Centre for Internet and Society

Internet Monitor

praskrishna — 2014-01-09T07:33:02Z

Malavika's piece on India's Identity Crisis is published in this report.

For more details visit https://cis-india.org/internet-governance/blog/internet-monitor-2013.pdf

Digital Citizens: Why Cyber Security and Online Privacy are Vital to the Success of Democracy and Freedom of Expression

praskrishna — 2014-01-08T04:59:10Z

Michael Oghia will give a presentation which will show why cyber security and online privacy are vital for democracy and freedom of expression.

In the time when Edward Snowden is fighting for both clemency and to be known as a brave whistle blower that exposed government wrongdoing, cyber security and online privacy have never been more important. As Jacob Applebaum discussed in May last year, and CIS’ Maria Xynou presented recently in December, surveillance throughout the world is increasing. With security apparatus’ likethe NSA and now India’s Central Monitoring System, coupled with corporate data centers around the world storing our e–mails, address books, preferences, and passwords, it is easy to see how our online privacy is increasingly being threatened and often, violated.

Indeed, online privacy is inextricably linked to freedom of expression, and freedom of expression is a fundamental civil liberty imperative to democracy. Moreover, online security and privacy are essential to good, transparent, and accountable democratic governance. This is largely because surveillance, censorship, and monitoring ultimately create environments where self-censorship is the norm, as is the fear of the government instead of spaces that allow for freedom of expression and democratic dialogue and dissent.

What I would like to accomplish my speaking at CIS is not to merely educate about the dangers posed to Internet security or to world democracy, but rather to:

Reiterate the importance of digital privacy and cyber security to the success of democracy and the continued protection of free expression.
Encourage citizens, technology specialists, Internet and privacy advocates, and others to see themselves as part of a larger system of democratic governance and civic participation. This means understanding how technical capabilities intersect with civil society, and then use them to advocate for a more open, accessible, and private cyberspace.
Reinforce that digital media literacy education is vital to ensuring a free, open, accessible, and democratic Internet.

Additionally, I want to present ideas and recommendations for what you can do to engage with these problems, and how we can collaborate together to address them.

About the Public Intelligence Project

The Public Intelligence Project is an independent, non-partisan, not-for-profit think tank conducting research, education, and advocacy on the importance of diversity, critical thinking, dialogue, and freedom of expression. We seek to promote more robust systems of participatory democracy, civic engagement, and conflict prevention in order to create a culture of democracy.

Michael Oghia

Michael is responsible for a new project at Meta-Culture called the Public Intelligence Project, which focuses on expanding participatory democracy, civic engagement, and conflict prevention by conducting research, education, and advocacy on the intersections between diversity, dialogue, critical thinking, and freedom of expression. While new to the conflict resolution field, as a poet, musician, editor, writer, blogger, and activist, he is well-versed in the importance of freedom of expression and participating in the democratic process. He was born in Kentucky to Lebanese-Syrian parents, and after graduating with a BS in sociology from the University of Louisville, he moved to Lebanon to pursue an MA in sociology from the American University of Beirut. There, he had the opportunity to witness the Arab Revolutions first-hand while research about topics such as Internet ownership in the Middle East, social movements, Arab media, globalization, Arab youth and family, and his thesis subject, romantic love in the Arab world. Michael enjoys engaging Twitter conversations, and has an unnatural affinity for crunchy peanut butter.

Date: Tuesday, January 14, 2014
Time: 6.30 p.m. to 8.00 p.m.
Talk by: Michael Oghia
Title: Research & Advocacy Consultant, and Project Manager
Organisation: Meta-Culture / Public Intelligence Project
Websites: www.meta-culture.in <http://www.meta-culture.in> & www.publicintelligenceproject.org <http://www.publicintelligenceproject.org>

For more details visit https://cis-india.org/events/why-cyber-security-and-online-privacy-are-vital-for-success-of-democracy-and-freedom-of-expression

Big Brother is watching you

chinmayi — 2014-01-06T09:31:22Z

India has no requirements of transparency whether in the form of disclosing the quantum of interception or in the form of notification to people whose communication was intercepted.

The article by Chinmayi Arun was published in the Hindu on January 3, 2014.

The Gujarat telephone tapping controversy is just one of many kinds of abuse that surveillance systems enable. If a relatively primitive surveillance system can be misused so flagrantly despite safeguards that the government claims are adequate, imagine what is to come with the Central Monitoring System (CMS) and Netra in place.

News reports indicate Netra — a “NEtwork TRaffic Analysis system” — will intercept and examine communication over the Internet for keywords like “attack,” “bomb,” “blast” or “kill.” While phone tapping and the CMS monitor specific targets, Netra is vast and indiscriminate. It appears to be the Indian government’s first attempt at mass surveillance rather than surveillance of predetermined targets. It will scan tweets, status updates, emails, chat transcripts and even voice traffic over the Internet (including from platforms like Skype and Google Talk) in addition to scanning blogs and more public parts of the Internet. Whistle-blower Edward Snowden said of mass-surveillance dragnets that “they were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.”

So far, our jurisprudence has dealt with only targeted surveillance; and even that in a woefully inadequate manner. This article discusses the slow evolution of the right to privacy in India, highlighting the context and manner in which it is protected. It then discusses international jurisprudence to demonstrate how the right to privacy might be protected more effectively.

Privacy and the Constitution

A proposal to include the right to privacy in the Constitution was rejected by the Constituent Assembly with very little debate. Separately, a proposal to give citizens an explicit fundamental right against unreasonable governmental search and seizure was also put before the Constituent Assembly. This proposal was supported by Dr. B.R. Ambedkar. If accepted, it would have included within our Constitution the principles from which the United States derives its protection against state surveillance. However, the proposed amendment was rejected by the Constituent Assembly.

Fortunately, the Supreme Court has gradually been reading the right to privacy into the fundamental rights explicitly listed in the Constitution. After its initial reluctance to affirm the right to privacy in the 1954 case of M.P. Sharma vs. Satish Chandra, the court came around to the view that other rights and liberties guaranteed in the Constitution would be seriously affected if the right to privacy was not protected. In Kharak Singh vs. The State of U.P., the court recognised “the right of the people to be secure in their persons, houses, papers, and effects” and declared that their right against unreasonable searches and seizures was not to be violated. The right to privacy here was conceived around the home, and unauthorised intrusions into homes were seen as interference with the right to personal liberty.

If the Kharak Singh judgment was progressive in its recognition of the right to privacy, it was conservative about the circumstances in which the right applies. The majority of judges held that shadowing a person could not be seen to interfere with that person’s liberty. Dissenting with the majority, Justice Subba Rao maintained that broad surveillance powers put innocent citizens at risk, and that the right to privacy is an integral part of personal liberty. He recognised that when a person is shadowed, her movements will be constricted, and will certainly not be free movements. His dissenting judgment showed remarkable foresight and his reasoning is consistent with what is now a universally acknowledged principle that there is a “chilling effect” on expression and action when people think that they are being watched.

The right to privacy as defined by the Supreme Court now extends beyond government intrusion into private homes. After Govind vs. State of M.P., and Dist. Registrar and Collector of Hyderabad vs. Canara Bank, this right is seen to protect persons and not places. Any inroads into this right for surveillance of communication must be for permissible reasons and according to just, fair and reasonable procedure. State action in violation of this procedure is open to a constitutional challenge.

Our meagre procedural safeguards against phone tapping were introduced in PUCL vs. Union of India (1997) after the Supreme Court was confronted with extensive, undocumented phone tapping by the government. The apex court found itself compelled to lay down what it saw as bare minimum safeguards, consisting mostly of proper record-keeping and internal executive oversight by senior officers such as the home secretary, the cabinet secretary, the law secretary and the telecommunications secretary. These safeguards are of little use since they are opaque and rely solely on members of the executive to review surveillance requests.

Right and safeguards

There is a difference between targeted surveillance in which reasons have to be given for surveillance of particular people, and the mass-surveillance which Netra sets up. The question of mass surveillance and its attendant safeguards has been considered by the European Court of Human Rights in Liberty and Others vs. the United Kingdom. Drawing upon its own past jurisprudence, the European Court insisted on reasonable procedural safeguards. It stated quite clearly that there are significant risks of arbitrariness when executive power is exercised in secret and that the law should be sufficiently clear to give citizens an adequate indication of the circumstances in which interception might take place. Additionally, the extent of discretion conferred and the manner of its exercise must be clear enough to protect individuals from arbitrary interference. The principles laid down by the European Court in relation to phone-tapping also require that the nature of the offences which may give rise to an interception order, the procedure to be followed for examining, using and storing the data obtained, the precautions to be taken when communicating the data to other parties, and the circumstances in which recordings may or must be erased or the tapes destroyed be made clear.

Opaque and ineffective

Our safeguards apply only to targeted surveillance, and require written requests to be provided and reviewed before telephone tapping or Internet interception is carried out. CMS makes the process of tapping more prone to misuse by the state, by making it even more opaque: if the state can intercept communication directly, without making requests to a private telecommunication service provider, then it is one less layer of scrutiny through which the abuse of power can reach the public. There is no one to ask whether the requisite paperwork is in place or to notice a dramatic increase in interception requests.

India has no requirements of transparency whether in the form of disclosing the quantum of interception taking place each year, or in the form of subsequent notification to people whose communication was intercepted. It does not even have external oversight in the form of an independent regulatory body or the judiciary to ensure that no abuse of surveillance systems takes place. Given these structural flaws, the Amit Shah controversy is just the beginning of what is to come. Unfettered mass surveillance does not bode well for democracy.

(Chinmayi Arun is research director, Centre for Communication Governance, National Law University, Delhi, and fellow, Centre for Internet and Society, Bangalore.)

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-january-3-2014-chinmayi-arun-big-brother-is-watching-you

Inventions that will make a difference

praskrishna — 2014-02-12T11:07:02Z

In an increasingly tech-driven world, what does 2014 have to offer? Geeta Padmanabhan turns the spotlight on some life-changing gadgets.

Geeta Padmanabhan's article published in the Hindu on January 1, 2014 quotes Maria Xynou.

Digiterati, have you tried Snapchat, the service that makes messages/photos/captions you send disappear in a few seconds once opened? The app with its swelling popularity among the young demands a re-think about data: do you need it around forever? In a remarkable step forward, 2014 may see Forever Internet and Erasable Internet living side by side.

What else is in store? “Your mobile devices and PCs will get more intelligent and remember your different passwords,” said J. Prasanna, AVS labs. “Advanced biometrics will enable scanning (fingerprint/retina) without devices. Sharper attack simulation on the cyber-world will force corporates to improve defence. Industrial houses will opt for more mobile devices — computers like raspberry pi — for logistics/checking. “You may not see a workstation at all!” Maria Xynou, The Centre for Internet and Society, foresees surveillance technologies getting smarter with artificial intelligence software, and people fending them off with crypto-like privacy software. “This might trigger more intrusive technologies,” she said.

Big data will grow bigger. Many of the products we depend on — Google's spell-checker, translation service, traffic maps, search-suggestions; Amazon.com's AMZN +0.13% media; Facebook’s News Feed, “friend” facilities — have come out of a huge cache of user data. But Kaspersky Lab expects cybercriminals to use refined mobile-phishing, banking-Trojans and mobile-botnets to hack and modify private information. VPN (virtual private network) services and Tor-anonymisers will become popular, demand for local encryption tools will spurt, it predicts.

Folding phones?

Now that curved display (G-Flex) is here, 2014 may bring in “roll-up or fold” smartphones/tablets to fit into our wallets. Also, with smarter tracking-tools and voice-recognition technology smartphones will become so intuitive and efficient that they may reflexively cater to our needs. “It will become a context engine — aware of where it is, where you are going, what you need,” said futurist Paul Saffo. Apple will launch the anticipated big-screen iPhones and iPads (12.9-inch or 13.3-inch), reports Digitimes. Upcoming iPhone models will have a 20mm chipset, and a choice between 4.7-inch and 6-inch display panel. But don't throw away your MacBook Air or MacPro yet.

“Prepare for a life-changing gadget,” says BBC, referring to Oculus Rift, a “consumer-focused virtual-reality headset”, to be launched by Kickstarter. You wear it and you'll see yourself running along a beach, flying in a spaceship, riding a roller-coaster, it says. Impatient for the “real” one? There are no tech hurdles to having a vehicle that is part-car, part-plane, part-drone parked outside your home, says Missy Cummings, Aeronautics/Astronautics Professor, MIT. The fly-by-wire Airbus is a drone, anyway. Automated systems with micro-second reactions will make transportation network — ground and air — safer. Your regular car will gain advanced tech features, from in-built sat-navs, parking assistance to voice-activated/touchscreen DVD players and radios.

Educator Sugata Mitra hopes to launch an entire school in the cloud — the tech-cloud. Retired teachers in remote areas will teach through Skype, classrooms will be beamed from all parts of the planet — “deep in the jungle, or high on a mountain.” Kids can just gather at one home for lessons, he said.

Robots will take longer strides in 2014. Google's Japanese start-up robot won the Darpa rescue-challenge by carrying out all the eight rescue-themed tasks ahead of rivals. Its dexterous, independent “robot army” will carry packages, push strollers. LiveScience reports Knightscope's five-foot K5 robot-cop's on-board sensor that can see, hear, touch and smell its surroundings will combine its observations with public data and use the information to predict if, when and where a crime is likely to occur. Asutosh Saxena's team at Cornell University has created a robot (PR2) programmed to free shop-assistants from drudgery — it packs purchases at check-out counters. Forrester Research's Jeff Ernst believes ICANN’s gTLD (generic top-level domain) program is a game-changer. The introduction of .brand and .category will help you choose products with ease and marketers fight off cybersquatters.

The best gift

To me the best gift of 2014 is the Copenhagen wheel. With an attached computer/sensor-aided device, this bicycle wheel monitors pedalling and activates an on-board electric-motor when you need support. Connecting wirelessly to the biker's smartphone, the device tracks distance travelled and elevation gained, shares with friends the number of calories burned, locks the wheel remotely as you walk away from the bike. An electric-hybrid bicycle!

Mark Anderson, Strategic News Service anticipates Apple's Siri-like products to get an upgrade, visualisation tools to usher in “seeing data.” Software-defined networking and storage will cause a “stampede to virtualise everything.” Technical work to break down barriers between clouds will spawn software that can run anywhere. E-mapping will include MALT (Micromapping, Advertising, Location/ID, Transactions). Indoor maps and location information will place advertising targeted at you, leading to transaction in which “your phone will direct you to where things on your shopping-list are. You pick them up, the store knows who you are, how you pay, and you’ll just walk out.”

Track these

2014 will see computers that can learn from their own mistakes.
Spending on mobile, work-collaboration and video-conferencing apps will rise.
Demand for “big data” analysts will soar.
Small start-ups will raise money more through crowdfunding, less from venture capitalists.

For more details visit https://cis-india.org/news/the-hindu-january-1-2014-geeta-padmanabhan-inventions-that-will-make-a-difference

Internet Privacy in India

elonnai — 2014-01-08T13:51:06Z

Internet privacy encompasses a wide range of issues and topics. It can be understood as privacy rights that an individual has online with respect to their data, and violations of the same that take place online. Given the dynamic nature of the online sphere, privacy concerns and issues are rapidly changing.

The Changing Nature of Information

For example – the way in which the internet allows data to be produced, collected, combined, shared, stored, and analyzed is constantly changing and re-defining personal data and what type of protections personal data deserves and can be given. For example, seemingly harmless data such IP address, key words used in searches, websites visited, can now be combined and analysed to identify individuals and learn personal information about an individual. From information shared on social media sites, to cookies collecting user browser history, to individuals transacting online, to mobile phones registering location data – information about an individual is generated through each use of the internet. In some cases the individual is aware that they are generating information and that it is being collected, but in many cases, the individual is unaware of the information trail that they are leaving online, do not know who is accessing the information, and do not have control over how their information is being handled, and for what purposes it is being used. For example, law enforcement routinely troll social media sites for information that might be useful in an investigation.

The Blurry Line between the Public and Private Sphere

The above example also highlights how the “sphere” of information on the internet is unclear i.e. is information posted on social media public information – free for use by any individual or entity including law enforcement, employees, data mining companies etc. or is information posted on social media – private, and thus requires authorization for further use. For example, in India, in 2013 the Mumbai police established a “social media lab” for the purposes of monitoring and tracking user behavior and activities.[1]

Authorization is not required for the lab to monitor individuals and their behavior, and individuals are not made aware of the same, as the project claims to analyze only publicly available information. Similar dilemmas have been dealt with by other countries. For example, in the U.S, individuals have contested the use of their tweets without permission,[2] while courts in the US have ruled that tweets, private and public, can be obtained by law enforcement with only a subpoena, as technically the information has been shared with another entity, and is therefore no longer private.[3] Indian Courts have yet to deal directly with the question of social media content being public or private information.

The Complication of Jurisdiction

The borderless nature of information flows over the Internet complicates online privacy, as individual's data is subjected to different levels of protection depending on which jurisdiction it is residing in. Thus, for example an Indian using Gmail, will be subject to the laws of the United States. On one hand this could be seen as a positive, if one country has stronger privacy protections than another, but could also be damaging to privacy in the reverse situation – where one company has lower privacy standards and safeguards. In addition to the dilemma of different levels of protection being provided over data as it flows through different jurisdictions, access by law enforcement to data stored in a different jurisdiction, or data from one country accessible to law enforcement because it is being processed in their jurisdiction, are two other complications that arise. These complications cannot be emphasized more than with the case of the NSA Leaks. Because Indian data was residing in US servers, the US government could access and use the data with no obligation to the individual.[4] In response to the NSA leaks, the government of India has stated that all facts need to be known before any action is taken, while citizens initially sought to hold the companies who disclosed the data to US security agencies such as Google, Facebook etc. accountable.[5]

Despite this, because the companies were acting within the legal limits of the United States where they were incorporated, they could not be held liable. In response to the dilemma, many actors in India, including government and industry are asking for the establishment of 'domestic servers'. For example, Dr. Kamlesh Bajaj, CEO of Data Security Council of India was quoted in Forbes magazine promoting the establishment of India centric social media platforms.[6] Similarly, after the PRISM scandal became public, the National Security Advisor requested the Telecom Department to only route traffic data through Indian servers.[7]

In these contexts, the internet is a driving force behind a growing privacy debate and awareness in India.

Current Policy for Internet Privacy in India

Currently, India's most comprehensive legal provisions that speak to privacy on the internet can be found in the Information Technology Act (ITA) 2000. The ITA contains a number of provisions that can, in some cases, safeguard online privacy, or in other cases, dilute online privacy. Provisions that clearly protect user privacy include: penalizing child pornography,[8]penalizing, hacking and fraud[9] and defining data protection standards for body corporate.[10]

Provisions that serve to dilute user privacy speak to access by law enforcement to user's personal information stored by body corporate[11] collection and monitoring of internet traffic data[12] and real time monitoring, interception, and decryption of online communications.[13] Additionally, legislative gaps in the ITA serve to weaken the privacy of online users. For example, the ITA does not address questions and circumstances like the evidentiary status of social media content in India, merging and sharing of data across databases, whether individuals can transmit images of their own “private areas” across the internet, if users have the right to be notified of the presence of cookies and do-not track options, the use of electronic personal identifiers across data bases, and if individuals have the right to request service providers to take down and delete their personal content.

Online Data Protection

Since 2010, there has been an increasing recognition by both the government and the public that India needs privacy legislation, specifically one that addresses the collection, processing, and use of personal data. The push for adequate data protection standards in India has come both from industry and industrial bodies like DSCI – who regard strong data protection standards as an integral part of business, and from the public, who has voiced increasing concerns that governmental projects, such as the UID, involved with collecting, processing, and using personal data are presently not adequately regulated and are collecting and processing data in such a way that abuses individual privacy. As mentioned above, India's most comprehensive data protection standards are found in the ITA and are known as the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules 2011.[14]

The Rules seek to provide rights to the individual with regards to their information and obligate body corporate to take steps towards protecting the privacy of consumer's information. Among other things, the Rules define “sensitive personal information' and require that any corporate body must publish an online privacy policy, provide individuals with the right to access and correct their information, obtain consent before disclosing sensitive personal information ' except in the case of law enforcement, provide individuals the ability to withdraw consent, establish a grievance officer, require companies to ensure equivalent levels of protection when transferring information, and put in place reasonable security practices. Though the Rules are the strongest form of data protection in India, they have not been recognized by the European Union as meeting the EU standards of “data secure”[15] and many gaps still exist. For example, the Rules apply only to:

Body corporate and not to the government
Electronically generated and transmitted information
A limited scope of sensitive personal information.
A body corporate when a contractual agreement is not already in place.

These gaps leave a number of bodies unregulated and types of information unprotected, and limits the scope of the Rules. It is also unclear to what extent companies are adhering to these Rules, and if they are applying the Rules only to the use of their website or if they are also applying the Rules to their core business practices.

Cyber Cafés

In 2011 the Guidelines for Cyber Café Rules were notified under the Information Technology Act. These Rules, among other things, require Cyber Café’s to retain the following details for every user for a period of one year: details of identification, name, address, contact number, gender, date, computer terminal identification, log in time, and log out time. These details must be submitted to the same agency as directed, on a monthly basis.[16] Cyber Cafes must also retain the history of websites accessed and logs of proxy servers installed at the cyber café for a period of one year.[17] Furthermore, Cyber Café’s must ensure that the partitions between cubicles do not exceed four and half feet in height from floor level.[18] Lastly, the cyber café owner is required to provide every related document, register, and information to any officer authorized by the registration agency on demand.[19] In effect, the identification and retention requirements of these rules both impact privacy and freedom of expression, as cyber cafes users cannot use the facility anonymously and all their information, including browser history, is stored on an a-priori basis. The disclosure provisions in these rules also impact privacy and demonstrate a dilution of access standards for law enforcement to users internet communications as the provision does not define:

An authorization process by which the registration agency follows to authorize individuals to conduct inspections.
Circumstances on which inspection of a Cyber Café by an authorized officer is necessary and permissible.
The process for which information can be requested, and instead vaguely requires cyber café owners to disclose information “on demand”.

Online Surveillance and Access

The ITA also allows for the interference of user privacy online by defining broad standards of access to law enforcement and security agencies, and providing the government with the power to determine what tools individuals can use to protect their privacy. This is most clearly demonstrated by provisions that permit the interception, monitoring, and decryption of digital communications[20] provide for the collection and monitoring of traffic data[21] and allow the government to set the national encryption standard.[22] In particular, the structure of these provisions and the lack of safeguards incorporated, serve as a dilution to user privacy. For example, though these provisions create a framework for interception they are missing a number of internationally recognized safeguards and practices, such as notice to the individual, judicial oversight, and transparency requirements. Furthermore, the provisions place extensive security and technical obligations on the service provider – as they are required to extend all facilities necessary to security agencies for interception and decryption, and hold the service provider liable for imprisonment up to seven years for non-compliance. This creates an environment where it is unlikely that the service provider would challenge any request for access or interception from law enforcement. Interception is also regulated through provisions and rules under the Indian Telegraph Act 1885 and subsequent ISP and UAS licenses.

Scope of Surveillance and Access

The extent to which the Government of India lawfully intercepts communications is not entirely clear, but in 2011 news items quoted that in the month of July 8,736 phones and e-mail accounts were under lawful surveillance.[23]

Though this number is representative of authorized interception, there have been a number of instances of unauthorized interceptions that have taken place as well. For example, in 2013 it was found that in Himachel Pradesh 1371 phones were tapped based on verbal approval, while the Home Ministry had only authorized interception of 170.[24] This demonstrates that there are instances of when existing safeguards for interception and surveillance are undermined and highlights the challenge of enforcement for even existing safeguards.

Demonstrating the tensions between right to privacy and governmental access to communications, and at the same time highlighting the issue of jurisdiction was the standoff between RIM/BlackBerry and the Indian Government. For several years, the Indian Government has requested that RIM provide access to the company’s communication traffic, both BIS and BES, as Indian security agencies have been unable to decrypt the data. Solutions that the Indian Government has proposed include: RIM providing the decryption keys to the government, RIM establishing a local server, local ISPs and telcos developing an indigenous monitoring solution. In 2012, RIM finally established a server in Mumbai and in 2013 provided a lawful interception solution that satisfied the Indian Government.[25]

The implementation of the Central Monitoring System by the Indian Government is another example of the Government seeking greater access to communications. The system will allow security agencies to bypass service providers and directly intercept communications. It is unclear if the system will provide for the interception of only telephonic communications or if it will also allow for the interception of digital communications and internet traffic. It is also unclear what checks and balances exist in the system. By removing the service provider from the equation the government is not only taking away a potential check, as service providers can resist unauthorized requests, but it is also taking away the possibility for companies to be transparent about the interception requests that they comply with.

Future frameworks for privacy in India: The Report of the Group of Experts on Privacy

In October 2012 the Report of the Group of Experts on Privacy was published by a committee of experts chaired by Justice A.P. Shah.[26] The report creates a set of recommendations for a privacy framework and legislation in India. Most importantly, the Report recognizes privacy as a fundamental right and defines nine National Privacy Principles that would apply to all data controllers both in the private sector and the public sector. This would work to ensure that businesses and governments are held accountable to protecting privacy and that legislation and practices found across sectors, states/governments, organizations, and governmental bodies are harmonized. The privacy principles are in line with global standards including the EU, OECD, and APEC principles on privacy, and include: notice, choice & consent, collection limitation, purpose limitation, access and correction, accountability, openness, disclosure of information, security.

The Report also envisions a system of co-regulation, in which the National Privacy Principles will be binding for every data controller, but Self Regulatory Organizations at the industry level will have the option of developing principles for that specific sector. The principles developed by industry must be approved by the privacy commissioner and be in compliance with the National Privacy Principles. In addition to defining principles, the Report recommends the establishment of a privacy commissioner for overseeing the implementation of the right to privacy in India and specifies that aggrieved individuals can seek redress either through issuing a complaint the privacy commissioner or going before a court.

The nine national privacy principles include:

Notice: Principle 1: Notice

A data controller shall give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include:

During Collection

What personal information is being collected;
Purposes for which personal information is being collected;
Uses of collected personal information;
Whether or not personal information may be disclosed to third persons;
Security safeguards established by the data controller in relation to the personal information;
Processes available to data subjects to access and correct their own personal information;
Contact details of the privacy officers and SRO ombudsmen for filing complaints.

Other Notices
Data breaches must be notified to affected individuals and the commissioner when applicable. Individuals must be notified of any legal access to their personal information after the purposes of the access have been met. Service providers would have to explain how the information would be used and if it may be disclosed to third persons such as advertisers, processing Individuals must be notified of changes in the data controller’s privacy policy. Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.

Example of Implementation: A telecom service provider must make available to individuals a privacy policy before any personal information is collected by the company. The notice must include all categories of information as identified in the principle of notice. For example, the service provider must identify the types of personal information that will be collected from the individual from the initial start of the service and during the course of the consumer using the service. For a telecom service provider this could range from name and address to location data. The notice must identify if information will be disclosed to third parties such as advertisers, processers, or other telecom companies. If a data breach that was the responsibility of the company takes place, the company must notify all affected customers. If individuals have their personal data accessed or intercepted by Indian law enforcement or for other legal purposes, they have the right to be notified of the access after the case or other purpose for the data has been met.

Principle 2: Choice and Consent

A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Only after consent has been taken will the data controller collect, process, use, or disclose such information to third parties, except in the case of authorized agencies. When provision of information is mandated by law, it should be in compliance with all other National Privacy Principles. Information collected on a mandatory basis should be anonymized within a reasonable timeframe if published in public databases. As long as the additional transactions are performed within the purpose limitation, fresh consent will not be required. The data subject shall, at any time while availing the services or otherwise, also have an option to withdraw his/her consent given earlier to the data controller. In such cases the data controller shall have the option not to provide goods or services for which the said information was sought if such information is necessary for providing the goods or services. In exceptional cases, where it is not possible to provide the service with choice and consent, then choice and consent should not be required.

Example of implementation: If an individual is signing up to a service, a company can only begin collecting, processing, using and disclosing their data after consent has been taken. If the provision of information is mandated by law, as is the case for the census, this information must be anonymized after a certain amount of time if it is published in public databases. If there is a case where consent is not possible, such as in a medical emergency, consent before processing information, does not need to be taken.

Principle 3: Collection Limitation

A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means.

Example of Implementation: If a bank is collecting information to open an account for a potential customer, they must collect only that information which is absolutely necessary for the purpose of opening the account, after they have taken the consent of the individual.

Principle 4: Purpose Limitation

Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. A data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals. If there is a change of purpose, this must be notified to the individual. After personal information has been used in accordance with the identified purpose it should be destroyed as per the identified procedures. Data retention mandates by the government should be in compliance with the National Privacy Principles.

Example of Implementation: If a bank is collecting information from a customer for opening a bank account, the bank can only use that information for the purpose of opening the account and any other reasons consented to. After a bank has used the information to open an account, it must be destroyed. If the information is retained by the bank, it must be done so with consent, for a specific purpose, with the ability of the individual to access and correct the stored information, and in a secure fashion.

Principle 5: Access and Correction

Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Access and correction to personal information may not be given by the data controller if it is not, despite best efforts, possible to do so without affecting the privacy rights of another person, unless that person has explicitly consented to disclosure.

Example of Implementation: An individual who has opened a bank account, has the right to access the information that was initially provided and subsequently generated. If there is a mistake, the individual has the right to correct the mistake. If the individual requests information related to him that is stored on a family member from the bank, the bank cannot disclose this information without explicit consent from the family member as it would impact the privacy of another.

Principle 6: Disclosure of Information

A data controller shall only disclose personal information to third parties after providing notice and seeking informed consent from the individual for such disclosure. Third parties are bound to adhere to relevant and applicable privacy principles. Disclosure for law enforcement purposes must be in accordance with the laws in force. Data controllers shall not publish or in any other way make public personal information, including personal sensitive information.

Example of Implementation: If a website, like a social media site, collects information about how a consumer uses its website, this information cannot be sold or shared with other websites or partners, unless notice of such sharing has been given to the individual and consent has been taken from the individual. If websites provide information to law enforcement, this must be done in accordance with laws in force, and cannot be done through informal means. The social media site would be prohibited from publishing, sharing, or making public the personal information in any way without obtaining informed consent.

Principle 7: Security

A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymization, unauthorized disclosure [either accidental or incidental] or other reasonably foreseeable risks.

Example of Implementation: If a company is a telecommunication company, it must have security measures in place to protect customers communications data from loss, unauthorized access, destruction, use, processing, storage, modification, denanonmyization, unauthorized disclosure, or other forseeable risk. This could include encrypting communications data, having in place strong access controls, and establishing clear chain of custody for the handling and processing communications data.

Principle 8: Openness

A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.

Example of Implementation: If a hospital is collecting and processing personal information of, for example, 1,000 patients, their policies and practices must reflect and be applicable to the amount, sensitivity, and nature of information that they are collecting. The policies about the same must be made available to all individuals – this includes individuals of different intelligence, skill, and developmental levels.

Principle 9: Accountability

The data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies; including tools, training, and education; external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the specific and general orders of the Privacy Commissioner.

Example of Implementation: To ensure that a hospital is in compliance with the national privacy principles, it must undertake activities like running trainings and providing educational information to employees on how to handle patient related information, conducting audits, and establishing an officer or body for overseeing the implementation of privacy.

Public Discourses on Privacy

In India, there have been a number of important discourses related to privacy around various projects and topics. These discourses have been driving public awareness about privacy in India, and represent an important indication of public perception of privacy and privacy concerns.

The Unique Identification Project

One of these discourses is a public dialogue and debate on the Unique Identification Project. Since 2009 the Government of India has been rolling out an identity scheme known as UID or Aadhaar. The scheme is applicable to all residents in India, and seeks to provide individuals with an identity based on their fingerprints, iris scans, and photograph. The project has been heavily supported by some, and at the same time, heavily critiqued by others. Of those critiquing the project, which included a Parliamentary Standing Committee on Finance,[27] privacy has been a driving force behind the concerns about the project. Arguing that not only does the UID Bill not have sufficient privacy safeguards in its provisions[28] but the design of the project and the technology of the project places individual privacy at risk. For example, the project relies on centralized storage of biometrics collected under the scheme; it does not account for or address how transaction data that is generated each time an individual identifies himself/herself with the UID will be stored, processed, and shared; and does not provide adequate security measures to protect sensitive information like biometrics.

The Human DNA Profiling Bill

In 2006 the Department of Biotechnology piloted a draft human DNA Profiling Bill with the objective of creating DNA databases at the national and regional levels, and enabling the creation and storage of DNA profiles for forensic purposes. Since 2006 there have been two more drafts of the bill released to the public, and an expert committee has been created to finalize the text of the bill. Individuals, including the Centre for Internet and Society, publicly raising concern about the bill, cite a lack of privacy safeguards in the provisions, and expansive circumstances and reasons that the bill permits the creation and storage of DNA profiles.[29]

Surveillance

For many years there has been running public discourse about the surveillance that the Indian government has been undertaking. This discourse is growing and is now being linked to privacy and the need for India to enact a privacy legislation. As discussed above, the current surveillance regime is lacking on many fronts, while at the same time the government continues to seek greater interception powers and more access to larger sets of information in more granularity. Projects like the Central Monitoring System, NATGRID, and Lawful Interception Solutions have caused individuals to question the government on the proportionality of State surveillance and ask for a comprehensive privacy legislation that also regulates surveillance.

The need for strong and enforceable surveillance provisions is not unique to India, and in 2013 the International Principles on the Application of Human Rights to the Surveillance of Communications were drafted. The principles lay out standards that ensure that surveillance is in compliance with international human rights law and serve as safeguards that countries can incorporate into their regimes to ensure the same. The principles include: legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, user notification, transparency, public oversight, integrity of communications and systems, safeguards for international cooperation, safeguards against illegitimate access. Along with defining safeguards, the principles highlight the challenge of rapidly changing technology and how it is constantly changing how information can be surveilled by governments and what information surveilled by governments, and how information can be combined and analysed to draw conclusions about individuals.

A Privacy Legislation for India

Since 2010, there has been a strong public discourse around the need for a privacy legislation in India. In November 2010, a “Privacy Approach” paper was released to the public which envisioned the creation of a data protection legislation. In 2011, the Department of Personnel and Training released a draft privacy bill that defined a privacy regime that encompassed data protection, surveillance, and mass marketing, and recognized privacy as a fundamental right.[31] In 2012 the Report of the Group of Experts on Privacy, as discussed above, was published.[32] Presently, the Department of Personnel and Training is drafting the text of the Governments Privacy Bill. In 2013, the Centre for Internet and Society drafted the Citizen’s Privacy Protection Bill – a citizen’s version of a privacy legislation for India.[33] From April 2013 – October 2013, the Centre for Internet and Society, in collaboration with the Federation of Indian Chambers of Commerce and Industry and the Data Security Council of India, held a series of seven Privacy Roundtables across India. The objective of the Roundtables was to gain public feedback to a privacy framework in India. Topics discussed during the meetings included, how to define sensitive personal information vs. Personal information, if co-regulation should be a model adopted as a regulatory framework, and what should be the legal exceptions to the right to privacy.[34]

Conclusion

Clearly, privacy is an emerging and increasingly important field in India’s internet society. As companies collect greater amounts of information from and about online users, and as the government continues to seek greater access and surveillance capabilities, it is critical that India prioritizes privacy and puts in place strong safeguards to protect the privacy of both Indians and foreigners whose data resides temporarily or permanently in India. The first step towards this is the enactment of a comprehensive privacy legislation recognizing privacy as a fundamental right. The Report of the Group of Experts on Privacy and the government considering a draft privacy bill are all steps in the right direction.

[1]. http://www.zdnet.com/in/india-sets-up-social-media-monitoring-lab-7000012758/

[2]. http://www.techdirt.com/articles/20130203/18510621869/investigative-journalist-claims-her-public-tweets-arent-publishable-threatens-to-sue-blogger-who-does-exactly-that.shtml

[3]. http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us

[4]. http://www.bbc.co.uk/news/technology-24744695

[5]. http://www.thehindu.com/news/national/sc-to-hear-pil-on-us-surveillance-of-internet-data/article4829549.ece

[6]. http://forbesindia.com/article/checkin/indias-internet-privacy-woes/35971/1

[7]. http://www.thehindubusinessline.com/industry-and-economy/info-tech/route-domestic-net-traffic-via-india-servers-nsa-tells-operators/article5022791.ece

[8]. ITA section 67

[9]. ITA section 43, 66, and 66F

[10]. Information Technology (Reasonable security practices and procedures and Sensitive personal data or information) Rules, 2011.

[11]. Information Technology (Reasonable security practices and procedures and Sensitive personal data or information) Rules, 2011. section 6(1)

[12]. Information Technology (Procedure and Safeguards for monitoring and collection of Traffic Data or other information) Rules 2009

[13]. Information Technology (Procedure and Safeguards for intercepting, monitoring, and decryption) Rules 2009

[14]. Ibid footnote 6

[15]. Business Standard. Data secure status for India is vital: Sharma on the FTA with EU. September 3rd 2013. Available at: http://www.business-standard.com/article/economy-policy/data-secure-status-for-india-is-vital-sharma-on-fta-with-eu-113090300889_1.html

[16]. Guidelines for Cyber Cafe Rules 5(2) & 5(3). Available at: http://deity.gov.in/sites/upload_files/dit/files/GSR315E_10511(1).pdf

[17]. Guidelines for Cyber Cafe Rules 5(4)

[18]. Guidelines for Cyber Cafe Rules 5(6)

[18]. Guidelines for Cyber Café Rules 5(6)

[19]. Guidelines for Cyber Café Rules 7(1)

[20]. Ibid footnote 9

[21]. Ibid footnote 8

[22]. ITA section 84A

[23]. Jain, B. 8,736 phone and e-mail accounts tapped by different government agencies in July. September 17th 2011. Available at: http://articles.economictimes.indiatimes.com/2011-09-17/news/30169231_1_phone-tap-e-mail-accounts-indian-telegraph-act

[24]. The Economic Times. Action to be taken in ‘phone tapping’ during BJP rule: Virbhadra Singh. March 6th 2013. Available at: http://articles.economictimes.indiatimes.com/2013-03-06/news/37500338_1_illegal-phone-virbhadra-singh-previous-bjp-regime

[25]. Chaudhary, A. BlackBerry’s Tussle with Indian Govt. Finally Ends; BB Provides Interception System. http://www.medianama.com/2013/07/223-blackberrys-tussle-with-indian-govt-finally-ends-bb-provides-interception-system/

[26]. Report of the Group of Experts on Privacy. Available at: http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[27]. http://164.100.47.134/lsscommittee/Finance/42%20Report.pdf

[28]. http://www.indianexpress.com/news/uid-bill-skips-vital-privacy-issues/688614/

[29]. http://www.epw.in/authors/elonnai-hickok

[30]. http://ccis.nic.in/WriteReadData/CircularPortal/D2/D02rti/aproach_paper.pdf

[31]. http://www.iltb.net/2011/06/analysis-of-the-privacy-bill-2011/

[32]. http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[33]. http://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-updated-third-draft

[34]. http://cis-india.org/internet-governance/blog/national-privacy-roundtable-meetings

For more details visit https://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india

India's Identity Crisis

malavika — 2014-01-09T07:56:08Z

Malavika Jayaram's article was published in 2013 Internet Monitor Annual Report: Reflections on the Digital World, published by Harvard's Berkman Center for Internet and Society.

India’s Unique Identity (UID) project is already the world’s largest biometrics identity program, and it is still growing. Almost 530 million people have been registered in the project database, which collects all ten fingerprints, iris scans of both eyes, a photograph, and demographic information for each registrant. Supporters of the project tout the UID as a societal game changer. The extensive biometric information collected, they argue, will establish the uniqueness of each individual, eliminate fraud, and provide the identity infrastructure needed to develop solutions for a range of problems. Despite these potential benefits, however, critical concerns remain about the UID’s legal and physical architecture as well as about unforeseen risks associated with the linking and analysis of personal data.

The most basic concerns regarding the UID project stem from the fact that biometric technologies have never been tested on such a large population. As a result, well-founded concerns exist around scalability, false acceptance and rejection rates, and the project’s core premise that biometrics can uniquely and unambiguously identify people in a foolproof manner. Some of these concerns are based on technical issues—collecting fingerprints and iris scans “in the field,” for instance, can be complicated when a registrant’s fingerprints are eroded by manual labor or her irises are affected by malnutrition and cataracts. Other concerns relate to the project’s federated implementation architecture, which, by outsourcing collection to a massive group of private and public registrars and operators, increases the chance for data breaches, error, and fraud.

Perhaps even more vexing are concerns regarding how the UID, which promises financial inclusion (by reducing the identification barriers to opening bank accounts, for example), might in fact lead to new types of exclusion for already marginalized groups. Members of the LGBT community, for instance, question whether the inclusion of the transgender category within the UID scheme is a laudable attempt at inclusion, or a new means of listing and targeting members of their community for exclusion. More fundamentally, as more and more services and benefits are linked to the UID, the project threatens to exclude all those who cannot or will not participate in the scheme due to logistical failures or philosophical objections.

It is worth noting that the UID is not the only large data project in India. A slew of “Big Brother” projects exist: the Centralised Monitoring System (CMS), the Telephone Call Interception System (TCIS), the National Population Register (NPR), the Crime and Criminal Tracking Network and Systems (CCTNS), and the National Intelligence Grid (NATGRID), which is working to aggregate up to 21 different databases relating to tax, rail and air travel, credit card transactions, immigration, and other domains. The UID is intended to serve as a common identifier across these databases, creating a massive surveillance state. It also facilitates an ecosystem where access to goods and services, from government subsidies to drivers’ licenses to mobile phones to cooking gas, increasingly requires biometric authentication.

The UID project was originally vaunted as voluntary, but the inexorable slippery slope toward compulsory participation has triggered a series of lawsuits challenging the legality of forced enrollment and the constitutionality of the entire project. Most recently, in September 2013, India’s federal Supreme Court affirmed by way of an interim decision that the UID was not mandatory, that not possessing a UID should not disadvantage anybody, and that citizenship should be ascertained as a criteria for registering in order to ensure that UIDs are not issued to illegal immigrants. This last stipulation is particularly thorny given that the Unique Identification Authority of India (UIDAI, the body in charge of the UID project) has consistently distanced the UID from questions of citizenship under the justification that it is a matter beyond their remit (i.e., the UID is open to residents, and is not linked to citizenship). The government moved quickly to urge a modification of the order, but the Supreme Court declined to do so and will instead release its final decision after it reviews a batch of petitions from activists and others. The UIDAI approached the court, arguing that not making the UID mandatory has serious consequences for welfare schemes, but the court recently ordered the federal government, the Reserve Bank of India, and the Election Commission to delink the LPG cooking gas scheme from the UID. This is a considerable setback for the project, given that this was one of the most hyped linkages for the UID. It remains to be seen whether the court will similarly halt other attempts to make the UID mandatory.

In the meantime, the UID project is effectively being implemented in a legal vacuum without support from the Supreme Court or Parliament. The Cabinet is seeking to rectify this and has cleared a bill that would finally provide legal backing for the UID program—its previous attempt was rejected by the Standing Committee on Finance in 2010. This bill is scheduled to come up for debate during the winter session of Parliament. The bill’s progress, along with the final decision of the Supreme Court, will have far reaching consequences for the UID project’s implementation and longevity, as well as for the relationship between India’s citizens and the state.

If fully implemented, the UID system will fundamentally alter the way in which citizens interact with the government by creating a centrally controlled, technology-based standard that mediates access to social services and benefits, financial systems, telecommunications, and governance. It will undoubtedly also have implications for how citizens relate to private sector entities, on which the UID rests and which have their own vested interests in the data. The success or failure of the UID represents a critical moment for India. Whatever course the country takes, its decision to travel further toward or turn away from becoming a “database nation” will have implications for democracy, free speech, and economic justice within its own borders and also in the many neighboring countries that look to it as a technological standard bearer.

The Indian government seems to envision “big data” as a panacea for fraud, corruption, and abuse, but it has given little attention to understanding and addressing the fraud, corruption, and abuse that massive databases can themselves engender. The government’s actions have yet to demonstrate an appreciation for the fact that the matrix of identity and surveillance schemes it has implemented can create a privacy-invading technology layer that is not only a barrier to online activity but also to social participation writ large.

The lack of identification documents for a large portion of the Indian population does need to be addressed. Whether the UID project is the best means to do this—whether it has the right architecture and design, whether it can succeed without an overhaul of several other failures of governmental institutions, and whether fixing the identity piece alone causes more harm than good—should be the subject of intense debate and scrutiny. Only through rigorous threat modeling and analysis of the risks arising out of this burgeoning “data industrial complex” can steps be taken to stem the potential repercussions of the project not just for identity management, fraud, corruption, distributive justice, and welfare generally, but also for autonomy, openness, and democracy.

Click to download the article published in the annual report of Berkman's Center for Internet and Society (PDF 7223 Kb)

For more details visit https://cis-india.org/internet-governance/blog/internet-monitor-2013-malavika-jayaram-indias-identity-crisis

December 2013 Bulletin

praskrishna — 2014-02-25T13:51:47Z

Our newsletter for the month of December 2013 can be accessed below.

We at the Centre for Internet & Society (CIS) wish you all a great year ahead and welcome you to the twelfth issue of its newsletter (December) for the year 2013:

-------------------------------
Highlights
-------------------------------

The National Resource Kit team has published a draft chapter highlighting the state of laws, policies and programmes for persons with disabilities in the state of Gujarat.
Government of India has passed the National Electronic Accessibility Policy. CIS had worked with the Department of Electronics and Information Technology to formulate this policy. We bring you a brief analysis of the policy and provisions therein in a blog post.
Nehaa Chaudhari on behalf of CIS submitted comments on the Proposed WIPO Treaty for the Protection of Broadcasting Organizations to the Ministry of Human Resource Development.
CIS-A2K team has published a report highlighting the key accomplishments about the work accomplished on Konkani Wikipedia from September to December 2013.
Vipul Kharbanda has provided an analysis of the laws and regulations that apply to Bitcoin in India concluding that government can regulate Bitcoin.
We released the first documentary film (DesiSec) on cyber security in India in Bangalore on December 11.
In the module on Global Histories of the Internet (part of the Knowledge Repository on Internet Access project) Nishant Shah analyses the understanding of the internet, cyberspace and everyday life and why do we need to know the history of the internet.
The second "Institute on Internet and Society" will be held in Yashada, Pune from February 11 to 17, 2014.
As part of the Making Change project, Denisse Albornoz provides an analysis of the benefits and limitations of increasing access to information to enable citizenship and political participation.

-----------------------------------------------
Jobs
-----------------------------------------------
CIS is seeking applications for the posts of Program Officer (Access to Knowledge) and Program Officer (Internet Governance): http://bit.ly/1aA57K6. There are two vacancies each for these posts and these are full-time based in Delhi. To apply, please send your resume to Sunil Abraham (sunil@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org) with three writing samples of which at least one demonstrates your analytic skills, and one that shows your ability to simplify complex policy issues.

----------------------------------------------
Accessibility and Inclusion
----------------------------------------------
As part of our project (under a grant from the Hans Foundation) on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India, we bring you draft chapters for the states of Madhya Pradesh and Arunachal Pradesh, and the union territory of Daman and Diu. With this we have completed compilation of draft chapters for 27 states and 5 union territories. Feedback and comments are invited from readers for the following chapter:

► National Resource Kit Chapter

The Gujarat Chapter (by Anandhi Viswanathan, December 31, 2013): http://bit.ly/Kxbg3b.

Note: All of the chapters published so far in this project are early drafts and will be reviewed and updated.

►Other

# Media Coverage

An “Advocacy” Saga and the Inspiring Legacy of Rahul Cherian (by Shamnad Basheer, Spicy IP, December 16, 2013): http://bit.ly/1a5B7sU.

# Blog Entry

National Policy on Universal Electronic Accessibility – An Analysis (by Anandhi Viswanathan, December 27, 2013): http://bit.ly/1dfCW3I.

-----------------------------------------------------------
Access to Knowledge
-----------------------------------------------------------
The Access to Knowledge programme addresses the harms caused to consumers and human rights, and critically examines Open Government Data, Open Access to Scholarly Literature, and Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software.

# Submission

Comments on Proposed WIPO Treaty for the Protection of Broadcasting Organizations (by Nehaa Chaudhari, December 7, 2013). CIS submitted its comments to the Ministry of Human Resource Development: http://bit.ly/1hpWeuu.

# Events Participated In

3rd Global Congress on IP and the Public Interest & Open A.I.R. Conference on Innovation and IP in Africa (organized by University of Cape Town, December 9-13, 2013). Sunil Abraham participated as a speaker in the sessions on Bridging into the Global Congress: Global Issues, Local Answers?, User Rights Track: What Medicines Can Teach Tech: Exploring Patent Pooling and Compulsory Licensing in the Indian Mobile Device Market (http://bit.ly/1f74yir), User Rights Track: Reclaiming the World Trade Organisation: A Modest Proposal for a WTO Agreement on the Supply of Global Public Goods (http://bit.ly/1f74yir), and was a keynote speaker on The Freedom Continuum (http://bit.ly/1dH1WEM). Nehaa Chaudhari also participated in this event: http://bit.ly/1bJArFJ.
Twenty-Sixth Session of the Standing Committee on Copyrights and Related Rights (organized by WIPO, Geneva, December 16 – 20, 2013). CIS gave its statement on Limitations and Exceptions for Libraries and Archives (http://bit.ly/JWnjq7) and on Limitations and Exceptions for Education, Teaching and Research Institutions and Persons with Other Disabilities (http://bit.ly/JWnjq7). Nehaa Chaudhari participated as a speaker. India and the United States introduced 6 proposals on the WIPO Broadcast Treaty: http://bit.ly/1edqvr3.

The following has been done under grant from the Wikimedia Foundation (http://bit.ly/SPqFOl). As part this project (http://bit.ly/X80ELd), we held 3 workshops in the month of December, published a detailed report of key accomplishments of the work done in Konkani Wikipedia, a report on Train the Trainer Program held in the month of October and published an article in DNA.

►Wikipedia

# Article

Telugu Wikipedia completes 10 years (by Rahmanuddin Shaik, DNA, December 16, 2013): http://bit.ly/19OAvUV. The article was edited by Rohini Lakshané.

# Report

CIS-A2K: Work Accomplished on Konkani Wikipedia (by Nitika Tandon, December 31, 2013): http://bit.ly/1l6ttmp. The report throws some light on the work accomplished on Konkani Wikipedia from September to December 2013.

# Blog Entries

First ever Train-the-Trainer Program in India (by Nitika Tandon, December 5, 2013): http://bit.ly/1euwSXt.

The following are videos of participants from the Konkani Vishwakosh Digitization project (jointly organised by CIS-A2K and Goa University) speaking on their experiences with Wikimedia projects.

Priyadarshini Tadkodkar on Konkani language (by Subhashish Panigrahi, November 17, 2013): http://bit.ly/1hldNM8. We are featuring this here as we didn’t carry this in the last newsletter.
Varsha Kavlekar on Konkani Wikipedia Incubator (by Nitika Tandon, December 12, 2013): http://bit.ly/KmxyFo.
Darshan Kandolkar on Konkani Vishwakosh Digitization Process (by Nitika Tandon, December 13, 2013): http://bit.ly/1cqKyQ2.
Darshana Mandrekar speaks on Konkani Wikipedia (by Nitika Tandon, December 16, 2013): http://bit.ly/1keWyya.
Pooja Tople on Wikimedia Projects (by Nitika Tandon, December 17, 2013): http://bit.ly/1hlbubU.

# Events Organised

You Too Can Write on Wikipedia! — Training workshop (National Institute of Tourism and Hotel Management, Gachibowli, Hyderabad, December 5, 2013): http://bit.ly/1edmx1z.
Telugu Wikipedia Training Workshop (KBN College, Vijaywada, December 16, 2013): http://bit.ly/1i8ScnL.
Kannada Wikipedia Workshop at Alvas Vishva Nudisiri Virasat (Moodabidre, December 19 – 22, 2013). Dr. U.B. Pavanaja gave a presentation about Kannada Wikipedia and also conducted a workshop on Kannada Wikipedia as a parallel track. The event was covered by Prajavani (December 22), Hosadigantha (December 22), and Deccan Herald (December 22): http://bit.ly/1dGTBkw.

# Events Co-organised

Wikipedia Orientation Workshop (organised by CIS-A2K and Christ University, Bangalore, December 2, 2013): http://bit.ly/1lrkwEy.
Wikipedia Training Session @ Tiruvur (organised by CIS-A2K and Telugu Wikipedia community, Srivahini College, Tiruvur, December 19, 2013). T. Vishnu Vardhan and Rahmanuddin Shaik conducted the workshop: http://bit.ly/1e3oQX7. It was covered by Andhraprabha (http://bit.ly/1bU5VsQ), Eenadu (http://bit.ly/19fsttf), Sakshi (http://bit.ly/1e3pQdU), and Prajasakthi (http://bit.ly/JJs7ja) on December 19, 2013.

# Event Participated In

A Wikipedia Workshop at IISC (organised by the Assamese Wikipedia community, Bangalore, December 1, 2013). CIS-A2K team and Wikipedian Shiju Alex supported this event: http://bit.ly/1dSutY2.

# Media Coverage

CIS gave its inputs for the following media coverage:

A Feature on Telugu Wikipedia (Namaste Telengana Newspaper, December 8, 2013): http://bit.ly/19Yjwj6.
Odisha: Odia Wikipedia reaching 5000 article mark! (Odisha Diary Bureau, December 17, 2013): http://bit.ly/1dGU2vc.

-----------------------------------------------
Internet Governance
-----------------------------------------------
CIS is doing a project (under a grant from Privacy International and International Development Research Centre (IDRC)) on conducting research on surveillance and freedom of expression (SAFEGUARDS). So far we have organised seven privacy round-tables and drafted the Privacy (Protection) Bill. This month we bring you an analysis on whether Bitcoin can be banned by the government and a blog post on misuse of surveillance powers in India. As part of its project (funded by Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the IDRC) on mapping cyber security actors in South Asia and South East Asia a film DesiSec: Episode 1was screened. We also did an interview with Pranesh Prakash on cyber security. With this we have completed a total of 13 video interviews so far:

# Analysis

Can Bitcoin Be Banned by the Indian Government? (by Vipul Kharbanda, December 24, 2013): http://bit.ly/1lJrnGF.

# Blog Entries

Misuse of Surveillance Powers in India (Case 1) (by Pranesh Prakash, December 6, 2013): http://bit.ly/1donbaJ.
Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India (by Maria Xynou, December 18, 2013): http://bit.ly/1f714fN.
India’s Identity Crisis (by Malavika Jayaram, December 31, 2013 Internet Monitor Annual Report: Reflections on the Digital World, published by Harvard's Berkman Center for Internet and Society): http://bit.ly/1lTRuuz.

# Upcoming Events

Digital Citizens: Why Cyber Security and Online Privacy are Vital to the Success of Democracy and Freedom of Expression (CIS, Bangalore, January 14, 2014): http://bit.ly/KucEU5. Michael Oghia will give a talk.
CPDP 2014 Reforming Data Protection: The Global Perspective (Brussels, January 22 – 24, 2014): http://bit.ly/KsgCws.
Nullcon Goa Feb 2014 — International Security Conference (organised by Nullcon, Bogmallo Beach Resort, Goa, February 12 – 15, 2014). CIS is one of the sponsors for this event: http://bit.ly/1lrBu5I.

# Events Organised

Big Democracy: Big Surveillance - A talk by Maria Xynou (CIS, Bangalore, December 3, 2013): http://bit.ly/19YnA31.
DesiSec: Episode 1 - Film Release and Screening (CIS, December 11, 2013): http://bit.ly/1lJt2fm.
Legal Issues pertaining to Cloud Computing (NLSIU Campus, Bangalore, December 14-15, 2013): http://bit.ly/1cvcmGq.
Biometrics or Bust? Implications of the UID for Participation and Inclusion (CIS, Bangalore, January 10, 2014). Malavika Jayaram will give a talk: http://bit.ly/1lJZhuK.

# Events Participated In

Convention on Crisis of Capitalism and brazen onslaught on Democracy (organized by INSAF, December 6, 2013). Snehashish Ghosh participated as a speaker: http://bit.ly/1gAxmNy.
International View of the State-of-the-Art of Cryptography and Security and its Use in Practice (IV) (jointly organized by Microsoft Research India, Indian Institute of Science, and Indian Institute of Technology Madras, December 6, 2013). Sunil Abraham was a panellist: http://bit.ly/1eAXl5t.
Technology in Government and Topics in Privacy (organized by Data Privacy Lab, CGIS Cafe, Cambridge Street, Harvard University Campus, December 9, 2013). Malavika Jayaram participated as a speaker on Biometrics in Beta – India's Identity Experiment: http://bit.ly/1bJDqht.
Cyberscholars Working Group at MIT (organized by the Berkman Center for Internet & Society, Harvard University, December 12, 2013): Malavika Jayaram made a presentation on Biometrics or Bust - India’s Identity Crisis: http://bit.ly/1eIpHef.
Seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” (organised by National Law School, Bangalore, December 21-22). Chinmayi Arun and Bhairav Acharya were speakers at this event: http://bit.ly/1gjsxYe.

--------------------------------
News & Media Coverage
--------------------------------
CIS gave its inputs to the following media coverage:

MongoDB startup hired by Aadhaar got funds from CIA VC arm (by Lison Joseph, Economic Times, December 3, 2013): http://bit.ly/1f77bRg.
A Three-Way Race Draws Delhi’s Young, and Everyone Else, Out to Vote (by Betwa Sharma, New York Times, December 4, 2013): http://bit.ly/1gAxoFf.
India for UN body to resolve internet governance issues (by Kim Arora, The Times of India, December 5, 2013): http://bit.ly/JWESqe.
Card transactions with Aadhaar validation need more time: experts (by Kirti V. Rao and Moulishree Srivastava, Livemint, December 5, 2013): http://bit.ly/1hq35UL.
Indian government wakes up to risk of Hotmail, Gmail (originally published by AFP, December 7, 2013): http://bit.ly/19LrlOS. This was also mirrored in The Times of India (http://bit.ly/1hpYEJu), Reuters (http://bit.ly/1gaHhZk), Dawn (http://bit.ly/1azuV95), NDTV (http://bit.ly/19Ys7lS), Yahoo News (http://yhoo.it/JCSreE), The Malaysian Insider (http://bit.ly/1eAPAMW) and Asia One Digital (http://bit.ly/JWuw9R). A slightly modified version was published by Silicon India on December 11: http://bit.ly/1gAtzjd.

# Announcement

Pranesh Prakash has been elected as the Asia-Pacific representative to the executive committee of the NonCommercial Users Constituency (NCUC) (part of the Non-Commercial Stakeholders Group, which is in turn part of the Generic Names Supporting Organization, which is in turn part of ICANN): http://bit.ly/KuIVeC.

--------------------------------
Telecom
-------------------------------
Shyam Ponappa, a Distinguished Fellow at CIS is a regular columnist with the Business Standard. The articles published on his blog Organizing India Blogspot is mirrored on our website:

# Newspaper Column

For a Telecom Revival (by Shyam Ponappa, Business Standard, December 4, 2013 and Organizing India Blogspot, December 5, 2013): http://bit.ly/1avRDii.

--------------------------------
Digital Humanities
--------------------------------
CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

# Blog Entry

The Conflict of Konigsberg (by Anirudh Sridhar, December 17, 2013): http://bit.ly/1cEXhhU.

--------------------------------
Digital Natives
--------------------------------
CIS is doing a research project titled “Making Change”. The project will explore new ways of defining, locating, and understanding change in network societies. Having the thought piece 'Whose Change is it Anyway' as an entry point for discussion and reflection, the project will feature profiles, interviews and responses of change-makers to questions around current mechanisms and practices of change in South Asia and South East Asia:

►Making Change Project

# Blog Entries

Tactical Technology: Information is Power? (by Denisse Albornoz, December 26, 2013): http://bit.ly/1cEUrcY.
Tactical Technology: Designing Activism (by Denisse Albornoz, December 27, 2013): http://bit.ly/1a9IuzH.

►Other

# Newspaper Column

Digital Native (by Nishant Shah, Indian Express, December 22, 2013): http://bit.ly/1f7mU2P.

------------------------------------------------------------
Knowledge Repository on Internet Access
------------------------------------------------------------
CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at the Internet Institute website: http://bit.ly/1iQT2UB.

# Upcoming Event

Institute on Internet and Society (organised by Ford Foundation and CIS, Yashada, Pune, February 11-17, 2014): http://bit.ly/180mQi9. Registrations are closed for this event.

# Modules

History of the Internet: Building Conceptual Frameworks (by Nishant Shah, December 31, 2013): http://bit.ly/19WRHLb.
Internet Privacy in India (by Elonnai Hickok, December 31, 2013): http://bit.ly/19SNk6v.

-----------------------------------------------------
About CIS
-----------------------------------------------------
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter:https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at:https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/december-2013-bulletin

Freedom Continuum

praskrishna — 2013-12-27T11:16:35Z

For more details visit https://cis-india.org/a2k/blogs/freedom-continuum.pdf

3rd Global Congress on IP and the Public Interest & Open A.I.R. Conference on Innovation and IP in Africa

praskrishna — 2013-12-26T05:46:20Z

For more details visit https://cis-india.org/a2k/blogs/3rd-global-congress-ip-and-public-interest-open-air-conference-innovation-and-ip-africa.pdf

VII NLSIR Symposium

praskrishna — 2014-01-09T07:08:33Z

The National Law School of India Review (NLSIR) - the flagship journal of the National Law School of India University (NLSIU), Bangalore is pleased to announce the seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” scheduled to be held on December 21 and December 22, 2013 at the National Assessment and Accreditation Council (NAAC, opposite NLSIU Campus, Nagarhavi) Conference Hall, Bangalore.

This was published by NLSIR on December 20, 2013.

The decade following September 11 has been dubbed “liberty’s lost decade”, not just for the United States of America but for the world at large, marked by increasing tension between State interests in national security and individual liberty. As we continue to grapple with the implications of this clash, one clear winner seems to be emerging, best observed by examining changes in legal systems throughout this decade. The recent upsurge of criticism against NSA activity globally, however, could be seen as indicative of a changing trend. The VIIth NLSIR Symposium seeks to trace this dialogue between competing notions of security and liberty, and hopes to assess and analyse similar developments in India Confirmed speakers for the symposium include renowned legal experts such as Hon’ble Justice Muralidhar, Menaka Guruswamy, Mrinal Satish, Bharat Karnad, Aparna Chandra, Chinmayi Arun, Shyam Diwan, Bhairav Acharya, Roshni, Yug Mohit Chaudhary and Saikat Datta.

This year, the discussions will be divided into four panels:

Session I: Securing Liberty from the State - Redefining Criminal Thresholds in Law
(Forenoon, December 21, 2013, Saturday)

Session II: Intrusive Intelligence - Surveillance Programs and Privacy in India
(Afternoon, December 21, 2013, Saturday)

Session III: Beyond Borders - Extradition, Asylum and Concerns of State Security
(Forenoon, December 22, 2013, Sunday)

Session IV: Connecting the Dots
(Afternoon, December 22, 2013, Sunday)

For more details visit https://cis-india.org/news/nlsir-december-21-2013-nlsir-symposium

Legal Issues pertaining to Cloud Computing

praskrishna — 2022-02-07T15:29:00Z

The Law and Technology Society of National Law School of India University, Bangalore is organizing the 6th edition of its flagship conference ‘Consilience’ on December 14 and 15, 2013 at NLSIU Campus, Bangalore. The Centre for Internet and Society is supporting this event.

The Conference will see some of the best lawyers, jurists and industry leaders in India speak on different issues surrounding the theme. The Conference is co- branded with ‘Salesforce.com’, ‘International Technology Law Association’ and the Centre for Internet and Society (http://www.cis-india.org/). Apart from making an effective contribution towards greater understanding of the subject, the Conference will lead to a recommendatory policy paper to the government of India.

Key speakers for the Conference include:

Senapathy (Kris) Gopalakrishnan (Co-Founder and Executive Vice Chairman, Infosys & President, CII )
Pavan Duggal (Advocate, Supreme Court)
Abhishek Malhotra (Founding Partner, TMT Law Practice)
Azmul Haque (Partner, Shook Lin & Bok, Singapore)
Chris Edwards (Senior Associate, DLA Piper, Singapore)
Prof. Rahul De (IIM Bangalore)
Pamela Kumar (Chair, Cloud Computing Innovation Council of India)
Suhaan Mukherji (Expert advisor, Office of Adviser to the Prime Minister of India on Public Information Infrastructure and Innovations)

Registrations for the Conference are open and fee for the same is as follows:

Students: Rs. 500/-
Professionals: Rs. 750/-

Please find attached the concept note, programme schedule and speakers’ profiles. To register, visit http://www.consilience.co.in/index.php/consilience-2013/register-for-the-conference. For any other queries, please write to ltech.nls@gmail.com .

or contact

Shivam Singla (Ph: +91-9916708701)
Ayushi Sutaria (Ph: +91-8123925725)

Conference Programme

Saturday, December 14th, 2013
Venue: Conference Hall, Academic Block, NLSIU

Lunch
08.30 09.30	Breakfast and Registration
09.45 10.00	Inauguration
10.00 10.30	Keynote Address
10.30 12.30	SESSION 1: INTRODUCTION TO CLOUD COMPUTING How does cloud computing work? - An overview of the basic technical features The current legal regime related to cloud computing in India- Main issues and challenges
13.15 15.15	SESSION 2: THE RELATION BETWEEN PARTIES TO CLOUD COMPUTING- USERS, INTERMEDIARIES AND GOVERNMENT BODIES Legal obligations of the intermediaries towards (i) the government and (ii) the users Cyber security concerns Standards of data protection Government's surveillance powers and privacy issues
Tea Break
15.30 17.30	SESSION 3: REGULATION AND MONITORING OF DATA CONTENT Current data control monitoring systems by intermediaries Data ownership and intellectual property issues- Possible threats and need for regulation Sensitive or critical data- Security concerns relating to their storage
High Tea/Networking Session

Sunday, December 15th, 2013
Venue: Conference Hall, Academic Block, NLSIU

Tea Break
09.00 10.00	Breakfast and Registration
10.00 12.00	SESSION 4: THE INTERNATIONAL PERSPECTIVE ON CLOUD COMPUTING Jurisdiction and choice of law issues- how do we counter the confusion? International laws applicable to cloud computing Need for a comprehensive international framework to simplify the situation?
12.15 14.15	SESSION 5: COMPARATIVE ANALYSIS WITH LEGAL FRAMEWORKS IN OTHER COUNTRIES Legal frameworks in UK and Singapore Beneficial features of these legal regimes and their suitability in the Indian context Lessons to be learnt for India
Lunch
15.00 17.00	SESSION 6: THE WAY FORWARD – SUGGESTIONS AND RECOMMENDATIONS Overview of the important challenges and suggestions Possible Policy and Legislative steps to improve the Cloud Computing regime in India
High Tea/Networking Session

Click to read the sub tracks for discussion
Access the speakers' profiles here

For more details visit https://cis-india.org/events/legal-issues-on-cloud-computing

Sub Tracks

praskrishna — 2013-12-11T10:08:35Z

For more details visit https://cis-india.org/internet-governance/blog/sub-tracks.pdf

Technology in Government and Topics in Privacy

praskrishna — 2013-12-27T10:20:33Z

Malavika Jayaram is a speaker at an event organized by Data Privacy Lab at CGIS Cafe, Cambridge Street, Harvard University Campus. She will speak on Biometrics in Beta – India's Identity Experiment on December 9, 2013.

Technology in Government (TIG) and Topics in Privacy (TIP) consist of weekly discussions and brainstorming sessions on all aspects of privacy (TIP) and uses of technology to assess and solve societal, political, and government problems (TIG). Discussions are often inspired by a real-world problems being faced by the lead discussant, who may be from industry, government, or academia. Practice talks and presentations on specific techniques and topics are also common.

Abstract of the Talk

India's identity juggernaut - the Unique Identity (UID) project that has registered around 450 million people and is yet to be fully realized - is already the world's largest biometrics identity scheme. Based on the premise that centralized de-duplication and authentication will establish uniqueness and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad problems and improve welfare delivery, yet its conception and architecture raise significant concerns. In addition to the UID project, there is a slew of "Big Brother" systems that together form a matrix of identity and surveillance schemes: the UID is intended as a common identifier across this matrix as well as other public and private databases. Indian authorities frame Big Data as a panacea for fraud, corruption and abuse, without apprehending the further fraud, corruption and abuse that joined up databases can themselves engender. The creation of a privacy-invading technology layer not simply as a barrier to online participation but to social participation writ large is not fully appreciated by policy makers. Malavika will provide an overview of the identity landscape including the implications for privacy and free speech, and more broadly, democracy and openness.

Malavika Jayaram

Malavika is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression, especially in the context of India's biometric ID project. A Fellow at the Centre for Internet and Society, Bangalore, she is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Done series. She is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection Lawyers directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London. In a different life, she spent 8 years in London, practicing law with global law firm Allen & Overy in the Communications, Media & Technology group, and as VP and Technology Counsel at Citigroup. During 2012-2013, She was a Visiting Scholar at the Annenberg School for Communication, University of Pennsylvania.

Click to read more on the event originally published by Data Privacy Lab here.

For more details visit https://cis-india.org/news/technology-in-government-and-topics-in-privacy

Cyberscholars Working Group at MIT

praskrishna — 2014-01-09T06:41:31Z

Malavika Jayaram is giving a talk on Biometrics or Bust - India’s Identity Crisis at this event organised by Berkman Center for Internet & Society on December 12 at 6.00 p.m.

Read the original published by Harvard University here.

The Cyberscholar Working Group is a forum for fellows and affiliates of MIT, Yale Law School Information Society Project, Columbia University, and the Berkman Center for Internet & Society at Harvard University to discuss their ongoing research. Each session is focused on the peer review and discussion of current projects submitted by a presenter. Meeting alternatively at Harvard, MIT, Yale, the working group aims to expand the shared knowledge of young scholars by bringing together these preeminent centers of thought on issues confronting the information age. Discussion sessions are designed to facilitate advancements in the individual research of presenters and in turn encourage exposure among the participants to the multi-disciplinary features of the issues addressed by their own work.

This month's presentations include:
(1) "Lines of Control: Networks of Imperialism and Independence in India (1840-1947)"
Abstract: This paper examines the history of communications networks in India and the relationship between communications and second-order networks. It draws attention to the wave of colonial network development that took place in India between 1840 and 1948. During these years, Britain constructed a series shipping, rail and telegraph networks to achieve a set of military and commercial goals. This paper studies how first- and second-order networks developed, and the intended and unintended effects of these networks on Indiaʼs economics, politics, and identity. The paper draws on economic and social studies of colonial communications networks in India, original reports by British officials and the Colonial Office, and the literature focusing on the role of technology in British imperialism. It shows how Indiaʼs colonial communication networks, built to augment and extend British control over the subcontinent, became conduits for Indian resistance and nationalism.
Keywords: shipping, telegraph, railroads, imperialism, nationalism, network theory, India

Colin Agur is a PhD candidate at Columbia University and Visiting Fellow at Yale Law School's Information Society Project. His research examines India's telecommunications, focusing on mobile network formation and second-order effects of network growth. He spent the 2012-13 academic year in Delhi and Chennai, conducting document analysis, interviews with industry figures and participant observation related to mobile phone usage. He has published articles about Indian media and culture in Harvard's Nieman Lab, the Journal of Asian and African Studies and Journalism (forthcoming), and about telecommunications history in Information and Culture.

(2) Big Data Dramas in the 1960s and 1970s
Abstract: The recent frenzy in discussing NSA activities and the collecting of Big Data show a widespread critical concern for the current practice of gathering and using personal data. These concerns have their history. In my presentation, I track the beginnings of a growing public awareness and sensitivity towards the societal handling of personal data. I argue that the early computerization phase during the 1960s and 1970s played a crucial role in discussing these issues. Media reports, popular books, scientific publications, and political hearings all of a sudden began – often in quite different ways – to address and question contemporary practices of collecting, sharing, and storing of personal data. Their authors explored and negotiated all kind of societal settings where personal data played a significant role at that time. There have been concerns about these issues with personal data before, but – as I will show in my presentation – not on this broad societal level and to this extent as in the late 1960s and early 1970s. I argue that during that time, the usage of personal data became a highly controversial matter not only of public, but also of private interest.My inquiry examines how the term “data“ and in particular the collection of personal data became loaded with cultural and emotional significance in scientific and media discussions in the 1960s and 1970s in the United States and in Germany. Furthermore, it explores how the early computerization affected our societal handling of data long before the personal computer entered our private lives.

Julia Fleischhack is a visiting postdoctoral research fellow in the program in Science, Technology, and Society at the Massachusetts Institute of Technology. She holds a PhD in anthropology from Zürich University. Her current research is on data centers from the private sector and funded by the Fritz Thyssen foundation.

(3) Biometrics or Bust - India’s Identity Crisis
Abstract: India's identity juggernaut - the Unique Identity (UID) project that has registered around 500 million people and is yet to be fully realized - is already the world's largest ever biometrics identity scheme. Grounded in the premise that centralized de-duplication and authentication will uniquely identify people and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad socio-economic problems, yet its conception and architecture raise significant concerns. Its implementation as a techno-utopian project in a legal vacuum, despite the potential for abuse and exclusion, give pause to the much-vaunted claims of transforming welfare delivery and galvanizing financial inclusion. I will provide an overview of the identity project and highlight some of the key implications for privacy and free speech, and more broadly, democracy and openness. I will also unpack some of the narratives being constructed, describe the current public discourse and legal developments, and locate the project within the broader surveillance state and database nation that India is morphing into.

Malavika Jayaram is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression. A Fellow at the Centre for Internet and Society, Bangalore, she is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London.

For more details visit https://cis-india.org/news/cyberscholars-working-group-mit

"Whatever happened to Privacy?" - International Activism Conference

praskrishna — 2014-02-03T05:56:27Z

Maria Xynou gave a keynote speech and participated as a panelist on the "Suspect Societies" panel. The event was organized by Heinrich Boell Foundation in Berlin on December 5 and 6, 2013.

"Whatever happened to privacy" brought together international activists on focal topics and combined bar camp style work sessions and political round tables with a classic public event, It focussed on an issue which has far reaching consequences for politically active people across the world - the issue of privacy and surveillance. The revelations around the NSA and GCHQ as well as other countries secret service digital surveillance activities have spurred political debate. This debate was intensified at "Whatever happened to Privacy?" formulating political demands, developing action strategies and debating questions such as:

What cultural and political value does privacy have today?
What are the societal implications of the wide spread "I have nothing to hide" attitude?
What political actions are necessary to protect citizens from mass surveillance and what tools exist for people to secure their communications, movements and lives?

For video and more info, click here

For more details visit https://cis-india.org/news/whatever-happened-to-privacy