Centre for Internet and Society

IRC22 Call for Sessions pdf

pranav — 2022-02-11T12:10:27Z

For more details visit https://cis-india.org/raw/irc22-call-for-sessions-pdf

Pandemic Technology takes its Toll on Data Privacy

Aman Nair and Pallavi Bedi — 2021-06-26T06:52:52Z

The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

The article by Aman Nair and Pallavi Bedi was published in the Deccan Herald on June 13, 2021.

People show Arogya Setu App installed in their phones while travelling by special New Delhi-Bilaspur train from New Delhi Railway Station. Credit: PTI File Photo

Jabalpur: A beneficiary shows his certificate on his mobile phone after receiving COVID-19 vaccine dose, at Gyan Ganga College in Jabalpur, Saturday, May 15, 2021. (PTI Photo)

At a time when technology is spawning smart solutions to combat Covid-19 worldwide, India’s digital response to the pandemic has stoked concerns that surveillance could pose threats to the privacy of the personal data collected. Be it apps or drones, there is widespread criticism that digital tools are being misused to share information without knowledge or consent. At the other end of the spectrum, the great urban-rural digital divide is hampering the already sluggish vaccination drive, exposing vulnerable populations to a fast-mutating virus.

Last year, the Centre, states and municipal corporations launched more than 70 apps relating to Covid-19, demonstrating the country’s digital-driven approach to handling the pandemic. Chief among these was the central government’s contact tracing app Aarogya Setu. Launched under the Digital India programme, the app quickly came under scrutiny over data privacy.

As per its privacy policy, Aarogya Setu collects personal details such as name, age, sex, profession and location. As there is no underlying legislation forming its basis, and in the absence of a personal data protection bill, serious privacy concerns regarding the collection, storage and use of personal data have been raised.

The government has attempted to mitigate these concerns with reassurances that the data will be used solely in tracing the spread of the virus. However, recent reports from the Kulgam district of Jammu and Kashmir point to the sharing of application data with police. This demonstrates how easy it is to use personal data for purposes other than which it was collected, and presents a serious threat to citizen privacy.

Though Aarogya Setu was initially launched as ‘consensual’ and ‘voluntary’, it soon became mandatory for individuals to download the app for various purposes such as air and rail travel (this order was subsequently withdrawn) and for government officials. Initially it was also mandatory for the private sector, but this was later watered down to state that employers should, on a ‘best effort basis', ensure that the app is downloaded by all employees having compatible phones. However, the ‘best effort basis’ soon translated into mandatory imposition for certain individuals, especially those working in the ‘gig economy’.

Several states had also launched apps for various purposes ranging from contact tracing of suspected Covid patients to monitoring the movement of quarantined patients. As a report by the Centre for Internet and Society observed, given the attention on Aarogya Setu, most of the apps launched by the state governments escaped scrutiny and public attention.Most of these apps either did not have a privacy policy or the policy was vague and often did not provide important details such as who was collecting the data, the time period for retaining the data and whether personal data could be shared with other departments, most notably, law enforcement.Apart from contact tracing apps, the pandemic also ushered in a wave of other apps and digital tools by the government. These include systems such as drones to check whether people are following Covid-19 norms and facial recognition cameras to report to the police whether someone has broken quarantine. Similar to Aarogya Setu, these tools have also largely been brought about in the absence of a legal and regulatory framework.
The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

The government is now planning to use facial recognition technology along with Aadhaar toauthenticate people before giving them vaccine shots.

Aarogya Setu is now linked with the vaccination process. Beneficiaries have been provided an option to register through Aarogya Setu. The pandemic has also provided a means for the government to bring in changes to health policies and introduce the National Health Data Management Policy for the creation of a Unique Health Identity Number for citizens.

Vaccination and digital platforms

The use of digital technology has extended to the vaccination process through the deployment of the Covid Vaccine Intelligence Network (Co-WIN) platform.During the first phase of inoculation, beneficiaries were required to register on the Co-WIN app while in the subsequent phases, registration was to be done on the Co-WIN website. The beneficiary is required to upload a photo identity proof.

While Aadhaar has been identified as one of the seven documents that can be uploaded for this, the Health Ministry has clarified that Aadhaar is not mandatory for registration either through Co-WIN or through Aarogya Setu. However, as per media reports, certain vaccination centres still seem to insist on Aadhaar identity even though beneficiaries may have used another identity proof to register on the Co-WIN website.

It is also pertinent to note that the website did not have a privacy policy till the Delhi High Court issued directions on June 2, 2021. The privacy policy hyperlinked on the Co-WIN app directed the user to the Health Data Policy of the National Health Data Management Policy, 2020.

The vaccination drive has been used as a means to push the health identity project forward as beneficiaries who have opted to provide Aadhaar identity proof have also been provided with a health identity number on their vaccination certificate. It is interesting to note that Co-WIN’s privacy policy now states that if the beneficiary uses Aadhaar as identity proof, it can 'opt' to get a Unique Health Id.However, as a recent report revealed, health identity numbers have already been generated for certain beneficiaries without obtaining consent from them for the purpose.

Have the apps been successful?

One could argue that privacy concerns are a worthwhile tradeoffin order to contain the spread of thepandemic. But it is worth examining how successful these technologies have been. In reality, the use of digital technology at every stage of combating the pandemic has clearly highlighted the extent of our digital divide. As per data from TRAI, there are around 750 million Internet subscribers in India,which is only a little more than half of India’s estimated 1.3 billion citizens — with this gap having a significant impact on the efficacy of the government’s strategies. Aarogya Setu has fallen far short of its goal, of having near universal adoption. It has limited adoption in much of the country. This has severely limited its efficacy in tracing the spread of the virus. Research from Maulana Azad Medical College has cited socio-economic inequalities,educational barriers and the lack of smartphone penetration as being the key causes behind the app’s limited success, pointing back to the digital divide. Moreover, the app has also brought with it a host of associated problems including lateral surveillance and function creep caused by the addition of new features. All of which, along with the previously mentioned privacy concerns, have served to hamper public trust and adoption.

A similar situation is seen in the case of vaccination and the Centre’s Co-WIN web portal. The need for registration, first on the Co-WIN app and later on the Co-WIN web portal, has disproportionately affected those who either have no or limited digital access. Many of them belong to vulnerable groups such as migrant and informal sector workers (mainly from disadvantaged castes), LGBTQIA + individuals, sex workers and both urban and rural poor. These issues have also been acknowledged by the Supreme Court, which raised serious concerns about the government being able to achieve its stated object of universal vaccination.

As the inoculation exercise opened up for the 18-45 age group, it increasingly favoured the urban population who possessed the technological and digital literacy to either create or access a host of tools. One need to only look at the wave of automated CO-WIN bots that arose as soon as the vaccination process was expanded to see how these dynamics manifested.

Ultimately, the digital-driven approach that the governments have adopted has resulted in a number of issues — most notably, data privacy and exclusion. Going forward, government strategies must actively account for these factors and ensure that citize rights are adequately protected.

For more details visit https://cis-india.org/internet-governance/blog/deccan-herald-aman-nair-and-pallavi-bedi-june-13-2021-pandemic-technology-takes-its-toll-on-data-privacy

Platforms, Power, and Politics Press Release pdf

pranav — 2021-06-29T13:06:22Z

For more details visit https://cis-india.org/raw/platforms-power-and-politics-press-release-pdf

Platforms, Power, and Politics pdf

pranav — 2021-07-07T15:15:20Z

For more details visit https://cis-india.org/raw/platforms-power-and-politics-pdf

The Boss Will See You Now - The Growth of Workplace Surveillance in India, is Data Protection Legislation the Answer?

Shweta Mohandas and Deepika Nandagudi Srinivasa — 2021-01-25T12:37:42Z

The use of pervasive technologies to monitor employees was picking up pace in India, the pandemic accelerated it. The pandemic has changed the way we work either through permanent work from home mandates for those who can work remotely, to heightened social distancing norms for office goers. A recent survey of 12,000 employees across the US, Germany, and India revealed that as of June 2020, some companies were forced to move up to 40 percent of the employees to remote working. Companies big and small now need to look at ways to ensure a returned trust in the product, the safety of the employee while also ensuring that the productivity picks up pace post lockdown. The safety standards which are mandated by the government include adequate social distancing, regular temperature checks, mandatory use of masks, and collection of information for tracing. Some private offices, as well as most government offices, have also mandated the compulsory downloading and verification of the status of the employee on the Aarogya Setu mobile application. All these measures and more are needed to be done daily and with the least human intervention. This is where technologies such as facial recognition, increased use of CCTV’s, and thermal screening come into play. In addition, for employees who are working remotely, there are a number of software and technologies that are being used to track them during and maybe even after working hours.

Employee Monitoring Technology in India

When companies collect data from the consumers, the company is mandated to reveal if they are sharing this data with third parties or government agencies. The consumer also has the right and the option to not choose a particular company or to withdraw their consent. In the case of employees, however, the data collected is more continuous, can be identified back to them, and can have an immediate and direct impact on their life; such as hiring, firing, or promotions. In light of this, the option to withdraw consent for employees leaves only two choices: either to consent to surveillance or lose their jobs.

The use of employee monitoring technologies such as facial recognition is not new in India. While there are a number of reports on how factories are being made safe, the people who bear the brunt of these measures are not consulted. In 2018, Tech Mahindra announced the rollout of facial recognition technology to record not just the attendance of their employees but also the “mood of the workforce”. In an interview regarding the implementation of such measures, Tech Mahindra’s spokesperson stated that the employee has the choice to consent to the use of such a system. However, in a similar interview, the Tech Mahindra group also stated that soon recording attendance through facial recognition would be mandatory.

Madurai Corporation has also introduced facial detection to record the attendance of the sanitation workers. Similarly or rather much worse, for some the surveillance is not limited to the confines of the workplace, for example, a report revealed that Panchkula’s Municipal Corporation had made their employees wear wearable devices called “Human Efficiency Tracker” to monitor the location as well as see and hear the sanitation worker. The report also stated that similar employee surveillance systems were being used in Mysore, Lucknow, Indore, Thane, Navi Mumbai, Nagpur, and Chandigarh. Closer home, building security app Mygate allows residents of an apartment complex to rate and review their domestic help, and can even prevent their access to the building once they are fired. However, the ratings are not two ways and the domestic help cannot rate the employer nor do they have a chance to question the actions and decisions taken about them.

The monitoring as we can see is not just limited to the confines of the physical workspace. A number of remote employee monitoring software have been in use for a while. These include software to monitor the online activity of the employees, from email and social media screeners, cameras that can record the amount of time spent on a webpage, laptops that take timed photos of the employee, to even technology that records the keystroke movement of the keyboard. A simple online search will reveal the number of companies that provide employee monitoring services. For example, XNSPY allows the employer to monitor every activity of the employee in their official devices from call records to emails, contacts, photos, and video, location, and even Whatsapp messages. According to the website this software once installed runs invisibly in the background, meaning that the employee might not even be aware of it being installed. Similarly, Bangalore-based EmpMonitor takes screenshots from the employee’s laptop at intervals determined by the employer, along with the provision to get the browsing history or the top apps used by the employee. EmpMonitor also states in its FAQ that the employer can capture all keystrokes by the employee including passwords. Similar to XNSPY, EmpMonitor also claims that it runs in the background invisibly, and “They also couldn’t stop being monitored”(sic).

As the sudden requirement to work from home has resulted in employees working on their personal devices, a mandatory requirement to download monitoring software can create grave issues about privacy. Another important issue that was highlighted in the report on the Panchkula’s Municipal Corporation sanitation workers, was the fear that they had about the supervisors listening to their private conversations when they had to take the device home at the end of the day for charging. A study of the women working in garment factories relieved that they were given no notice or explanation for the CCTV cameras that were being installed in their factories. These measures are also likely to say even when the pandemic is over.

These are just a few examples of the growing interest in using new technologies to know more about the employee not just what they do in the office but also outside of working hours. However, the few examples mentioned above expose how the employees working in the “blue-collar jobs” - domestic help, delivery personnel, factory workers, sanitation workers all faced a greater level and more pervasive surveillance, without so much as an intimation While employers that are already using pervasive technologies to monitor employees, they often justify it with quotes about employee satisfaction. However, in a system that is based on power imbalance, in addition to the looming fear of loss of income, and unemployment, there is very little that an employee can do to push back.

Covid and New Office Procedures here to stay?

The Coronavirus has now added extra dimensions to the existing features of employee monitoring, including ways to check the temperature of a person in a crowd as well as recognise people even through masks. The demand for systems with facial recognition, temperature screen, and mask enforcement has seen a growing demand especially in factories and large offices.

Mygate has also started providing temperature checks and masks compliance. In pursuance of this, employers are frequently notified about the employees’ body temperature as well as whether the worker has worn a mask or not. In June 2020, the Ministry of Health and Family Welfare released a new set of guidelines for resuming offices. The Standard Operating Procedure (SOP) made it mandatory for people working in public services who were also classified as essential workers to use the Aarogya Setu application. Several government offices across India such as Srinagar and Puducherry were also mandated to install and use the app. The use of the app was not limited to the public sector. Around April 2020, online food delivery service companies such as Grofers, Swiggy, and Zomato had mandated their delivery agents to use the app. The apps also displayed the temperature readings of the agents in addition to the people involved in preparing the food.

Although the mandatory nature of the app has been removed and most companies no longer require their employees to download the app, new instances of the enforcement of the app in the public sector emerge. For example, in January 2021, the Indian Railways resumed its e-catering services “RailRestro” while imposing the mandatory use of the Aarogya Setu app. The guidelines of the e-catering service in the Indian Railways also require mandatory thermal scanning of delivery agents and restaurant staff. It is anticipated that the use of the app might come back to prominence during the vaccination drive as well.

The Defence Research and Development Organisation (DRDO) is also looking at ways to record the attendance of employees by developing “artificial intelligence-based face recognition systems” which they plan to commercialise. Similarly, mobility apps such as Uber, in the process of resuming operations, and as a part of their safety measures, are requiring the drivers to take selfies to verify that they are wearing masks to the Uber's Real-Time ID Check system, and only then can the ride proceed.

The pushback to using these invasive apps is now slowing gaining speed. For example, the Indian Federation of App-Based Transport Workers (hereinafter “IFAT”), in a press statement, highlighted the issues with the use of the Aarogya Setu app. In their press note, the Federation highlighted the concerns with the use of the app, most importantly the possibility of misuse of the data and continued surveillance through the app. The statement also draws emphasis on the absence of a personal data protection bill, and the fear that the data collected through the app could be retained and processed in the future.

The Privacy Harms of surveillance of employees

The note by the IFAT on the use of Aarogya Setu best emphasises the uneasiness that comes with employee surveillance and the collection and processing of employee data. The note also shed light on the issues that could arise due to the use of monitoring apps (in this case, Aarogya Setu) on employees which included decisions about retaining or removing from employment based on the health data in the app, decisions based on the app to remove insurance cover and the possibility of the app being consulted to make decisions on payment and compensation. These concerns and more can be attributed to the plethora of employee monitoring apps and technologies.

When we look at employee surveillance and the different forms it can take, it can be understood that the issue is one of privacy as well as of data protection. When we look at the effects it has on privacy or the right to be let alone, a constant fear of being watched and recorded can have a detrimental impact on the person as well as a feeling that they are not trusted. As seen in the study of garment manufacturers - which is the case with most companies - the employees are not made aware that they are being monitored, something which the monitoring companies sometimes include in their advertisement. The decisions made based on these technologies are also not shared with the employees. As a result, they are often unaware of what the technology records and what decisions are made based on the time they come to work or the number of breaks they take.

Apart from the privacy harms, and the feeling of being watched, the data collected by employers poses a data protection issue. The collection of an employee’s data begins from the time of job application where the CV’s are vetted. However, there is no clarity on where the data collected through the application process is stored or if and when or whether they are being deleted. The terms of employment and contracts such as non-disclosure agreements are necessary, but also a way that can restrict the right of employees over their data.

Existing Frameworks for Protection

Although employee surveillance cannot be entirely avoided, there is a need to ensure that employees are not subjected to increased surveillance in the guise of increased productivity. Additionally, similar to the existing provisions of data protection in India allow companies to use vague provisions and unclear notice and choice-based framework to process consumer data, the absence of clear provisions for the processing of employee data puts employees at a greater disadvantage.

The Indian labour laws do not provide for provisions that deal with employee monitoring and surveillance. Hence, the provisions that are to be consulted which address the issue of data protection and privacy is the Information Technology (Amendment) Act, 2008 (hereinafter, “IT Act”) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (hereinafter, “IT Rules”). Section 72A of the IT Act protects personal information from unlawful disclosure in breach of contract. In addition, Section 43A of the IT Act empowers the Central Government to stipulate the IT Rules which seek to provide individuals certain rights with regards to their information. This section also provides for the protection of sensitive personal data or information (hereinafter, “SPDI”).

The IT Rules seeks to distinguish between personal information and SDPI. According to Rule 2(1)(i), personal information is defined as that information which directly or indirectly relates to a person, “in combination with other information available or likely to be available with a body corporate, is capable of identifying such person”. In comparison, Rule 3 fleshes out the composition of SDPI which includes examples of sensitive information are passwords, medical history, biometric information, sexual orientation, bank account details, physiological or mental health condition, etc.

Rule 5 of the IT Rules states that while collecting SDPI, the data collector should seek consent through writing and must ensure that the collection is based on the principles of legality and necessity. Rule 5 also states that the individual whose data is being collected should be made aware of the reason behind the collection of information and who would have access to such information. If an agency is involved in collecting and retaining the information pertaining to individuals, details of such agencies also need to be disclosed. The data collector must also practice purpose limitations, as stipulated under Rule 5, and is hence, precluded from retaining the information indefinitely.

It is imperative to note that Rule 8 read with Section 43A of the IT Act places civil liabilities on corporations in the event of mishandling SDPI. These liabilities involve compensating the individuals whose data has been mishandled. The aggrieved employee could approach an adjudicating officer appointed under the IT Act where the compensation claimed is up to INR 5 crores. However, if the compensation claimed exceeds INR 5 crore, the appropriate civil courts can be approached.

Although the IT Act and the SPDI Rules provide checks on the body corporate and means of recourse for non-compliance, there still exist several lacunas. Firstly, the provision of notice and consent does not require the companies to ensure that the terms and laid out in such a manner that the person consenting to the data can fully understand. Additionally, the absence of the need for renewed consent would mean that the consent would be used to justify further data collection and processing, at times with the use of new devices. For example, the consent given for CCTV surveillance could be construed as consent for setting up facial or gait recognition in the future.

Light at the end of the tunnel? - The Personal Data Protection Act

With regards to the current version of the draft Personal Data Protection Bill, 2019 (hereinafter, “Bill”), Section 13 provides the employer with a leeway into processing employee data other than sensitive personal data without consent based on two grounds: when consent is not appropriate, or when obtaining consent would involve disproportionate effort on the part of the employer. Furthermore, personal data can only be collected without consent for four purposes, namely, recruitment, termination, attendance, provision of any service or benefit, and assessing performance. These purposes comprehensively cover almost all activities that workers may potentially undertake, or be subjected to, as part of their work-life. However, with respect to this provision, the current version of the Bill is better than the 2018 version, which did not exclude sensitive personal data from non-consensual processing.

The Bill labels employees as “data principal” and provides them with a plethora of rights. These include the right to confirmation and access, portability of data, and withdrawal of consent. However, the present and earlier versions of the Bill fail to define “employee”, “employer”, or “employment”, with respect to the provisions of the Bill. This, in turn, brings out ambiguity as to whom these provisions address. There is no uniform labour law in India and every legislation, be it the Industrial Employment (Standing orders) Act or the Employee’s Compensation Act provides different conditions to be qualified as an employee, and sometimes only addresses workers or “workmen”. Hence, the lack of a clear indication as to whom this provision applies creates an added layer of ambiguity the effects of which would be borne by the employee.

However, the phrasing of employers as “data fiduciaries” provides that they are to ensure that collection and processing of data are in line with the principles of collection limitation and purpose limitation, is accurate, is stored securely, and only for the time period needed. Furthermore, the employer is required to provide notice to employees about their rights to confirmation, access, correction, and portability with respect to their data. The consent exception only extends to the collection of personal data and does not extend to the collection of sensitive personal data by employers. It is important to note that most of the data collected by employers and especially through new technologies is sensitive personal data - including financial data, and most importantly health data and biometrics. According to the Bill, sensitive personal data requires additional safeguards such as explicit consent.

The Bill also adds in another category of data fiduciaries - significant data fiduciaries, based on factors such as the volume of data processed, the sensitivity of that data, risk of harms, and the use of technologies. The Bill also requires that if these data fiduciaries undergo processing by involving new technologies, or use sensitive data such as genetic or biometric data such processing should only be done after a data protection impact assessment. However, until the PDP Bill becomes law all these provisions and safeguards cannot be used against the current and rapid adoption of surveillance technologies in the workplace.

Conclusion

While we do not know what the provisions relating to employee data would be in the final version of the PDP Bill, policies are already in the way to make it easier to share employee data. The Ministry of Skill Development and Entrepreneurship in its report on Adopting e-Credentialing in the Skilling Ecosystem states how the digital skill credential could be used to allow employers to verify the credentials of the applicants. The policy itself states that the anonymised data from these credentials could be used in data and analytics and to know the most sought after skills. Interestingly, a study conducted by Rocher et al. revealed that even datasets that have gone through the de-identification process or anonymised datasets could, in fact, be re-identified with 99.98% accuracy. Although the PDP Bill in its current version provides some rights to the employees over their data, it is yet to be made into an Act.

In the current situation, one can only hope that the steps taken for more and more data collection and surveillance of employees during the pandemic are not continued after the pandemic ends. While the fear of mission creep and function creep by the government through contact tracing apps looms, the same is dire in the case of workplaces where employees are already vulnerable due to the erosion of labour laws, pay cuts, and the looming threat of unemployment.

The push towards new ways of data collection should ideally happen when there is a means for the individual to question or seek clarification and hopefully have a choice and autonomy. Hence, it is imperative that these pervasive technologies are implemented on keeping a “rights-friendly” approach, as observed in other countries. Employers and workplaces should look at ways to ensure the safety of the employee and ensure trust in them, instead of using technology as a placebo, for example instead of being concerned about employees turning to work sick, or with fever (measures such as temperature checks and health monitoring) wouldn’t it be just easy to let the person rest and recover at home? Or if employees were not complying with the mask policy, maybe providing them with washable masks and educating them about the concerns for their health as well, instead of resorting to facial recognition for the same.

____________________________________________________________

Edited by Arindrajit Basu

With inputs from Shweta Reddy, Sumandro Chattapadhyay, and Shruti Trikanad

For more details visit https://cis-india.org/internet-governance/blog/the-boss-will-see-you-now-the-growth-of-workplace-surveillance-in-india-is-data-protection-legislation-the-answer

The Geopolitics of Cyberspace: A Compendium of CIS Research

arindrajit — 2021-11-15T14:48:49Z

Cyberspace is undoubtedly shaping and disrupting commerce, defence and human relationships all over the world. Opportunities such as improved access to knowledge, connectivity, and innovative business models have been equally met with nefarious risks including cyber-attacks, disinformation campaigns, government driven digital repression, and rabid profit-making by ‘Big Tech.’ Governments have scrambled to create and update global rules that can regulate the fair and equitable uses of technology while preserving their own strategic interests.

With a rapidly digitizing economy and clear interests in shaping global rules that favour its strategic interests, India stands at a crucial juncture on various facets of this debate. How India governs and harnesses technology, coupled with how India translates these values and negotiates its interests globally, will surely have an impact on how similarly placed emerging economies devise their own strategies. The challenge here is to ensure that domestic technology governance as well as global engagements genuinely uphold and further India’s democratic fibre and constitutional vision.

Since 2018, researchers at the Centre for Internet and Society have produced a body of research including academic writing, at the intersection of geopolitics and technology covering global governance regimes on trade and cybersecurity, including their attendant international law concerns, the digital factor in bilateral relationships (with a focus on the Indo-US and Sino-Indian relationships). We have paid close focus to the role of emerging technologies in this debate, including AI and 5G as well as how private actors in the technology domain, operating across national jurisdictions, are challenging and upending traditionally accepted norms of international law, global governance, and geopolitics.

The global fissures in this space matter fundamentally for individuals who increasingly use digital spaces to carry out day to day activities: from being unwitting victims of state surveillance to harnessing social media for causes of empowerment to falling prey to state-sponsored cyber attacks, the rules of cyber governance, and its underlying politics. Yet, the rules are set by a limited set of public officials and technology lawyers within restricted corridors of power. Better global governance needs more to be participatory and accessible. CIS’s research and writing has been cognizant of this, and attempted to merge questions of global governance with constitutional and technical questions that put individuals and communities centre-stage.

Research and writing produced by CIS researchers and external collaborators from 2018 onward is detailed in the appended compendium.

Compendium

Global cybersecurity governance and cyber norms

Two decades since a treaty governing state behaviour in cyberspace was mooted by Russia, global governance processes have meandered along. The security debate has often been polarised along “Cold War” lines but the recent amplification of cyberspace governance as developmental, social and economic has seen several new vectors added to this debate. This past year two parallel processes at the United Nations General Assembly’s First Committee on Disarmament and International Security-United Nations Group of Governmental Experts (UN-GGE) and the United Nations Open Ended Working Group managed to produce consensus reports but several questions on international law, norms and geopolitical co-operation remain. India has been a participant at these crucial governance debates. Both the substance of the contribution, along with its implications remain a key focus area for our research.

Edited Volumes

Karthik Nachiappan and Arindrajit Basu India and Digital World-Making, Seminar 731, 1 July 2020 (featuring contributions from Manoj Kewalramani, Gunjan Chawla, Torsha Sarkar, Trisha Ray, Sameer Patil, Arun Vishwanathan, Vidushi Marda, Divij Joshi, Asoke Mukerji, Pallavi Raghavan, Karishma Mehrotra, Malavika Raghavan, Constantino Xavier, Rajen Harshe' and Suman Bery)

Long-Form Articles

Arindrajit Basu and Elonnai Hickok, Cyberspace and External Affairs: A Memorandum for India (Memorandum, Centre for Internet and Society, 30 Nov 2018)
The Potential for the Normative Regulation of Cyberspace (White Paper, Centre for Internet and Society, 30 July 2018)
Arindrajit Basu and Elonnai Hickok Conceptualizing an International Security Architecture for cyberspace (Briefings of the Global Commission on the Stability of Cyberspace, Bratislava, Slovakia, May 2018)
Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah, and Akriti Bopanna, India's contribution to internet governance debates (NLUD Student Law Journal, 2018)

Blog Posts and Op-eds

Arindrajit Basu, Irene Poetranto, and Justin Lau, The UN struggles to make progress in cyberspace, Carnegie Endowment for International Peace, May 19th, 2021
Andre’ Barrinha and Arindrajit Basu, Could cyber diplomacy learn from outer space, EU Cyber Direct, 20th April 2021
Arindrajit Basu and Pranesh Prakash, Patching the gaps in India’s cybersecurity, The Hindu, 6th March 2021
Arindrajit Basu and Karthik Nachiappan, Will India negotiate in cyberspace?, Leiden Security and Global Affairs blog,December 16, 2020
Elizabeth Dominic, The debate over internet governance and cybercrimes: West vs the rest?, Centre for Internet and Society, June 08, 2020
Arindrajit Basu, India’s role in Global Cyber Policy Formulation, Lawfare, Nov 7, 2019
Pukhraj Singh, Before cyber norms,let's talk about disanalogy and disintermediation, Centre for Internet and Society, Nov 15th, 2019
Arindrajit Basu and Karan Saini, Setting International Norms of Cyber Conflict is Hard, But that Doesn’t Mean that We Should Stop Trying, Modern War Institute, 30th Sept, 2019
Arindrajit Basu, Politics by other means: Fostering positive contestation and charting red lines through global governance in cyberspace (Digital Debates, Volume 6, 2019)
Arindrajit Basu, Will the WTO Finally Tackle the ‘Trump’ Card of National Security? (The Wire, 8th May 2019)

Policy Submissions

Arindrajit Basu, CIS Submission to OEWG (Centre for Internet and Society, Policy Submission, 2020)
Aayush Rathi, Ambika Tandon, Elonnai Hickok, and Arindrajit Basu. “CIS Submission to UN High-Level Panel on Digital Cooperation.” Policy submission. Centre for Internet and Society, January 2019.
Arindrajit Basu,Gurshabad Grover, and Elonnai Hickok. “Response to GCSC on Request for Consultation: Norm Package Singapore.” Centre for Internet and Society, January 17, 2019.
Arindrajit Basu and Elonnai Hickok. Submission of Comments to the GCSC Definition of ‘Stability of Cyberspace (Centre for Internet and Society, September 6, 2019)

Digital Trade and India's Political Economy

The modern trading regime and its institutions were born largely into a world bereft of the internet and its implications for cross-border flow and commerce. Therefore, regulatory ambitions at the WTO have played catch up with the technological innovation that has underpinned the modern global digital economy. Driven by tech giants, the “developed” world has sought to restrict the policy space available to the emerging world to impose mandates regarding data localisation, source code disclosure, and taxation - among other initiatives central to development. At the same time emerging economies have pushed back, making for a tussle that continues to this day. Our research has focussed both on issues of domestic political economy and data governance,and the implications these domestic issues have on how India and other emerging economies negotiate at the world stage.

Long-Form articles and essays

Arindrajit Basu, Elonnai Hickok and Aditya Chawla, T he Localisation Gambit: Unpacking policy moves for the sovereign control of data in India (Centre for Internet and Society, March 19, 2019)
Arindrajit Basu,Sovereignty in a datafied world: A framework for Indian diplomacy in Navdeep Suri and Malancha Chakrabarty (eds) A 2030 Vision for India’s Economic Diplomacy (Observer Research Foundation 2021)
Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu, Cross Border Data-Sharing and India (Centre for Internet and Society, 2018)

Blog posts and op-eds

Arindrajit Basu, Can the WTO build consensus on digital trade, Hinrich Foundation,October 05,2021
Amber Sinha, The power politics behind Twitter versus Government of India, The Wire, June 03, 2021
Karthik Nachiappan and Arindrajit Basu, Shaping the Digital World, The Hindu, 30th July 2020
Arindrajit Basu and Karthik Nachiappan, India and the global battle for data governance, Seminar 731, 1st July 2020
Amber Sinha and Arindrajit Basu, Reliance Jio-Facebook deal highlights India’s need to revisit competition regulations, Scroll, 30th April 2020
Arindrajit Basu and Amber Sinha, The realpolitik of the Reliance-Jio Facebook deal, The Diplomat, 29th April 2020
Arindrajit Basu, The Retreat of the Data Localization Brigade: India, Indonesia, Vietnam, The Diplomat, Jan 10, 2020
Amber Sinha and Arindrajit Basu, The Politics of India’s Data Protection Ecosystem, EPW Engage, 27 Dec 2019
Arindrajit Basu and Justin Sherman, Key Global Takeaways from India’s Revised Personal Data Protection Bill, Lawfare, Jan 23, 2020
Nikhil Dave,“Geo-Economic Impacts of the Coronavirus: Global Supply Chains.” Centre for Internet and Society , June 16, 2020.

International Law and Human Rights

International law and human rights are ostensibly technology neutral, and should lay the edifice for digital governance and cybersecurity today. Our research on international human rights has focussed on global surveillance practices and other internet restrictions employed by a variety of nations, and the implications this has for citizens and communities in India and similarly placed emerging economies. CIS researchers have also contributed to, and commented on World Intellectual Property Organization negotiations at the intersection of international Intellectual Property (IP) rules and the human rights.

Long-form article

Arindrajit Basu, Extra Territorial Surveillance and the incapacitation of international human rights law, 12 NUJS LAW REVIEW 2 (2019)
Gurshabad Grover and Arindrajit Basu, ”Internet Blockage”(Scenario contribution to NATO CCDCOE Cyber Law Toolkit,2021)
Arindrajit Basu and Elonnai Hickok, Conceptualizing an international framework for active private cyber defence (Indian Journal of Law and Technology, 2020)
Arindrajit Basu,Challenging the dogmatic inevitability of extraterritorial state surveillance in Trisha Ray and Rajeswari Pillai Rajagopalan (eds) Digital Debates: CyFy Journal 2021 (New Delhi:ORF and Global Policy Journal,2021)

Blog Posts and op-eds

Arindrajit Basu, “Unpacking US Law And Practice On Extraterritorial Mass Surveillance In Light Of Schrems II”, Medianama, 24th August 2020
Anubha Sinha, “World Intellectual Property Organisation: Notes from the Standing Committee on Copyright Negotiations (Day 1, Day 2, Day 3 and 4)”, July 2021
Raghav Ahooja and Torsha Sarkar,How (not) to regulate the internet:Lessons from the Indian Subcontinent,Lawfare,September 23,2021,

Bilateral Relationships

Technology has become a crucial factor in shaping bilateral and plurilateral co-operation and competition. Given the geopolitical fissures and opportunities since 2020, our research has focussed on how technology governance and cybersecurity could impact the larger ecosystem of Indo-China and India-US relations. Going forward, we hope to undertake more research on technology in plurilateral arrangements, including the Quadrilateral Security Dialogue.

Arindrajit Basu and Justin Sherman, The Huawei Factor in US-India Relations,The Diplomat, 22 March 2021
Aman Nair, “TIkTok: It’s Time for Biden to Make a Decision on His Digital Policy with China,” Centre for Internet and Society, January 22, 2021,
Arindrajit Basu and Gurshabad Grover, India Needs a Digital Lawfare Strategy to Counter China, The Diplomat, 8th October 2020
Anam Ajmal, The app ban will have an impact on the holding companies...global power projection begins at home, Times of India, July 7th, 2020 (Interview with Arindrajit Basu)
Justin Sherman and Arindrajit Basu, Trump and Modi embrace, but remain digitally divided, The Diplomat, March 05th, 2020

Emerging Technologies

Governance needs to keep pace with the technological challenges posed by emerging technologies, including 5G and AI. To do so an interdisciplinary approach that evaluates these scientific advances in line with the regimes that govern them is of utmost importance. While each country will need to regulate technology through the lens of their strategic interests and public policy priorities, it is clear that geopolitical tensions on standard-setting and governance models compels a more global outlook.

Long-Form reports

Anoushka Soni and Elizabeth Dominic, Legal and Policy implications of Autonomous weapons systems (Centre for Internet and Society, 2020)
Aayush Rathi, Gurshabad Grover, and Sunil Abraham, Regulating the internet: The Government of India & Standards Development at the IETF (Centre for Internet and Society, 2018)

Blog posts and op-eds

Aman Nair, Would banning Chinese telecom companies make India 5G secure in India? Centre for Internet and Society, 22nd December 2020
Arindrajit Basu and Justin Sherman, Two New Democratic Coalitions on 5G and AI Technologies, Lawfare, 6th August 2020
Nikhil Dave, The 5G Factor: A Primer, Centre for Internet and Society, July 20, 2020.
Gurshabad Grover, The Huawei bogey Indian Express, May 30th, 2019
Arindrajit Basu and Pranav MB, What is the problem with 'Ethical AI'?:An Indian perspective, Centre for Internet and Society, July 21, 2019

(This compendium was drafted by Arindrajit Basu with contributions from Anubha Sinha. Aman Nair, Gurshabad Grover, and Pranav MB reviewed the draft and provided vital insight towards its conceptualization and compilation. Dishani Mondal and Anand Badola provided important inputs at earlier stages of the process towards creating this compendium)

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research

IRC 22 - Proposed Session - # ActFromHome

Admin — 2022-04-25T12:46:10Z

Details of a session proposed for the Internet Researchers' Conference 2022 - #Home.

Internet Researchers' Conference 2022 - # Home - Call for Sessions

Session Type: Workshop or Collaborative Working Session

Session Plan

Objectives of the Session

With the onset of the COVID-19 pandemic, nations across the world instituted a range of public health measures that limited mobility in many areas, while confining families to homes for indefinite periods of time. Poverty, unemployment and other forms of inequality rose - both within and outside the home. Further, angst against various issues rose- worsening climate injustices, racial violence, gender discrimination, arbitrary layoffs across workplaces, and silencing of minority voices. In a pre-pandemic era, such issues would have elicited physical protest movements by the groups concerned, but with limited mobility - the digital space has become an arena for home-based protests and movements.

This workshop seeks to answer a fundamental question: “Can democracies under crisis survive the home based protests across digital platforms?” It will highlight the role of emerging technologies in shaping the role of home-based digital protests across nations and cultures, with a specific focus on perspectives from Israel and India. Further, it will analyse the immense opportunities and pitfalls of driving home-based social movements on digital platforms. Moreover, the workshop will investigate the ambiguous positioning of online government surveillance and content moderation on collective human rights, with a specific focus on human rights within the home. In addition, it will examine the impact of digital home-based protests upon the aptness and scope of modern democratic regimes.

Course of the Session and Work Division

Overview on the role of digital spaces and emerging technologies in promoting the role of the home as a space for protest
Thought exercise involving participants in analysing the merits and demerits of digitising home-based social movements.
Discussion on government surveillance and content moderation
Discussion on the impact of digital home-based protests
Group work involving participants in designing a digital social movement for a given cause (from a range of causes including climate action, gender equality, vaccine nationalism etc.)

Session Team

Maya Sherman is an Israeli Weidenfeld-Hoffmann leadership Scholar and MSc student of Social Sciences of the Internet at the Oxford Internet Institute, exploring the aptness of digital surveillance policies in democratic regimes. At Oxford, she was selected to represent the university in the Europaeum Policy Seminar, discussing data governance and stargu in the EU, as well as serving as one of 100 promising young leaders in the Global Leadership Challenge 2021. Maya is currently leading several research and policy projects and teams of AI for Good, cooperating with big tech companies as Dell and Microsoft in the UK.

Rai Sengupta is currently pursuing an MSc in Evidence-Based Social Intervention and Policy Evaluation at the University of Oxford. She is the recipient of the prestigious Weidenfeld Hoffmann Scholarship, a

prestigious full scholarship to Oxford which is granted to 35 scholars globally, in a bid to cultivate the leaders of tomorrow. While at Oxford, Rai is working as a consultant with the Asian Development Bank, helping to

integrate Environmental, Social and Governance (ESG) considerations across the national statistical infrastructure of 5 Asian nations.

For more details visit https://cis-india.org/raw/irc22-proposed-session-actfromhome

IRC22 - Proposed Session - #DigitisingCrisesRemakingHome

Admin — 2022-04-25T12:23:42Z

Details of a session proposed for the Internet Researchers' Conference 2022- #Home.

Internet Researchers' Conference 2022 - # Home - Call for Sessions

Session Type: Panel Discussion

Session Plan

The session is planned as a panel discussion between three scholars on three distinct, interconnected notions of home – specifically the home as a dwelling unit, an administrative unit (such as a municipality, a city, or a state), and a country (or a nation state) in the context of India. We intend to parse these ideas within the context of the ongoing Covid-19 pandemic to discuss notions of ‘safety’, ‘trust’, ‘support’, and ‘access’ by examining the digital turn in all three kinds of ‘home’. The session will open with the scholars speaking to each other, and laying out the central ideas. The conversation between the three scholars will act as provocations to enable a larger discussion with other attendees.

In 2020, when the first Covid-19 lockdowns began, the internet was discussed as a space of solidarity, of meeting, entertainment, work, and of support. But soon it became evident that access to such spaces of solidarity or support was not necessarily equal. While for some it was almost non-existent, for many others it was limited or regulated. In the Indian context these differences only stood out further due to unequal access to infrastructure, healthcare, and even basic necessities such as food that was starkly apparent in the long march of several thousand migrant workers from cities back to their ‘homes’ in rural areas at the height of the Indian summer.

At the national level, the digital response to the pandemic was most palpable. The use of contact tracing through apps such as Aarogya Setu, the CoWin portal for vaccinations, and the often arbitrary use of drones, facial recognition, and artificial intelligence have raised questions about surveillance, inclusion, and how useful technology can be in assisting a public health crisis. Often such responses reflected a law and order response to what has been a public health crisis. On the other hand, the establishment of Vande Bharat missions to bring stranded Indians from around the world ‘back home to India’ presented a very different idea of home.

Administrative units at the state and local levels had differing procedures and interventions. Many attempted to follow the guidelines and interventions laid out by the central government, others introduced their own digital solutions but soon found that these were not enough to actually deliver governance during the pandemic.

This session will explore the ‘how’ and ‘why’ of the digital becoming the default mode of managing the pandemic–or any sort of threat. We ask if the idea of ‘home’ as a ‘safe space’ had ever really been so and whether the pandemic exacerbated existing exploitative mechanisms within a ‘home’ – be it the dwelling, the city, or even one’s country. We also intend to discuss issues of access, surveillance, privacy, vulnerability, the burdens of care-work, the exploitative extraction of data, and divergent understandings of consent frameworks within these three axes of the idea of the ‘home’.

Session Team

Vidya Subramanian is Raghunathan Family Fellow, South Asia Institute, Harvard University. She is an interdisciplinary scholar whose research interests lie at the intersection of technologies and societies. Her current research investigates the changing nature of citizenship in the technological society we now inhabit. Focusing on India, her research is loosely framed by two large issues: the first is the colonisation of the everyday so-called real world by the digital; and the second is how power permeates and is implicated in such technologies.

Kalindi Kokal is Post Doctoral Fellow, Centre for Policy Studies, IIT Bombay. She has a doctorate in law from the Martin Luther University, Halle-Wittenberg, Germany. Her doctoral work centred on understanding how non-state actors in dispute processing engage with state law. Her dissertation is an ethnographic study of dispute-processing mechanisms in two rural communities in the states of Maharashtra and Uttarakhand in India. She works on understanding how the manner in which people actually experience state law coupled with their perceptions of dispute resolution and state courts underscore the need to explore broader understandings of law and dispute resolution.

Uttara Purandare is PhD Researcher, IITB-Monash Research Academy. She is pursuing her PhD in Public Policy under a joint programme offered by IIT Bombay and Monash University. Her area of research is smart cities. Looking specifically at the intersection of technology, gender, and governance, Uttara’s research focuses on how safety and surveillance are constructed by the smart city rhetoric and the role of private sector firms in governing the smart city. The COVID-19 pandemic and the technologies that have been introduced by national governments and smart cities purportedly to curb the spread of the virus have raised interesting questions about privacy and citizens’ rights during a crisis. Uttara is presently exploring some of these questions within the Indian context.

For more details visit https://cis-india.org/raw/irc22-proposed-session-digitisingcrisesremakinghome

UN Questionnaire on Digital Innovation, Technologies and Right to Health

Pahlavi and Shweta Mohandas — 2022-11-21T16:10:06Z

The Centre for Internet & Society (CIS) contributed to the questionnaire put out by the Office of the United Nations High Commissioner for Human Rights, on digital innovation, technologies and the right to health. The responses were authored by Pahlavi and Shweta Mohandas, and edited by Indumathi Manohar.

Questionnaire

1. What are benefits of increased use of digital technologies in the planning and delivery of health information, services and care? Consider the use of digital technologies for healthcare services, the collection and use of health-related data, the rise of social media and mobile phones, and the use of artificial intelligence specifically to plan and deliver healthcare. Please share examples of how such technologies benefited specific groups. How have digital technologies contributed to availability, accessibility, acceptability and quality of healthcare? Has the use of artificial intelligence improved access to health information, services and care? Please comment on existing or emerging biases in health information, services and care.

The use of digital technologies and forms of digital health interventions has seen an increase in interest from governments, industries, as well as individuals since the beginning of the pandemic. The lockdowns, and other social distancing measures created a push towards telemedicine and online consultations. Digital health services provide a number of people the opportunity to seek medical help without traveling, which particularly help people with accessibility needs, the elderly, and anyone else that has difficulty in movement.1 Telemedicine can also help meet the challenges of healthcare delivery to rural and remote areas, in addition to serving as a means of training and education.2

The pandemic brought about a push towards telehealth and telemedicine and the telemedicine market has been reported to touch $5.4 Bn by 2025,3 with a number of applications working to make it more accessible to people in India. With respect to AI there has been some adoption of AI in India to help the most vulnerable group of people. For example: Microsoft has teamed up with the Government of Telangana to use cloud-based analytics for the Rashtriya Bal Swasthya Karyakram program by adopting MINE (Microsoft Intelligent Network for Eyecare), an AI platform to reduce avoidable blindness in children.4 Similarly Philips Innovation Campus (PIC) in Bengaluru, Karnataka is harnessing technology to make solutions for TB detection from chest x-rays, and a software solution (Mobile Obstetrics Monitoring) to identify and manage high-risk pregnancies.5 More recently IWill by ePsyClinic, a mental-health platform in India, has received a grant from Microsoft's 'AI for Accessibility' program to accelerate the building of a Hindi-based AI Mental Health conversational program.6

However the use of digital technologies and online medical interventions has also widened the increasing gap between those who can afford a smart phone and internet and those who cannot. A digital-only health intervention also results in excluding a wide number of people who do not have a smartphone, for example the Indian contact-tracing app, Aarogya Setu, which was a mandatory download to access public places during the lockdown was initially only available via a smartphone. Additionally, the app initially was not compatible with screen readers.7 The disparities in digital access and infrastructure is not limited to individuals— a report by the Ministry of Electronics and Information Technology India highlighted that the government hospitals and dispensaries have very little ICT infrastructure with only some major public hospitals having computers and connectivity.8

As stated above, the adoption of digital health technologies is not uniform around the world, and the people who are not able to access these technologies missed being included in the data that is being collected by these systems, further excluding from the data set which might be used to train future interventions. In the same light, digital technologies such as AI based screening are based on historical data that have been proved to contain biases against

marginalised communities. Continuing to use these systems without addressing these biases and or including more diverse dataset results in the same people being marginalised and misdiagnosed further. For example, safety apps where data is provided by limited people could identify Dalit and Muslim areas as unsafe, reflecting the prejudices of the app’s middleand upper-class users.9 While this has not been revealed in healthcare apps, the growing use of CCTVs and subsequent use of facial recognition in only certain pockets of the city reveal the historical biases in the police system that lead to targeted surveillance.10

2. How has the rise of web platforms and social media increased access to health information and services, or conversely, increased risk of misdiagnosis or other harms? Please share examples of ways in which social media and web platforms facilitated innovation in access to evidence-based health information and services, or created new threats of discrimination, mental health harms, or online or offline violence.

Social media platforms have helped people immensely during the pandemic. For example, when people reached out to strangers for help for hospital beds and oxygen. However, the benefits of such were limited to people who were on social media and had the reach and networks to share such information.11Furthermore, social media and messaging apps such as Whatsapp also led to the spread of misinformation during the pandemic. For example a Whatsapp message claiming to be from the Ministry of Aayush which permitted homeopathy doctors to treat Covid19 spread significantly, leading to the official government channels clarifying that it is fake and cautioning people against it.12 It was also noted that at times when women shared requests for beds or oxygen during covid on social media, they were faced with fake calls, stalking and trolling on social media, making it harder for them to seek help.

3. How has the right to privacy been impacted by the use of digital technologies for health? Please share examples of ways in which data gathered from digital technologies have been used by States, commercial entities or other third parties to either benefit or harm groups regarding the right to health.

In 2006, the National e-Governance Plan (NeGP) was approved by the Indian State wherein a massive infrastructure was developed to reach the remotest corners and facilitate easy access of government services efficiently at affordable costs.13There has been a paradigm shift in the Indian state’s governance strategy, with severe implications for privacy and inclusion. However, this shift has been undertaken primarily through a series of administrative orders with no real legislative mandate and minimal judicial oversight. This digitisation began with services such as taxation, land record, passport details, but it soon extended its ambit, and it now covers most services for which the citizen is dependent upon the state— the latest being digital health.

In the Indian context, there have been a number of policies that have been published which dealt with digital health. The policies looked at creating a digital health ID, digitisation of health data, and the management of health data. However these policies are being introduced without the existence of a comprehensive data protection legislation. While there are certain safeguards mentioned in each policy, without privacy and data protection legislation it is impossible to ensure compliance and the rights of the data owners. This issue became a reality when during the vaccination for Covid, some vaccination centres created Health ID for people without their consent.14

4. What are current strengths or weaknesses of digital health governance at national, regional and global levels? Please provide examples of laws, regulations or other safeguards that has been put in place to protect and fulfill the rights to health, privacy, and confidentiality within the use of digital technologies for health? Do restrictive laws or law enforcement create any specific challenges for persons using digital technologies to access health information or services?

Digitisation of the healthcare system in India had started prior to the pandemic. However, the pandemic also saw a slew of digitisation policies being rolled out, the most notable being the National Digital Health Mission (re-designed as the Aayushman Bharat Digital Mission) which empowered and saw the government use the vaccination process to generate Health IDs for citizens, in several reported cases without their knowledge or consent.15 The entire digitisation process has been undertaken in the absence of any legislative mandate or judicial oversight. It has primarily been undertaken through issuance of executive notifications and resulting in absent or inadequate grievance redressal mechanisms.

The rollout of the NDHM also saw health IDs being generated for citizens. In several reported cases across states, this rollout happened during the Covid-19 vaccination process— without the informed consent of the concerned person. All of these developments took place in the absence of a data protection law and a law regulating the digital health sphere, raising critical concerns around citizens’ privacy and the governance and oversight mechanisms for digital health initiatives.

Valdez, R. S., Rogers, C. C., Claypool, H., Trieshmann, L., Frye, O., Wellbeloved-Stone, C., & Kushalnagar, P. (2021). Ensuring full participation of people with disabilities in an era of telehealth. Journal of the American Medical Informatics Association, 28(2), 389-392.
Paul, Hickok, Sinha, & Tiwari. (2018). Artificial Intelligence in the Healthcare Industry in India. Centre for Internet and Society India. Retrieved November 15, 2022, from https://cis-india.org/internet-governance/ai-and-healthcare-report/view
Dayalani, V., K., H., S., G., R., T., & M., L. (2021, February 15). 1mg Rises In Indian Telemedicine Space As Sector Set To Touch $5.4 Bn Market Size by 2025. Inc42 Media. Retrieved November 15, 2022, from https://inc42.com/datalab/telemedicine-a-post-covid-reality-in-india/
Government of Telangana adopts Microsoft Cloud and becomes the first state to use Artificial Intelligence for eye care screening for children - Microsoft Stories India. (2017, August 3). Microsoft Stories India. Retrieved November 15, 2022, from https://news.microsoft.com/en-in/governmenttelangana-adopts-microsoft-cloud-becomes-first-state-use-articial-intelligence-eye-care-screeningchildren/
D’Monte, L. (2017, February 15). How Philips is using AI to transform healthcare. Mint. Retrieved November 15, 2022, from https://www.livemint.com/Science/yxgekz1jJJ3smvvRLwmaAL/How-Philips-is-using-AI-to-transformhealthcare.html
PTI. (2022, November 11). Microsoft supports IWill with “AI for Accessibility” grant to develop AI CBT mental health program for 615 million Hindi users. Microsoft Supports IWill With “AI for Accessibility”Grant to Develop AI CBT Mental Health Program for 615 Million Hindi Users. Retrieved November 15,2022, from https://www.ptinews.com/pti/Microsoft-supports-IWill-with--AI-for-Accessibility--grant-todevelop-AI-CBT-mental-health-program-for-615-million-Hindi-users/58238.html
Nath. (2020, May 2). Coronavirus | Mandatory Aarogya Setu app not accessible to persons with disabilities.Coronavirus | Mandatory Aarogya Setu App Not Accessible to Persons With Disabilities - the Hindu. Retrieved November 15, 2022, from https://www.thehindu.com/news/national/coronavirus-mandatory-aarogya-setu-app-notaccessible-to-persons-with-disabilities/article31489933.ece
Sharma, N. C. (2018, July 16). Adoption of e-medical records facing infra hurdles: Report. Mint. Retrieved November 15, 2022, from https://www.livemint.com/Politics/CucBmKaoWLZuSf1Y9VaafM/Adoption-of-emedical-recordsfacing-infra-hurdles-Report.html
https://www.livemint.com/news/world/ai-algorithms-far-from-neutral-in-india-11613617957200.html
Vipra. (n.d.). The Use of Facial Recognition Technology for Policing in Delhi. Vidhi Centre for Legal Policy. Retrieved November 15, 2022, from https://vidhilegalpolicy.in/research/the-use-of-facial-recognition-technology-for-policingin-delhi/
Kalra, A., & Ghoshal, D. (2021, April 21). Twitter becomes a platform of hope amid the despair of India’s COVID crisis. Reuters. Retrieved November 15, 2022, from https://www.reuters.com/world/india/twitterbecomes- platform-hope-amid-despair-indias-covid-crisis-2021-04-21/
Times of India . (2020, April 29). WhatsApp message on Homeopathy and coronavirus treatment is fake- Times of India. The Times of India. Retrieved November 15, 2022, from https://timesondia.indiatimes.com/gadgets-news/whatsapp-message-on-homeopathy-and-coronavirustreatment-is-fake/articleshow/75425274.cms
Amber Sinha, Pallavi Bedi and Amber Sinha, “Techno-Solutinist Responses to Covid 19”, EPW, Vol LVI, No. 29, July 17, 2021 Retrieved from: https://www.epw.in/journal/2021/29/commentary/technosolutionist-responses-covid-19.html
Rana, C. (2021, October 1). COVID-19 vaccine beneficiaries were assigned unique health IDs without their consent.The Caravan. Retrieved November 15, 2022, from https://caravanmagazine.in/health/covid-19-vaccinebeneficiaries-were-assigned-unique-health-ids-without-their-consent

For more details visit https://cis-india.org/internet-governance/un-questionnaire-digital-innovation-technologies-right-to-health

Parichiti - Domestic Workers’ Access to Secure Livelihoods in West Bengal

Anchita Ghatak — 2020-12-30T10:01:36Z

This report by Anchita Ghatak of Parichiti presents findings of a pilot study conducted by the author and colleagues to document the situation of women domestic workers (WDWs) in the lockdown and the initial stages of the lifting of restrictions. This study would not have been possible without the WDWs who agreed to be interviewed for this study and gave their time generously. We are grateful to Dr Abhijit Das of the Centre for Health and Social Justice for his advice and help. The report is edited by Aayush Rathi and Ambika Tandon, and this work forms a part of the CIS’s project on gender, welfare and surveillance supported by Privacy International, United Kingdom.

Domestic Workers’ Access to Secure Livelihoods in West Bengal: Read (PDF)

Cross-posted from Parichiti.

Executive Summary

Hundreds of thousands of women from poor communities work as domestic workers in Kolkata. Domestic work is typically a precarious occupation, with very little recognition in legislation or policy. Along with other workers in the informal economy, women domestic workers (WDWs) were severely impacted by the national lockdown enforced in March, with loss of livelihood and few options for survival.

Parichiti works with WDWs in 20 different locations - slums and informal settlements in Kolkata and villages in south 24 Parganas. We conducted this pilot study from late June to August 2020 to document the situation of WDWs from March onwards, in the lockdown and the initial stages of lifting of restrictions. We interviewed 14 WDWs on the phone to record their experiences during the lockdown and after, including impact on livelihoods. The objectives of the study were to document the impact of the Covid-19 pandemic on the lives of WDWs, with focus on economic and health dimensions.

We found that most domestic workers in our sample were paid for March, but faced difficulties in procuring wages April onwards. During this period, they faced economic hardships that threatened their survival, with members of their family also involved in the informal sector and experiencing loss of wages. Workers survived on relief received through civil society or by taking loans from banks or informal lenders. Some are now stuck in a debt trap.

Most went back to work from June, but faced several barriers – public transport services continued to be dysfunctional, apartment complexes prohibited entry of outsiders, and employers were reluctant to allow workers into their homes. Employers were wary of workers if they were employed in multiple households or used public transport, forcing workers to adapt to these conditions. Due to these reasons, some workers lost their jobs permanently, while others returned with lower wages or lower number of employers. Workers were well aware of the precautions to be taken at the home and workplace with regards to Covid-19.

Many WDWs were unable to access ration through the Public Distribution System. Some were not enrolled and others were enrolled in the districts they had migrated from. Some were not classified as below the poverty line and were hence not priority households for the state, although they were ‘deserving’ beneficiaries. All of the respondents were affected by Cyclone Amphan, which devastated parts of the state in May 2020. Despite the announcement of a sizeable compensation by the state, those whose homes were impacted were unable to get any relief. WDWs overall tended to not rely on the state for welfare or health services. Many regarded public health systems to have poor quality services, and turned to private services when possible. Both central and state governments fell short of meeting the needs of WDWs during the pandemic, which could potentially have long-term impact on their income and health.

For more details visit https://cis-india.org/raw/parichiti-domestic-workers-access-to-secure-livelihoods-west-bengal

India Digital Freedom Series: Internet Shutdowns, Censorship and Surveillance

gurshabad — 2021-01-11T10:07:30Z

A series of reports on digital rights and civic space in India, focusing on four areas where restrictive policies threaten fundamental freedoms and impede public participation: internet shutdowns, censorship, platform governance and surveillance.

Read the reports

1. Introduction, Background and Methodology by Arindrajit Basu

2. Internet Shutdowns: Threats to Digital Access by Torsha Sarkar, Manogna Matam and Gurshabad Grover

3. Censorship: Threats to Expression by Matam Manogna, Torsha Sarkar, Gurshabad Grover and Kanav Khanna

4. Platforms as Gatekeepers: Threats to Digital Space by Torsha Sarkar and Gurshabad Grover

5. Surveillance and Data Protection: Threats to Privacy and Digital Security by Mira Swaminathan and Arindrajit Basu

Background

Amidst global trends towards authoritarianism and closing space for civil society, India’s dynamic changing landscape calls for ongoing attention. In the last year alone, upheaval around the Citizenship Amendment Act protests, sectarian violence and communal riots in Delhi and elsewhere, the emergence of Covid-19, and issues of statelessness and discrimination have raised questions about the state of civic freedoms in India. At the same time, efforts to mold and restrict civil society, through funding limitations and a narrative against activism and ‘foreign agents,’ continue to reverberate across the non-profit sector. Technology has played a major role in all of these developments, with expression and democratic debate increasingly carried into the digital sphere, and privacy, data, and surveillance taking center stage, particularly amidst a global pandemic. India additionally has the notorious distinction of being the world’s democracy with the longest-running internet shutdown. Other examples of how digital rights are being impacted in India abound: possible government-sanctioned surveillance on activists and journalists; various forms of censorship, and denial of access to information.

Documentation and consideration of such phenomena is critical, given the role digital developments will play shaping Indian society in the 21st century. Technology can be a great enabler of constitutional values, welfare, and act as a facilitator of public discourse. It can also be used by the state to fetter the realization of constitutional rights and restrict the growth of civil society activism and public discourse. To date, there exists little comprehensive coverage of the overall universe of policies and laws affecting digital rights, and how their implementation is impacting Indian civil society actors, including non-profits, activists, media, minority groups, and others.

India’s constitutional ethos provides for a wide array of fundamental rights designed to protect and empower the most vulnerable. It views the state as a key actor in breaking existing barriers of structural inequality - something technology can play a role in - if designed and implemented reasonably, with the widest possible consultation. Given India’s status as the world’s most populous democracy, along with its considerable heft in the Information and Communications Technology (ICT) sector globally, how these issues play out will be critical for the future of digital civic space, in South Asia, Asia, and beyond.

This report undertakes an examination of key topics related to digital rights and civic space in India. It focuses on four areas of particular concern, where restrictive policies threaten to violate fundamental freedoms and restrict civil society and public participation. The topics covered include: 1) Internet Shutdowns, 2) Online Censorship, 3) Platform Governance, and 4) Surveillance. Each chapter begins with a factual overview identifying the scope of the problem across the country. It proceeds to evaluate relevant Indian laws and regulations affecting the enjoyment of fundamental human rights of members of civil society online, including the rights to free association, assembly, expression, privacy, access to information and public participation. The chapter then summarizes relevant international law and standards, many of which are obligatory on the Indian government and constitute binding international commitments, and concludes with some reflections and recommendations.

Ultimately, the report emphasizes the importance of a free, fair, and democratic digital civic space in line with international law and best practices. It evaluates ongoing Indian policies in the four topic areas in light of these standards, and provides suggestions for paths to reform that Indian policymakers can undertake to enable the use of technology in consonance with India’s rich constitutional ethos.

Methodology

This report was researched and written by the Centre for Internet and Society (CIS), with support from the International Center for Not-for-Profit Law (ICNL). Researchers at CIS with specialized knowledge in digital rights undertook an expansive review of a wide range of sources related to this topic, including academic scholarship and legal literature, news articles, government documents, laws, and other publications. In addition to desk research, two teams of CIS researchers travelled across five cities - Jodhpur and Jaipur (state of Rajasthan), Ahmedabad (state of Gujarat), Siliguri (state of West Bengal), and Guwahati (state of Assam). Each of these states have a vibrant civic space, and have seen a number of individuals and organizations engaging with key issues in the digital space over the past months. Researchers interviewed a diverse array of stakeholders, including student activists, public interest lawyers, government officials, party workers, and journalists. While refraining from undertaking quantitative or empirical analysis of the fieldwork findings, the qualitative insights and data gathered from these interviews were instrumental in the shaping of this report.

This report uses the World Bank’s definition of “civil society,” namely: “a wide array of organizations: community groups, non-governmental organizations [NGOs], labour unions, indigenous groups, charitable organizations, faith-based organizations, professional associations, and foundations.” However, to truly understand public participation in a democracy, the report looks beyond organised groups and their workings, and examines how various individuals participate in public processes - including through protests, writing, and engagement through social media. Thus, when considering the impact of digital rights, this report did not limit its investigation only to organised civil society but considered a larger scope to engage with a broader notion of public participation.

Acknowledgements

The Centre for Internet and Society would like to thank the International Center for Not- for-Profit Law for the financial support that made the report possible. The authors would also like to thank Abhijit Roy, Arun Chauhan, Gajendra Singh Dahiya, Kumar Shubham, Manjula Pradeep, Rahul Bordoloi, Roshan Gupta, and many others who chose to remain anonymous for their inputs that informed the research; Akash T for research assistance; and Julie Hunter, Lisa Vermeer, and Nick Robinson for their feedback. Thanks also to the ICNL team for designing, formatting and editing the reports. All opinions and errors in the piece remain those of the authors.

We would also like to wholeheartedly thank The Legal Aid and Awareness Committee from the National Law University Jodhpur for helping us set up a number of interviews with key stakeholders.

For more details visit https://cis-india.org/internet-governance/blog/india-digital-freedom-series-internet-shutdowns-censorship-and-surveillance

Gender, Health, & Surveillance in India - Panel - Agenda

sumandro — 2020-12-23T13:56:07Z

For more details visit https://cis-india.org/raw/gender-health-surveillance-in-india-panel-agenda

Gender, Health, & Surveillance in India - A Panel Discussion

Aayush Rathi and Ambika Tandon — 2020-12-23T14:03:13Z

Women and LGBTHIAQ-identifying persons face intensive and varied forms of surveillance as they access reproductive health systems. Increasingly, these systems are also undergoing rapid digitisation. The panel was set-up to discuss the discursive, experiential and policy implications of these data-intensive developments on access to public health and welfare systems by women and LGBTHIAQ-identifying persons in India. The panelists presented studies undertaken as part of two projects at CIS, one of which is supported by Privacy International, UK, and the other by Big Data for Development network established by International Development Research Centre, Canada.

Event note and agenda: Read (PDF)

Recording of the discussion: Watch (YouTube)

For more details visit https://cis-india.org/raw/gender-health-surveillance-in-india-panel-discussion

Annual Programmatic Report 2018-2019

pranav — 2020-11-10T10:56:33Z

For more details visit https://cis-india.org/about/reports/annual-programmatic-report-2018-2019

Legal and Policy Implications of Autonomous Weapons Systems

aman — 2021-03-22T05:29:20Z

For more details visit https://cis-india.org/internet-governance/legal-and-policy-implications-of-autonomous-weapons-systems