Centre for Internet and Society

About Us

pranesh — 2016-06-27T13:59:12Z

What we do

The Centre for Internet and Society is a non-profit research organisation that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and intellectual property rights, and openness (including open data, free/open source software, open standards, open access to scholarly literature, open educational resources, and open video), and engages in academic research on reconfigurations of social processes and structures through the Internet and digital media technologies, and vice versa.

Vision and Mission

The Centre for Internet and Society will critically engage with concerns of digital pluralism, public accountability and pedagogic practices, in the field of Internet and Society, with particular emphasis on South-South dialogues and exchange.

Through multidisciplinary research, intervention, and collaboration, we seek to explore, understand, and affect the shape and form of the internet, and its relationship with the political, cultural, and social milieu of our times.

For more details visit https://cis-india.org/about/about-us

About Open Access Day

sunil — 2008-09-21T14:43:16Z

October 14, 2008 will be the world’s first Open Access Day. The founding partners for this Day are SPARC (the Scholarly Publishing and Academic Resources Coalition), Students for FreeCulture, and the Public Library of Science.

Open Access Day will help to broaden awareness and understanding of Open Access, including recent mandates and emerging policies, within the international higher education community and the general public.

Open Access^¹ is a growing international movement that uses the Internet to throw open the locked doors that once hid knowledge. It encourages the unrestricted sharing of research results with everyone, everywhere, for the advancement and enjoyment of science and society.

Open Access is the principle that publicly funded research should be freely accessible online, immediately after publication, and it’s gaining ever more momentum around the world as research funders and policy makers put their weight behind it.

The Open Access philosophy was firmly articulated in 2002, when the Budapest Open Access Initiative was introduced. It quickly took root in the scientific and medical communities because it offered an alternative route to research literature that was frequently closed off behind costly subscription barriers.

Today, the OAIster search engine provides access to 17,799,314 Open Access records from 1015 contributors. According to the Directory of Open Access Journals – India publishes 105 Open Access journals. Both INSA and IASc have made their journals open access journals. Indian Institute of Science has an EPrints repository and it has over 11,000 papers and this year, the Institute's centenary year, the number is expected to cross 23,000. NIT, Rourkela, has mandated open access to all faculty research papers. There are about thirty OA institutional repositories in India today. The IITs and IISc have formed a consortium and are making their class lectures open access under a project called NPTEL. These lectures are available in web, video and YouTube formats.

About CCMG-JMI

The Centre seeks to enhance the integration and development of interdisciplinary research into the media in India and South Asia. To this end, various programmes envisaged at CCMG will contribute in the following manner:

Methodologically, work at the Centre will examine and seek to develop new approaches both, quantitative and qualitative. This being a recurrent motif across all thematic rubrics pursued.
Archiving the measurement and analysis of media production, content and reception takes place in many organisations, but very little of such data is available to researchers, or is analysed comparatively. To address this void, the Centre aims to create an archive of media research data of value to researchers across South Asia.
Comparative perspectives across disciplines, mediascapes and regions are of utmost importance to the centre’s body of objectives. Comparative analyses will require reconciling data based on differing calibration approaches rooted in, often, contesting intellectual traditions and policy foundations.
Networking will be structured to aid the regular association of media scholars and policy analysts from varied, contiguous disciplines. Equally, the Centre will act as a focal point for dialogues between social scientists, civil society actors and media professionals who rarely are able to share a platform.

1This section and the next is adapted from the content available at http://www.openaccessday.org

For more details visit https://cis-india.org/openness/publications/content-access/about-open-access-day

Aaron Swartz: The First Martyr of the Free Information Movement

lawrence — 2013-01-24T12:26:02Z

Well known American computer programmer, writer, political organizer and Internet activist died on January 11, 2013. Lawrence Liang from the Alternative Law Forum discusses with Newsclick the tragic loss. The interview was conducted by Prabir Purkayastha.

This interview was originally published by NewsClick on January 19, 2013.

Discussing on the immediate background in which this tragic event happened, Lawrence says that all of us are collectively mourning the death of an extremely talented individual. He adds that Aaron was facing a very difficult trial ahead. A couple of years ago he had plugged his computer on to the MIT network and had downloaded approximately four million articles from JSTOR (primary database for social science and other science journals) and he had intended to make freely available. This act of his in many ways marks Aaaron's short life but one which is marked by a certain commitment and activism around the idea of free knowledge.

Lawrence further says that his anger at databases like JSTOR was the fact that they were charging extraordinary amounts of money to provide access (which meant that they were not available to most people in the world) without paying any royalty to the authors contributing to the article or to the people who do the peer review of the articles. Here is a scenario which is rent control of the worst kind essentially of knowledge which is completely privatised and enclosed (public knowledge which is enclosed in this particular way).

Most researchers and academics who work and contribute towards making of journals do not get compensated for it but are paid for by public money because they happen to be employed by universities or research centres. And then all this material goes behind pay walls. And that is the context in which we need to understand Aaron's life. Click below to watch the full interview:

Video

For more details visit https://cis-india.org/openness/blog-old/aaron-swartz-the-first-martyr-of-free-information-movement

Aadhaar-enabled smartphones will ease money transfer

praskrishna — 2016-08-10T13:33:54Z

With its plans to make smartphones Aadhaar-enabled, the government hopes to provide users a means to do self-authentication and let businesses and banks verify the identity of their clients through their smartphones, a move that could potentially lead the way to a cashless society.

The article by Neha Alawadhi and Gulveen Aulakh was published in the Economic Times on August 10, 2016. Sunil Abraham was quoted.

"Iris and fingerprint sensors are now becoming a standard feature in smartphones anyway, and this requirement will only take a minor tweak to the operating system. Once enabled, people will be able to use phones to do self-authentication and KYC (know your customer)," Nandan Nikelani, former chairman of the Unique Identification Authority of India, told ET, welcoming the government's plan to make smartphones Aadhaar-enabled.

ET was the first to report that on July 27 a meeting between UIDAI, which administers Aadhaar, and senior executives of smartphone-makers discussed ways to allow smartphone handsets let citizens authenticate their fingerprints and iris on the phone to get services. The most immediate use for the Aadhaar-enabled smartphones is the Unified Payment Interface (UPI), the new payment system that allows money transfer between any two parties using mobile phones and a virtual payment address.

"The two-factor authentication in UPI is now being done with mobile phone as one factor, and MPIN as the second factor. But once you have Aadhaar authentication on the phone, then the second factor can be biometric authentication through Aadhaar," said Nilekani. Over time, the idea is to open Aadhaar authentication to third party apps, said another person familiar with the ongoing discussions, who did not wish to be named.

In effect, biometric and iris scan authentication could become one of the permissions a user grants to different third party apps, such as access to camera, contacts, phone book and so on. Handset makers have raised concerns about some security issues on using iris scan for Aadhar authentication. Also, companies such as Apple that have very closed ecosystems, would not be easy to get on board, several people told ET.

"The primary challenge lies in safe storing of the iris scan between the time it is captured by the camera and then sent to UIDAI server seeking authentication," said an industry insider, who is aware of the discussions, requesting anonymity. The proposal for smartphone makers includes a "hardware secure zone" where biometric data will be encrypted and sent out. It will not leave the electronic secure zone without encryption, and every phone doing Aadhaar authentication will be registered in the UID system.

"Unfortunately, from the biometric sensor the data goes to the hardware secure zone via the operating system. Therefore, the biometric data can be intercepted by the operating system before it is sent to the hardware secure zone," said Sunil Abraham, executive director at Bengaluru-based research organisation, the Centre for Internet and Society.

"The reluctance to make changes at the vendor level are mainly coming from a desire for control of biometric data for strategic and commercial purposes. Privacy and security are bogus reasons," Nilekani said, adding that both ends - the handset and the Aadhaar database -- will use the highest level of encryption.

Samsung India, which in May launched the Galaxy Tab Iris, a device that uses Aadhaar authentication, said it has taken care that its user's biometric data does not fall into the wrong hands. "We ensure that biometric data is encrypted as per UIDAI specifications in device itself for Galaxy Tab Iris," Sukesh Jain, vice president, Samsung India Electronics, told ET in an email response.

For more details visit https://cis-india.org/internet-governance/news/economic-times-august-10-2016-neha-alawadhi-gulveen-aulakh-aadhaar-enabled-smartphones-will-ease-money-transfer

Aadhaar security: Here's how your private information can be protected

praskrishna — 2017-05-19T10:05:25Z

Lock Aadhaar, and notify UIDAI if you get a one-time-password for a transaction you did not initiate

The article by Sanjay Kumar Singh was published in the Business Standard on May 11, 2017. Udbhav Tiwari was quoted.

The linking of Aadhaar — the 12-digit unique identification number for Indian residents — across various benefits is going through a roller-coaster ride. On one hand, the government, keen to make it mandatory, is linking it with filing of income-tax returns and benefits. But, on the other, many are uncomfortable with it because of privacy issues and leakages that have been reported recently. The Supreme Court, on Tuesday, referred another fresh plea challenging the Aadhaar Act and its mandatory use in government schemes to a larger Constitution bench.

There has been several reports that say that Aadhaar numbers and other personal data are being leaked. Bengaluru-based Centre for Internet and Society (CIS) has published a report (titled Information security practices of Aadhaar, or lack thereof) where it lists four government departments that have posted Aadhaar numbers and other personal information of people. According to the report, an estimated 130-135 million Aadhaar numbers and 100 million bank account numbers were posted on the four portals that the CIS researchers checked. Normally such data should be kept on the government’s intranet, where only authorised people can access it. However, a few government departments have uploaded this data on their websites. In many cases, the data was in excel format, making it all the more easy for people to download and misuse it. The worst part: If your data is stolen, you cannot file even a First Information Report with the police. Only the nodal body, the Unique Identification Authority of India (UIDAI), can file a police complaint.

Your data can be misused: Experts say that leakage of Aadhaar numbers and other personal information into the public domain violates peoples’ privacy. “Your name, phone number, address, bank account number and Aadhaar number are personal information. Only you have the right to decide whether to release such information to others. Such data shouldn’t be complied in excel sheets in large numbers and be freely accessible on the internet to everyone," says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru.

Tele-marketers and advertisers will have access to the personal information of all those people. More serious problems such as identity theft can occur. Says Smitha Krishna Prasad, project manager, Centre for Communication Governance at National Law University, Delhi: “The more sensitive information a person has about you, the easier it becomes to impersonate you when that person is speaking to, say, a bank." The impersonator could open a bank account or even take a loan in your name.

Suppose a hacker gets your email ID. “He will use the ‘password reset or forgot password’ feature to change your password and get access to your account. This feature poses questions based on personal info about you. Any such data collected about you comes useful here. Such hackers mine a lot of data about potential victims from all possible sources," says Shomiron Das Gupta of NetMonastery, a threat management provider. In the email, he could find info about your bank account, credit card account, etc, and cause financial losses to you.

Serious risks can also arise if someone manages to breach the biometric authentication or one-time password (OTP) required for using the Aadhaar system. “It is possible to copy an individual’s fingerprints, and replicate them using very commonly available resins. It is also possible for hackers to capture the data being communicated between a telephone tower and a mobile phone, especially if it is poorly encrypted. This will allow the hacker to see the OTP. Admittedly, this does require expertise and a targeted effort vis-a-vis an individual," says Tiwari. Now that the Aadhaar numbers of so many people have been divulged, someone could utilise their identities to steal their government-granted benefits, or obtain a SIM card, which could then be misused. Raman Jit Singh Chima, policy director, Access Now, says at many places where the Aadhaar number is required today, no biometric authentication is done. So just the number can be used to impersonate you.

Lock your biometrics: If your Aadhaar number and other personal information have been leaked, here are a few steps you can take to safeguard yourself. One, be wary of any calls you receive asking for additional details, which may not have been leaked already. Be equally wary if you receive a call wherein someone rattles off your personal data and asks you to verify it. The caller could pretend to be calling from your bank. It is best not to reveal or confirm any information over the phone at all. Two, you have the option to lock your biometric data online. Even if someone manages to steal your fingerprint, he will not be able to use it if you have locked your biometric data (see table). Also, if you get an OTP on your phone for an Aadhaar utilisation that you did not initiate, notify the UIDAI, and thus ensure that no transaction is carried out using your Aadhaar account.

Need for a privacy law: To prevent data leaks in the future, the government needs to sensitise state government officials who work with Aadhaar data about the need to protect the its privacy. More importantly, India needs a comprehensive data protection law. At present, there is limited provision in the Information Technology Act of 2008 under which you can file a civil case against a corporate that has leaked your personal information. “The person affected by data leakage has to show that he has suffered wrongful loss, or somebody else has enjoyed a wrongful gain, and then claim compensation," says Prasad.

After the Radia tapes incident, the government had said it would pass a comprehensive privacy law. “This law would lead to the creation of a data protection authority with enforcement powers, which would be able to penalise both companies and government bodies violating privacy principles. Despite the process beginning in 2012-13, and multiple drafts being leaked into the public domain, there has not been much progress on this count," says Chima. He adds that when the privacy law becomes a reality, any part of the Aadhaar Act that is contrary to it should also be amended.

How to lock your biometric data online

Go to the UIDAI web site: https://uidai.gov.inGo to Aadhaar services, then Lock/Unlock Biometrics Enter Aadhaar number Enter security code that appears below the Aadhaar numberYou will receive an OTP on your registered mobile number. Enter it Click ‘Verify’Click box against ‘Enable biometric lock’Click on Submit buttonSame procedure can be repeated to disable biometric lock.

For more details visit https://cis-india.org/internet-governance/news/business-standard-sanjay-kumar-singh-aadhaar-security-here-is-how-your-private-information-can-be-protected

Aadhaar Remains an Unending Security Nightmare for a Billion Indians

Admin — 2018-05-13T16:28:40Z

Yesterday was the 38th and last day of hearings in the Supreme Court case challenging the constitutional validity of India’s biometric authentication programme. After weeks of arguments from both sides, the Supreme Court has now reserved the matter for judgement.

The article by Karan Saini was published in the Wire on May 11, 2018.

Since its inception, the Aadhaar project has lurched from controversy to scandal. In the last two years, the debate has heavily centred around issues of data security, privacy and government overreach. This debate, unfortunately, like with most things Aadhaar, has been obfuscated in no small part due to the manner in which the Unique Identification Authority of India (UIDAI) reacts to critical public discussion.

As India waits for the apex court’s judgement, this is as good time as any to take stock of the security and privacy flaws underpinning the Aadhaar ecosystem.

Poor security standards

Let’s start with the lackadaisical attitude towards information security. As has become evident in the past, harvesting and collecting Aadhaar numbers – or acquiring scans and prints of valid Aadhaar cards – has become a trivial matter.

There are several government websites which implement Aadhaar authentication while at the same time lack in basic security practices such as the use of SSL to encrypt user traffic and/or the use of captchas to protect against brute-force or scraping attacks. This includes the biometric attendance website of the Director General of Foreign Trade, the website for the National Food Security Mission and the Medleapr website.

With numerous government websites being susceptible, problematic issues such as the use of open directories to store sensitive data gives us a look into how even the bare minimum – when it comes to adhering to security best practices – isn’t enforced across the gamut of websites which interface with Aadhaar.

It should not be acceptable practice to have government websites with open web directories containing PDF scans of dozens of Aadhaar cards available for just about anyone to view and/or download. Yet, over the past year and even before, many government websites have been found to either inadvertently or knowingly publish this information without much regard for the potential consequences it could have.

The UIDAI has repeatedly shown an attitude of hostility and dismissiveness when it comes to fixing security and privacy issues which are present in the Aadhaar ecosystem. It has also shown no signs of how it plans to tackle this problem.

In my personal experience as a security researcher, I have found and reported a cache of more than 40,000 scanned Aadhaar cards being available through an unsecured database managed by a private company, which relied on those scans for the purposes of verifying and maintaining records of their customers.

What’s worse is that the media reports regarding Aadhaar information being exposed may only be scratching the surface of the issue as more data may actually be susceptible to access and theft, and simply yet to be found and publicly reported. For example, data could be leaking through publicly available data stores of third-party companies interfacing with Aadhaar, or through inadequately secured API and sensitive portals without proper access controls.

Not all security incidents become a matter of public knowledge, so what we know at any given point about the illegal exposure of Aadhaar information may just be a glimpse of what is actually out there.

It should be acknowledged that the possession of these 12-digit numbers and their corresponding demographic information can open up room for potential fraud – or at the very least make it easier for criminals to carry out identity theft and SIM and banking fraud.

A detailed analysis of all publicly-reported Aadhaar-related or Aadhaar-enabled fraud over the last few years shows that the problem is not only real but deserves far more attention than what it has received so far.

Threat level infinity

Taking a step back, it’s clear that the Aadhaar project snowballed into an ecosystem that it now struggles to control.

For instance, demographic information – as is stated in the draft for the Aadhaar Act (NIDAI Bill 2010) – was originally considered confidential information, meaning no entity could request your demographic information such as name, address, phone number etc. for purposes of eKYC.

However, as the ecosystem has progressed, the implementation and usage of eKYC have also changed and grown significantly with companies like PayTM utilising eKYC for the purposes of requesting and verifying customer information. It should be considered that data which has been collected by any of these companies through Aadhaar can be accessed by them in the future for an indefinite period of time depending on their own policies regarding storage and retention of the data.

If there ever is a breach of the CIDR or a mirrored silo containing a significant amount of Aadhaar-related data, it would directly affect more than one billion people. To put this in perspective, it would easily be the single largest breach of data in terms of the sheer number of people affected and it would have far-reaching consequences for everyone affected which might be very hard to offset.

On a comparatively smaller scale – although just as serious, if not more in terms of potential implications – would be a breach of any given state’s resident data hub (SRDH) repository. In some cases, SRDHs have been known to integrate data acquired from other sources containing information regarding parameters such as caste, banking details, religion, employment status, salaries, and then linking the same to residents’ corresponding Aadhaar data.

Damage control would be costly and painstaking due to the number of people enrolled. What adds to the disastrous consequences is that one cannot just deactivate their Aadhaar or opt-out of the programme the way they would with say a compromised Facebook or Twitter account. You can always deactivate Facebook. You cannot deactivate your Aadhaar. It should be noted that even with biometrics set to ‘disabled’, Aadhaar verification transactions can be verified through OTP.

Additionally, the Aadhaar ecosystem is such that information about individuals can be accessed not just from UIDAI servers but also from other third-party databases where Aadhaar numbers are linked with their own respective datasets. Due to this aspect – multiple points of failure are introduced for possible compromise of data, especially because third-party databases are almost certainly not as secure as the CIDR.

Recently, after taking a closer look at the ecosystem of websites which incorporate the use of Aadhaar based authentication, I discovered that it was possible to extract the phone number linked to any given Aadhaar through the use of websites which poorly implemented Aadhaar text-based (OTP) authentication.

This process worked by first retrieving the last four digits of the phone number linked to an Aadhaar using any website which reveals this information (this includes DigiLocker, NFSM.gov.in and seems to be standard practice which seems to be enforced by UIDAI) and then performing an enumeration attack on the first six digits using websites which allow the user to provide both their Aadhaar number and the verified phone number linked to it.

This again highlights that while secure practices might be followed by the UIDAI, the errors in implementation and other flaws are introduced neverthelessby third parties who interface with Aadhaar, posing a risk to the privacy and security of its data.

The bank mapper rabbit hole

As of February 24, 2017, it was possible to retrieve bank linking status information directly from UIDAI’s website without any prior verification.

However, after this information was reported, the ‘uidai.gov.in’ website was updated to first require requesters to prove their identity before retrieving Aadhaar bank-linking data from the endpoint on their website.

A year later – when business technology news site ZDNet published their report regarding a flawed API on the website of a state-owned utility company (later revealed to be Indane) – part of the data revealed included bank linking status information which was identical to what was previously revealed on UIDAI’s website without proper authentication.

This suggests that both the Indane API and UIDAI website utilised the National Payments Corporation of India (NPCI) to retrieve bank-linking data – but as of now, this remains conjecture since Indane never put out a statement or gave a public comment regarding the flawed API on their website.

More importantly, what this also suggests is that the NPCI never placed any controls or security mechanisms (such as request throttling or access controls) on the lookup requests it processed for the UIDAI (and seemingly for Indane as well).

This means that while the UIDAI may have fixed their website to not reveal bank linking data without proper verification – the issue was not rectified at its core by the NPCI – allowing the same to happen a year later in Indane’s case. This practice also classifies as a case of security through obscurity, which “is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms”.

Who is on the hook?

There is a lack of needed accountability when it comes to data breaches. Have any of the organisations against whom allegations of data breach been made been investigated and acted on? Have fines been imposed on those responsible for allowing access/theft of user data? Have there been reports published by any of the affected organisations in which they investigate any alleged breaches to either provide insight regarding the breach and its impact, the scale of data accessed, logs of access and other crucial evidence or dismiss the allegations by proving that there was no intrusion which took place?

Most of the times, organisations do not even accept that a breach has taken place, let alone take responsibility for the same and strive to better protect user data in the future.

Switching to ‘PR spin mode’ should never be the answer when dealing with the data of billion-plus Indian citizens and residents. This can be observed in almost all cases where a breach or security lapse was alleged.

The UIDAI has also acquired the dubious reputation of sending legal notices and slapping cases on journalists and security researchers who seek to highlight the security and privacy problems ailing the Aadhaar infrastructure.

In March 2017, a case against Sameer Kochhar – chairman of the Skoch Group – was filed on the basis of a complaint from Yashwant Kumar of the UIDAI allegedly for “spreading rumours on the internet about vulnerability of the Aadhaar system”. Kochhar had written an article in February 2017 titled “Is a Deep State at Work to Steal Digital India?” in which a request replay attack on biometric Aadhaar authentication was demonstrated.

Two months later, The Centre for Internet and Society published a report regarding several government websites which were inadvertently leaking millions of Aadhaar card numbers. A few days after this report was published, the UIDAI sent a legal notice to the organisation, stating that the people involved with the report had to be “brought to justice”.

In January 2018, an investigative story was published by Rachna Khaira of The Tribune newspaper – in which she reported that access to an Aadhaar portal was being sold by “agents” for as cheap as Rs 500. In response to this story – the UIDAI first sought to discredit the investigative work by calling it a ‘case of misreporting’ – after which they attempted to downplay the magnitude of the report by citing that biometrics were safe and had not been breached.

Following this, the Delhi crime branch registered an FIR against the reporter and others named in the article on the basis of a complaint by a UIDAI official, with charges ranging from forgery, cheating by impersonation and unauthorised access of a computer system.

In March 2018, ZDNet published a report about Aadhaar-related data leaking from an unsecured API on a utility provider’s website. This was the result of days of testing to first confirm the existence issue and its scope. It was preempted by more than a month of attempted communication through several channels of communication – email, phone, even direct messages via Twitter – with both Indane and the UIDAI (and even the Indian Consulate in New York).

But still, when the report was published after a lack of acknowledgement/response from affected parties, the UIDAI was quick to deny the report as well as any possibility of such a thing occurring. The Aadhaar agency then released a statement in which they said they were ‘contemplating legal action’ against the publication of their report.

Data security and privacy laws won’t do much to affect the dismissive and hostile attitude the UIDAI seems to have regarding the people that investigate and report on security and privacy issues relating to Aadhaar.

Hide and seek

In general, when it comes to reports of security breaches and security incidents, many authorities in India prefer playing the blame-game. This was seen latest in response to an internal letter (ironically marked as ‘SECRET’) that was circulated on social media – which mentioned that data was stolen from the Aadhaar Seeding portal of the EPFO by hackers exploiting a known vulnerability in the Apache Struts framework.

Following this – the EPFO quickly switched to PR mode and publicly issued a statement through their official Twitter account (@socialepfo) denying the breach – saying that “There is no leak from EPFO database. We have already shut down the alleged Aadhaar seeding site run by Common Service Centres on 22.03.2018.”

Every time reports of a potential breach or leak of data circulate, Indian government agencies are quick to come out and announce that no breach has taken place. However, this is always to be taken just on the basis of their saying so, as opposed to the reports which they’re meant to be arguing (in some cases) contain verifiable evidence which is the result of arduous investigative work.

Regardless, passing around the blame and in cases completely denying security incidents is not something authorities should be doing when it concerns the data of more than a billion people.

In response to a recent story by Asia Times regarding Aadhaar enrolment software being cracked and sold, the UIDAI sought to discredit and discount the report through messages shared on their social media profiles – where they stated that the report was “baseless, false, misleading and irresponsible”.

The UIDAI should have an interest in protecting any and all data which stems from or relates to Aadhaar as it has to do with a project they are ultimately responsible for. It should not matter whether the leak occurred from a portal on EPFO’s website, an API without proper access controls on Indane’s website, a website of the Andhra Pradesh state government, through biometric request replay attacks, through sold access to admin portals and cracked software, or however else. It should ultimately be the UIDAI’s responsibility to not only be reactive about these issues when they’re brought to light but to do so in such a way which does not hinder reporters from continuing their work.

Additionally, if the UIDAI wishes to keep its systems as secure as they could be – they should proactively seek such reports about flaws or vulnerabilities in critical infrastructure pertaining to their project.

The way forward

In April 2018, the head of the Indian Computer Emergency Response Team (CERT-IN), rather defensively noted that “not a single person had reported any incident” to the organisation.

CERT-In, a part of the IT ministry, is the central agency responsible for dealing with security issues and incidents. To put it bluntly, it has not done a very great job of outreach when it comes to the people it ultimately relies on: security researchers and hackers.

In India, there is an abundance of skills and talent when it comes to IT security and this could be of immense help to organisations responsible for managing critical infrastructure – but only if they cared enough to utilise it to the fullest extent.

Ajay Bhushan Pandey, the CEO of UIDAI, promised a secure and legal bug reporting environment for the Aadhaar ecosystem sometime in 2017. However, almost a year later, there are no tangible signs of any steps being taken to ensure the same. In fact, the UIDAI would already be straying from their usual course of action if they stopped harassing people reporting on issues of security and privacy with regard to Aadhaar.

It has been suggested that the UIDAI employ a bug bounty programme – which involves rewarding hackers with monetary compensation or through means such as an addition to a ‘Security Hall of Fame’ as an incentive.

I personally believe that there is no need for a bug bounty programme in its traditional sense – meaning that UIDAI should not have to provide material incentives to attract hackers to report valid issues to them. Simply acknowledging the work of those that discover and report valid issues should more than likely be incentive enough to get talent on-board.

The US Department of Defense (DoD) employs a similar approach where they invite hackers from the world over to test their systems for security vulnerabilities/bugs and then report them in a responsible manner. What the hackers get in return is the acknowledgement of their skill and devotion to ensuring the security of DoD’s platform. Something similar needs to be set up with regard to critical information infrastructures in India so that issues can be reported by anyone who wishes to do so – without hassle and/or fear of persecution hanging over the heads of hackers.

For more details visit https://cis-india.org/internet-governance/news/the-wire-karan-saini-may-11-2018-aadhaar-remains-an-unending-security-nightmare-for-a-billion-indians

Aadhaar by Numbers

praskrishna — 2016-09-11T16:36:58Z

Sunil Abraham will be addressing a public seminar at an event organized by National Institute of Public Finance and Policy (NIPFP) in New Delhi on Friday, April 29, 2016.

This talk will reflect on several aspects of the Aadhaar project from a technical perspective. First, there will be a reflection on biometrics as a unique, identification and authentication technology. Second, there will be a critique of open washing by the UIDAI through their adoption of free software and open standards and finally there will be an analysis of alternative technical solutions and architecture which will allow India to harvest the benefits of identity management without the harms and risks of centralized biometrics.

Sunil Abraham

Sunil Abraham (an Ashoka Fellow) is the executive director of the Centre for Internet and Society (CIS), Bangalore/New Delhi. CIS is a 7 year old policy and academic research organisation that focuses on accessibility, access to knowledge, internet governance and telecommunications. He is also the founder and director of Mahiti, a 17 year old social enterprise that aims to reduce the cost and complexity of ICTs for the voluntary sector by using free software. Starting 2004, for 3 years, Sunil also managed the International Open Source Network, a project of UNDP's APDIP, serving 42 countries in the Asia-Pacific region. Sunil currently serves on the advisory boards of OSF – Information Programme, Mahiti and Samvada.

The talk reflected on several aspects of the Aadhaar project from a technical perspective. First, there is a reflection on biometrics as a unique, identification and authentication technology. Second, there is a critique of open washing by the UIDAI through their adoption of free software and open standards and finally there is an analysis of alternative technical solutions and architecture which will allow India to harvest the benefits of identity management without the harms and risks of centralized biometrics.

Video

For more details visit https://cis-india.org/internet-governance/news/aadhaar-by-numbers

Aadhaar assurances fail to assuage privacy concerns

praskrishna — 2017-05-20T06:23:32Z

While Aadhaar may be secure from external attacks, a failsafe system hasn’t been developed to protect it from Edward Snowden-style leakages and hacks.

The article by Anirban Sen was published by Livemint on May 5, 2017. Pranesh Prakash was quoted.

As calls for a privacy and data protection law grow louder with each passing day amid reports of a central government ministry having made up to 130 million Aadhaar numbers public on its website, widespread concerns continue to emerge over loopholes in the security of the unique identification programme, though the man who created the system continues to defend the security and integrity of the system.

Most worryingly, a consensus is emerging among security and privacy experts, who have argued that while the Aadhaar system may be secure from external attacks, a failsafe system has not been developed to protect it from Edward Snowden-style internal leaks or hacks.

“(What has been suggested by the Unique Identification Authority of India and Nandan Nilekani) is that there will never be a data breach like what we saw in the US with the National Security Agency, Central Intelligence Agency, or Office of Personnel and Management breaches (data of federal government personnel, including more than 5.6 fingerprints, was leaked), or in Mexico or Turkey, or even in India when the department of defence was breached for cyber-espionage for multiple years without detection,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

“While the system may be secure from external attacks, there is no failsafe system to make it invulnerable to Snowden-style breaches,” he added.

In an interview, former UIDAI chairman and Infosys Ltd co-founder Nandan Nilekani continued to defend the security of the system and said steps are being taken everyday to enhance the failsafe processes surrounding the system.

“I think the Aadhaar system is extremely well-designed. It’s not an online system that is exposed to the Internet. When enrolment happens, the packet is encrypted at source and sent, so that there can’t be a man-in-the-middle attack. And when the authentication happens, that is also encrypted—not compared to the original data, but to a digital minutiae. The point is that the system is very, very secure. So, if the objection is to centralization, then you should not have clouds. Clouds are also centralized,” said Nilekani. He added that Aadhaar was also safe from internal breaches, an assumption that is being challenged by security experts all across.

“Within seven years of its launch, the Aadhaar system has made a remarkable leap in terms of its security and privacy and it will keep improving things. Technology does not come through immaculate conception, where one morning some perfect technology is born. It has to evolve. It’s called learning by doing,” added Nilekani. He added that improving the security of the system is an ongoing process and conceded that a data protection and privacy law needs to be in place to supplement the current Aadhaar law.

“I know the government has sent a notice to everyone. If somebody has done it; they ought not to have done it—there’s a law for that,” said Nilekani when asked about recent instances of Aadhaar numbers being made public by government departments.

“We should have a data protection and privacy law which is an umbrella law, which looks at all these phenomena and certainly Aadhaar should be part of that. That’s perfectly fine—but people are behaving as if Aadhaar is the only reason why we should have a privacy law,” added Nilekani.

The last few weeks and months have witnessed a steady stream of negative news surrounding Aadhaar and three main cases are currently being fought in the Supreme Court, including one challenging the government’s decision to make the 12-digit ID mandatory for filing income tax returns as well as for obtaining and retaining a PAN Card.

Meanwhile, as Mint reported in April, questions are being raised on the Aadhaar biometric authentication failure rate in the rural job guarantee scheme in areas such as Telangana.

The report of Aadhaar numbers being listed on the government ministry website has caused widespread uproar, although a lawyer pointed out that it is not due to a breach in the Aadhaar system.

“It’s a misnomer to say this a leak because this was voluntarily, very actively put up there. A leak is when some information being kept securely gets breached somehow and comes out. Now, why is this information up on government websites? This is the problem of our government’s perception of transparency...The fact that the Aadhaar numbers are on the government website is not a flaw of the Aadhaar system, but it is a flaw of the understanding of what needs to be done to demonstrate transparency,” said Rahul Matthan, partner at Trilegal.

In a column in Mint, Matthan had also pointed out that while Aadhaar has been a transformative project, there remains enough scope of misusing the database.

“There is a legitimate fear that this identity technology will open us all up to discrimination, prejudice and the risk of identity theft,” Matthan wrote. “Aadhaar has given us the tools to harness data in large volumes. If used wisely, this technology can transform the nation. If not, it can cause us untold harm. We need to be prepared for the impending flood of data—we need to build dams, sluice gates and canals in its path so that we can guide its flow to our benefit.”

Even as both sides debate the issue of Aadhaar’s security, calls are getting louder to revamp the unique identification database.

“The point is that the UIDAI knows the device ID of the machine with which the biometric transaction took place along with the time and date, which means that by just using basic data analytics, any one with access to the transaction logs from the UIDAI (which have to be kept for a period of 5 years and 6 months) can have a complete view of a person’s Aadhaar-based interactions that are increasing day by day.”

“Further, the UIDAI has built up a biometric profile of the entire country. This means that courts can order UIDAI to provide law enforcement agencies the biometrics for an entire state (as the Bombay high court did) to check if they match against the fingerprints recovered from a crime scene. This too is surveillance, since it collects biometrics of all residents in advance rather than just that of criminal suspects,” said Prakash of CIS.

“The UIDAI could have chosen to derive unique 16 digit numbers from your Aadhaar number and provide a different one to each requesting entity. That would have prevented much of these fears. But the UIDAI did not opt for that more privacy-friendly design,” he added.

For more details visit https://cis-india.org/internet-governance/news/livemint-may-5-2017-anirban-sen-aadhaar-assurances-fail-to-assuage-privacy-concerns

A2K3 Panel XI: Open Access to Science and Research

sunil — 2011-08-18T05:07:56Z

Prof. Subbiah Arunachalam participated in the third Access to Knowledge hosted by The Information Society Project (ISP) at Yale Law School between September 8-10, 2008, in Geneva, Switzerland. The conference held at the Geneva International Conference Centre brought together hundreds of decision-makers and experts on global knowledge to discuss the urgent need for policy reforms.

Original Article on A2K3 website

Download Subbiah Arunachalam's Paper

Audio file of Session on Open Access to Science and Research (Ogg, MP3)

Open access (OA) literature is digital, online, free of charge, and free of unnecessary copyright and licensing restrictions. Made possible by the internet and author consent, OA supports wider and faster access to knowledge. This panel featured Leslie Chan, of the University of Toronto; Subbiah Arunachalam of the M.S. Swaminathan Research Foundation and Global Knowledge Partnership; Eve Gray of the Centre for Educational Technology, UCT; and DK Sahu of Medknow Publications Pvt. Ltd. Peter Suber from the Yale Information Society Project and SPARC moderated this panel.

It’s a distant dream for most kinds of literature, where authors are unwilling to give up the revenue they currently earn from publishers. But it’s growing quickly for scholarly journal articles, where journals don’t pay for articles and authors write for impact, not for money. The result is a revolutionary opportunity to accelerate research and share knowledge. OA is especially important for researchers and medical practitioners in developing countries, where access to knowledge has been sharply reduced by four decades of fast-rising journal prices.

This panel will examine what universities and governments can do to promote OA, with a special focus on medical research and health information. Among the models discussed will be peer-reviewed OA journals, OA repositories, the WHO’s Health InterNetwork Access to Research Initiative (HINARI), and the new policy from the U.S. National Institutes of Health requiring NIH-funded researchers to deposit their peer-reviewed manuscripts in an OA repository.

The questions to be addressed will include:

How do access barriers slow research in developing countries? How does OA remove those barriers?
What can universities do to promote OA?
What can governments, and public funding agencies, do to promote OA?
What special challenges do developing countries face in providing OA?
What are some concrete examples of successful OA policies and projects in developing countries?
Why is OA a critical issue for policy-makers concerned with public health, scientific innovation, and higher education?
How does OA accelerate the advance and spread of knowledge in medicine as well as in other disciplines?
How can OA promote the work of researchers in developing and transitional countries, both as readers and as authors?

PETER SUBER

OA literature is digital, online, free of charge, free of needless copyright
OA is compatible with peer review, copyright, revenue and profit, print, preservation, prestige
3622 peer-reviewed OA journals, 1220 OA repositories, 22 university OA mandates (15 countries), 27 funding agencies OA mandates (14 countries)
Part of the problem: journal prices have risen 4 times faser than inflation since mid-1980s. Indian institute of science is the best funded research library in india providing access to 10600 serials.
Harvard has 98990
Yale has 73900
Average ARL library = 50,566
U of Witwatersrand = 29,309
U of Malawi = 17000 ejournals, 95 print
The case for OA is especially strong for publicly funded research, medical research, research from developing countries

SUBBIAH ARUNACHALAM

Why do we needopen access to science?
Science as Knowledge commons
Created by researchers, a communal activity, science is about sharing, internet has opened new opportunities
Primary goal of science is the creation of new knowledge for the benefit of humanity
Emergence of open access – seeks to restore knowledge commons to creators. Movement, like everything else, is uneven
Physicists vs. chemists
UK, Netherlands and USA – have had many more successes
Brazil – doing very well – but China and India are not doing so well with open access
Restore the knowledge commons is to the community
This movement is like any other movement which is uneven
Developments in India

3.1% papers in chemical abstracts
30,000 papers a year indexed in SCI
Problems of Access and Visibility

New Developments:

Consortia – able to provide a lot of journals
open courseware
arXiv

Problems: papers that are published are put in inaccessible journals, and people in global South laboratories would be unable to access this knowledge. The Government gives the money but the research then ends up flying out
The policy front:

Individual efforts
National Knowledge Commission has recommended OA
Number of institutional repositories
Need advocacy and training programmes
Action missing from key players

Some individuals are doing a great job and putting all their materials online
Medical information and developing countries

No nation can afford to be without access to S&T research capacity
Neglected diseases are not a priority for pharmaceutical companies
HINARI – any country that has per capita less than $1000 is eligible

DK SAHU

Infectious diseases (chikungunya goes Italian)
Non-infectious diseases (india becoming global hub for diabetes)
Industry effects (how safe are clinical trials)
Several examples (such as MedKnow, Journal of Postgraduate Medicine) of free access to no-fee journals.
A journal from India has the most visits from London
A journal called International Journal of Shoulder Surgery but visitors are from Melbourne
More original research articles, 40+ articles in 2005 vs. 160+ articles in 2008 in IJU, more issues per year for journals, check on scientific misconduct, international recognition (11 journals in SCI in 2 years)
Going online increases citations – this is an open access advantage
Scientific output of new economies: medicine
Open access publishing is not alone sufficient – there are disappearing journals. Commercial publishers are taking over, there is a lack of continuity, non-interoperability/archiving
20-80 phenomenon (majority of journals are not OA)
Local journals are not preferred (high IF journals)

LESLIE CHAN

Role of Universities and Researchers
You need citations in order to advance in academia – if your papers get picked up and ripple throughout the research arena. What about policy impact?
“Impact factor” is evil. Open access was meant to counter the tyranny of impact factor, so OA journals should not try to battle it out in this arena.
Issues involve “big science” and “lost science”, research literature as infrastructure, integrating the gold and green roads to open access.
Institutional repositories and open access journals
There’s a lot of Big Science that costs a lot of money (like LHC)
But we have another big hole – the 10-90Gap. 10% of the global health research spending is allocated to diseases affecting 90% of the population
The G8 countries account for 85% of most cited articles indexed in ISI
The other 126 countries account for 2.5%
How much of these journals are relevant in terms of content?
We are operating with a dominant model of knowledge dissemination from the Center to the Periphery
We end up having “lost science” in the developing world because of that knowledge
Perpetuate the cycle of knowledge poverty in this way
African countries need to have in place appropriate mechanisms and infrastructure for training and exploitation of knowledge. This will enable them to make meaningful evidence based policy that pertains to local needs
Researchers in developing countries ranked access to subscription-based journals as one of their most pressing problems
HINARI: health sciences

108 countries, 1043 institutions, 5000 journals
Collaboration of >45 publishers: free or reduced-cost access to journals for developing countries
Others: eIFL.net, AGORA: agricultural sciences, OERE: environmental sciences, PERI
Dissemination through information philanthropy. http://libraryconnect.elsevier.com/lcp/1001/lcp100109.html

Open access: the solution to the “lost science”
Two routes to Open Access (OA) – open access journals and respositories
African health sciences: two years ago there was a n article published in this journal and authors found that over 50% of these drugs were substandard or fake. This got the local newspaper, and then BBC, and then other researchers started looking at it
Open Access repositories:
Institutionally-based (universities, etc) or subject-based (e.g. PubMet Central, arXiv.org)
Collect copies of articles published by the institutions researchers
Researchers themselves deposit knowledge
Benefits for authors (research output instantly accessible for all (higher impact)
Research output of international research community accessible to author
Partnerships/collaborative projects develop as a result
Career prospects advanced – publications noted by authorities
Opportunities for new research discoveries, data mining etc
Alternative impact assessment
Benefits for funding bodies: what has been discovered with our financial support? Was it a good investment?
Researchers have a moral and intellectual obligation to ensure that their research is accessible
Universities share a common goal and public mission advancement of knowledge for the betterment of human kind
Open access is key to the MDG

EVE GRAY

When we talk about open access, we talk about change and change delivery.
It’s not just intellectual property and copyright issues, but values, cultures, systems, practices, everything that underlie the process moving towards scientific research
We faced the biggest problem in facing change – we’ve seen a massive overhaul, of transformative reports, of leveraging the country into a different direction. Undoing the damage of apartheid and colonialism
What is meant by international? What is meant by local?
African knowledge for Africa: we need to rejuvenate, regenerate our own knowledge
SA: first heart transplant in the world. Have their own vaccines. Operate as a leading scientific country
Growing international competitiveness – publication is perceived as a matter of journal articles in international journals. Little or no support for publication in nationally-based publications
Much research output in grey literature, not easily findable or accessible
The Medicines and Related Substances Control Act, 2001
Research has to address the burning economic issues of a country
Things are changing…slowly
Support for open access publications
What needs to be done – open access journals are necessary.
Changing values and promotion systems – we have to somehow pick up on the vision of that vibrant African dance movement, translate this feeling
Providing support for publication efforts
Expand the range of publication outputs
Ensuring the social impact of research
There is a huge amount of research being pumped out and being printed out by NGOs
Great literature is almost inaccessible in universities
Could not access African journals – no access from their own countries or neighboring countries
Electric Book Works has manuals for health-care workers – manuals are very high-quality, out of University of Cape Town
Often forgotten that science information is necessary to trickle down, if everything is online, we can get things to trickle down
Harvard said: it is our duty to disseminate our research. Stanford: Caroline Handy – when you publish research, research for community use is part of the duty

For more details visit https://cis-india.org/openness/blog-old/a2k3-panel-xi-open-access-to-science-and-research

A Workshop on "Exploring the Internals of Mobile Technologies"

jdine — 2012-10-25T06:52:50Z

The Centre for Internet and Society invites all individuals interested in investigating and exploring the internal of the Mobile/Hardware Technologies and understanding of capabilities of mobile phones to join our workshop on Saturday, October 27, 2012, at the TERI Southern Regional Centre.

Objective:

Bringing together the technical/hacker community and individuals interested in mobile devices to explore mobile devices internals and capabilities

Scope of Conference and Workshop:

Our proposed topics/areas which we hope to have discussions on are:

Hardware Hacking (Board/Chips Capabilities)
Operating System Internals (Hardware/OS Interfacing)
Software Development Kit (MRE, etc.)
Forensic Analysis
Understanding of Mobile as Telecommunication Device (2G/3G, etc.)
Understanding Mobile/Devices Internals
Working with JTAG/UART Ports
Porting Open Softwares on Mobiles/Hardwares

Expected outcomes:

Understanding of mobile devices internals and capabilities
Documenting mobile devices capabilities and internals
Publishing of blogs on knowledge generated
Exploration/Speculation on research/development avenues

Agenda

I. Core Talks
Tea/Coffee: Time: 9:00 - 9:30 a.m.
1. Arduino Board Capabilities and Playing Around It! Objective: Understanding Arduino board capabilities and playing with it Speaker: Sudar Muthu Level: Introduction Duration: 1 Hour Time: 9:30 - 10:30 a.m.
2. Initiatives@CIS Objective: Discussing the research initiative that has led CIS to become interested in mobile device internals and capabilities Speaker: Jadine Lannon Level: Introduction Duration: 10-15 Minutes Time: 10:30 - 10:45 a.m.
3. Mobile Hacking Through Linux Drivers Objective: Understanding the Linux kernel & driver internals from the perspective of reverse engineering Speaker: Anil Kumar Pugalia Level: Intermediate to Advanced Duration: 1 Hour Time: 10:45 - 11:45 a.m.
4. Hardware Hacking (Board/Chips Capabilities) Objective: Discuss and explore key areas of mobile hardware (power, clock, pin multiplexing, peripherals, etc.) Speaker: Khasim Syed Mohammed Level: Introductory to Advanced Duration: 1 Hour Time: 11:45 - 12:45 p.m.
Lunch Time Time: 12:45 - 1:30 p.m.
5. Porting Open Software on Hardware Objective: Cover porting examples for each type of peripherals Cover Android and Linux bringup as an example Speaker: Khasim Syed Mohammed Level: Intermediate to Advance Duration: 2 Hours Time: 1:30 - 3:30 p.m.
II.Community Knowledge Sharing/Hacking!
Time: 3.30 to 5.30 p.m.
5. Free Slot
6. Free Slot
Tea/Coffee Time
7. Free Slot
8. Free Slot

We are inviting community members to take up Free Slots to share their knowledge in this section. In this section, any person can propose a talk, workshop, or speculation about any device for a duration 30 minutes to 1 hour, as long as the topic falls within broader scope of the focus areas described at the in the “Scope of the Conference and Workshop” section of the workshop objectives.

Venue, Dates and Logistics

The event will take place on Saturday, October 27, 2012, at the following address:

TERI Southern Regional Centre
4th Main, Domlur II Stage
Bangalore - 560 071
Karnataka

The event will be begin at 9 a.m. on Saturday and end in the evening around 5 p.m. Lunch and snacks will be provided by CIS.

Available Resources:
CIS has purchased 12 gray-market mobile phones with the intent to document as much information about the life-cycles, hardware, software and content of each phone as possible. We request that the producers, make and model of each device be kept anonymous in discussions/publications that take place outside of the workshop.

The Speakers

1. Anil Kumar Pugalia
The author is a freelance trainer in Linux internals, Linux device drivers, embedded Linux & related topics. Prior to this, he was at Intel and Nvidia. He has been working with Linux since 1994. A gold medallist from IISc, Linux & knowledge sharing are two of his many passions. Creating and playing with open source hardware is one of his hobbies, which he materializes through his company eSrijan, which can be accessed at:
Website: http://profession.sarika-pugs.com/

2. Jadine Lannon
Jadine is a research intern at the Centre for Internet and Society. She is currently working on the “Pervasive Technologies: Access to Knowledge in the Marketplace” research project. More information on the research project can be found here: http://cis-india.org/a2k/pervasive-technologies-access-to-knowledge-in-the-market-place

3. Khasim Syed Mohammed
Khasim leads Open Hardware and Software Initiatives at Texas Instruments. Blog: http://www.khasim.in/; http://khasim.blogspot.in/

4. Sudar Muthu
Sudar does open hardware as hobby; Arudino is his playground. He is passionate about programming (particularly web-based) and loves to design and build web sites/services from scratch. AJAX, Web2.0, Semantic Web, Comet, RDF or any of those latest buzz-field jargons.

Blog: http://SudarMuthu.com; http://hardwarefun.com;

Supporting Communities:

NULL: http://null.co.in/
SecurityXploaded: http://securityxploded.com/
Computer Club India: http://computerclub.in/Main_Page

Register at: https://docs.google.com/spreadsheet/viewform?fromEmail=true&formkey=dG1UcHBYR2xRLWhPZ0QwVWlaaEg0SXc6MQ

For more details visit https://cis-india.org/a2k/events/workshop-exploring-the-internals-of-mobile-technologies-1

A Wikipedia Workshop at NMAIT

subha — 2013-01-04T16:30:28Z

The Centre for Internet & Society, Delhi collaborated with Metawings Institute to spread the words about Wikipedia for Indian languages. A one-day workshop was organized to educated the students on contributing to Wikipedia on December 21, 2012. About 170 engineering students took part in this event.

The workshop began with interaction with the students about their understanding. I asked few questions like what is Wikipedia, who edits articles on Wikipedia, is it paid or free, did they ever try to edit Wikipedia, etc. I took them through a presentation to explain basics of Wikipedia, five pillars, notability and copyright issues related to vandalism. One of the students were called to create his user account. Students were showed the simpler sign up process. To explain how articles are edited we introduced errors in the article on Bengaluru and made it the capital of India for few minutes! Students were explained how Wikipedia editors correct mistakes like these in real time and correct facts are published in Wikipedia. A majority of the students asked about the authenticity of articles which is open to anyone. So I got a chance to refresh the page and show how the error introduced was reverted within a few minutes.


Above is a picture of the participants from the Wikipedia Workshop at Karkala

The session went on with such interaction and students were explained more about the importance of citing references to add credibility to the facts they can add on Wikipedia articles.

We also had Dr. Ashok Kumar, prof, Computer science department, a wikipedian and columnist for Kannada newspaper Udaya Vani. Dr. Kumar introduced Kannada Wikipedia to the students. At the end of the session I had a discussion with him about organizing more workshops for Kannada Wikipedia and supporting participant students. Special thanks to Metawings for finding the venue and supporting for the event.

For more details visit https://cis-india.org/openness/blog-old/wikipedia-workshop-at-nmait

A Wikipedia Presentation at BITS, Goa

Radhakrishna Arvapally — 2015-03-09T01:21:43Z

Quark is one of India's largest science, technology and management festivals, held every February at BITS Pilani - K.K. Birla Goa Campus. This year in 2015, the event was held from February 6 to 8, 2015. This blog post captures the key moments. About 12 delegates attended the event.

How it Started?

For celebrating this annual event, "Quark 2015", BITS Pilani invited speakers from all over India. Many parallel tracks happen during this event. I got an Invite to speak about Wikimedia projects.The Centre for Internet and Society (CIS) supported my event participation.

Dr. Sunil Kumar, a BITS physics professor who could not join the presentation due to conflicting meetings met me in the morning that day. He was curious to understand how Wikimedia projects work, how people collaborate to write the same article, how the conflicting views gets resolved among editors and how one can trust the content. He was excited to know the mechanics behind. We discussed about organizing a quiz for their students. He responded very positive and said that he will discuss this internally and get back to me later.

CIS team also helped me to establish contact with Luis Gomes, a local Konkani Wikipedian. We met at the event and shared our thoughts. It was a good learning for me to understand how Konkani Wikipedia is progressing.

I gave my speech in the afternoon. The participants showed great enthusiasm to learn about Wikipedia projects. The session was very interactive. The participants tried answering open ended questions like — As on today, what are the possible ways to preserve unique knowledge and skill? The participants also asked questions on the source of knowledge contribution to Wikipedia and how it survives?

My presentation showcased how anyone could contribute to Wikipedia and also explore greater possibilities of exploring existing frame work with examples like QRpedia, WikiWand, and many more.

For more details visit https://cis-india.org/openness/blog-old/a-wikipedia-presentation-at-goa

A Wikipedia Mini-hackathon in Delhi

Yuvraj Pandian — 2012-12-04T07:31:21Z

Wikipedian Yuvaraj Pandian visited the CIS office in Delhi and helped the Access to Knowledge team conduct a super-ad-hoc mini-hackathon with two other volunteers, Sheel from Delhi and Harsh from Ahmedabad. The aim was to get them a kickstart in developing userscripts/gadgets, and get them to a point where the prior existing documentation makes sense to them.

The ad-hoc plan had three parts:

The execution environment (Concept of userscripts vs gadgets, ResourceLoader)
The API concepts (Special:ApiSandbox, concept of 'actions' in the API)
Accessing the API from JS (mediawiki.api module, concept of AJAX)

Here is the account of what they did, written by Yuvi:

"We covered all parts of them slowly, with both Harsh and Sheel working at things until they fully understood what they were doing and why whatever they were doing was working.

I introduced them to the environment first by having them execute code in Chrome's JS Console, and then in their own common.js. Once they understood the context in which the code was getting executed, the 'ResourceLoader default modules'[1]documentation started making sense to them, and they could pick up other modules from there.

We then explored the API via the API Sandbox[2], which is a relatively new (and not very well known) way of letting people play around with the API. It is a massive improvement over the older, non-interactive docs[3], and both Harsh and Sheel were very excited about being able to discover all the things they could do with the API. A fair amount of time was spent messing around with it on different wikipedias (en, hi and gu) and reading bits of the API Documentation[4] to understand the concepts behind the actions - and for filling in the gaps.

Finally we had them use the API from a userscript to make calls. I went through the entire process line by line, explaining how AJAX works and how asynchronous programming works. We traced the flow of code together to understand how the seamingly nonlinear asynchronous programming model works. Then we dug into a bit of how to use the mw.loader module to make dependencies work, and why the same code that was working in the chrome js console was not working in their common.js.

It ended with them trying to port HotCat to their native language wikipedias. Harsh started to explore more about getting started with MediaWiki dev itself (rather than just gadgets), but the clone took a looooong time and we had run out of time by then. I directed him to a WMF tech open chat happening today, and hopefully that could help!

[1].https://www.mediawiki.org/wiki/ResourceLoader/Default_modules
[2].https://en.wikipedia.org/wiki/Special:ApiSandbox
[3].https://en.wikipedia.org/w/api.php
[4].https://www.mediawiki.org/wiki/API:Main_page

For more details visit https://cis-india.org/openness/blog-old/mini-hackathon-delhi

A Treat for the Blind

praskrishna — 2013-07-11T06:02:27Z

The WIPO treaty will provide copyright exceptions on books making them available to blind people in formats they can use.

The article by Chitra Narayanan was published in Business World on June 26, 2013. Pranesh Prakash is quoted.

For millions of visually impaired people around the globe, it’s a landmark treaty that could open up the kingdom of books for them. After days of intense deliberations at Marrakesh in Morrocco, about 600 World Intellectual Property Organisation (Wipo) negotiators, including delegates from India, reached a consensus on a treaty that will provide copyright exceptions on books making them available to blind people in formats they can use.

Wipo, a United Nations agency, is dedicated to the use of intellectual property as a means of stimulating innovation and creativity. The agency has 186 member states.

Sure, content is king. But for the visually impaired, the right platform for accessing content is what makes the difference. Thanks to audio books, a host of apps, and digital platforms such as Bookshare, which provides content in accessible formats, the technology is already there to bring the rich world of 'hardcovers' and 'paperbacks' alive for those who cannot see. What’s more, these books are compatible with all kinds of devices from mobile phones to tablets to PCs.

Now, at last, there is legal sanction as well to content that was not being made available in accessible formats by the copyrights holders. For the 15 million people who are blind in India, the treaty is expected to open education doors as well as provide entertainment needs. India has the world’s largest number of blind people.

Bangalore-based Centre for Internet Society, a policy research organisation, has been at the forefront of negotiations at WIPO to get the treaty through. Minutes after the session concluded, Pranesh Prakash, policy Director at CIS and his colleague Sunil Abraham were tweeting ecstatically about the “win”.

For five long years, this Wipo treaty has witnessed contentious discussions on issues such as including exports of copyrighted works, translations of copyrighted works and so on. According to Prakash, who responded over twitter, “On Exports we won, but re-exports which was earlier permitted has become much more difficult.”

There are also other grainy areas such as commercial availability of the books. According to a post on the Intellectual Property Watch website, soon after the agreement was reached, commercial availability still stands under Article 4 (National Law Limitations and Exceptions on Accessible Format Copies) but has disappeared from Article 5 (cross border exchange of accessible format copies).

Although blind music legend Stevie Wonder, one of the most ardent supporters of the treaty, must be crooning Signed, Sealed, Delivered... it’s early days yet. The draft of the treaty has to be ratified by governments before being adopted.

But for five long years, it has been a long hard battle between copyright owners and those fighting for human rights of the visually impaired. Finally, as one observer, put it: 'a rare victory is in sight for human rights'.

For more details visit https://cis-india.org/news/business-world-june-26-2013-chitra-narayanan-a-treat-for-the-blind

A Talk by Charlotte Lapsansky

praskrishna — 2011-04-22T07:41:20Z

Charlotte Lapsansky will give a lecture on the "Mobile Voices project" at the Centre for Internet and Society, Bangalore on Thursday, 16 September 2010.

Mobile Voices is an academic-community partnership to research and design a platform for low-wage immigrants in LA to publish stories about their lives and their communities directly from their mobile phones. This low-cost, open source, customizable, and easy to deploy multimedia mobile storytelling platform will be designed in collaboration with its users, and will help recent immigrants who lack computer access gain greater participation in the digital public sphere.

In this talk, Charlotte will describe the Mobile Voices project and discuss key themes that have arisen for the Mobile Voices project team, including participatory technology design, community digital storytelling, and digital inclusion through mobile-phone based platforms. She will then describe the key technological and social issues that have arisen in the process of adapting Mobile Voices for India and the opportunities and challenges this presents.

About Charlotte Lapsansky

Charlotte Lapsansky is a PhD Candidate and American Association of University Women Dissertation Fellow at the Annenberg School for Communication at the University of Southern California. Charlotte has a background in development communication and mass media campaigns addressing gender and health in India. At Annenberg, her research interests include communication for social change, participatory development communications, community mobilization and strategic campaign planning. For the past two years, she has been a team member for Mobile Voices, a participatory project which has created a Drupal-based digital storytelling platform for first-generation, low-wage migrant workers in Los Angeles, allowing them to create and publish stories about their communities directly from their mobile phones. Currently, Charlotte is collaborating with organizations in India to customize and adapt the mobile voices platform social endeavours in India.

VIDEOS

For more details visit https://cis-india.org/events/charlotte-lapsansky-talk