPLE, http://developer.apple.com/library/ ios/#documentation/iphone/conceptual/iphoneosprogrammingguide/RuntimeEnvironment /RuntimeEnvironment.html (last updated Feb. 24, 2011)

[40] Security and Permissions, ANDROID DEVELOPERS, http://developer.android.com/guide/topics/security/security.html (last updated Sept. 13, 2011).

[41] iOS Application Programming Guide: The Application Runtime Environment, APPLE, http://developer.apple.com/library/ ios/#documentation/iphone/conceptual/iphoneosprogrammingguide/RuntimeEnvironment /RuntimeEnvironment.html (last updated Feb. 24, 2011)

[42] See Katherine Noyes, Why Android App Security is Better Than for the iPhone, PC WORLD BUS. CTR. (Aug. 6, 2010, 4:20 PM), http://www.pcworld.com/businesscenter/article/202758/why_android_app_security_is_be tter_than_for_the_iphone.html; see also About Permissions for Third-Party Applications, BLACKBERRY, http://docs.blackberry.com/en/smartphone_users/deliverables/22178/ About_permissions_for_third-party_apps_50_778147_11.jsp (last visited Sept. 29, 2011); Security and Permissions, supra note 76.

[43] Peter S. Vogel, A Worrisome Truth: Internet Privacy is Impossible, TECHNEWSWORLD (June 8, 2011, 5:00 AM), http://www.technewsworld.com/ story/72610.html.

[44] Privacy Policy, FOURSQUARE, http://foursquare.com/legal/privacy (last updated Jan. 12, 2011)

[45] N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan. Noticing Notice: A Large-scale Experiment on the Timing of Software License Agreements. In Proc. of CHI. ACM, 2007.

[46] I. Adjerid, A. Acquisti, L. Brandimarte, and G. Loewenstein. Sleights of Privacy: Framing, Disclosures, and the Limits of Transparency. In Proc. of SOUPS. ACM, 2013.

[47] http://delivery.acm.org/10.1145/2810000/2808119/p63-balebako.pdf?ip=106.51.36.200&id=2808119&acc=OA&key=4D4702B0C3E38B35%2E4D4702B0C3E38B35%2E4D4702B0C3E38B35%2E35B5BCE80D07AAD9&CFID=801296199&CFTOKEN=33661544&__acm__=1466052980_2f265a2442ea3394aa1ebab7e6449933

[48] Microsoft. Privacy Guidelines for Developing Software Products and Services. Technical Report version 3.1, 2008.

[49] Microsoft. Privacy Guidelines for Developing Software Products and Services. Technical Report version 3.1, 2008.

[50] S. Egelman, J. Tsai, L. F. Cranor, and A. Acquisti. Timing is everything?: the effects of timing and placement of online privacy indicators. In Proc. CHI '09. ACM, 2009.

[51] R. B¨ohme and S. K¨opsell. Trained to accept?: A field experiment on consent dialogs. In Proc. CHI '10. ACM, 2010

[52] N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan. Noticing notice: a large-scale experiment on the timing of software license agreements. In Proc. CHI '07. ACM, 2007.

[53] N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan. Noticing notice: a large-scale experiment on the timing of software license agreements. In Proc. CHI '07. ACM, 2007.

[54] Microsoft. Privacy Guidelines for Developing Software Products and Services. Technical Report version 3.1, 2008.

[55] A. Kobsa and M. Teltzrow. Contextualized communication of privacy practices and personalization benefits: Impacts on users' data sharing and purchase behavior. In Proc. PETS '05. Springer, 2005.

[56] F. Schaub, B. K¨onings, and M. Weber. Context-adaptive privacy: Leveraging context awareness to support privacy decision making. IEEE Pervasive Computing, 14(1):34-43, 2015.

[57] E. Choe, J. Jung, B. Lee, and K. Fisher. Nudging people away from privacy-invasive mobile apps through visual framing. In Proc. INTERACT '13. Springer, 2013.

[58] F. Schaub, B. K¨onings, and M. Weber. Context-adaptive privacy: Leveraging context awareness to support privacy decision making. IEEE Pervasive Computing, 14(1):34-43, 2015.

[59] Article 29 Data Protection Working Party. Opinion 8/2014 on the Recent Developments on the Internet of Things. WP 223, Sept. 2014.

[60] B. Anderson, A. Vance, B. Kirwan, E. D., and S. Howard. Users aren't (necessarily) lazy: Using NeuroIS to explain habituation to security warnings. In Proc. ICIS '14, 2014.

[61] B. Anderson, B. Kirwan, D. Eargle, S. Howard, and A. Vance. How polymorphic warnings reduce habituation in the brain - insights from an fMRI study. In Proc. CHI '15. ACM, 2015.

[62] M. S. Wogalter, V. C. Conzola, and T. L. Smith-Jackson. Research-based guidelines for warning design and evaluation. Applied Ergonomics, 16 USENIX Association 2015 Symposium on Usable Privacy and Security 17 33(3):219-230, 2002.

[63] L. F. Cranor, P. Guduru, and M. Arjula. User interfaces for privacy agents. ACM TOCHI, 13(2):135-178, 2006.

[64] R. S. Portnoff, L. N. Lee, S. Egelman, P. Mishra, D. Leung, and D. Wagner. Somebody's watching me? assessing the effectiveness of webcam indicator lights. In Proc. CHI '15, 2015

[65] M. Langheinrich. Privacy by design - principles of privacy-aware ubiquitous systems. In Proc. UbiComp '01. Springer, 2001

[66] Microsoft. Privacy Guidelines for Developing Software Products and Services. Technical Report version 3.1, 2008.

[67] The Impact of Timing on the Salience of Smartphone App Privacy Notices, Rebecca Balebako , Florian Schaub, Idris Adjerid , Alessandro Acquist ,Lorrie Faith Cranor

[68] R. Böhme and J. Grossklags. The Security Cost of Cheap User Interaction. In Workshop on New Security Paradigms, pages 67-82. ACM, 2011

[69] A. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner. How to Ask For Permission. HOTSEC 2012, 2012.

[70] A. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner. How to Ask For Permission. HOTSEC 2012, 2012.

[71] Towards Context Adaptive Privacy Decisions in Ubiquitous Computing Florian Schaub∗ , Bastian Könings∗ , Michael Weber∗ , Frank Kargl† ∗ Institute of Media Informatics, Ulm University, Germany Email: { florian.schaub | bastian.koenings | michael.weber }@uni-ulm.d

[72] M. Korzaan and N. Brooks, "Demystifying Personality and Privacy: An Empirical Investigation into Antecedents of Concerns for Information Privacy," Journal of Behavioral Studies in Business, pp. 1-17, 2009.

[73] B. Könings and F. Schaub, "Territorial Privacy in Ubiquitous Computing," in WONS'11. IEEE, 2011, pp. 104-108.

[74] The Cost of Reading Privacy Policies Aleecia M. McDonald and Lorrie Faith Cranor

[75] 5 Federal Trade Commission, "Protecting Consumers in the Next Tech-ade: A Report by the Staff of the Federal Trade Commission," March 2008, 11, http://www.ftc.gov/os/2008/03/P064101tech.pdf.

[76] The Cost of Reading Privacy Policies Aleecia M. McDonald and Lorrie Faith Cranor

I/S: A Journal of Law and Policy for the Information Society 2008 Privacy Year in Review issue http://www.is-journal.org/

[77] IS YOUR INSEAM YOUR BIOMETRIC? Evaluating the Understandability of Mobile Privacy Notice Categories Rebecca Balebako, Richard Shay, and Lorrie Faith Cranor July 17, 2013 https://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab13011.pdf

[78] https://www.sba.gov/blogs/7-considerations-crafting-online-privacy-policy

[79] https://www.cippguide.org

[80] The Platform for Privacy Preferences Project, more commonly known as P3P was designed by the World Wide Web Consortium aka W3C in response to the increased use of the Internet for sales transactions and subsequent collection of personal information. P3P is a special protocol that allows a website's policies to be machine readable, granting web users' greater control over the use and disclosure of their information while browsing the internet.

[81] Security and Permissions, ANDROID DEVELOPERS, http://developer.android.com/guide/topics/security/security.html (last updated Sept. 13, 2011).

[82] See Foursqaure Privacy Policy

[83] http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1600&context=iplj

[84] Privacy Policy, FOURSQUARE, http://foursquare.com/legal/privacy (last updated Jan. 12, 2011)

[85] Bees and Pollen, "Bees and Pollen Personalization Platform," http://www.beesandpollen.com/TheProduct. aspx; Bees and Pollen, "Sense6-Social Casino Games Personalization Solution," http://www.beesandpollen. com/sense6.aspx; Bees and Pollen, "About Us," http://www.beesandpollen.com/About.aspx.

[86] CFA on the NTIA Short Form Notice Code of Conduct to Promote Transparency in Mobile Applications July 26, 2013 | Press Release

[87] P. M. Schwartz and D. Solove. Notice & Choice. In The Second NPLAN/BMSG Meeting on Digital Media and Marketing to Children, 2009.

[88] F. Cate. The Limits of Notice and Choice. IEEE Security Privacy, 8(2):59-62, Mar. 2010.

[89] https://www.cippguide.org/2011/08/09/components-of-a-privacy-policy/

[90] https://www.ftc.gov/public-statements/2001/07/case-standardization-privacy-policy-formats

[91] Protecting Consumer Privacy in an Era of Rapid Change. Preliminary FTC Staff Report.December 2010

[92] . See Comment of Common Sense Media, cmt. #00457, at 1.

[93] Pollach, I. What's wrong with online privacy policies? Communications of the ACM 30, 5 (September 2007), 103-108

[94] A Comparative Study of Online Privacy Policies and Formats Aleecia M. McDonald,1 Robert W. Reeder,2 Patrick Gage Kelley, 1 Lorrie Faith Cranor1 1 Carnegie Mellon, Pittsburgh, PA 2 Microsoft, Redmond, WA

http://lorrie.cranor.org/pubs/authors-version-PETS-formats.pdf

[95] Amber Sinha Critique

[96] Kent Walker, The Costs of Privacy, 2001 available at https://www.questia.com/library/journal/1G1-84436409/the-costs-of-privacy

[97] Annie I. Anton et al., Financial Privacy Policies and the Need for Standardization, 2004 available at https://ssl.lu.usi.ch/entityws/Allegati/pdf_pub1430.pdf; Florian Schaub, R. Balebako et al, "A Design Space for effective privacy notices" available at https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf

[98] Allen Levy and Manoj Hastak, Consumer Comprehension of Financial Privacy Notices, Interagency Notice Project, available at https://www.sec.gov/comments/s7-09-07/s70907-21-levy.pdf

[99] Patrick Gage Kelly et al., Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach available at https://www.ftc.gov/sites/default/files/documents/public_comments/privacy-roundtables-comment-project-no.p095416-544506-00037/544506-00037.pdf

[100] The Center for Information Policy Leadership, Hunton & Williams LLP, "Ten Steps To Develop A Multi-Layered Privacy Notice" available at https://www.informationpolicycentre.com/files/Uploads/Documents/Centre/Ten_Steps_whitepaper.pdf

[101] A Comparative Study of Online Privacy Policies and Formats Aleecia M. McDonald,1 Robert W. Reeder,2 Patrick Gage Kelley, 1 Lorrie Faith Cranor1 1 Carnegie Mellon, Pittsburgh, PA 2 Microsoft, Redmond, WA

[102] Howard Latin, "Good" Warnings, Bad Products, and Cognitive Limitations, 41 UCLA Law Review available at https://litigation-essentials.lexisnexis.com/webcd/app?action=DocumentDisplay&crawlid=1&srctype=smi&srcid=3B15&doctype=cite&docid=41+UCLA+L.+Rev.+1193&key=1c15e064a97759f3f03fb51db62a79a5

[103] Report by Kleimann Communication Group for the FTC. Evolution of a prototype financial privacy notice, 2006. http://www.ftc.gov/privacy/ privacyinitiatives/ftcfinalreport060228.pdf Accessed 2 Mar 2007

http://lorrie.cranor.org/pubs/authors-version-PETS-formats.pdf

For more details visit https://cis-india.org/internet-governance/blog/enlarging-the-small-print

A Shortcut to Freedom

tito — 2017-06-28T09:58:47Z

In our everyday life we need access to knowledge and information, we need books (and magazines, newspapers), movies (and documentaries, animations), music for education and entertainment purposes. Now, a delighting fact is almost everything we need, from a 1965 book to the latest Bollywood movie’s MP3 song, is available on the web. You knock the door, and it opens. Why should we care for free knowledge then? We have a got “a shortcut to freedom”.

Scenario 1
Tamil Nadu Chief Minister Jayalaithaa died on 5 December 2016. Kamlesh, a college student from Chennai wants to post a few photos of the leader on his Facebook wall and page paying his tribute to her. He quickly searches on Google, finds a few photos, and posts on the wall.

Scenario 2
Nilima, a young girl from Mumbai, wants to use a latest Bollywood movie song as her mobile ringtone. She too searches on Google, and quickly finds the movie song with many options such as 64 kbps, 128 kbps, remix, reprise and a few issues such as misleading download buttons, pop-up advertisement windows etc. She selects one and puts it as her mobile ringtone.

Scenario 2a
A few days later, Madhuri, a friend of Nilima finds her mobile ringtone. Madhuri requests Nilima to send a copy of the music piece, and Nilima sends it over her mobile bluetooth.

Scenario 3
Lokesh Sanyal, a school teacher from Darjeeling, West Bengal, needs a book for his studies. He first goes to his local library and also asks his friends, but fails to get a copy of the book. Now, before buying a copy of the book, he thinks to check the world wide web to see if a free PDF copy the book is available, and hurrah!, he gets the book from Torrents or some other site.

We have almost everything we require. . .
If we make a list of our requirements of content such as movies, music, books, magazines, games, softwares, we’ll find almost everything is available on the web. You just need spend some time, (be careful about malicious web pages and downloads) and you will get what you want. It might be the movie released just a week ago, or a book published in 1990. It might a photograph of your favorite actress, or music piece of Amzad Ali Khan. Whatever we want, we get.

. . . but
Let’s ponder upon these questions:

Are you using a Windows operating system in your laptop or computer? Is the copy of the Windows OS original (if you are unsure about it then did you buy a copy of the OS with registration key or installed from a CD or pendrive given by someone freely)?
How many (hundred) times you have downloaded images, videos, music, games from the web without checking or knowing its license details?
Do you know that everytime you are sharing some music or video over your mobile bluetooth, there is a possibility that you are violating some copyright and which might be punishable?

The World Wide Web is not free. You get content, but with those come a large number of restrictions. Knowingly or unknowingly we violate copyright everyday. So what should we do?

Of course we have a shortcut — illegal downloading, piracy, as we know that no one really cares. We can ignore everything and carry on.
Or, there is a second option, join the free and open knowledge movement and try to get more and more content under the free licenses.

One option is easy, needs no hard work, on the other hand the second option is difficult to follow, needs a lot of hard work, although that should be the process. It’s completely upto you that which option would you prefer.

Image credit

Source: WIkimedia Commons, Author: W.carter, License: CC SA 4.0 International

For more details visit https://cis-india.org/a2k/blogs/a-shortcut-to-freedom

Annual Report 2014-15

praskrishna — 2016-12-11T07:29:05Z

For more details visit https://cis-india.org/about/reports/annual-report-2014-15.pdf

Comments on the Draft National Policy on Software Products

Anubha Sinha, Rohini Lakshané, and Udbhav Tiwari — 2016-12-12T14:45:11Z

The Centre for Internet & Society submitted public comments to the Department of Electronics & Information Technology (DeitY), Ministry of Information & Communications Technology, Govt. of India on the National Policy of Software Products on December 9, 2016.

I. Preliminary

1. This submission presents comments by the Centre for Internet and Society, India (“CIS”) on the Draft National Policy on Software Products [1] (“draft policy”), released by the Ministry of Electronics & Information Technology (“MeitY ”).

2. CIS commends MeitY on its initiative to present a draft policy, and is thankful for the opportunity to put forth its views in this public consultation period.

3. This submission is divided into three main parts. The first part, ‘Preliminary’, introduces the document; the second part, ‘About CIS’, is an overview of the organization; and, the third part contains the comments by CIS on the Draft National Policy on Software Products.

II. About CIS

4. CIS is a non-profit organisation [2] that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, freedom of speech and expression, intermediary liability, digital privacy, and cyber security.

5. CIS values the fundamental principles of justice, equality, freedom and economic development. This submission is consistent with CIS' commitment to these values, the safeguarding of general public interest and the protection of India's national interest at the international level. Accordingly, the comments in this submission aim to further these principles.

III. Comments on the Draft National Policy on Software Products

General Comments

6. CIS commends MeitY on its initiative to develop a consolidated National Policy on Software Products. We believe that there are certain salient points in the draft policy that deserve particular appreciation for being in the interest of all stakeholders, especially the public. An indicative list of such points include:

A focus on aiding digital inclusion via software, especially in the fields of finance, education and healthcare.
The recognition of the need for openness and application of open data principles in the private and public sector. Identifying the need for diversification of the information technology sector into regions outside the developed cities in India.
Identifying the need for innovation and original research in emerging fields such as Internet of Things and Big Data.

7. We observe that the draft policy weighs in the favour of creating a thriving digital economy, which indeed is a commendable objective per se. However, there are certain aspects which remain to be addressed by the draft policy, to ensure that the growth of our domestic software industry truly achieves the vision set out in Digital India for better delivery of government services and maximisation of the public interest.

8. We submit that the proposed policy should include certain additional guiding principles to direct creation of software and its end-utilisation. These principles would ensure responsible, inclusive, judicious and secure software product life cycle by all the relevant stakeholders, including the industry, the government and especially the public. An indicative list of such principles that we believe should be explicitly included in the policy are:

Ensuring that internationally accepted principles of privacy are followed in software development and utilisation, including public awareness.
Requiring basic yet sufficient standards of information security to ensure protection of user data at all stages of the software product life cycle.
Enforcing lingual diversity in software to allow for India’s diverse population to operate indigenous software in an inclusive manner.
Mandating minimum standards on accessibility in software creation, procurement and implementation to ensure sustainable use by the differently-abled.
Focusing on transparency & accountability in software procurement for all public funded projects.
Implementing the utilisation of Free and Open Source Software (“FOSS”) in the execution of public funded projects as per the mandate of the Policy on Adoption of Open Source Software for Government of India; thereby incentivising the creation of FOSS for use in both private and public sector.
For software to be truly inclusive of the goals of Digital India, it is essential that to provide supports to Indic languages and scripts without yielding an inferior experience or results for the end user in non-English interfaces. Software already deployed should be translated and localised.

9. The inclusion of these principles in substantive clauses of the policy will go a long way in ensuring the sustainable and transparent growth of domestic software product ecosystem.

Specific Comments

10. Development of a robust Electronic Payment Infrastructure

10.1. CIS observes that clauses 5.4 and 6.7 of the draft policy aim to establish a seamless electronic payment infrastructure. We submit that an electronic payment infrastructure should be designed with strong standards of information security, privacy and inclusivity (both accessibility and lingual).

10.2. We recommend that the policy mandate minimum standards of information security, privacy and inclusivity in all payment systems across private and public sectors. The policy should, therefore, ideally specify the respective standards for these categories, for instance ISO 27001 and National Policy on Universal Electronics Accessibility [3], alongside other industry standards for Electronic Payment Infrastructure.

11. Government Procurement

11.1. CIS observes that clause 6.1 of the draft policy seeks to develop a framework for inclusion of Indian software in government procurement. It is commendable that the draft policy identifies the need for a better framework. CIS notes that the existing procurement procedure allows for usage of Indian software. In fact, the Government e-Marketplace(eGM) already has begun to incorporate some of these principles in general procurement.

11.2. Indeed, the presence of a transparent and accountable government procurement, which leverages technology and the internet, is key to ensuring a sustainable and fair market. CIS recommends that the policy refer to these guiding principles to enable the development of a viable cache of Indian software products by creating more avenues, including government procurement.

12. Incentives for Digital India oriented software

12.1. CIS observes that clause 6.3 of the draft policy incentivises the creation of software addressing the action pillars of the commendable Digital India programme.

12.2. For development of superior quality software which will ensure excellent success of the Digital India programme, CIS recommends that the incentives should be provided contingent to the incorporation of certain minimum standards of software development. Such products and services should, inter alia, adhere to the stipulations under National Policy on Universal Electronics Accessibility, the Guidelines for Indian Government Websites, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, etc. In the process, the software should be subjected to reviews by a neutral entity to gauge the compliance with the abovementioned minimum standards.

13. Increasing adoption of Open APIs and Open Data

13.1. CIS observes that clause 6.6 of the draft policy promotes the use of open APIs and open data in development of e-government services.

13.2. We strongly recommend that open APIs and open data principles be adopted by software used in all government organizations, and non-commercial software . Open Data and Open APIs can serve a vital role in ensuring transparent, accountable and efficient governance, which can be leveraged in a major way within the policy by the public and civil society.

14. Creation of Enabling Environment for Innovation, R&D, and IP Creation and Protection

14.1. CIS observes that clause 8.1 of the draft policy seeks to create an enabling environment for innovation, R&D, and IP creation and protection.

14.2. CIS submits that the existing TRIPS-compliant Indian intellectual property law regime is adequately designed to incentivise creativity and innovation in the area of software development. The Indian Patents Act, 1970 read with the Guidelines for Examination of Computer Related Inventions, 2016 do not permit the patenting of computer programmes per se. Several Indian software developers, notably small and medium sized development companies have made evidence-based submissions to the government previously on the negative impact of software patenting on software innovation [4].

14.3. CIS recommends that the proposed policy re-affirm the adequacy of the Indian intellectual property regime to protect software development, in compliance with the TRIPS Agreement.

IV. Conclusion

15. CIS commends the MeitY on the development of the draft policy. We strongly urge MeitY to address the issues highlighted above, especially emphasising the incorporation of essential principles such as information security, privacy, accessibility, etc. Adoption of such measures will ensure a fair balance between commercial growth of domestic software industry and the maximisation of public interest.

[1]. National Policy on Software Products (2016, Draft internal v1. 15) available at http://meity.gov.in/sites/upload_files/dit/files/National%20Policy%20on%20Software%20Products.pdf

[2]. See The Centre for Internet and Society, available at http://cis- india.org for details of the organization,and our work.

[3]. See http://meity.gov.in/sites/upload_files/dit/files/Accessible-format-National%20Policy%20on%20Universal%20Electronics.pdf

[4]. See http://economictimes.indiatimes.com/articleshow/52159304.cms?utm_source=contentofinterest&utm_me dium=text&utm_campaign=cppst

For more details visit https://cis-india.org/internet-governance/blog/comments-on-draft-national-policy-on-software-products

Comments on Draft National Policy on Software Products

praskrishna — 2016-12-11T03:32:14Z

For more details visit https://cis-india.org/internet-governance/files/comments-on-draft-national-policy-on-software-products.pdf

National Policy on Software Products

praskrishna — 2016-12-11T03:30:25Z

For more details visit https://cis-india.org/internet-governance/files/national-policy-on-software-products.pdf

Consultation Note on Model for Nation-wide Interoperable and Scalable Publi Wi-Fi

praskrishna — 2016-12-11T03:02:18Z

For more details visit https://cis-india.org/telecom/files/consultation-note-on-model-for-publi-wifi.pdf

Centre for Internet and Society

P.P. Sneha - Mapping Digital Humanities in India

Download: Mapping Digital Humanities in India (PDF)

Foreword

Executive Summary

CIS Papers

Multistakeholder Consultation on Encryption

Myanmar Digital Rights Forum Agenda

Marathi Wikipedia Edit-a-thon in Kolhapur

Deep Packet Inspection: How it Works and its Impact on Privacy

Background

The Architecture of the Internet

Deep Packet Inspection

The different purposes of DPI

Impact on Privacy

Measures to mitigate risk

Conclusion

Protection of Privacy in Mobile Phone Apps

Protection of Privacy in Mobile Phone Apps

Workshop Report - UIDAI and Welfare Services: Exclusion and Countermeasures

Introduction

Implementation of the UID Project

Concerns Arising from the Report of the Comptroller and Auditor General of India (CAG) on Implementation of PAHAL (DBTL) Scheme

UID-linked Welfare Delivery in Rajasthan

Aadhaar and e-KYC

Endnotes

Enlarging the Small Print: A Study on Designing Effective Privacy Notices for Mobile Applications

Introduction: Ideas of Privacy and Consent Linked with Notices

The Notice and Choice Model

Types of E-Contracts

The Concept of Privacy by Design

The Concept of Data Minimization

Features of Privacy Notices in the Current Mobile Ecosystem

Which of these Stages is the Most Ideal?

Habituation

Contextualization

Length

Problems

Recommendations

Content

Problems

Recommendations

Comprehension

Problems

Recommendations

A Shortcut to Freedom

See also

Image credit

Annual Report 2014-15

Comments on the Draft National Policy on Software Products

I. Preliminary

II. About CIS

III. Comments on the Draft National Policy on Software Products

General Comments

Specific Comments

10. Development of a robust Electronic Payment Infrastructure

11. Government Procurement

12. Incentives for Digital India oriented software

13. Increasing adoption of Open APIs and Open Data

14. Creation of Enabling Environment for Innovation, R&D, and IP Creation and Protection

IV. Conclusion

Comments on Draft National Policy on Software Products

National Policy on Software Products

Consultation Note on Model for Nation-wide Interoperable and Scalable Publi Wi-Fi