Centre for Internet and Society

Women's Safety? There is an App for That

rohini — 2017-01-10T02:48:34Z

“After locking ourselves in a room for more than 6 days, this is what we came out [sic] with. Join us in helping make WOMEN feel SAFE,” read a gloating press release about a smartphone app for women to notify their near ones that they were in distress. It was one among many such PRs frequently landing in my mailbox after the rape and murder of a young student on board a private bus in Delhi in 2012.

The article by Rohini Lakshané was published in Gender IT.org on May 19, 2016. This was also mirrored by Feminism in India on January 9, 2017.

The incident had spurred protests across the country and made international headlines. Along with all this came a slew of new “women’s safety” apps. Existing ones, many of which had fizzled out, were conveniently relaunched. My own experience of user-testing such apps in India back then was that they were unreliable at best and dangerously counterproductive at worst. Some of them were endorsed by governments and celebrities and ended up being glorified despite their flaws, their technical and systemic handicaps never acknowledged at all.

There are myriad mobile phone apps meant to be deployed for personal safety, but their basic functioning is more or less the same: the user activates the app (by pressing a button, shaking the device or similar cue), which sends a distress message containing the users’ location to pre-defined contacts. Some apps include additional artefacts such as a short audio or video recording of the situation. Some others augment this mechanism by alerting the police and other agencies best placed to respond to the emergency. For example, the Companion app for students living on campus notifies the university along with police. The SOS buttons in taxi-hailing apps such as Uber enable the user’s contacts to follow the cab’s GPS trail and notify them and the cab company’s “incident response team” of emergencies. Apps such as Kitestring would treat the lack of the user’s response within a time-window as the trigger for a distress message. All their technical wizardry perhaps makes it easy to lose sight of the fact that technology is not a saviour but a tool or an enabler, that technology alone cannot be the panacea of a problem that is deeply complex and, in reality, rooted in society and governance.

The Indian government announced last month that every phone sold in the country from January 2017 should be equipped with a panic button that sends distress flares to the police and a trusted set of contacts. Nearly half the phones sold in India cost USD 100 or less. Prices are kept so low by sacrificing features and the quality of the hardware; there are a lot of phones with substandard GPS modules, poor touchscreens, slow processors, bad cameras, tiny memory, and dismal battery life. They run on different versions of different operating systems, some of them outdated. All of these factors would determine if someone is able to use the app at all and how quickly they and their phone would be able to respond to an emergency. Additionally, mobile phone signals become thin or shaky in areas with a high number of users and buildings located cheek-by-jowl. Even when the mobile hardware is good and the mobile signal usable, GPS accuracy can be spotty and constant location tracking would hog battery. These issues would affect the efficacy of any app. Besides, there is too much uncertainty for an app developer to factor in. (Two years ago, I learnt about an app called Pukar, then operational in collaboration with police departments in four cities in India. Pukar solved the problem of potential inaccuracy of the GPS location by getting the user’s contacts to tell the police where the person in distress might be.) Designing a one-size-fits-all safety app is almost impossible. The app that rings a loud alarm when triggered may save someone’s life or spoil the chances of someone who is trying to get help while hiding. Different people may be vulnerable to different kinds of distress situations and an app can at best be optimised for some target user groups.

An app that does not work in tandem with existing machinery for law enforcement and public safety is a bad idea.

In the end, the “technical” problems may actually be problems of economic disparity. Making it mandatory for people to own phones equipped with certain hardware or requiring them to upgrade to more reliable devices would drive the phones out of the financial reach of many. Indian manufacturers have expressed concerns that the proposed panic button would raise costs for them as well the end buyers. Popularising a downloadable app and informing its target users how to install and work it correctly needs a marketing blitzkrieg, which is something only the state or well-funded developers can afford. The New Delhi police department runs a dedicated control room for reports arriving from its safety app, Himmat (the word for courage in many Indian languages). It’s an expensive affair.

An app that does not work in tandem with existing machinery for law enforcement and public safety is a bad idea. It puts the onus of “keeping women safe” on members of their social circles or on intermediaries and private parties such as cab companies, while absolving law enforcement agencies of their failing to provide security. It opens doors to victim blaming in case someone is unable to use the app at the right time in the right way, or if the app fails.

On the contrary, an app that does loop in the police raises concerns about surveillance and protection of data available to the police, which is especially problematic in places such as India where there is no law for privacy or data protection. Alwar, one of the cities where Pukar was implemented, is super-populated with a large geographical area and a high crime rate. Police departments in such places tend to be overworked and understaffed. Without significant policing reforms, it is questionable whether they will be able to respond in time. A sting operation done by two media outlets on 30 senior officials of the New Delhi police department in 2012 showed the cops blaming victims of sexual violence with gay abandon. “If girls don't stay within their boundaries, if they don't wear appropriate clothes, then naturally there is attraction. This attraction makes men aggressive, prompting them to just do it [sexual assault]," reads one of their nuggets. “It's never easy for the victim [to complain to the police]. Everyone is scared of humiliation. Everyone's wary of media and society. In reality, the ones who complain are only those who have turned rape into a business," goes another. An app that lets known people monitor someone’s location also poses the risk of abuse, coercion and surveillance by intimate partners or members of the family.

Unfortunately, there is no app for reforming a morass in law enforcement or dismantling patriarchy.

For more details visit https://cis-india.org/internet-governance/blog/gender-it-rohini-lakshane-may-19-2016-womens-safety-there-is-an-app-for-that

Why The New Government Policy Mandating Panic Buttons On Phones Isn’t Going To Protect Women

praskrishna — 2016-05-15T09:45:36Z

Recently, the Union Minister for Communications and Information Technology Mr Ravi Shankar Prasad tweeted about new rules mandating a panic button in every cell phone sold in the country from January 2017. To keep ladies safe, of course.

The story by Madhura Kadaba was published in the Ladies Finger on May 14, 2016. Rohini Lakshané was quoted.

According to a statement released by the Telecommunications Ministry, the panic button will be activated by pressing a designated button on a smartphone or by holding down both ‘5’ and ‘9’ keys on a basic phone. Pressing the panic button is expected to alert police and designated friends or relatives, similar to apps launched previously by police departments like Himmat.

It followed remarks from the Union Minister for Women and Child Development, Ms Maneka Gandhi, in the Lok Sabha in December 2015. “Every cell phone will have an in-built panic button. Now, all new cell phones will be made with panic buttons. But in case of all old cell phones, you can go to the person who owns the company or the dealer and they will adjust it for you. If a woman is in trouble, she can just press the button on the cell phone and she will immediately get help.”

Two days later, reacting to concerns that the mandate could increase mobile phone costs, Mr Ravi Shankar Prasad said, “Manufacturers… have given their support. My expectation is that they will render their support in social justice and women security.”

After a point, it almost becomes a farce — the government’s continuous search for grand, one-stop solutions to dealing with sexual violence. We had the vast coffers of the Nirbhaya fund, which went nowhere. It had tech solutions coming out of its 1000-crore ears. It included plans for setting up control rooms in 114 cities within 9 months back in 2014 and surveillance cameras in all public transport vehicles including autos! Who was going to be watching the feed of these cameras, if ever by some vast change in the face of humanity such a thing happened, you may wonder? Or as journalist Revati Laul wrote, “Given that police stations across the country are short staffed, given how many of them cannot even afford paper to file a first information report (FIR) or fuel for the police personnel’s motorbike, just how will the appearance of these control rooms change that? How will switchboards help if police stations in even big cities like Varanasi have too few vehicles to cater to the existing load of emergencies they have to deal with?” But hush, don’t interrupt when Daddy is talking.

Recently, we published an investigation into the one-stop centres promised by the Nirbhaya fund. These centres are supposed to provide services like assistance in lodging FIRs, medical assistance for medical examinations, and therapy. On paper, Delhi is supposed to have 6. Good luck locating them because they don’t exist. Most of the staff of the hospitals where the centers were to be located were clueless about the program.

But perhaps we should forget the tiresome past and move to the shiny button-filled future. We asked Rohini Lakshane, a technology expert and Program Officer at the Centre for Internet and Society what she thought of panic buttons. Recently she reviewed a bunch of personal safety apps geared toward women and was very unimpressed. About the government’s new plan, she said, “GPS accuracy in India can sometimes be patchy and not very accurate, and continuous location tracking drains the battery, something that could be problematic for people with phones that do not have good GPS hardware or a long battery life.” Lakshane added, “The app would also enable tracking by family members, which can increase the chance of intimate partner abuse and violence. There have been instances in which apps that provide real-time location or periodic updates of the location of a person to a contact have enabled abuse by intimate partners or by members of the family.” In short, you are unlikely to get the help you need in case of stranger danger and continue to face whatever oppression you maybe facing from your ‘loved ones’.

Which brings us to the biggest problem with panic buttons, the idea that what Indian women should live in fear of scary strangers outside the house.

The story by Madhura Kadaba was published in The Ladies Finger on May 14, 2016. Rohini Lakshane was quoted. The story by Madhura Kadaba was published in the Ladies Finger on May 14, 2016. Rohini Lakshane was quoted.

In fact, carefully conducted research shows over and over again that Indian women are most likely to face violence from their families, within their homes. The Mumbai programme RAHAT’s report shows that 91 percent of the accused in reported cases of rape were by known persons. Add on the fact if you have even a fleeting acquaintance with a man who attacks you the police are additionally reluctant to do anything.

Not that the police like to file complaints if you have been raped by a stranger. That way they are quite equal opportunity about ignoring complaints.

Perhaps we should have a panic button in our phones after all. A daily reminder that you should fear rape, in case for a moment you had decided to stop worrying. A daily reminder that if you do get raped you must remember to press a button that goes nowhere. A great metaphor for how we deal with victims of sexual violence in India.

For more details visit https://cis-india.org/internet-governance/news/why-the-new-government-policy-mandating-panic-buttons-on-phones-isn2019t-going-to-protect-women

Privacy Issues with DRM

Jalaj Pandey — 2016-05-03T02:41:15Z

This post has been written by Jalaj Pandey interning at CIS. It elaborates upon the various privacy issues with the Digital Rights Management. The author talks about the various ways in which content producers use DRM as a tool to infringe the privacy of the end users.

Nehaa Chaudhari provided inputs and also edited the blog post. Click to download the File.

The ubiquity of internet in today's world has made content and information sharing an easy task. A certain media file can be shared and made public with hardly any technical obstacles. Issues like hacking, unauthorized copying and publication, unlicensed usage have become concerns for content producers, who have employed Digital Rights Management (hereafter DRM) measures to address some of them.

Several instances of the online privacy intrusion by the content producers have been recorded. In such a scenario the balancing the rights of the content producers and the end users becomes an important one. It is imperative to find a common ground to safeguard the interests of both the parties involved. In the recent past DRM has been receiving a lot of flak because of the privacy issues contented by the users.

In the most rudimentary form privacy can be explained as any information about an individual which he/she does not want to be made public. It is important to mention that this information is seen from the perspective of an ordinary reasonable person. The UN Declaration of Human Rights, 1948, defines privacy as a fundamental right of every human. The functioning of the DRM is based on restricting the usage or distribution of the content. Since this restriction is only possible after there is a formal identification of the end user, the content producers end up collecting information about the users. For example: a DRM for a music file might work in a manner where it can only be accessed by one computer from which the user accesses and registers for the first time. DRMs initially identify the IP addresses of the system and make the file functioning on only that IP address. In this way the producer ends up collecting information about the end user. Different DRM models take different ways to collect information of their user. While collecting IP addresses in one of them the other way is tracking the user information via download, browsing activities, subscription service, etc. The usage log of the users is generated and becomes a valuable asset to assess and predict the preferences of the users

Two contentions of privacy have been raised on the privacy issues of DRM -

a) What is the accountability of this process and

b) Whether it puts the content producers in a position where they can control the users.

The information collected is under the control of content producers, who mostly store this information in the form database. BEUC (European Consumer Organization) claimed that the DRM systems technologically enable content providers to monitor private consumption of content, create reports of consumption, and profile users.

The information is at the disposal of the content producers. An assessment of DRM applications under Canadian Privacy showed that the firms did not even recognise privacy issues of the customers as a priority. In fact the firms failed to provide the information that was stored in their databases. This gives an idea about the lack of transparency that exists in collecting the information about users. The question whether users are aware of what information is being collected and to what extent they are being tracked online remains unanswered. The CEN/ISSS (European Committee for Standardization/ Information Society Standardisation System) pointed out that DRMs have a large potential to transmit, generate personal information about users. It has also been characterized by unprecedented levels of monitoring by various content producers.

Further the principled level argumentation to this is on lines of collection of information without any authentication from the user herself/himself. It is essential that if any information is collected or saved by the producers it should only be after taking consent of the user. Surveillance and compelled disclosure of information about intellectual consumption threaten rights to personal integrity.

DRMs take away the anonymity of the consumption. Since the producers can practically monitor the content usage of the user, this has led to wide scale of price discrimination. This means that producers would monitor and assess the preferences of the user and subsequently raise the prices of that particular class of products. In the report of FIPR (Foundation of Information Policy and Research) it was found that Microsoft had been trying to implement their DRM systems in their products using a similar approach to gain a monopoly position as in their strategy of browser implementation.

The Sony BMG copy protection rootkit scandal in 2005 brought much criticism to DRM. It was found out that Sony BMG had introduced illegal and harmful copy protection measure in its CDs. The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. Further more than just the DRM part of it the software also made the user's system open to a number of malwares and created vulnerabilities in the system. Sony was eventually made to compensate consumer costs, etc on the same. However the question of whether the database in the hands of companies can be used in arbitrary manner was intensely discussed after this.

It is essential that an effective framework is brought into effect which caters to privacy interests of the users. Privacy is the basic human right and it is the onus of the State to protect and safeguard this right. It is essential that the State does not compromise and support mechanisms which promote the welfare of the content producers over the users. The balance of users and producers becomes all the more important in a developing country like ours. The lack the awareness and the knowledge coupled with increasing usage of internet can lead to the exploitation of many. It is essential that the States see through these problems and collectively find an all encompassing solution to it.

K. G. Coffman and A. M. Odlyzko, Growth of the Internet, AT&T Labs - Research, July 6, 2001, available at, ( www.dtc.umn.edu/~odlyzko//doc/oft.internet.growth.pdf) (hereinafter Growth).

The Daily Source, The Growing Impact of the Internet, April 4, 2016, available at (https://www.dailysource.org/about/impact).

Corryne Mcsherry, Adobe Spyware Reveals (Again) The Price Of DRM: Your Privacy And Security, Electronic Frontier Foundation, October 17, 2014, available at,

(https://www.eff.org/deeplinks/2014/10/adobe-spyware-reveals-again-price-drm-your-privacy-and-security).

Digital Rights Management: A failure in the developed world, a danger to the developing world, Electronic Frontier Foundation, March 23, 2005, available at,

(https://www.eff.org/wp/digital-rights-management-failure-developed-world-danger-developing-world).

R. Subramanya and Byung k. Yi, Digital Rights Management, available at, ( https://www.academia.edu/8054608/Digital_Rights_Management) (hereinafter Digital Rights Management).

Global internet liberty campaign, privacy and human rights, An International Survey of Privacy Laws and Practice, available at, (http://gilc.org/privacy/survey/intro.html).

Ann Cavoukian, Privacy and Digital Rights Management (DRM): An Oxymoron, Information and Privacy Commissioner Ontario, available at, ( https://www.ipc.on.ca/images/Resources/up-1drm.pdf ) (hereinafter Oxymoron)

Varian, H.R. (1985) 'Price discrimination and social welfare', American Economic Review, Vol. 75, available at, (http://www.economics-ejournal.org/economics/journalarticles/2007-1/references/Varian1985).

Privacy and Digital Rights Management,A position paper for the W3C workshop on Digital Rights Management, January 2001, available at, ( www.w3.org/2000/12/drm-ws/pp/hp-poorvi.html).

Growth supra note, 1.

Digital Rights Management supra note, 5.

Thierry Rayna, Privacy or piracy, why choose? Two solutions to the issues of digital rights management and the protection of personal information, Intellectual Property Management, Vol. X, No. Y, available at,

(www.inderscienceonline.com/doi/abs/10.1504/IJIPM.2008.021138).

Oxymoron supra note, 7.

BEUC, Consumentenbond, and CLCV at DRM Working Group 1 (2002), available at, (https://privacy.org.nz/assets/Files/4558510.pdf).

Natali Helberger and Kristo´f Ker´enyi and Bettina Krings, Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations, available at (citeseerx.ist.psu.edu/showciting?cid=733532).

Knud Bohle, Indicare, Research into unfriendly DRM : A Review, December, 2004,available at, (citeseerx.ist.psu.edu/showciting?cid=733532) (hereinafter Indicare).

European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003.

Indicare supra note, 16.

News Release, "Forrester Technographics Finds Online Consumers Fearful of Privacy Violations" (October 27, 1999 available at, (www.forrester.com/ER/Press/Release/0,1769,177,FF.html).

Julia E. Cohen, Georgetown Law Faculty Publications, DRM and Privacy, January 2010, available at,

(https://www.academia.edu/2164013/DRM_and_Privacy).

Moe, W. and Fader, P. (2004) 'Dynamic conversion behavior at e-commerce sites', Management Science, Vol. 50, available at,

(https://www.researchgate.net/publication/227447618_Dynamic_Conversion_Behavior_at_E-Commerce_Sites).

Privacy or piracy supra note, 21.

Sismeiro, C. and Bucklin, R. (2004) 'Modeling purchase behavior at an e-commerce web site: a task completion approach', Journal of Marketing Research, available at, (citeseerx.ist.psu.edu/showciting?cid=906878).

Ross Anderson, Foundation of Information Policy and Research Consultation Response to DRM (2004), available at, (www. fipr.org/APIG_DRM_submission.pdf).

Otto Helweg, Sony, Rootkits and Digital Rights Management Gone Too Far, Oct, Oct. 31, 2014, available at (https://blogs.technet.microsoft.com/markrussinovich/2005/10/31).

Sony BMG Litigation Info, Electronic Frontier Foundation, available at, (https://www.eff.org/cases/sony-bmg-litigation-info).

For more details visit https://cis-india.org/internet-governance/blog/privacy-issues-with-drm

April 2016 Newsletter

sunil — 2016-05-10T06:26:09Z

Welcome to the CIS newsletter for April 2016. The key issues we worked on this month included the Aadhaar Act 2016, Standard Essential Patents, cyber security of smart grids, and involvement of international agencies in the smart cities project in India.

Early last year, thanks to the fund raising efforts of a friend of CIS - Suhail Kazi, we received Rs. 1.9 lakhs as donations from 19 individuals. In January this year, we set up an online giving feature on our website which would ease the donation process, but we haven’t got a single donation so far! This could be because many of you may be under a false impression that CIS is very wealthy and does not need more support. Unfortunately, this is no longer true. Today, we are unable to find a single donor who is interested in our Accessibility, Telecom, or RAW programmes. In other words, we need your support. Would you to consider making a small donation to CIS? Click here to donate.

Previous issues of the newsletters can be accessed here: http://cis-india.org/about/newsletters.

Highlights
CIS prepared an FAQ on the Aadhaar / UIDAI project and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. Further, two infographics were produced to highlight on the questions of "Can the Aadhaar Act 2016 be Classified as a Money Bill?" and "Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?". NVDA team prepared a report on the progress of the project for the month of April 2016. CIS submitted its comments to the Department of Industrial Policy and Promotion's Discussion Paper on Standard Essential Patents and their Availability on FRAND Terms. CIS has offered its assistance on other matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards the sustained innovation, manufacture and availability of mobile technologies in India. A summary of the comments can be accessed here. Responses to the Discussion Paper is available here. Rohini Lakshané's paper titled Patents and Mobile Devices in India: An Empirical Survey has been accepted for publication by the Vanderbilt Journal of Transnational Law. Kiran A.B. in a blog post has documented the availability and openness of data sets in India that are relevant for monitoring the targets under the SDGs. Low-cost Aakash tablet and its previous iterations in India have gone through several phases of technological changes and ideological experiments wrote Sumandro Chattapadhyay and Jahnavi Phalkey in an article published in the Economic and Political Weekly.

-----------------------------------
CIS in the News
-----------------------------------

CIS gave inputs to the following media coverage:

India's biometric database crosses billion-member mark (AFP and Daily Mail, UK; April 4, 2016).
The Panama Papers and the question of privacy (Big News Network; April 6, 2016). This was originally published by Privacyinternational.org.
Daunting task ahead for investigative agencies with WhatsApp's end-to-end encryption (Neha Alawadhi; Economic Times; April 8, 2016).
PMO’s no to smart cards, insists on Aadhaar (Somesh Jha; Hindu; April 10, 2016).
2014 showed the power of Twitter, now every Indian politician wants a handle (T.V. Jayan, Smitha Verma,Sonia Sarkar and V. Kumara Swamy; Telegraph; April 10, 2016).
Why is the UIDAI cracking down on individuals that hoard Aadhaar data? (Alnoor Peermohamed; Business Standard; April 13, 2016).
You will need a license to create a WhatsApp group in Kashmir (Governance Now; April 19, 2016).
Will Facebook, Twitter relocate servers to India? (Taru Bhatia; Governance Now; April 23, 2016).
Government keeps experts out of cyber security discussions (Amrita Madhukalya; DNA; April 23, 2016).
CCTV plays Sherlock (Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya; The Times of India; April 24, 2016).

CIS members wrote the following pieces:

Sunil Abraham wrote an article in the July 15 edition of Frontline arguing that the Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better.
Amber Sinha wrote an article in The Wire arguing that the Aaddhaar Act is not a money bill, and the Supreme Court may very well question the decision by the Lok Sabha speaker to classify it as such.
Sumandro Chattapadhyay also wrote on The Wire arguing that "the last chance for a welfare state doesn’t rest in the Aadhaar system."
Subhashish Panigrahi's article on the 8 challenges that Indian language Wikipedias have to overcome was published by Global Voices. The article had earlier been published in the Wire.
Elonnai Hickok and Vanya Rakesh co-authored an article on Cyber Security of Smart Grids in India that was published by Dataquest.
Shyam Ponappa in his monthly column published in the Business Standard tell us that it's time the government accepts that current policies are not enough to bring about Digital India.

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

Comments

Comments on Department of Industrial Policy and Promotion Discussion Paper on Standard Essential Patents and their Availability on Frand Terms (Anubha Sinha, Nehaa Chaudhari and Rohini Lakshané; April 23, 2016).
Responses to the DIPP's Discussion Paper on SEPs and their Availability on FRAND Terms (Anubha Sinha, Nehaa Chaudhari and Rohini Lakshané; April 23, 2016).
Summary of CIS Comments to DIPP’s Discussion Paper on SEPs and their availability on FRAND terms (Anubha Sinha; April 26, 2016).

Blog Entries

Global Congress 2015 - A Collection of Resources (Pervasive Technologies Team; April 1, 2016).
Compilation of Mobile Phone Patent Litigation Cases in India (Rohini Lakshané; updated on April 15, 2016).
Joining the Dots in India's Big-Ticket Mobile Phone Patent Litigation (Rohini Lakshané; updated on April 29, 2016).
MHRD IPR Chair Series: Information Received from Tezpur University (Karan Tripathi; April 26, 2016).
National IPR Policy Series : Sectoral Innovation Councils on Intellectual Property Rights – RTI Requests + DIPP Responses (Nehaa Chaudhari and Saahil Dama; April 30, 2016). Nisha S. Kumar assisted in compilation of the document.

Participation in Events

Fifth Annual IP Teaching Workshop (Organised by the Centre for Innovation, Intellectual Property and Competition at National Law University Delhi in association with National Academy of Law Teaching, NLU-D; Delhi; March 31 and April 1, 2016). Nehaa Chaudhari was a speaker.
First Round-table on Innovation, IP and Competition (Organized by the Centre for Innovation, Intellectual Property & Competition (CIIPC) at the National Law University, Delhi; India Habitat Centre; New Delhi; April 1-2, 2016). Nehaa Chaudhari and Anubha Sinha attended the round-table.
Brainstorming Workshop on PG Programme on Media Studies for UGC E-Pathshala Programme (Organized by Jamia Milla Islamia; New Delhi; April 5, 2016).
Sensitization Seminar on IPR for Electronics & ICT Sectors (Organized by Andhra Pradesh Technology Development & Promotion Centre (APTDC) of Confederation of Indian Industry (CII), in association with Department of Electronics and Information Technology (DeitY); Vishakhapatnam; April 21, 2016).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Work Plan

CIS - A2K Work Plan: July 2016 - June 2017 (CIS-A2K Team; April 2, 2016): We have revised the work plan template taking into account the changed proposal plan sent out by WMF and in light of the feedback that we have received from FDC assessment during last proposal application. The FDC feedback is taken into account at the level of design, RoI and ensuring quality for all our activities.

Article

Eight Challenges Indian-Language Wikipedias Need to Overcome (Subhashish Panigrahi; Global Voices; April 21, 2016). A version of this post was previously published on The Wire.

Media Coverage

Odia gets more space in e-world (Anwesha Ambaly; The Telegraph; April 7, 2016).
Exercise to Correct articles in Tulu Wikipedia begins (Raviprasad Kamila; The Hindu; April 28, 2016).

Event Organized

Tulu Wikipedia Editathon to Improve Quality of Articles in Tulu Wikipedia (Shri Ramakrishna PU College; Mangaluru; April 26 - 30, 2016).

-----------------------------------
Openness
-----------------------------------

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Monitoring Sustainable Development Goals in India: Availability and Openness of Data (Part II) (Kiran A.B.; April 12, 2016).

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Cyber Security

Cyber Security of Smart Grids in India (Elonnai Hickok and Vanya Rakesh; April 25, 2016).

►Big Data

Blog Entry

RTI regarding Smart Cities Mission in India (Paul Thottan; April 21, 2016).

►Privacy

Blog Entries

FAQ on the Aadhaar Project and the Bill (Elonnai Hickok, Vanya Rakesh, and Vipul Kharbanda; April 13, 2016).
Aadhaar Act and its Non-compliance with Data Protection Law in India (Vanya Rakesh; April 14, 2016).
Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill? (Pooja Saxena; April 24, 2016).

Articles

Will Aadhaar Act Address India’s Dire Need For a Privacy Law? (Nehaa Chaudhari; Quint; March 31, 2016).
The Last Chance for a Welfare State Doesn’t Rest in the Aadhaar System (Sumandro Chattapadhyay; April 19, 2016).
The Aadhaar Act is Not a Money Bill (Amber Sinha; April 25, 2016).

Participation in Events

RightsCon Silicon Valley 2016 (Organized by RightsCon; March 31 and April 1, 2016). Elonnai Hickok attended the event.
Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security (Organized by Students Christian Movement of India at SCM House; Bangalore; April 25, 2016). Sunil Abraham was a panelist.
The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), organised a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Prasanna S, Apar Gupta, and Dr. Chirashree Dasgupta, Sumandro Chattapadhyay was one of the discussants.
Aadhaar by Numbers (Organized by National Institute of Public Finance and Policy; New Delhi; April 29, 2016). Sunil Abraham was a speaker.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Breakthroughs Needed For Digital India (Shyam Ponappa; Business Standard; April 6, 2016 and Organizing India BlogSpot; April 7, 2016).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Article

Buying into the Aakash Dream - A Tablet’s Tale of Mass Education (Sumandro Chattapadhyay and Jahnavi Phalkey; Economic & Political Weekly; April 23, 2016).

Announcement

Call for Proposal: Big Data for Development – Initial Field Studies (Sumandro Chattapadhyay; April 29, 2016).

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/april-2016-newsletter

Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security

praskrishna — 2016-04-28T17:02:59Z

Sunil Abraham was a speaker at this event organized by Students Christian Movement of India at SCM House in Bangalore on April 25, 2016. Mathew Thomas and Usha Ramanathan also gave talks.

With the passage of the Aadhaar act 2016 is UID / Aadhar mandatory now? How do we understand the issue of Social Security in the context of the new law? What does it mean for those who need to access their senior citizen pension, rations, school and college scholarships, etc.

How does one understand the money bill route for introducing the bill in Parliament? What are implications of this for the validity of the law?

What will happen to the court cases challenging the UID now?

Where are we now on the thorny issues of surveillance, tracking, profiling, biometrics, private and foreign companies and subsidy? What does the law say?

This discussion will revisit the debates around the UID and examine the implications of the new law.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-uid-aadhar-act-2016-and-its-impact-on-social-security

The Aadhaar Act is Not a Money Bill

Amber Sinha — 2016-04-25T10:51:37Z

While the authority of the Lok Sabha Speaker is final and binding, Jairam Ramesh’s writ petition may allow the Supreme Court to question an incorrect application of substantive principles. This article by Amber Sinha was published by The Wire on April 24, 2016.

Originally published by The Wire on April 24, 2016.

Since its introduction as a money bill in the Lok Sabha in the first week of March [1], the Aadhaar (Targeted delivery of Financial and other subsidies, benefits and services) Bill, 2016 has been embroiled in controversy. The Lok Sabha rejected the five recommendations of the Rajya Sabha and adopted the bill on March 16 and only presidential assent was required for it become to become valid law. However, former Union Minister Jairam Ramesh filed a writ petition contesting the decision to treat the Aadhaar Bill as a money bill. The petition is due to be heard before the Supreme Court on April 25, and should the court decide to entertain the petition, it could have far-reaching implications for the Aadhaar project and the manner in which money bills are passed by the Parliament.

There are three broad categories of bills (all legislations or Acts are known as ‘bills’ till they are passed by the Parliament) that the Parliament can pass. The first kind, Constitution Amendment Bills, are those that seek to amend a provision in the Constitution of India. The second are financial bills which contain provisions on matters of taxation and expenditure. Money bills are a subset of the financial bills which contain provisions only related to taxation, financial obligations of the government, expenditure from or receipt to the Consolidated Fund of India and any matters incidental to the above. The third category is of ordinary bills which includes all other bills. The process for the enactment of all these bills is different. Money bills are peculiar in that they can only be introduced in the Lok Sabha where it can be passed by simple majority. Following this, it is transmitted to the Rajya Sabha. The Rajya Sabha’s powers are restricted to giving recommendations on the Bill and sending it back to the Lok Sabha, which the Lok Sabha is under no obligation to accept. The decision to introduce the Aadhaar Bill as a money bill has been widely seen as an attempt to circumvent the Rajya Sabha where the ruling party is in a minority.

Article 110 (1) of the Constitution defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to them. These are a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. Article 110 is modelled on Section 1(2) of the (UK) Parliament Act, 1911 which also defines the money bills as those only dealing with certain enumerated matters. The use of the word “only” was brought up by Ghanshyam Singh Gupta during the Constituent Assembly Debates. He pointed out that the use of the word “only” limits the scope of money bills to only those legislations which did not deal with other matters. His amendment to delete the word “only” was rejected clearly establishing the intent of the framers of the Constitution to keep the ambit of money bills extremely narrow.

While the Aadhaar Bill does make references to benefits, subsidies and services funded by the Consolidated Fund of India (CFI), even a cursory reading of the bill reveals its main objectives as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. The mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money bill. The bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May’s seminal textbook, ‘Parliamentary Practice” is instructive in this respect and makes it clear that a legislation which simply makes a charge on the Consolidated Fund does not becomes a money bill if otherwise its character is not that of one.

PDT Achary, former secretary general of the Lok Sabha, has expressed concern about the use of Money Bills as a means to circumvent the Rajya Sabha. He has written here [2] and here [3], on what constitutes a money bill and how the attempts to pass off financial bills like the Aadhaar Bill as money bills could erode the supervisory role Rajya Sabha is supposed to play. This is especially true in the case of a legislation like the Aadhaar Bill which has far reaching implications for individual privacy as it governs the identification system conceptualised to provide a unique and lifelong identity to residents of India dealing with both the analog and digital machinery of the state and by virtue of Section 57 of any private entities. Already over 1 billion people have been enrolled under this identification scheme, and the project has been a subject of much debate and a petition before the Supreme Court. The project has been portrayed as both the last hope for a welfare state and surveillance infrastructure. Regardless of which of the two ends of spectrum one leans towards, it is undeniable that the law governing the Aadhaar project deserved a proper debate in the Parliament. Even those who are strong proponents of the project must accept the decision to pass it off as a money bill undermines the importance of democratic processes and is a travesty on the Constitution and a blatant abrogation of the constitutional duties of the speaker.

The petition by Jairam Ramesh would hinge largely on the powers of the judiciary to question the decision of the Speaker of the Lok Sabha. Article 110 (3) is very clear in pronouncing the authority of the Speaker as final and binding. Additionally, Article 122 prohibits the courts from questioning the validity of any proceedings in Parliament on the ground of any alleged irregularity of procedure. The powers of privilege that Parliamentarians enjoy are integral to the principle of separation of powers. However, the courts may be able to make a fine distinction between inquiring into procedural irregularity which is prohibited by the Constitution; and questioning an incorrect application of substantive principles, which I would argue, is the case with the Speaker decision.

References

[1] See: http://thewire.in/2016/03/07/arun-jaitley-introduces-money-bill-on-aadhar-in-lok-sabha-24115/.

[2] See: http://indianexpress.com/article/opinion/columns/show-me-the-money-4/.

[3] See: http://www.thehindu.com/opinion/lead/circumventing-the-rajya-sabha/article7531467.ece.

For more details visit https://cis-india.org/internet-governance/blog/the-aadhaar-act-is-not-a-money-bill

CCTV plays Sherlock

praskrishna — 2016-04-24T04:51:04Z

Whether it's the Mercedes hit-and-run in Delhi or the antics of the chaddi baniyan gang in Mumbai, police are increasingly relying on CCTV footage to solve crimes. Sunday Times looks at how the small picture is getting bigger. .

The article by Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya was published by the Times of India on April 24, 2016. Pranesh Prakash was quoted.

In case after high-profile case, cameras have been the big stars of Delhi police investigations in recent months. After the Civil Lines hit-and-run case, where a 17-year-old driving a Mercedes was caught on camera speeding away from his victim, reliable witness to the crime came from a nearby CCTV. A few weeks ago, in the Vikaspuri lynching on Holi eve that threatened to take on communal colours, it was CCTV footage that clinched the case.

Across India, police officials reel off cases where CCTVs have made all the difference in identifying offenders and speeding up investigations. "Petty crimes like snatchings have been brought down by 50% in areas like Chandni Chowk since 2014," estimates Madhur Verma, DCP (north), Delhi Police. "Even if the face cannot be fully recognised, the timing shown on the CCTV grabs, and proof of the accused being present at the spot, can be useful corroborating evidence for the court," says DCP Dhananjay Kulkarni, explaining how CCTV helped nail the infamous "chaddi baniyan gang" in Borivli, Mumbai.

CCTV cameras have proliferated across our public spaces in the last few years, mutely observing our movements. It's not just the police; shops, companies and individuals install them too, and these come in handy for law enforcement. For instance, Delhi has about 1,79,000 CCTV cameras installed around the city, out of which 4,000 have been placed by the Delhi government, and the rest by private agencies who collaborate with the Delhi Police under its 'Eyes and Ears' scheme. "Cameras are a fact of life around the world, there's no going back for the police or for anyone else," says N Ramachandran, a former IPS officer, now president of the Indian Police Academy think-tank.

Whether London, Boston or Bengaluru, it is often a terrorist attack that shocks a city into ramping up its CCTV network. After the Church Street attacks, the police got cracking on surveillance, using crime-mapping techniques and shortlisting vantage points. While they currently use 300 cameras, the police believe the figure must be taken up to 2,500 to keep a better eye on the city.

But does CCTV control crime? To that question, there is only one unsatisfying answer — it depends. The debate is torn between those who see CCTVs as the embodiment of an eerie Orwellian warning, and those who believe that the more cameras there are, the less crime there will be. Studies, though, suggest that CCTV has specific and narrow uses.

Obviously, it helps catch people who have committed an offence, after the event. CCTV networks, though, have no noticeable impact on crime rates according to several reviews in the US and UK. The UK is the most monitored nation in the world, but as a Home Office study in 2005 concluded, there was no statistically significant reduction in crime, once other variables like seasonal and national trends, and other police initiatives, were factored in.

While CCTVs are not easy to isolate as a determining factor in crime control, they are demonstrably effective in some contexts. They can reduce some kinds of disorder and petty crime, particularly in car parks and public transit. Micro-level analyses of aspects like environmental features, camera line-of-sight, enforcement activity, and camera design suggest that the power to deter crime depends greatly on how the CCTV sites are chosen, and police operations designed.

The downsides are well known. The more mundane footage there is, the harder it is for police to sift through. There is often a displacement effect — the presence of a camera pushes the crime off-stage into other areas, or prompting criminals to change tactics in pursuit of the same ends (ie, rather than carry out a drug transaction on the street, arrange online and deliver). What's more, CCTVs can be gamed. In Mumbai, the police has found out that criminals apply toothpaste or flash a torchlight at the lens, or cover up with helmets and burqas, or even steal the digital video recorder in the CCTV. These cameras have to be constantly maintained. "Many believe that CCTV installation is a one-time investment, but it needs to be serviced to yield results," says S. David, who runs an electronics shop and sells CCTV cameras in Chennai's Ritchie Street.

If there is no overwhelming impact on crime prevention, why are India's security forces investing so heavily in CCTVs, and is it worth the inevitable tradeoff with privacy? More worryingly, it is doing so without any comprehensive regulation on their use.

Before this technology of databases and recording, "we seldom had situations where a police official or private detective was trailing you all day, recording your movements, which is more or less the situation with CCTVs now," says Pranesh Prakash of the Centre for Internet and Society. "Yes, you're in a public space, but that doesn't denude you of privacy".

But as Farhad Manjoo, a prominent tech blogger in the US, pointed out, the benefits outweigh our fears about privacy. "When you weigh cameras against other security measures, they emerge as the least costly and most effective choice. In the aftermath of 9/11, it's impossible for you to get into tall buildings, airports, many museums, concerts, and even public celebrations without being subjected to pat-downs and metal detectors. When combined with competent law enforcement, surveillance cameras are more effective, less intrusive, less psychologically draining, and much more pleasant than these alternatives," wrote Manjoo in Slate.

What we need is public oversight over the surveillance apparatus — in other words, we need to watch how they watch us. If there is clear respect for the principles of proportionality, accountability and transparency, "there need not be a conflict between ethical and effective use of these cameras," says Ramachandran.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-raj-shekhar-arun-dev-v-narayan-a-selvaraj-cctv-plays-sherlock

The Last Chance for a Welfare State Doesn’t Rest in the Aadhaar System

sumandro — 2016-04-19T13:18:42Z

Boosting welfare is the message, which is how Aadhaar is being presented in India. The Aadhaar system as a medium, however, is one that enables tracking, surveillance, and data monetisation. This piece by Sumandro Chattapadhyay was published in The Wire on April 19, 2016.

Originally published in and cross-posted from The Wire.

Once upon a time, a king desired that his parrot should be taught all the ancient knowledge of the kingdom. The priests started feeding the pages of the great books to the parrot with much enthusiasm. One day, the king asked the priests if the parrot’s education has completed. The priests poked the belly of the parrot but it made no sound. Only the rustle of undigested pages inside the belly could be heard. The priests declared that the parrot is indeed a learned one now.

The fate of the welfare system in our country is quite similar to this parrot from Tagore’s parable. It has been forcefully fed identification cards and other official documents (often four copies of the same) for years, and always with the same justification of making it more effective and fixing the leaks. These identification regimes are in effect killing off the welfare system. And some may say that that has been the actual plan in any case.

The Aadhaar number has been recently offered as the ‘last chance’ for the ailing welfare system – a last identification regime that it needs to gulp down to survive. This argument wilfully overlooks the acute problems with the Aadhaar project.

Firstly, the ‘last chance’ for a welfare state in India is not provided by implementing a new and improved identification regime (Aadhaar numbers or otherwise), but by enabling citizens to effectively track, monitor, and ensure delivery of welfare, services, and benefits. This ‘opening up’ of the welfare bureaucracy has been most effectively initiated by the Right to Information Act. Instead of a centralised biometrics-linked identity verification platform, which gives the privilege of tracking and monitoring welfare flows only to a few expert groups, an effective welfare state requires the devolution of such privilege and responsibility.

We should harness the tracking capabilities of electronic financial systems to disclose how money belonging to the Consolidated Fund of India travel around state agencies and departmental levels. Instead, the Aadhaar system effectively stacks up a range of entry barriers to accessing welfare – from malfunctioning biometric scanners, to connectivity problems, to the burden of keeping one’s fingerprint digitally legible under all labouring and algorithmic circumstances.

Secondly, authentication of welfare recipients by Aadhaar number neither make the welfare delivery process free of techno-bureaucratic hurdles, nor does it exorcise away corruption. Anumeha Yadav has recently documented the emerging ‘unrest at the ration shop’ across Rajasthan, as authentication processes face technical and connectivity delays, people get ‘locked out’ of public services for not having or having Aadhaar number with incorrect demographic details, and no mechanisms exist to provide rapid and definitive recourse.

RTI activists at the Satark Nagrik Sangathan have highlighted that the Delhi ration shops, using Aadhaar-based authentication, maintain only two columns of data to describe people who have come to the shop – those who received their ration, and those who did not (without any indication of the reason). This leads to erasure-by-design of evidence of the number of welfare-seekers who are excluded from welfare services when the Aadhaar-based authentication process fails (for valid reasons, or otherwise).

Reetika Khera has made it very clear that using Aadhaar Payments Bridge to directly transfer cash to a beneficiary’s account, in the best case scenario, may only take care of one form of corruption: deception (a different person claiming to be the beneficiary). But it does not address the other two common forms of public corruption: collusion (government officials approving undue benefits and creating false beneficiaries) and extortion (forceful rent seeking after the cash has been transferred to the beneficiary’s account). Evidently, going after only deception does not make much sense in an environment where collusion and extortion are commonplace.

Thirdly, the ‘relevant privacy question’ for Aadhaar is not limited to how UIDAI protects the data collected by it, but expands to usage of Aadhaar numbers across the public and private sectors. The privacy problem created by the Aadhaar numbers does begin but surely not end with internal data management procedures and responsibilities of the UIDAI.

On one hand, the Aadhaar Bill 2016 has reduced the personal data sharing restrictions of the NIAI Bill 2010, and has allowed for sharing of all data except core biometrics (fingerprints and iris scan) with all agencies involved in authentication of a person through her/his Aadhaar number. These agencies have been asked to seek consent from the person who is being authenticated, and to inform her/him of the ways in which the provided data (by the person, and by UIDAI) will be used by the agency. In careful wording, the Bill only asks the agencies to inform the person about “alternatives to submission of identity information to the requesting entity” (Section 8.3) but not to provide any such alternatives. This facilitates and legalises a much wider collection of personal demographic data for offering of services by public agencies “or any body corporate or person” (Section 57), which is way beyond the scope of data management practices of UIDAI.

On the other hand, the Aadhaar number is being seeded to all government databases – from lists of HIV patients, of rural citizens being offered 100 days of work, of students getting scholarships meant for specific social groups, of people with a bank account. Now in some sectors, such as banking, inter-agency sharing of data about clients is strictly regulated. But we increasingly have non-financial agencies playing crucial roles in the financial sector – from mobile wallets to peer-to-peer transaction to innovative credit ratings. Seeding of Aadhaar into all government and private databases would allow for easy and direct joining up of these databases by anyone who has access to them, and not at all by security agencies only.

When it becomes publicly acceptable that the money bill route was a ‘remedial’ instrument to put the Rajya Sabha ‘back on track’, one cannot not wonder about what was being remedied by avoiding a public debate about the draft bill before it was presented in Lok Sabha. The answer is simple: welfare is the message, surveillance is the medium.

Acceptance and adoption of all medium requires a message, a content. The users are interested in the message. The message, however, is not the business. Think of Free Basics. Facebook wants people with none or limited access to internet to enjoy parts of the internet at zero data cost. Facebook does not provide the content that the users consume on such internet. The content is created by the users themselves, and also provided by other companies. Facebook own and control the medium, and makes money out of all content, including interactions, passing through it.

The UIDAI has set up a biometric data bank and related infrastructure to offer authentication-as-a-service. As the Bill clarifies, almost all agencies (public or private, national or global) can use this service to verify the identity of Indian residents. Unlike Facebook, the content of these services do not flow through the Aadhaar system. Nonetheless, Aadhaar keeps track of all ‘authentication records’, that is records of whose identity was authenticated by whom, when, and where. This database is gold (data) mine for security agencies in India, and elsewhere. Further, as more agencies use authentication based on Aadhaar numbers, it becomes easier for them to combine and compare databases with other agencies doing the same, by linking each line of transaction across databases using Aadhaar numbers.

Welfare is the message that the Aadhaar system is riding on. The message is only useful for the medium as far as it ensures that the majority of the user population are subscribing to it. Once the users are enrolled, or on-boarded, the medium enables flow of all kinds of messages, and tracking and monetisation (perhaps not so much in the case of UIDAI) of all those flows. It does not matter if the Aadhaar system is being introduced to remedy the broken parliamentary process, or the broken welfare distribution system. What matters is that the UIDAI is establishing the infrastructure for a universal surveillance system in India, and without a formal acknowledgement and legal framework for the same.

For more details visit https://cis-india.org/internet-governance/blog/the-last-chance-for-a-welfare-state-doesnt-rest-in-the-aadhaar-system

The Panama Papers and the question of privacy

praskrishna — 2016-04-24T14:03:35Z

This statement was originally published on privacyinternational.org on 4 April 2016.

Read the entry by Claire Lauterbach published in Big News Network on April 6, 2016. Sunil Abraham was quoted.

We do agree with Ramon Fonseca about one thing: that "Each person has a right to privacy, whether they are a king or a beggar."

But that's where our commonality with co-founder of disgraced Panama law firm Mossack Fonseca ends.

Last year, a whistleblower leaked 11.5 million documents about the firm's business brokering offshore companies, details of which were published yesterday. Reportedly the largest leak in journalistic history, the cache reveals hidden assets by a dozen current and former world leaders, and scores of celebrities and tycoons, some of which are linked to high level corruption scandals.

This scandal isn't about privacy, though. If anything, it's about the need for transparency about how the powerful wield their power. We need transparency - and good solid investigation - to understand where and how our right to privacy is eroded.

Privacy and transparency are not opposites. They are two sides of the same coin. As privacy advocates, we use transparency capabilities to investigate surveillance. Meanwhile, privacy as a right requires transparency from the institutions that gather and use our data.

Privacy International, like other human rights groups, conducts investigations in the public interest. That allows us to understand, for example, how Colombia built a shadow surveillance system despite evidence of illegal interceptions, or how UK police appear to be collecting private communications data at protests, according to a Vice News investigation.

Many of the Panama Papers' revelations are in the public interest insofar as they concern the transformation of public assets - like taxpayers' money and state funds - into private gains, and allow the powerful to avoid scrutiny. Privacy and transparency are not opposites. They are two sides of the same coin.

Fonseca called journalism around the leaked files an "international campaign against privacy".

But what Fonseca is really doing is advocating a status quo of 'privacy for the kings, and transparency for the beggars'. Or rather, privacy for the business moguls, politicians, corporations and government agencies, and transparency for the citizens, consumers, activists and journalists.

For the public, our financial systems are now surveiled by design. Our transactions are labelled as suspicious and sent for mining by intelligence agencies. We need IDs to open accounts, and our records are profiled by credit agencies who facilitate key decisions about us and our families. Secretive institutions collate this information to decide whether or not we are terrorists. While a certain degree of this is necessary for public order, what's clear is that we are watched while the 'kings' are able to circumvent many of these measures and escape scrutiny. We should never make the mistake of conflating the right to privacy for the individual with the desire to hide shadowy, ethically dubious, borderline-or-actual illegal activity for the immensely wealthy and powerful.

The real issues around privacy include: the spreading of draconian laws, from the UK, to Pakistan, to Kenya, that sanction warrantless surveillance and online monitoring, with insufficient protection for the public. It's the intrusive biometric registration of some of the most desperate people, like refugees from Dadaab to Calais, desperate for food and medical care. It's the instrumentalisation of consumer data to draw conclusions about us, with or without our consent. It's also the parallel trend of rolling back Freedom of Information laws (see: UK and United States). And, as the Panama Papers show, it is allowing transfers of public funds for private gain to be obscured.

That is the real "campaign against privacy" - not public interest journalism.

As our friend and partner Sunil Abraham, Executive Director of the Centre for Internet and Society in India states succinctly, the right to privacy should "be inversely proportionate to power and almost conversely the requirement of transparency to be directly proportionate to power."

For more details visit https://cis-india.org/internet-governance/news/big-news-network-april-6-2016-claire-lauterbach-panama-papers-and-question-of-privacy

Surveillance Project

sunil — 2016-04-05T15:21:27Z

The Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better.

The article will be published in Frontline, April 15, 2016 print edition.

Zero. The probability of some evil actor breaking into the central store of authentication factors (such as keys and passwords) for the Internet. Why? That is because no such store exists. And, what is the probability of someone evil breaking into the Central Identities Data Repository (CIDR) of the Unique Identification Authority of India (UIDAI)? Greater than zero. How do we know this? One, the central store exists and two, the Aadhaar Bill lists breaking into this central store as an offence. Needless to say, it would be redundant to have a law that criminalises a technological impossibility. What is the consequence of someone breaking into the central store? Remember, biometrics is just a fancy word for non-consensual and covert identification technology. High-resolution cameras can capture fingerprints and iris information from a distance.

In other words, on March 16, when Parliament passed the Bill, it was as if Indian lawmakers wrote an open letter to criminals and foreign states saying, “We are going to collect data to non-consensually identify all Indians and we are going to store it in a central repository. Come and get it!” Once again, how do I know that the CIDR will be compromised at some date in the future? How can I make that policy prediction with no evidence to back it up? To quote Sherlock Holmes, “Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.” If a back door to the CIDR exists for the government, then the very same back door can be used by an enemy within or from outside. In other words, the principle of decentralisation in cybersecurity does not require repeated experimental confirmation across markets and technologies.

Zero. The chances that you can fix with the law what you have broken with poor technological choices and architecture. And, to a large extent vice versa. Aadhaar is a surveillance project masquerading as a development intervention because it uses biometrics. There is a big difference between the government identifying you and you identifying yourself to the government. Before UID, it was much more difficult for the government to identify you without your knowledge and conscious cooperation. Tomorrow, using high-resolution cameras and the power of big data, the government will be able to remotely identify those participating in a public protest. There will be no more anonymity in the crowd. I am not saying that law-enforcement agencies and intelligence agencies should not use these powerful technologies to ensure national security, uphold the rule of law and protect individual rights. I am only saying that this type of surveillance technology is inappropriate for everyday interactions between the citizen and the state.

Some software engineers believe that there are technical fixes for these concerns; they point to the consent layer in the India stack developed through a public-private partnership with the UIDAI. But this is exactly what Evgeny Morozov has dubbed “technological solutionism”—fundamental flaws like this cannot be fixed by legal or technical band-aid. If you were to ask the UIDAI how do you ensure that the data do not get stolen between the enrolment machine and the CIDR, the response would be, we use state-of-the-art cryptography. If cryptography is good enough for the UIDAI why is it not good enough for citizens? That is because if citizens use cryptography [on smart cards] to identify themselves to the state, the state will need their conscious cooperation each time. That provides the feature that is required for better governance without the surveillance bonus. If you really must use biometrics, it could be stored on the smart card after being digitally signed by the enrolment officer. If there is ever a doubt whether the person has stolen the smart card, a special machine can be used to read the biometrics off the card and check that against the person. This way the power of biometrics would be leveraged without any of the accompanying harms.

Zero. This time, for the utility of biometrics as a password or authentication factor. There are two principal reasons for which the Act should have prohibited the use of biometrics for authentication. First, biometric authentication factors are irrevocable unlike passwords, PINs, digital signatures, etc. Once a biometric authentication factor has been compromised, there is no way to change it. The security of a system secured by biometrics is permanently compromised. Second, our biometrics is so easy to steal; we leave our fingerprints everywhere.

Also, if I upload my biometric data onto the Internet, I can then plausibly deny all transactions against my name in the CIDR. In order to prevent me from doing that, the government will have to invest in CCTV cameras [with large storage] as they do for passport-control borders and as banks do at ATMs. If you anyway have to invest in CCTV cameras, then you might as well stick with digital signatures on smart cards as the previous National Democratic Alliance (NDA) government proposed the SCOSTA (Smart Card Operating System Standard for Transport Application) standard for the MNIC (Multipurpose National ID Card). Leveraging smart card standards like EMV will ensure harnessing greater network effects thanks to the global financial infrastructure of banks. These network effects will drive down the cost of equipment and afford Indians greater global mobility. And most importantly when a digital signature is compromised the user can be issued a new smart card. As Rufo Guerreschi, executive director of Open Media Cluster, puts it, “World leaders and IT experts should realise that citizen freedoms and states’ ability to pursue suspects are not an ‘either or’ but a ‘both or neither’.”

Near zero. We now move biometrics as the identification factor. The rate of potential duplicates or “False Positive Identification Rate” which according to the UIDAI is only 0.057 per cent. Which according to them will result in only “570 resident enrolments will be falsely identified as duplicate for every one million enrolments.” However, according to an article published in Economic & Political Weekly by my colleague at the Centre for Internet and Society, Hans Verghese Mathews, this will result in one out of every 146 people being rejected during enrolment when total enrolment reaches one billion people. In its rebuttal, the UIDAI disputes the conclusion but offers no alternative extrapolation or mathematical assumptions. “Without getting too deep into the mathematics” it offers an account of “a manual adjudication process to rectify the biometric identification errors”.

This manual adjudication determines whether you exist and has none of the elements of natural justice such as notice to the affected party and opportunity to be heard. Elimination of ghosts is impossible if only machines and unaccountable humans perform this adjudication. This is because there is zero skin in the game. There are free tools available on the Internet such as SFinGe (Synthetic Fingerprint Generator) which allow you to create fake biometrics. The USB cables on the UIDAI-approved enrolment setup can be intercepted using generic hardware that can be bought online. With a little bit of clever programming, countless number of ghosts can be created which will easily clear the manual adjudication process that the UIDAI claims will ensure that “no one is denied an Aadhaar number because of a biometric false positive”.

Near zero. This time for surveillance, which I believe should be used like salt in cooking. Essential in small quantities but counterproductive even if slightly in excess. There is a popular misconception that privacy researchers such as myself are opposed to surveillance. In reality, I am all for surveillance. I am totally convinced that surveillance is good anti-corruption technology.

But I also want good returns on investment for my surveillance tax rupee. According to Julian Assange, transparency requirements should be directly proportionate to power; in other words, the powerful should be subject to more surveillance. And conversely, I add, privacy protections must be inversely proportionate to power—or again, in other words, the poor should be spared from intrusions that do not serve the public interest. The UIDAI makes the exact opposite design assumption; it assumes that the poor are responsible for corruption and that technology will eliminate small-ticket or retail corruption. But we all know that politicians and bureaucrats are responsible for most of large-ticket corruption.

Why does not the UIDAI first assign UID numbers to all politicians and bureaucrats? Then using digital signatures why do not we ensure that we have a public non-repudiable audit trail wherein everyone can track the flow of benefits, subsidies and services from New Delhi to the panchayat office or local corporation office? That will eliminate big-ticket or wholesale corruption. In other words, since most of Aadhaar’s surveillance is targeted at the bottom of the pyramid, there will be limited bang for the buck. Surveillance is the need of the hour; we need more CCTVs with microphones turned on in government offices than biometric devices in slums.

Instantiation technology

One. And zero. In the contemporary binary and digital age, we have lost faith in the old gods. Science and its instantiation technology have become the new gods. The cult of technology is intolerant to blasphemy. For example, Shekhar Gupta recently tweeted saying that part of the opposition to Aadhaar was because “left-libs detest science/tech”. Technology as ideology is based on some fundamental articles of faith: one, new technology is better than old technology; two, expensive technology is better than cheap technology; three, complex technology is better than simple technology; and four, all technology is empowering or at the very least neutral. Unfortunately, there is no basis in science for any of these articles of faith.

Let me use a simple story to illustrate this. I was fortunate to serve as a member of a committee that the Department of Biotechnology established to finalise the Human DNA Profiling Bill, 2015, which was to be introduced in Parliament in the last monsoon session. Aside: the language of the Act also has room for the database to expand into a national DNA database circumventing 10 years of debate around the controversial DNA Profiling Bill, 2015. The first version of this Bill that I read in January 2013 said that DNA profiling was a “powerful technology that makes it possible to determine whether the source of origin of one body substance is identical to that of another … without any doubt”. In other words, to quote K.P.C. Gandhi, a scientist from Truth Labs, “I can vouch for the scientific infallibility of using DNA profiling for carrying out justice.”

Unfortunately, though, the infallible science is conducted by fallible humans. During one of the meetings, a scientist described the process of generating a biometric profile. The first step after the laboratory technician generated the profile was to compare the generated profile with her or his own profile because during the process of loading the machine with the DNA sample, some of the laboratory technician’s DNA could have contaminated the sample. This error would not be a possibility in much older, cheaper and rudimentary biometric technology for example, photography. A photographer developing a photograph in a darkroom does not have to ensure that his or her own image has not accidentally ended up on the negative. But the UIDAI is filled with die-hard techno-utopians; if you tell them that fingerprints will not work for those who are engaged in manual labour, they will say then we will use iris-based biometrics. But again, complex technologies are more fragile and often come with increased risks. They may provide greater performance and features, but sometimes they are easier to circumvent. A gummy finger to fool a biometric scanner can be produced using glue and a candle, but to fake a passport takes a lot of sophisticated technology. Therefore, it is important for us as a nation to give up our unquestioning faith in technology and start to debate the exact technological configurations of surveillance technology for different contexts and purposes.

One. This time representing a monopoly. Prior to the UID project, nobody got paid when citizens identified themselves to the state. While the Act says that the UIDAI will get paid, it does not specify how much. Sooner or later, this cost of identification will be passed on to the citizens and residents. There will be a consumer-service provider relationship established between the citizen and the state when it comes to identification. The UIDAI will become the monopoly provider of identification and authentication services in India which is trusted by the government. That sounds like a centrally planned communist state to me. Should not the right-wing oppose the Act because it prevents the free market from working? Should not the free market pick the best technology and business model for identification and authentication? Will not that drive the cost of identification and authentication down and ensure higher quality of service for citizens and residents?

Competing providers

Competing providers can also publish transparency reports regarding their compliance with data requests from law-enforcement and intelligence agencies, and if this is important to consumers they will be punished by the market. The government can use mechanisms such as permanent and temporary bans and price regulation as disincentives for the creation of ghosts. There will be a clear financial incentive to keep the database clean. Just like the government established a regulatory framework for digital certificates in the Information Technology Act allowing for e-commerce and e-governance. Ideally, the Aadhaar Bill should have done something similar and established an ecosystem for multiple actors to provide services in this two-sided market. For it is impossible for a “small government” to have the expertise and experience to run one of the world’s largest database of biometric and transaction records securely for perpetuity.

To conclude, I support the use of biometrics. I support government use of identification and authentication technology. I support the use of ID numbers in government databases. I support targeted surveillance to reduce corruption and protect national security. But I believe all these must be put in place with care and thought so that we do not end up sacrificing our constitutional rights or compromising the security of our nation state. Unfortunately, the Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better. Our children will pay a heavy price for our folly in the years to come. To quote the security guru Bruce Schneier, “Data is a toxic asset. We need to start thinking about it as such, and treat it as we would any other source of toxicity. To do anything else is to risk our security and privacy.”

For more details visit https://cis-india.org/internet-governance/blog/frontline-april-15-2016-sunil-abraham-surveillance-project

March 2016 Bulletin

praskrishna — 2016-04-13T08:05:42Z

CIS Newsletter for the month of March 2016 is here.

The Centre for Internet & Society (CIS) is happy to share its March 2016 newsletter. Previous issues of the newsletters can be accessed at http://cis-india.org/about/newsletters.

Highlights
CIS published and circulated two press releases on March 11 and 15, 2016, as the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016: 'The Law cannot Fix what Technology has Broken!' and 'The New Bill Makes Aadhaar Compulsory!' CIS submitted an initial list of recommendations to the Members of Parliaments to highlight the aspects of the Bill that require immediate attention. The recommendations were prepared by Amber Sinha, Sumandro Chattapadhyay, Sunil Abraham, and Vanya Rakesh. In an article titled Flaws in the UIDAI Process published in the Economic and Political Weekly, Hans Varghese Mathews. He stated that the Government of India is engaged upon biometrically identifying the entire population of India. An experiment performed at an early stage of the programme has allowed us to estimate the chance of a false positive: and from that to estimate the proportion of duplicands. For the current population of 1.2 billion the expected proportion of duplicands is 1/121, a ratio which is far too high. Vipul Kharbanda wrote an analysis of Aadhaar Act in the context of Justice A.P. Shah Committee Principles. The analysis has thrown light on the substantial aspects of the Act in relation to privacy concerns which have been raised by a number of experts. Pooja Saxena and Amber Sinha produced two infographics that 1) evaluate the Aadhaar Bill 2016 against the National Privacy Principles, and 2) highlight the vulnerabilities in the UIDAI implementation process not addressed by the Aadhaar Bill, 2016. CIS has initiated the CIS Papers series with a fascinating exploration of humanitarian use of big data and its discontents by Sean McDonald, FrontlineSMS, in the context of utilisation of Call Detail Records for public health response during the Ebola crisis in Liberia. With the objective to sensitize and impart the skillset in handling NVDA – the Screen Reader and the usage of BookShare Online Library for the print disabled to the Special Educators, Karna Vidya Technology Centre in collaboration with Computer and Internet Society conducted a one-day workshop on February 27, 2016. 48 special educators participated and benefited from the workshop. An article titled 8 Challenges In Growing Indian-Language Wikipedias by Subhashish Panigrahi was first published in Huffington Post on March 19, 2016. This was cross-posted in Medianama titled as Multiple key factors preventing Indic Wikipedia growth on March 21, 2016. CIS has published a report on the 30th Session of WIPO-SCCR giving an analysis of the Broadcast Treaty Negotiations and the Negotiations on International Instrument for Exceptions and Limitations for Libraries and Archives. Anubha Sinha wrote an essay titled Fueling the Affordable Smartphone Revolution in India as part of the The Good Life in Asia's Digital 21st Century essay collection. She stated that smartphones have emerged as the exemplar of mankind's quest for shrinking technologies. They embody the realization of a simple premise – that computing devices would do more and cost less. This realization has been responsible for modern society's profound transformations in communication, governance, and knowledge distribution. Rohini Lakshané wrote an analysis of the patent landscape in a research paper titled Patents and Mobile Devices in India: An Empirical Survey. The paper has indicated that although India has the second-largest wireless subscriber base in the world, with more than 150 mobile device vendors, it has, until recently, remained relatively unaffected by the global smartphone wars. The Department of Science and Technology, Government of India, has constituted a National Expert Committee for developing a draft National Geospatial Policy (NGP) to provide appropriate guidelines for collection, analysis, use, and distribution of geospatial information across India, and to assure data availability, accessibility and quality. A pre-drafting consultation meeting for the NGP was organised in Delhi on February 3, 2016. Anubha Sinha attended the meeting. The glue that allows infrastructures to link and operate efficiently is standards as they make technologies interoperable and efficient tells Vanya Rakesh in a blog entry titled Adoption of Standards in Smart Cities - Way Forward for India. P.P. Sneha wrote a blog post which studies the digital creative industries in India while examining some initial questions. She stated that the term ‘creative industries’ has been around for a while now, but with the advent of the digital, and with interest from different sectors, especially with a focus on policy and economic development, it would be essential to critically examine the discourse around the term, and see where it may be changing to open up new possibilities, particularly for the arts, humanities and design. CIS strongly condemns the acts of sexual harassment that took place against one of its representatives Padmini Baruah during ICANN 55 in Marrakech. It is completely unacceptable that an event the scale of an ICANN meeting does not have in place a formal redressal system, a neutral point of contact or even a policy for complainants who have been put through the ordeal of sexual harassment. ICANN cannot claim to be inclusive or diverse if it does not formally recognise a specific procedure or recourse under such instances.

--------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

The workshops were conducted earlier but published recently on our website:

Report on eSpeak with NVDA Screen Reader and Assistive Technology for Visually Challenged (Organized by National Association for the Blind, New Delhi, Centre for Differently Abled Persons, Bharathidasan University, Tiruchirappalli, and CIS; January 21, 2016; Tiruchirappalli).
Report on NVDA with E-Speak and BookShare Online Library (Organized by Karna Vidya Technology Centre, Computer and Internet Society, and CIS; February 27, 2016; Chennai).

-----------------------------------
Access to Knowledge
-----------------------------------
As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

Article

Fueling the Affordable Smartphone Revolution in India (Anubha Sinha; The Good Life in Asia's 21st Century Essay Collection; March 16, 2016).

Blog Entries

Report of the 30th Session of the WIPO SCCR by the Centre for Internet & Society (edited by Nehaa Chaudhari with assistance from Nisha S.K., Aarushi Bansal, Amulya P., and Saahil Dama; March 16, 2016).
Dataset: Patent Landscape of Mobile Device Technologies in India (Rohini Lakshané; March 31, 2016).

Patents and Mobile Devices in India: An Empirical Survey (Rohini Lakshané; March 31, 2016)

►Wikipedia

Articles

Eight Challenges That Indian-Language Wikipedias Need to Overcome (Subhashish Panigrahi; The Wire; March 17, 2016). A version of the article was also mirrored by Opensource.com on March 28, 2016.
8 Challenges In Growing Indian-Language Wikipedias (Subhashish Panigrahi; Huffington Post; March 19, 2016). This was cross-posted in Medianama titled as Multiple key factors preventing Indic Wikipedia growth on March 21, 2016.
8 Challenges for Improving Indian Language Wikipedias (Subhashish Panigrahi; Opensource.com; March 28, 2016). The article was originally published in the Wire on March 17, 2016 and later mirrored on Opensource.com on March 28, 2016.

Participation in Event

BHASHA-Indian Languages Digital Festival (Organized by news media YourStory; March 11, 2016; New Delhi). Subhashish Panigrahi gave a talk in the panel “The challenges of making regional language content available on the Web and on mobiles.
8th IBA International Conference (Organized by Indus Business Academy; March 24 - 26, 2016; Bangalore). Dr. U.B. Pavanaja gave a talk on Democratizing of Knowledge Access- Case of Regional Language Wikipedia.

-----------------------------------
Openness
-----------------------------------

Submission

Consultation on 'National Geospatial Policy' - Notes and Submission (Anubha Sinha; March 29, 2016)

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

►Big Data

Article

Too Clever By Half: Strengthening India’s Smart Cities Plan with Human Rights Protection (Vanya Rakesh; The Wire; March 22, 2016).

Blog Entry

Adoption of Standards in Smart Cities - Way Forward for India (Vanya Rakesh; March 19, 2016).

►Freedom of Expression

Statements

Sexual Harassment at ICANN (Padmini Baruah; March 18, 2016).
CIS' Statement on Sexual Harassment at ICANN55 (Vidushi Marda; March 21, 2016).

►Privacy

Submission

List of Recommendations on the Aadhaar Bill, 2016 - Letter Submitted to the Members of Parliament (Amber Sinha, Sumandro Chattapadhyay, Sunil Abraham, and Vanya Rakesh; March 16, 2016).

Articles

Flaws in the UIDAI Process (Hans Varghese Mathews; Economic & Political Weekly, Journal, Vol. 51, Issue No. 9, February 27, 2016).
Aadhaar: Still Too Many Problems (Pranesh Prakash; Livemint; March 7, 2016).
Aadhaar Bill fails to incorporate suggestions by the Standing Committee (Amber Sinha; The Wire; March 10, 2016).
Are we Losing the Right to Privacy and Freedom of Speech on Indian Internet? (Amber Sinha; March 10, 2016).
Privacy Concerns Overshadow Monetary Benefits of Aadhaar Scheme (Pranesh Prakash and Amber Sinha; Hindustan Times; March 12, 2016).
Will Aadhaar Act Address India’s Dire Need For a Privacy Law? (Nehaa Chaudhari; Quint; March 31, 2016).

Blog Entries

A comparison of the 2016 Aadhaar Bill, and the 2010 NIDAI Bill (Vanya Rakesh; March 9, 2016).
Aadhaar Bill 2016 & NIAI Bill 2010 - Comparing the Texts (Sumandro Chattapadhyay; March 9, 2016).
The New Aadhaar Bill in Plain English (Amber Sinha, Vanya Rakesh and Vipul Kharbanda; March 11, 2016).
An Urgent Need for the Right to Privacy (Sumandro Chattapadhyay; March 16, 2016).
The Law cannot Fix what Technology has Broken! (Japreet Grewal and Sunil Abraham; March 16, 2016).
The New Bill Makes Aadhaar Compulsory! (Amber Sinha; March 16, 2016).
Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles (Vipul Kharbanda; March 17, 2016).
Vulnerabilities in the UIDAI Implementation Not Addressed by the Aadhaar Bill, 2016 (Pooja Saxena and Vipul Kharbanda; March 21, 2016).

Participation in Events

GNI-Industry Dialogue Learning Session: Human Rights Impact Assessments and Due Diligence in the ICT sector (Organized by Global Network Initiative; March 11, 2016; Washington D.C.). Elonnai Hickok attended the event.
RightsCon Silicon Valley 2016 (Organized by RightsCon; Mission Bay Conference Center in San Francisco, California; March 30 - April 1, 2016).

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Op-ed

Connectivity: Let's Apply What We Know (Shyam Ponappa; Business Standard; March 2, 2016).

Submission

TRAI Consultation on Differential Pricing for Data Services - Post-Open House Discussion Submission (Sumandro Chattapadhyay; March 30, 2016).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entry

Studying Digital Creative Industries in India: Initial Questions (P.P. Sneha; March 17, 2016).

-----------------------------------
News & Media Coverage
-----------------------------------

CIS gave inputs to the following media coverage:

The Crypto Wars Are Global (Joseph Cox; Motherboard; March 4, 2016).
Govt narrative on Aadhaar has not changed in the last six years: Sunil Abraham (Shreeja Sen; Livemint; March 8, 2016).
Aadhaar: Govt will not compromise on national security (Shreeja Sen; Livemint; March 9, 2016).
Hard to broad ban! (Taru Bhatia; Governance Now; March 9, 2016).
Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush) (Anumeha Yadav; March 11, 2016).
Aadhaar is actually surveillance tech: Sunil Abraham (Sahil Makkar; Business Standard; March 12, 2016).
Will Only Legal Backing For Aadhaar Suffice? (Indian Express; March 14, 2016).
India's billion-member biometric database raises privacy fears (Sanjeev Miglani and Manoj Kumar; March 16, 2016).
A scheme in India to help the poor raises privacy concerns (John Ribeiro; IDG News Service and CSO; March 16, 2016).
Pratap Vikram Singh - Why Aadhaar is Baseless? (Governance Now; March 17, 2016).
Forget privacy, Aadhaar Bill gives too much power to the executive (Aloke Tikku; Sunil Abraham; March 17, 2016).
In India, Biometric Data Storage Sparks Demands for Privacy Laws (Anjana Pasricha; Voice of America; March 18, 2016).
Dead and Clicking (Jayanthi Madhukar and Sowmya Rajaram; Bangalore Mirror; March 20, 2016).
India Still Trying To Turn Optional Aadhaar Identification Number Into A Mandatory National Identity System (TechDirt; March 22, 2016).
Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny (Reetika Khera; March 23, 2016).
How the government gains when private companies use Aadhaar (M. Rajshekhar and Anumeha Yadav; March 24, 2016).
Making Aadhaar Mandatory: Gamechanger For Governance? (NDTV; March 24, 2016).
ICANN Sexual Harassment Case Highlights Lack of Procedure at Global Internet Body (Wire; March 24, 2016).
Securing the internet’s future (Hindu Businessline; March 25, 2016).
On Google Maps, JNU top result in search for 'anti-national' (Kim Arora; The Times of India; March 25, 2016).
Woman Alleges Harassment at Major International Conference (Kavita Patil; Bangalore Mirror; March 30, 2016).

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/march-2016-bulletin

Will Aadhaar Act Address India’s Dire Need For a Privacy Law?

nehaa — 2016-04-05T16:01:06Z

The article was published by Quint on March 31, 2016.

The passage of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (will hereby be referred to as “the Act”) has led to flak for the government from privacy advocates, academia and civil society, to name a few.

To my mind, the opposition deserves its fair share of criticism (lacking so far), for its absolute failure to engage with and act as a check on the government in the passage of the Act, and the events leading up to it.

The government’s introduction of the Act as a ‘money bill’ under Article 110 of the Constitution of India (“this/the Article”) is a mockery of the constitutional process. It renders redundant, the role of the Rajya Sabha as a check on the functioning of the Lower House.

Article 110 limits a ‘money bill’ only to six specific instances: covering tax, the government’s financial obligations and, receipts and payments to and from the Consolidated Fund of India, and, connected matters.

The Act lies well outside the confines of the Article; the government’s action may attract the attention of the courts.

Political One-Upmanship


Finance Minister Arun Jaitley (left) listens to Reserve Bank of India (RBI) Governor Raghuram Rajan. (Photo: Reuters)

In the past, the Supreme Court (“the Court”) has stepped into the domain of the Parliament or the Executive when there was a complete and utter disregard for India’s constitutional scheme. In recent constitutional history, this is perhaps most noticeable in the anti-defection cases, (beginning with Kihoto Hollohan in 1992); and, in the SR Bommai case in 1994, on the imposition of the President’s rule in states.

In hindsight, although India has benefited from the Court’s action in the Bommai and Hollohan cases, it is unlikely that the passage of the Aadhaar Act as a ‘money bill’, reprehensible as it is, meets the threshold required for the Court’s intervention in Parliamentary procedure.

Besides, the manner of its passage, the Act warrants

Censure for its process
Its (in)compatibility with fundamental rights
The failure to incorporate the suggestions of the Yashwant Sinha-led Standing Committee to UPA’s NIDAI Bill
The possibility of surveillance that it presents
The lack of measures to protect personal information
Its inadequate privacy safeguards
The questions around the realisation of its stated purpose.

Instead, a part of the Aadhaar debate has involved political one-upmanship between the Congress and the BJP, pitting the former’s NIDAI Bill against the latter’s Aadhaar Act.

While an academic comparison between the two is welcome, its use as a tool for political supremacy would be laughable, were it not deeply problematic, given the many serious concerns highlighted above.

Better Than UPA Bill?


The Act may have more privacy safeguards than the earlier UPA Bill. (Photo: iStockphoto)

And while the Act may have more privacy safeguards than the earlier UPA Bill, critics have argued that they not up to the international standard, and instead, that they are plagued by opacity.

Additionally, despite claims that the Act is a significant improvement over the UPA Bill, it fails to address concerns, including around the centralised storage of information, that were raised by civil society members and others.

Perhaps most problematically, however, the Act takes away an individual’s control of her own information. Subsidies, government benefits and services are linked to the mandatory possession of an Aadhar number (Section 7 of the Act), effectively negating the ‘freedom’ of voluntary enrollment (Section 3 of the Act). This directly contradicts the recommendations of the Justice AP Shah Committee, before whom the Unique Identification Authority of India had earlier stated that enrollment in Aadhaar was voluntary.

To make matters worse, the individual does not have the authority to correct, modify or alter her information; this lies, instead, with the UIDAI alone (Section 31 of the Act). And the sharing of such personal information does not require a court order in all cases.


Kanhaiya Kumar speaking in JNU on 3 March 2016. (Photo: PTI)

It may be authorised by Executive authorities under the vague, ill-understood concept of ‘national security’, (Section 33(2) of the Act) which the Act does not define. We would do well to learn the dangers of leaving ‘national security’ open to interpretation, in the aftermath of the recent events at JNU.

These recent events around Aadhaar have only underscored the dire urgency for comprehensive privacy legislation in India and, the need to overhaul our data protection laws to meet our constitutional commitments along with international standards.

Meanwhile, constitutional challenges to the Aadhaar scheme are currently pending in the Supreme Court. The Court’s verdict may well decide the future of the Aadhaar Act, with the stage already set for a constitutional challenge to the legislation. The BJP’s victory in this case may be short-lived.

For more details visit https://cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law

Securing the internet’s future

praskrishna — 2016-03-28T02:24:35Z

Mike Godwin, who proposed the eponymous law about online discussion threads, speaks about net neutrality, differential pricing and why no government is likely to oppose stricter surveillance measures.

The article by Bhavya Dore was published in Hindu Businessline on March 25, 2016.

For gravity, there’s Newton’s law, for internet discussion threads, there’s Godwin’s law. Twenty-five years ago, a law student trawling through cyberspace noticed a recurring pattern: at some point in an online discussion, someone would invariably invoke Hitler or the Nazis. The observation led to an act of ‘mimetic engineering’ — rifling through discussion boards, pointing this out, and promptly naming the law after him.

Godwin’s law states: As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one — that is, the likelier this becomes.

Mike Godwin, 59, a portly, white-haired gent in Harry Potter glasses is best known for this aphoristic piece of wisdom. “The purpose,” he says, “was to make the people who engaged in frivolous comparisons of atrocities seem like they weren’t thinking.”

It is generally understood that when one of the arguers is falling back on the Nazis as rhetorical shorthand, that person is starting to lose the argument.

“It certainly means one of the arguers has gone to a higher or lower level,” he said.

Godwin was in India in February as part of a series of talks organised through the Centre for Internet and Society on net neutrality.

In early February, at the Mumbai University’s civics and politics department, he was on a panel with three others at a discussion that occasionally took an agitated tone.

“[The debate] hasn’t become heated in every country to the same degree,” he said. “In India it has.” The public discussion has been polarised, with activists vehemently opposing, among other things, ‘Free Basics’ — a Facebook offering. On February 8, the telecom regulator ruled against differential pricing, debarring telecom operators from offering slices of the internet at different prices.

Godwin doesn’t see net neutrality and differential pricing as mutually exclusive. “I think some forms [of differential pricing] are potentially good and some forms are potentially bad,” he said. “And the regulator has to look closely and make a determination about the harms or benefits.”

Godwin has worked with the Wikimedia Foundation, which offered Wikipedia Zero for free in some countries through specific providers, as a gateway to Wikipedia. But he isn’t trying to convince you one way or the other.

“[There is] an idea that there was something valuable about carriers [service providers] being neutral,” he said. “And I still think that that’s true… But the thing that changed was this: with Wikipedia, I realised it doesn’t matter if you have neutrality if nobody can afford it. Neutrality hasn’t served the people who can’t afford to pay to have the wires built up to their provinces.”

This then boils down to the fundamental question: how do we create a world that gets people connected? “It may involve cross-subsidies of various sorts, and all of these things historically have invited some degree of government regulation,” said Godwin. “The question is less ‘do you regulate or not regulate’, the question is ‘do you do it right’.”

But does Free Basics mean anything to a developing country which needs real basics first: water, sanitation, shelter? Godwin doesn’t buy into the premise that the internet is a luxury that comes after all these things.

“I think that [idea] is wrong,” he said. “Because when people can share information or resources about where the water is or what good health practices are or how to properly cultivate a crop, they help everyone else. And the impulse to help and share what they know is strong.”

Godwin’s first law has now been well entrenched in popular culture. But wait, he has a second one. This one goes: Surveillance is the crack cocaine of governments.

“Almost all governments want to engage in surveillance,” he said. “Some governments have disagreements with other governments over their surveillance but rarely will we see them categorically refuse to surveil.”

And yet, he says, our outrage over this is driven by an “antiquated notion of privacy” that the content of our emails or conversations should be free from prying eyes. “In the rest of the century and future centuries people will look back at this idea and laugh: that people thought that content was the important thing,” he said. Someone reading your mail isn’t the only possible violation, but whether they are accessing the whole ecosystem of your communication. “The metadata can give away the whole store,” he said. “The metadata can be more revealing. Who are you talking to, at what time of day, for how long, how big is the message? These are all things that can matter.”

That’s not the only thing that’s changed. The internet has, since its early days, become a more charged, more violent place, where poison, bile and abuse fly thick and fast.

“The level of hatefulness directed towards women online is particularly bad,” he continued, “It is a huge cross-cultural problem.”

The other enduring problem is how do you balance free speech rights while curtailing hate speech? “If there were an easy answer I’d tell you what it is,” said Godwin.

Still, banning or blocking sites, as the Indian government has been in the past eager to do, is hardly a solution. “I won’t say there is never an argument for it,” said Godwin, pausing a beat, “I will say that I have never heard one that was any good.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-business-line-march-25-2016-bhavya-dore-securing-internets-future

Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush)

praskrishna — 2016-03-24T02:25:24Z

Critics say the Aadhaar Bill does not address concerns over privacy, even as government is rushing the Bill without adequate parliamentary scrutiny.

The blog post by Anumeha Yadav was published in Scroll.in on March 11, 2016. Pranesh Prakash was quoted.

Since it was launched by the United Progressive Alliance government in 2009, the Unique Identification project called Aadhaar has functioned without a legal framework. The project, which aims to assign a biometric-based number to every Indian resident, has been run under an executive order, which means Parliament has no oversight over it.

An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns.

For long, critics have expressed concerns over collecting and centralising citizens' biometric data ‒ such as fingerprints and retina scans ‒ on a mass scale in the absence of a privacy law. The Supreme Court in several orders in 2014 and 2015 affirmed that the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number. The Supreme Court is now set to form a constitution bench to examine the contours of the right to privacy flowing from the government's arguments in the Aadhaar case.

Before the bench begins its work, however, the Modi government has introduced a new Bill on Aadhaar, which could override the court's orders.

The Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill was introduced on March 3 in Lok Sabha. Finance minister Arun Jaitley said the new Bill addresses concerns over privacy and the security and confidentiality of information.

But a close examination of the Bill shows several questions remain.

1. Does the Bill make it mandatory for you to get an Aadhaar number?
Yes, you may have to compulsorily enrol under Aadhaar, despite the privacy concerns explained in the sections below.

Four-time member of the Lok Sabha, Bhartruhari Mahtab of the Biju Janata Dal, was on the parliamentary committee on finance that examined the previous Aadhaar Bill introduced in 2010. He said the new Aadhaar Bill does not specify that it will not be made mandatory.

“There is duplicity over this issue,” said Mahtab. “Nandan Nilekani [the former chairperson of the Unique Identification Authority of India] repeatedly told us in the parliamentary committee that Aadhaar is not mandatory. The Supreme Court also said, 'You cannot make it mandatory.'”

But if a service agent asks for Aadhaar mandatorily, then as a beneficiary, citizens have no option but to get an Aadhaar number, Mahtab explained. “The government, or a private company, cannot force me to get an Aadhaar number," he said. "The government should bring a law that clearly says Aadhaar is not mandatory.”

A committee of experts on privacy, chaired by Justice AP Shah, had recommended in 2012 that the Bill should specify that individuals have the choice to opt-in or out-of providing their Aadhaar number, and a service should not be denied to individuals who do not provide their number. The Unique Identification Authority of India had then stated to the committee that the enrolment in Aadhaar is voluntary.

But the new Aadhaar Bill does not incorporate a categorical clause on opt-in and opt-out. Instead, it broadens the scope of Aadhaar. Jaitley said the Bill will allow the government to ask a citizen to produce an Aadhaar number to avail of any government subsidy. But section 7 of the Bill is phrased more broadly, and refers to not just subsidies but any “subsidy, benefit or service” for which expense is incurred on the Consolidated Fund of India, or the government treasury.

7. The Central Government or, as the case may be, the State Government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment: Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service.

As noted above, the proviso in section 7 is premised on the phrase: “if an Aadhaar number is not assigned”. This, along with language preceding in the section, indicates that a citizen may be compulsorily required to apply for enrolment.

Section 8 permits a “requesting entity” to utilise identity information for authentication with the Central Identities Data Repository. A “requesting entity” is defined under Section 2(u), and will include private entities.

2. Does the Bill allow Aadhaar authorities to share your personal data?
Yes, in the "interest of national security", a term that remains undefined.

Both legal experts and members of Parliament have flagged the provisions in the Bill on the circumstances in which users' data, including core biometrics information, can be shared.

The debate centres over the interception provisions in section 33.

In a piece in The Indian Express, Nandan Nilekani, the former chairperson of the issuing authority, stated that the Aadhaar Bill provides that no core biometric information can be shared, a principle without exception. “...Clause 29(1) is not overridden by Clause 33(2),” he noted.

However, a closer reading of the Bill shows this is not the case. Clause 33(2), in fact, does provide an exception to clause 29(1)(b):

33(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government

where, Section 29(1)(b) states:

29. (1) No core biometric information, collected or created under this Act, shall be — (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

Pranesh Prakash, a lawyer and policy director of the Centre for Internet and Society said: “This implies that the core biometric information, collected or created under the Aadhaar Act, may be used for purposes other than the generation of Aadhaar numbers and authentication 'in the interest of national security.'"

Legal experts point out that the phrase “national security” is undefined in the present bill, as well as the General Clauses Act, and thus the circumstances in which an individual's information may be disclosed remains open to interpretation.

Section 33(1) permits the disclosure of an individual's demographic information (but not biometrics) following an order by a district judge. It says that no such order shall be made without giving an opportunity of hearing to the UIDAI , but not to the person whose data is being disclosed.

3. Does the Bill protect you from interception and surveillance?
No, the Bill does not provide for transparency concerning covert surveillance.

Section 33(2), which permits disclosure of demographic and biometric pursuant to directions of the joint secretary in interest of national security, says such disclosures will be for three months initially, and a fresh renewal can be granted for another three months, without a limitation on the number of such renewals.

This can lead to a user being under continuous surveillance, and without any notification to the user even after the surveillance ceases, violating one of necessary and proportionate principles on communications surveillance related to user notification and right to effective remedy. In some countries, this principle has been incorporated in law. For example, in Canada, the law limits the time of wiretapping surveillance, and imposes an obligation to notify the person under surveillance within 90 days of the end of the surveillance, extendable to a maximum of three years at a time.

“The interception provisions are severely problematic," said Apar Gupta, a technology lawyer. "They are not open to independent scrutiny and even derogate from the already deficient practices which relate to phone tapping (Rule 419-A of the Telegraph Rules) and interception of data (Interception Rules, 2011).”

Legal scholar Usha Ramanathan pointed out that the Bill lacks provisions on giving notice to a person in case of breach of information, in case of third party use of data, or change in purpose of use of data – which were among provisions recommended by the Justice Shah Committee on Privacy in 2012.

4. Does the Bill allow you to seek redress in case of breach of information?
Yes, but the provisions are weak.

Government officials overseeing the project said that the 2016 Bill is an improvement over the 2010 Bill as it safeguards the information of those enrolled as per sections of the Information Technology Act, 2000.

But technology law experts say the adjudicatory system for disclosure of sensitive personal data under the IT Act has structural flaws and is not functional.

“Initial complaints against the disclosure of sensitive personal data go to an adjudicating officer who is usually the IT Secretary of the state government and may not be trained in law,” said Gupta, the technology lawyer. “There is no court infrastructure and no permanent seat for such cases. The appellate body, the Cyber Appellate Tribunal, has not been made operational in the last three years. Hence, the civil remedies offered [in the Aadhaar Bill] are at best illusionary and unenforceable.”

5. Does the Bill give you the right to alter your information?
No, it leaves you to the mercy of the Unique Identification Authority of India.

Imagine a situation where a user simply wants to change their first or last name, or say, not use their caste name. Under Section 31 of the Bill, individuals can only request the UID authority, which may do so “if it is satisfied”. There is no penalty on the authority if it fails to respond. The Bill does not provide for a user to even be able to approach a court to ask for their information relating to Aadhaar to be corrected.

International norms for data protection give individuals the right to correct and alter information, if their demographic data changes. They provide for individuals to have a copy of their information, and to approach courts for an order to rectify, block, erase inaccurate information.

In an interview to Mint, Sunil Abraham, director of the Centre for Internet and Society, compared the rights of Aadhaar users to the rights we now take for granted as internet users. “Authentication factors [biometrics in the case of Aadhaar], commonly known as passwords, should always be revocable,” noted Abraham. “That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid.” In its current form, the Aadhaar Bill gives users no such rights.

6. Is the current Bill an improvement over the previous one?
Not really.

The Aadhaar Bill 2016 provides that the renewals of requests for disclosure of data will be reviewed by an oversight committee consisting of the cabinet secretary and the secretaries in the department of legal affairs and the department of electronics and information technology.

This is a watered down version of the provisions in the previous Unique Identification Authority of India 2010 Bill, said Chinmayi Arun, executive director, Centre for Communication Governance at the National Law University Delhi.

“The previous version or the 2010 Bill provided for a three-member review committee, consisting of the nominees of the prime minister, the leader of the opposition, and a third nominee of a union cabinet minister, with the restriction that these nominees could not be a member of parliament or a member of a political party,” Arun said. “This would be a more independent committee than the one proposed now, wherein there will be executive oversight for executive orders."

Regarding penalties, the previous 2010 Bill made copying, deleting, stealing, or altering information in the Central Identities Data Repository, punishable with a jail term of upto three years and a fine not less than Rs 1 crore.

Section 38 of the new Aadhaar Bill now makes the same offence punishable with a jail term of upto three years and reduces the upper limit of the fine to “not less than ten lakh rupees”.

7. Finally, does the Aadhaar Bill have enough parliamentary scrutiny?
The government has introduced the legislation on Aadhaar in the form of a Money Bill, which means the power of the Rajya Sabha to review and amend the Bill is curtailed ‒ if the Speaker Sumitra Mahajan certifies that this is a Money Bill.

The parliamentary committee on finance under Bharatiya Janata Party MP Yashwant Sinha had rejected the previous Bill in December 2011 citing legislative, security, and privacy concerns. Despite this, two successive Prime Ministers – Manmohan Singh and Narendra Modi – have pushed ahead with Aadhaar project.

A common refrain has been that the unique biometric identity will resolve the problem of the poor in India to prove identity and overcome "one of the biggest barriers preventing the poor from accessing benefits and subsidies." But last April, the UIDAI in response to an RTI application revealed that of 83.5 crore Aadhaar numbers issued till then, 99.97% were issued to people who already had at least two existing identification documents, only 0.21 million (0.03%) used the "introducer system" that provides an exception to those lacking identity proof.

More recently, there has been no public consultation by the government over the latest Bill.

For more details visit https://cis-india.org/internet-governance/news/scroll.in-anumeha-yadav-march-24-2016-seven-reasons-why-parliament-should-debate-the-aadhaar-bill-and-not-pass-it-in-a-rush

Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny

praskrishna — 2016-04-01T15:48:17Z

We need to reboot the Aadhaar debate by asking why we want to create a centralised biometric database of Indian residents in the first place.

The article by Reetika Khera was published in the Wire on March 23, 2016.

A recent article, ‘Identification simplified, myths busted’, by Piyush Peshwani and Bhuwan Joshi (hereafter, Peshwani & Joshi) makes some questionable claims about the UID project. Peshwani & Joshi’s strategy appears to be to ignore those questions to which they do not have an answer (e.g., that Aadhaar is mostly redundant as far as NREGA, PDS, etc., are concerned). For others, they cherry-pick ‘facts’ without acknowledging the debates surrounding those facts. Here is a selection.

#1: To get Aadhaar, you need a Proof of ID (PoID) and Proof of address (PoA)

Peshwani & Joshi: “For many, Aadhaar is perhaps the first document of their existence – a robust proof of their identity and address that can be verified online. No more closed doors for them!”

Peshwani & Joshi: “The Demographic Data Standards and Verification Procedures committee prescribes a list of valid 18 proof of identity and 33 valid proof of address documents for getting an Aadhaar.”

Fact: In fact, 99.97% of those who have Aadhaar, used PoID and PoA to get it. For those who have neither, there is an “introducer system”, but according to a reply to an RTI request, only 0.03% of those who have the Aadhaar number used this route.

As far as closed doors are concerned, Aadhaar does not guarantee any benefits: work through NREGA, widow or old-age pensions or PDS rations. There are separate eligibility conditions for those programmes which continue to apply.

#2 On costs

Peshwani & Joshi: “Does it justify the cost? Yes, absolutely, according to the World Bank, which said the initiative is estimated to be saving the Indian government about $1 billion annually by thwarting corruption, even as it underlined that digital technologies promote inclusion, efficiency and innovation.”

Fact: Savings due to the use of Aadhaar have been disputed. The government has claimed it has saved Rs. 14,672 crore on LPG subsidies due to Aadhaar while they are likely lower – by a factor of 100 (see Business Standard or Wall Street Journal).

Peshwani & Joshi: “Even before the World Bank’s endorsement of Aadhaar, the Delhi-based National Institute of Public Finance and Policy (NIPFP) conducted a detailed cost-analysis study on Aadhaar in 2012… the study found that the Aadhaar project would yield an internal rate of return in real terms of 52.85% to the government.”

Fact: The NIPFP cost-benefit was based on unrealistic assumptions – e.g., estimates of leakages that Aadhaar could plug were available for only two out of seven schemes; for the rest, they assumed leakage rates which are termed ‘conservative’, but are actually not.

In their response, the NIPFP team admitted that “a full-fledged cost benefit analysis of Aadhaar is difficult” because “many gains from Aadhaar are difficult to quantify because they are intangible” and, “even if in specific schemes there may be tangible benefits, the information available on those schemes does not permit a precise quantification of those benefits.”

They went on to say that “The study has steered away from relying exclusively on analyses of isolated and small sample sets”. What evidence did the NIPFP study rely on? “For ASHAs, Janani Suraksha Yojana and scholarships, no analysis, large or small has been used. For the Indira Awaas Yojana, the three analyses relied on exclusively are a Times of India news report, a press release based on a discussion in Parliament and a “Scheme Brief” by the Institute for Financial Management and Research (IFMR). Interestingly, the corruption estimate in the IFMR brief cross-refers to the Times of India article (apart from a CAG report)!” (Khera, 2013)

#3 De-duplication

Peshwani & Joshi: “Aadhaar means no fake, ghost or duplicate beneficiaries. Double-dipping will become more and more difficult with Aadhaar, a number that is well de-duplicated with the use of biometrics.”

Fact: De-duplication is one possible contribution of Aadhaar – but that needs biometrics, not a centralised biometric database. Local biometrics (used extensively in Andhra Pradesh before UID) mean that biometric data is stored by the concerned government department or on the local e-POS machine’s memory chip. It has the advantage that connectivity is not required (you are authenticated by the machine), errors and corrections can be correctly locally, making it more practical. The distinction between a local and centralised database is important (see #5 below).

Further, no one has a reliable estimate of the duplication problem. Two government estimates of duplicates exist: the Dhande committee for LPG (2%) and in NREGA job cards from the Government of Andhra Pradesh (also 2%).

#4 Exclusion

Peshwani & Joshi: “As far as exclusion in delivery of other services due to biometric authentication accuracy is concerned, it is important to go beyond scratching the surface.”

Fact: When the PDS was integrated with Aadhaar: “The Andhra Pradesh Food and Civil Supplies Corporation found that…nearly one-fifth ration card holders did not buy their ration.” Further, “When the government delved deeper in the issue, it was found that out of the 790 cases interviewed for the study, 400 reported exclusion. Out of the excluded cases, 290 were due to fingerprint mismatch and 93 were because of Aadhaar card mismatch. The remaining 17 cases were due to failure of E-PoS.” More here.

Moreover, Peshwani & Joshi pick one definition of ‘exclusion’ (due to biometric failure) when in fact, exclusion has a broader meaning. For instance, “In Chitradurga (Karnataka), Rs.100-150 million in wages from 2014-15 were held up for a year. When payments were being processed, their job cards could not be traced in NREGAsoft. Upon enquiry, the district administration learnt field staff had deleted them to achieve ‘100% Aadhaar-seeding’.”

#5 Profiling and privacy violations

Peshwani & Joshi: “A prominent criticism of Aadhaar is that it ‘profiles’ people.” …“Most of us have one or more identity/address documents, such as a passport, ration card, PAN card, driving licence, vehicle registration documents or a voter ID card. The government departments managing these already have our data. Aadhaar is no different. We give our data to banks, to insurance companies and to telecom companies for accounts, policies and mobile connections.”

Fact: That’s like saying BJP can be more corrupt because the Congress was corrupt. Instead we need to engage more seriously with the work of Sunil Abraham, Amber Sinha and others at the Centre of Internet and Society. There are crucial differences between Aadhaar and Social Security Number in the US, see this. Malavika Jayaram listed the UID project among a slew of “big brother” projects facilitating mass surveillance in India.

Conclusion

The debate on UID tends to begin with the premise that Aadhaar is necessary for ‘good governance’. Those claims of the UIDAI have long been demolished. In a nutshell, Aadhaar cannot help identify the poor, its possession does not guarantee inclusion into government social welfare (go to #1). It cannot reduce PDS or NREGA corruption as claimed in their early documents. Thankfully, PDS–NREGA corruption has been on the decline without Aadhaar – more needs to be done. (More details? Try this and this.)

Bihar shows how much corruption in the PDS can be reduced without Aadhaar. Credit: Reetika Khera

Aadhaar is not required for portability of benefits or for cash transfers. Cash transfers need bank accounts. To get a bank account, you need a proof of ID and a proof of address (go to #1). Aadhaar can help de-duplicate, but so can local biometrics (go to #3). We need to “reboot” the Aadhaar debate, starting on the right terms – why exactly do we need to create a centralised biometric database of Indian residents?

For more details visit https://cis-india.org/internet-governance/news/the-wire-march-23-2016-reetika-khera-debate-five-aadhaar-myths-that-dont-stand-up-to-scrutiny