Centre for Internet and Society

‘Learn from failed UK NIR project’

praskrishna — 2011-04-01T15:12:12Z

The new government in the UK recently scrapped its decade-long work spending millions of pounds on establishing the National Identity Registration (NIR) number simply because it realised it wasn't workable. This article by Madhumita was published in the Deccan Chronicle on March 22, 2011.

There might just be a lesson in this for India that has begun the ambitious Unique Identification (UID) project. The fact, experts says, is that the technology to make this project work successfully in India, that is attempting to cover the largest biometric registry in the world so far, does not exist, at the moment.

According to Dr Ian Brown, senior research fellow at the Oxford Internet Institute, University of Oxford, there was very little evidence that the NIR in UK met the objectives it laid for the initiative. Dr Brown, who has worked extensively on privacy with regard to biometrics, asserted that in the area of privacy and trust there was already a lot of distrust among citizens concerning identity registration. Additionally the UK government losing the CDs that contained information of 25 million people, led to the debate of data breach, a major issue for India concerning the UID.

“The reasons behind the need for the card included politically popular goals that varied depending on the demands of that political moment. From anti-terrorism to reducing social security fraud, identification fraud, illegal immigration and creating a sense of community, the UK government's response was thin when it came to checking for evidence on the project successfully meeting these objectives. If it was for the largest argument of fitting into the wider perspective of criminal justice and security, then studies have shown that cost-effective measures such as streetlights managed to reduce crime by 30 per cent as against surveillance cameras that reduced crime a mere three per cent in the UK,” stated Dr Brown during a lecture at IISc.

India too has argued the same reasons of terrorism and security along with literacy and eradicating poverty. But where is the evidence that one cannot breach this system? Asked advocate Malavika Jayaram.

Prashant Iyengar of the Centre for Internet and Society (CIS) reiterating this stated that there was no guarantee that an individual's information would be safeguarded. The general consensus was that nobody is opposed to the UID, just its current form.

UK’s NIR disaster

The introduction of the UK’s National Identity Register (NIR) scheme was much debated, and various degrees of concern about the scheme were expressed by human rights lawyers, activists, security professionals and IT experts, as well as politicians.

Many of the concerns focused on the databases which underlie the identity cards rather than the cards themselves.

Biometrics consists of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In computer science, in particular, biometrics is used as a form of identity access management and access control.

It is also used to identify individuals in groups that are under surveillance. India is undertaking an ambitious mega project (the Multipurpose National Identity Card) to provide a unique identification number to each of its 1.25 billion people.

Read the original in the Deccan Chronicle here

For more details visit https://cis-india.org/news/failed-uk-nir-project

Your telco could help spy on you

praskrishna — 2013-07-30T06:13:07Z

Telecom minister gives approval to changes in rules for mobile licences to enable such mass surveillance.

The article by Joji Thomas Philip, Leslie D'Monte and Shauvik Ghosh was originally published in Livemint on July 30, 2013. Sunil Abraham is quoted.

Telecom companies and Internet service providers will soon help the government monitor every call made, every email sent and every website visited, with the Centre deciding to connect their networks to its automated surveillance platform known as the Centralised Monitoring System (CMS).

Communications minister Kapil Sibal has approved changes in existing rules and new clauses to be inserted in mobile licences for enabling such mass surveillance, copies of documents reviewed by Mint reveal.

	The department of telecommunications (DoT) will shortly send a letter to all telcos asking them to connect their “lawful interception system (LIS)” to the CMS “at a regional monitoring centre through an interception, store and forward (ISF) server placed in the licensee’s premises”, according to the documents. Telcos including Bharat Sanchar Nigam Ltd (BSNL), Mahanagar Telephone Nigam Ltd (MTNL), Reliance Communications Ltd, Bharti Airtel Ltd, Vodafone India Ltd and Tata TeleServices Ltd declined to comment on questions emailed in this regard.

The department of telecommunications (DoT) will shortly send a letter to all telcos asking them to connect their “lawful interception system (LIS)” to the CMS “at a regional monitoring centre through an interception, store and forward (ISF) server placed in the licensee’s premises”, according to the documents.

Telcos including Bharat Sanchar Nigam Ltd (BSNL), Mahanagar Telephone Nigam Ltd (MTNL), Reliance Communications Ltd, Bharti Airtel Ltd, Vodafone India Ltd and Tata TeleServices Ltd declined to comment on questions emailed in this regard.

“The automated process of the CMS will be subjected to the same regulatory scrutiny as is available in the present manual system under Section 5(2) of Indian Telegraph Act and Rules 419-A thereunder, with the added advantage of having a safeguard against any illegal provisioning by the telecom service providers in the present system, however, remote it may be,” DoT said in an email reply to a questionnaire with a brief on CMS.

“Safeguard has also been built against any unauthorized provisioning by having a different interception provisioning agency than the interception requisitioning and monitoring agencies thus having an inbuilt system of checks and balances. Further, a non-erasable command log will be maintained by the system, which can be examined anytime for misuse, thus having an additional safeguard,” DoT said.

The CMS was approved by the cabinet committee on security (CCS) on 16 June 2011, with government funding of Rs.400 crore. It is expected to enable the government to monitor all forms of communication, from emails to online activity to phone calls, text messages and faxes by automating the existing process of interception and monitoring. The government completed a pilot project in September 2011 under which the Centre for Development of Telematics (C-DoT) installed two ISF servers, one of them for MTNL.

“The interception services have been integrated and tested successfully for these two telecom services providers (TSPs),” the note said, referring to MTNL and Tata Communications Ltd. MTNL officials declined to comment. There was no response to queries by Tata Communications.

It added that training had been imparted to six law enforcement agencies—the Intelligence Bureau, the Central Bureau of Investigation, the Directorate of Revenue Intelligence, the Research and Analysis Wing, the Delhi Police and the National Investigation Agency.

However, the documents also reveal that the CMS project is getting delayed over technical issues such as lawful interception systems sending the intercept-related information (IRI) in “their own proprietary format”; difficulty in tracing the movement of “the target from the home network to the roaming network”; and how to independently provision voice and data interception of mobile users.

The government is simultaneously devising a strategy to counter criticism from the media and privacy lobby groups that this surveillance platform has no privacy safeguards. Mint reported on 13 July that fresh questions were raised on the CMS infringing on the rights of individuals, especially in the wake of the US government’s PRISM surveillance project.

In an internal note on 16 July to help Sibal brief the media, DoT said even as the CMS will automate the existing process of interception and monitoring “... all safeguards that are currently in place in the manual mode of interception will continue”.

The note argued that implementation of the CMS “will rather enhance the privacy of the citizens” since it will not be necessary to take the authorization (for tapping) to the nodal officer of the telecom service providers “who comes to know whose or which phone is being intercepted”. The note added that after the CMS is implemented, provisioning of interception will be done by a CMS authority, who would be different from the law enforcement agency authorities.

“The law enforcement agency (LEA) cannot provision for interception and monitoring and the CMS authority cannot see the content but would be able to provision the request from the LEA.Hence, complete check and balance will be ensured. Further, a non-erasable command log will be maintained by the system, which can be examined anytime for misuse, thus having an additional safeguard,” added the department’s note briefing the minister.

Also, acknowledging that “questions were being asked about the practices of Indian agencies and the privacy and rights of its citizens”, national security adviser Shivshankar Menon in a 23 June note to the ministries of home, external affairs and telecom, the department of electronics and information technology, and the cabinet secretary said: “Only home secretaries of the Centre and states can authorize such monitoring; orders are valid for two months, are not extendable beyond six months; records are to be maintained, use of storage is limited and a review committee of cabinet secretary, law secretary and secretary of the telecom department regularly screens all cases.”

Menon also admitted that when it came to individual privacy rights, there were “larger issues that needed serious consideration and wider consultation with industry, advocacy groups and NGOs (non-governmental organizations) as has been the case so far in the draft privacy Bill... For data protection and retention in India, however, there may be a need to consider legislation or strengthening existing legislation, as the march of technology has made most present laws irrelevant.”

Privacy experts are convinced that safeguards are needed, especially since India does not have a privacy law.

“To safeguard public interest, the government should also draft a law that will make it a criminal offence if a CMS authority is found in possession of any personal information culled through the CMS. That will prove to be a deterrent,” said Sunil Abraham, executive director of the Centre for Internet and Society, a privacy lobby body. “Also, the government must build an audit trail using PKI (public key encryption) and people as an additional safeguard.”

“As I understand it, there is also no clear statutory backing for the CMS,” said Apar Gupta, a partner at law firm Advani and Co. that specializes in information technology (IT) law. “What is important is that every tapping order should be backed by a reason. This was the case with the manual process. Will this be possible in an automated surveillance system such as the CMS?”

“What is disturbing is that there is no transparency with regard to the CMS. Everything is happening under the radar with media reports periodically giving us glimpses into the project,” he said. “A state should protect its interests but should do so in a manner that safeguards privacy and limits abuse.”

According to the Freedom on the Net 2012 report by Freedom House, an independent privacy watchdog body, of the 47 countries analysed, 19 had introduced new laws or other directives since January 2011 that could affect free speech online, violate users’ privacy, or punish individuals who post certain types of content. India, which scored 39 points out of 100 (score achieved out of 100 for censoring the Internet), was termed partly free by the report, which was released on 24 September.

Globally, 79% of the respondents in another study said they were concerned about their privacy online, with India (94%), Brazil (90%) and Spain (90%) showing the highest level of concern, according to a June survey undertaken by research firm ComRes, and commissioned by Big Brother Watch, an online privacy campaign.

For more details visit https://cis-india.org/news/livemint-july-30-2013-joji-thomas-philip-leslie-d-monte-shauvik-ghosh-your-telco-could-help-spy-on-you

Your Privacy is Public Property

praskrishna — 2011-05-18T02:28:11Z

Rules issued by a control-obsessed government have armed officials with widespread powers to pry into your private life. This article was published in Mail Today on Sunday, May 15, 2011.

The government has gifted itself the power to pry into your electronic personal details without a search warrant. With new IT Rules, it can lay claim to an array of your most sensitive and zealously guarded personal details — ranging from your ATM pin, your net banking password, your credit card details, to the status of your mental health, your DNA profile, and even your sexual orientation. “These rules are a complete invasion of privacy
with immense potentiality of misuse,” says Supreme Court advocate and cyber law expert Pawan Duggal. Drawing attention to the fact that such executive orders are often drafted by government officials who aren’t legally qualified, Duggal asks: "Our medical records and sexual orientation have no bearing on the verification of our identity or our cyber crime record. So why should the state want access to this data?" That is not all. Every key stroke you make at a cyber cafe will now be under the scanner — with cafe owners being asked to maintain logs of your online activities for a minimum of one year. The rules have also turned the heat on internet service providers and social-networking sites to remove objectionable content posted on them, leading to strong objections from Google.

Under provisions of the Indian Post Office Act, 1898, The Indian Telegraph Act, 1885, and the Information Technology Act, 2000, the state already has the power to snoop through the letters you post, the emails you send and the calls you make. But while such surveillance came with several checks and balances, cyber law experts and internet activists say that the government can now access private data with far more ease.

"Whenever any government agency needs to access information on individuals, detailed processes need to be followed so that the rights of the citizen are protected. You need a magistrate — who is not part of the government — to sign a search warrant. A home secretary with the centre or state has to sanction a phone tapping request," points out M.R. Madhavan, head of research, PRS Legislative Research.

These safeguards have not been included for access to electronic databases. "An investigating officer simply needs to give a request in writing, in contravention of all other norms," says Madhavan.

Your privacy is being violated at several levels with the new rules, says Sunil Abraham, executive director of Bangalore’s Centre for Internet and Society. "Cyber cafe owners across the country can now take photos of women coming to their cafes. They also have to show their identity proof. Many women fear they can be harassed on the basis of this information." Cyber cafe owners also have to maintain records on who you are mailing, the subject, how often you access a web page, the packets of data sent and received, etc. Be prepared for rampant leakage of personal information with this provision, warns Abraham.

"A boy who fancies you could easily bribe the cafe owner to get the list of websites you access. The owner will have all the information on you stored for a minimum of one year. No process of destroying the logs has been specified by the IT rules and regulations," says Abraham.

The trouble, says Venkatesh Nayak, the Programme Coordinator for Access to Information, Commonwealth Human Rights Initiative, is that everyone is suspect in the eyes of the government because of the perception that terrorists don’t function like organised crime syndicates.

Privacy concerns are taken far more seriously in the West. "In countries which have a data protection law, there are data protection tribunals and data protection commissioners. It is not that easy for governments to collect sensitive information on individuals and keep it away from them," says Nayak.

The government, meanwhile, denies any invasion of privacy with the rules. "The intent of the rules is to protect sensitive personal information. The rules do not give any undue powers to government agencies for free access of sensitive personal information," the department of Information Technology has said in a statement.

Cyber experts aren’t convinced, and believe that the days of greater surveillance lie ahead. "After 9/11, the US Homeland Security had started accessing databases of public libraries to find out what people were reading. The day may not be far for us," is Nayak’s dark projection.

Read the original published by Mail Today here

For more details visit https://cis-india.org/news/privacy-public-property

Your phone is a surveillance device, your ISP a surveillance provider…: Pranesh Prakash

praskrishna — 2015-06-17T14:53:40Z

“In India there is no special privilege for journalists over ordinary citizens,” Pranesh Prakash, Policy Director at the Centre for Internet and Society began at the workshop entitled ‘Digital Security for Journalists’ organised by the Mumbai Press Club and the Centre for Internet and Society.

The blog post was published by mxmindia.com on May 27, 2015. Pranesh Prakash gave his inputs.

“Even if you don’t care about your own security/privacy, think about you sources. Your sources want privacy,” Prakash said as he began the workshop on how to assess security threats, how to protect sources and how to prevent your ISP from leaking out information. With the growth of the internet since the 1980s, we know we can’t trust everyone; police stations, governments, all engage in surveillance of some sort, he pointed out. Prakash went on to explain the ‘Threat Model’, wherein journalists ought to ask questions like what are you protecting, who are you protecting yourself against, what do you hope to achieve and to what lengths are you willing to go? All of the measures you are going to take to protect your source are going to be inconvenient. Security is always at the cost of convenience he reiterated.

Data threat can be intercepted at two levels, Prakash explained; data in transit and data at rest. The important question to ask is which you wish to secure, because the means to secure both are very different.Emails being sent to someone can be intercepted by an outside source in transit. It is easier to secure you own data on your computer, but an email is so much more difficult to secure because there are multiple points where the information is stored. Targeted surveillance is much more difficult to protect yourself against than mass surveillance.

For WiFi, password protected networks form an encryption, one more barrier to protect you. However, a WEP encrypted network is easy to break through. You need at least a WPAII to be secure enough. Airport networks usually ask for a password after connecting to the WiFi. That too is easy to see through. Avoid using these networks for sensitive work.

One must keep in mind who they want to secure the data from; whether from a casual threat or an Intelligence Agency like the National Security Agency (NSA), National Technical Research Organisation (NTRO) or Intelligence Bureau (IB).Mass surveillance or non-targeted surveillance is not legal in India. However. the NTRO engages in mass surveillance, for which it was criticised in a Mint article, following which they shifted only to the national borders for surveillance. It is also possible for the NSA to tamper with your laptop before delivery.The NSA’s ANT catalogue has been working on a technology that has a device that can fit within the connector that connects to your keyboards and it can last there years and years without detection. Hence Prakash suggests that if a journalist is working on a sensitive story that if leaked could cause a ruckus, he/she would be safer buying a new computer and paying for it in hard cash.

The more important a source is, the less you must use your phone, Prakash pointed out. Phones leak information time and again, information of time and location. The NSA uses it, the police use it. If you are meeting with someone and you both have your phone, then information that you have met is transmitted. Even without GPS it can track your location, when you receive/send a call/message, as your mobile network needs to access the cell tower you are around in order to reach you.

Encrypted emails still leak identities. If the police look into an encrypted email, they will still know who you are communicating with. Background information you are doing on a story can also give away a lot you don’t want to be given away. Even with an encrypted email, they have access to your location, IP address, the sender and the receiver of the email, time stamp, Mac id and IMEI.

End-to-end encryption is the way out here.This means that no one in the middle, including the company can read the emails you send from your company server. End-to-end encryption is the most inconvenient. End-to-end encryption means that you and the party concerned need to come up with a code that the other party needs to be able to decrypt. The software both parties use also needs to be compatible.

“I recommend using WhatsApp over Viber and Line, Skype over other alternatives and Twitter is also safe, but never use Facebook for sensitive conversations that you don’t want to get out,” Prakash said. WhatsApp is safer than normal text messaging he points out. Prakash recommended an app called Conversations to use for messaging on your phone. It is safer than both normal SMSing and WhatsApp. An SMS leaks metadata, he explains, that’s why it is preferable to use data or apps that use the internet.

In the 2G network space, only Airtel and Docomo use at least a weak encryption.All the rest use no encryption. Anyone can snoop in on your conversations. Instead one must use data-enabled apps for calling like RedPhone, he suggested. This is a great way to protect your source.

Most people are known to repeat passwords for various accounts. Never repeat a password, Prakash advised. Maintain different passwords for all your accounts. It is the safest. And if you are unable to remember them all, then use password managementsoftware like LastPass or KeyPass. These enable you to key in and store all your passwords in one place and you only have to remember the password to your LastPass/KeyPass account. But if you forget your master password, then there is no way to recover all your other passwords.

The session concluded with Prakash working hands-on with the journalists, helping them to download the required software on their laptops and mobile phones. This knowledge is vital for all journalists in order to protect themselves and their sources when doing a high profile, sensitive story, Prakash said.

For more details visit https://cis-india.org/internet-governance/news/mxmindia-may-27-2015-dyanne-coelho-your-phone-is-a-surveillance-device-your-isp-a-surveillance-provider

Your cyber space is a hackers paradise

praskrishna — 2011-08-23T00:58:21Z

It Looks like hackers are having a ball targeting all kinds of websites — gaming, news, government, personal email and even those run by terror networks, writes Shayan Ghosh. The article was published in Mail Today on June 6, 2011.

After Sony PlayStation Network and Gmail breaches this week, the latest is an attack on Sony Pictures.

The hackers who broke into the Sony Pictures website have collected private information such as passwords and email identities.

"A group of criminal hackers known as LulzSec claimed to have breached some of our websites," CEO of Sony Pictures Entertainment Michael Lynton said.

LulzSec, involved in the hacking of several leading US media firms last month, however, has another story to tell. The group blamed Sony Pictures for carelessness.

"Every bit of data we took wasnt encrypted. Sony stored over 10 lakh passwords of its customers in plaintext, which means it is just a matter of taking it." "We broke into SonyPictures. com and compromised over 10 lakh users personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony data associated with their accounts.

Among other things, we also compromised all administration details of Sony Pictures ( including passwords) along with 75,000 music codes and 3.5 million coupons", the group said in a post on Pastebin. com . Google mail, too, was breached this week and the hackers gained access to email accounts of hundreds of people, including senior US government officials and journalists. Google confirmed that Gmail accounts were hacked." We recently uncovered a campaign to collect user passwords, likely through phishing,” the search, cloud and net tech giant said on its blog.

Asked about reports that Gmail accounts of some Indian diplomats based in China had been hacked, Google declined to comment, saying it had no data of any specific people whose accounts have been hacked.

But the company pointed fingers at China.

"This campaign, which appears to originate from Jinan in China, affected what seem to be the personal Gmail accounts of hundreds of users, including senior US government officials, Chinese political activists, officials in several Asian countries ( predominantly South Korea), military personnel and journalists, among others," a posting on the companys official blog said.

Indian experts, too, blame Chinese hackers. "China poses a serious threat to our national security as these hacking issues dont just seem to stop," Ahmedabadbased cybercrime consultant Sunny Vaghela said.

The hackers probably targeted Gmail because of the number of users they have, Vaghela added.

All regimes have now started implementing surveillance mechanisms on the Internet. This is a disturbing trend all over the world.

China has supremacy on it mainly because they are an early adopter of Internet surveillance and content filtering mechanisms,” a software consultant based in Bangalore, Anivar Aravind, said.

"Its become more about proving a point. Hackers want to tell people that I can hack into your system and show its vulnerability," Center for Internet and Society director of research in Bangalore Nishant Shah said.

But LulzSec has its own logic: "Our goal here is not to come across as master hackers… Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Online Safety Measures

Secure your Email:

Change passwords often
Use the Gmail feature to check your “ last account activity”. It shows the IP address ( denoting a specific computer) used to access your email
Do not open unknown email attachments
Do not store sensitive and personal data in email accounts

Things to Avoid

Do not visit unknown sites; Use different passwords for different accounts
Do not divulge credit card numbers over emails or on social networks
Keep track of your credit/ debit card account
For online transactions use encrypted websites. Look for SSL certificate or padlock icon

Read the original published by Mail Today here

For more details visit https://cis-india.org/news/cyber-space-hackers-paradise

You Have the Right to Remain Silent

nishant — 2013-07-22T06:59:53Z

Reflecting upon the state of freedom of speech and expression in India, in the wake of the shut-down of the political satire website narendramodiplans.com.

Nishant Shah's column was published in Down to Earth on July 17, 2013.

It took less than a day for narendramodiplans.com, a political satire website that had more than 60,000 hits in the 20 hours of its existence, to be taken down. A simple webpage that showed a smiling picture of Narendra Modi, the touted candidate for India’s next Prime Ministerial campaign, flashing his now trademark ‘V’ for ~~Vengeance~~ Victory sign. At the first glimpse it looked like another smart media campaign by the net-savvy minister who has already made use of the social web quite effectively, to connect with his constituencies and influence the younger voting population in the country. Below the image of Mr. Modi was a text that said, "For a detailed explanation of how Mr. Narendra Modi plans to run the nation if elected to the house as a Prime Minister and also for his view/perspective on 2002 riots please click the link below." The button, reminiscent of 'sale' signs on shops that offer permanent discounts, promised to reveal, for once and for all, the puppy plight of Mr. Modi's politics and his plans for the country that he seeks to lead.

However, when one tried to click on the button, hoping, at least for a manifesto that combined the powers of Machiavelli with the sinister beauty of Kafka, it proved to be an impossible task. The button wiggled, and jiggled, and slithered all over the page, running away from the mouse following it. Referencing the layers of evasive answers, the engineered Public Relations campaigns that try to obfuscate the history to some of the most pointed questions that have been posited to the Modi government through judicial and public forums, the button never stayed still enough to actually reveal the promised answers. For people who are familiar with the history of such political satire and protest online would immediately recognise that this wasn’t the most original of ideas. In fact, it was borrowed from another website - http://www.thepmlnvision.com/ that levelled similar accusations of lack of transparency and accountability on the part of Nawaz Sharif of Pakistan. Another instance, which is now also shut down, had a similar deployment where the webpage claimed to give a comprehensive view into Rahul Gandhi’s achievements, to question his proclaimed intentions of being the next prime-minister. In short, this is an internet meme, where a simple web page and a java script allowed for a critical commentary on the future of the next elections and the strengthening battle between #feku and #pappu that has already taken epic proportions on Twitter.

The early demise of these two websites (please do note, when you click on the links that the Nawaz Sharif website is still working) warns us of the tightening noose around freedom of speech and expression that politicos are responsible for in India. It has been a dreary last couple of years already, with the passing of the Intermediaries Liabilities Rules as an amendment to the IT Act of India, Dr. Sibal proposing to pre-censor the social web in a quest to save the face of erring political figures, teenagers being arrested for voicing political dissent, and artists being prosecuted for exercising their rights to question the state of governance in our country. Despite battles to keep the web an open space that embodies the democratic potentials and the constitutional rights of freedom of speech and expression in the country, it has been a losing fight to keep up with the ad hoc and dictatorial mandates that seem to govern the web.


Above is a screen shot from narendramodiplans.com website

We have no indication of why this latest piece of satirical expression, which should be granted immunity as a work of art, if not as an individual’s right to free speech, was suddenly taken down. The website now has a message that says, “I quit. In a country with freedom of speech, I assumed that I was allowed to make decent satire on any politician more particularly if it is constructive. Clearly, I was wrong.” The web is already abuzz with conspiracy theories, each sounding scarier than the other because they seem so plausible and possible in a country that has easily sacrificed our right to free speech and expression at the altar of political egos. And whether you subscribe to any of the theories or not, whether your sympathies lie with the BJP or with the UPA, whether or not you approve of the political directions that the country seems to be headed in, there is no doubt that you should be as agitated as I am, about the fact that we are in a fast-car to blanket censorship, and we are going there in style.

What happens online is not just about this one website or the one person or the one political party – it is a reflection on the rising surveillance and bully state that presumes that making voices (and sometimes people) invisible, is enough to resolve the problems that they create. And what happens on the web is soon going to also affect the ways in which we live our everyday lives. So the next time, you call some friends over for dinner, and then sit arguing about the state of politics in the country, make sure your windows are all shut, you are wearing tin-foil hats and if possible, direct all conversations to the task of finally finding Mamta Kulkarni. Because anything else that you say might either be censored or land you in a soup, and the only recourse you might have would be a website that shows the glorious political figures of the country, with a sign that says “To defend your right to free speech and expression, please click here”. And you know that you are never going to be able to click on that sign. Ever.

For more details visit https://cis-india.org/internet-governance/blog/down-to-earth-july-17-2013-nishant-shah-you-have-the-right-to-remain-silent

You Have the Right to Remain Silent

anja — 2011-08-02T07:55:22Z

India has a long history of censorship that it justifies in the name of national security. But new laws governing the Internet are unreasonable and — given the multitude of online voices — poorly thought out, argues Anja Kovacs in this article published in the Sunday Guardian on 17 April 2011.

In March 2011, Indian media - both social and traditional - was ablaze with fears that a new set of rules, proposed to complement the IT (Amendment) Act 2008, would thwart the freedom of expression of India's bloggers: contrary to standard international practice, the Intermediary Due Dilligence Rules seemed intent on making bloggers responsible for comments made by readers on their site. Only a few weeks earlier, the threat of online censorship had manifested itself in a different form: although the block was implemented unevenly, mobile applications market space Mobango, bulk SMS provider Clickatell, hacking-related portal Zone-H.com and blogs hosted on Typepad were suddenly no longer accessible for most Indian netizens, without warning or explanation.

Censorship in India is nothing new. At the time of Independence, there was widespread fear among its lawmakers that unrestricted freedom of expression could become a barrier to the social reforms necessary to put the country on Nehru's path to development – particularly as the memory of Partition continued to be vivid. Although freedom of expression is guaranteed by the Constitution, it is therefore subject to a fairly extensive list of so-called "reasonable" restrictions: the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence. But while this long list might have made sense at the time of Partition, in the mature democracy that India has now become, its existence, and the numerous opportunities for censorship and surveillance that it has enabled or justified, seems out of place. Indeed, though all these restrictions in themselves are considered acceptable internationally, there are few other democratic states that include all of them in the basic laws of their land.

An appetite for censorship does not only exist among India's legislature and judiciary, however. Especially since the early nineties, instances of vigilante groups destroying art, preventing film screenings, or even attacking offending artists, writers and editors have become noteworthy for their regularity. But it is worth noting that even more progressive sections of society have not been averse to censorship: for example, section of the Indian feminist movement have voiced strong support for the Indecent Representation of Women Act that seeks to censor images of women which are derogatory, denigrating or likely to corrupt public morality.

What connects all these efforts? A belief that suppressing speech and opinions makes it possible to contain the conflicts that emanate from India's tremendous diversity, while simultaneously ensuring its homogenous moral as much as political development. But if the advent of satellite television already revealed the vulnerabilities of this strategy, the Internet has made clear that in the long term, it is simply untenable. It is not just that the authors of a speech act may not be residents of India; it is that everybody can now become an author, infinitely multiplying the number of expressions that are produced each year and that thus could come within the Law's ambit. In this context, even if it may still have a role, suppression clearly can no longer be the preferred or even dominant technology of choice to manage disagreements. What is urgently needed is the building of a much stronger culture of respectful disagreement and debate within and across the country's many social groups. If more and more people are now getting an opportunity to speak, what we need to make sure is that they end up having a conversation.

Yet the government of India so far has mostly continued on the beaten track, putting into place a range of legislations and policies to meticulously monitor and police the freedom of expression of netizens within its borders. Thus, for example, section 66F(1)(B) of the IT (Amendment) Act 2008 defines "cyberterrorism" so broadly as to include the unauthorised access to information on a computer with a belief that that information may be used to cause injury to...decency or morality. The suggested sentence may extend to imprisonment for life. The proposed Intermediary Due Dilligence Rules 2011 privatise the responsibility for censorship by making intermediaries responsible for all content that they host or store, putting unprecedented power over our acts of speech into the hands of private bodies. The proposed Cyber Cafe Rules 2011 order that children who do not possess a photo identity card need to be accompanied by an adult who does, constraining the Internet access of crores of young people among the less advantaged sections of society in particular. And while the US and other Western countries continue to debate the desireability of an Internet Kill Switch, the Indian government obtained this prerogative through section 69A of the IT (Amendment Act) 2008 years ago.

Such measures are given extra teeth by being paired with unprecedented systems of surveillance. For example, there are proposals on the table that make it obligatory for telecommunication carriers and manufacturers of telecommunications equipment to ensure their equipment and services have built-in surveillance capabilities. While at present, records are only kept if there is a specific requirement by intelligence or security agencies, the Intelligence Bureau has proposed that ISPs keep a record of all online activities of all customers for at least six months. The IB has also suggested putting into place a unique identification system for all Internet users, whereby they would be required to submit some form of online identification every time they go online.

Proponents of such legislation often point to the new threats to safety and security that the Internet poses to defend these measures, and it is indeed a core obligation of any state to ensure the safety of its citizens. But the hallmark of a democracy is that it carefully balances any measures to do so with the continued guarantee of its citizens' fundamental rights. Despite the enormous changes and challenges that the Internet brings for freedom of expression everywhere, such an exercise seems to sadly not yet have been systematically undertaken in India so far.

The recent blocking of websites with which we started this article reflects the urgent need to do so. In response to RTI applications by the Centre for Internet and Society and Medianama, the Department of Information Technology, which is authorised to order such blocks, admitted to blocking Zone-H, but not any of the other websites affected earlier this year. In an interview with The Hindu, the Department of Telecommunication too had denied ordering the blocking of access, despite the fact that some users trying to access Typepad had reported seeing the message "this site has been blocked as per request by Department of Telecom" on their screen. In the mean time, Clickatell and Mobango remain inaccessible for this author at the time of writing. That we continue to be in the dark as to why this is so in the world's largest democracy deserves to urgently become a rallying point.

For more details visit https://cis-india.org/internet-governance/blog/your-right-to-remain-silent

WSIS+10 High Level Event: A Bird's Eye Report

geetha — 2014-06-20T15:57:32Z

The WSIS+10 High Level was organised by the ITU and collaborative UN entities on June 9-13, 2014. It aimed to evaluate the progress on implementation of WSIS Outcomes from Geneva 2003 and Tunis 2005, and to envision a post-2015 Development Agenda. Geetha Hariharan attended the event on CIS' behalf.

The World Summit on Information Society (WSIS) +10 High Level Event (HLE) was hosted at the ITU Headquarters in Geneva, from June 9-13, 2014. The HLE aimed to review the implementation and progress made on information and communication technology (ICT) across the globe, in light of WSIS outcomes (Geneva 2003 and Tunis 2005). Organised in three parallel tracks, the HLE sought to take stock of progress in ICTs in the last decade (High Level track), initiate High Level Dialogues to formulate the post-2015 development agenda, as well as host thematic workshops for participants (Forum track).

The High Level Track:

Opening Ceremony, WSIS+10 High Level Event (Source)

The High Level track opened officially on June 10, 2014, and culminated with the endorsement by acclamation (as is ITU tradition) of two Outcome Documents. These were: (1) WSIS+10 Statement on the Implementation of WSIS Outcomes, taking stock of ICT developments since the WSIS summits, (2) WSIS+10 Vision for WSIS Beyond 2015, aiming to develop a vision for the post-2015 global information society. These documents were the result of the WSIS+10 Multi-stakeholder Preparatory Platform (MPP), which involved WSIS stakeholders (governments, private sector, civil society, international organizations and relevant regional organizations).

The MPP met in six phases, convened as an open, inclusive consultation among WSIS stakeholders. It was not without its misadventures. While ITU Secretary General Dr. Hamadoun I. Touré consistently lauded the multi-stakeholder process, and Ambassador Janis Karklins urged all parties, especially governments, to “let the UN General Assembly know that the multi-stakeholder model works for Internet governance at all levels”, participants in the process shared stories of discomfort, disagreement and discord amongst stakeholders on various IG issues, not least human rights on the Internet, surveillance and privacy, and multi-stakeholderism. Richard Hill of the Association for Proper Internet Governance (APIG) and the Just Net Coalition writes that like NETmundial, the MPP was rich in a diversity of views and knowledge exchange, but stakeholders failed to reach consensus on crucial issues. Indeed, Prof. Vlamidir Minkin, Chairman of the MPP, expressed his dismay at the lack of consensus over action line C9. A compromise was agreed upon in relation to C9 later.

Some members of civil society expressed their satisfaction with the extensive references to human rights and rights-centred development in the Outcome Documents. While governmental opposition was seen as frustrating, they felt that the MPP had sought and achieved a common understanding, a sentiment echoed by the ITU Secretary General. Indeed, even Iran, a state that had expressed major reservations during the MPP and felt itself unable to agree with the text, agreed that the MPP had worked hard to draft a document beneficial to all.

Concerns around the MPP did not affect the review of ICT developments over the last decade. High Level Panels with Ministers of ICT from states such as Uganda, Bangladesh, Sweden, Nigeria, Saudi Arabia and others, heads of the UN Development Programme, UNCTAD, Food and Agriculture Organisation, UN-WOMEN and others spoke at length of rapid advances in ICTs. The focus was largely on ICT access and affordability in developing states. John E. Davies of Intel repeatedly drew attention to innovative uses of ICTs in Africa and Asia, which have helped bridge divides of affordability, gender, education and capacity-building. Public-private partnerships were the best solution, he said, to affordability and access. At a ceremony evaluating implementation of WSIS action-lines, the Centre for Development of Advanced Computing (C-DAC), India, won an award for its e-health application MOTHER.

The Outcome Documents themselves shall be analysed in a separate post. But in sum, the dialogue around Internet governance at the HLE centred around the success of the MPP. Most participants on panels and in the audience felt this was a crucial achievement within the realm of the UN, where the Tunis Summit had delineated strict roles for stakeholders in paragraph 35 of the Tunis Agenda. Indeed, there was palpable relief in Conference Room 1 at the CICG, Geneva, when on June 11, Dr. Touré announced that the Outcome Documents would be adopted without a vote, in keeping with ITU tradition, even if consensus was achieved by compromise.

The High Level Dialogues:

Prof. Vladimir Minkin delivers a statement. (Source)

The High Level Dialogues on developing a post-2015 Development Agenda, based on WSIS action lines, were active on June 12. Introducing the Dialogue, Dr. Touré lamented the Millennium Development Goals as a “lost opportunity”, emphasizing the need to alert the UN General Assembly and its committees as to the importance of ICTs for development.

As on previous panels, there was intense focus on access, affordability and reach in developing countries, with Rwanda and Bangladesh expounding upon their successes in implementing ICT innovations domestically. The world is more connected than it was in 2005, and the ITU in 2014 is no longer what it was in 2003, said speakers. But we lack data on ICT deployment across the globe, said Minister Knutssen of Sweden, recalling the gathering to the need to engage all stakeholders in this task. Speakers on multiple panels, including the Rwandan Minister for CIT, Marilyn Cade of ICANN and Petra Lantz of the UNDP, emphasized the need for ‘smart engagement’ and capacity-building for ICT development and deployment.

A crucial session on cybersecurity saw Dr. Touré envision a global peace treaty accommodating multiple stakeholders. On the panel were Minister Omobola Johnson of Nigeria, Prof. Udo Helmbrecht of the European Union Agency for Network and Information Security (ENISA), Prof. A.A. Wahab of Cybersecurity Malaysia and Simon Muller of Facebook. The focus was primarily on building laws and regulations for secure communication and business, while child protection was equally considered.

The lack of laws/regulations for cybersecurity (child pornography and jurisdictional issues, for instance), or other legal protections (privacy, data protection, freedom of speech) in rapidly connecting developing states was noted. But the question of cross-border surveillance and wanton violations of privacy went unaddressed except for the customary, unavoidable mention. This was expected. Debates in Internet governance have, in the past year, been silently and invisibly driven by the Snowden revelations. So too, at WSIS+10 Cybersecurity, speakers emphasized open data, information exchange, data ownership and control (the right to be forgotten), but did not openly address surveillance. Indeed, Simon Muller of Facebook called upon governments to publish their own transparency reports: A laudable suggestion, even accounting for Facebook’s own undetailed and truncated reports.

In a nutshell, the post-2015 Development Agenda dialogues repeatedly emphasized the importance of ICTs in global connectivity, and their impact on GDP growth and socio-cultural change and progress. The focus was on taking this message to the UN General Assembly, engaging all stakeholders and creating an achievable set of action lines post-2015.

The Forum Track:

Participants at the UNESCO session on its Comprehensive Study on Internet-related Issues (Source)

The HLE was organized as an extended version of the WSIS Forum, which hosts thematic workshops and networking opportunities, much like any other conference. Running in parallel sessions over 5 days, the WSIS Forum hosted sessions by the ITU, UNESCO, UNDP, ICANN, ISOC, APIG, etc., on issues as diverse as the WSIS Action Lines, the future of Internet governance, the successes and failures of WCIT-2012, UNESCO’s Comprehensive Study on Internet-related Issues, spam and a taxonomy of Internet governance.

Detailed explanation of each session I attended is beyond the scope of this report, so I will limit myself to the interesting issues raised.

At ICANN’s session on its own future (June 9), Ms. Marilyn Cade emphasized the importance of national and regional IGFs for both issue-awareness and capacity-building. Mr. Nigel Hickson spoke of engagement at multiple Internet governance fora: “Internet governance is not shaped by individual events”. In light of criticism of ICANN’s apparent monopoly over IANA stewardship transition, this has been ICANN’s continual response (often repeated at the HLE itself). Also widely discussed was the role of stakeholders in Internet governance, given the delineation of roles and responsibilities in the Tunis Agenda, and governments’ preference for policy-monopoly (At WSIS+10, Indian Ambassador Dilip Sinha seemed wistful that multilateralism is a “distant dream”).

This discussion bore greater fruit in a session on Internet governance ‘taxonomy’. The session saw Mr. George Sadowsky, Dr. Jovan Kurbalija, Mr. William Drake and Mr. Eliot Lear (there is surprisingly no official profile-page on Mr. Lear) expound on dense structures of Internet governance, involving multiple methods of classification of Internet infrastructure, CIRs, public policy issues, etc. across a spectrum of ‘baskets’ – socio-cultural, economic, legal, technical. Such studies, though each attempting clarity in Internet governance studies, indicate that the closer you get to IG, the more diverse and interconnected the eco-system gets. David Souter’s diagrams almost capture the flux of dynamic debate in this area (please see pages 9 and 22 of this ISOC study).

There were, for most part, insightful interventions from session participants. Mr. Sadowsky questioned the effectiveness of the Tunis Agenda delineation of stakeholder-roles, while Mr. Lear pleaded that techies be let to do their jobs without interference. Ms. Anja Kovacs raised pertinent concerns about including voiceless minorities in a ‘rough consensus’ model. Across sessions, questions of mass surveillance, privacy and data ownership rose from participants. The protection of human rights on the Internet – especially freedom of expression and privacy – made continual appearance, across issues like spam (Question 22-1/1 of ITU-D Study Group 1) and cybersecurity.

Conclusion:

The HLE was widely attended by participants across WSIS stakeholder-groups. At the event, a great many relevant questions such as the future of ICTs, inclusions in the post-2015 Development Agenda, the value of muti-stakeholder models, and human rights such as free speech and privacy were raised across the board. Not only were these raised, but cognizance was taken of them by Ministers, members of the ITU and other collaborative UN bodies, private sector entities such as ICANN, technical community such as the ISOC and IETF, as well as (obviously) civil society.

Substantively, the HLE did not address mass surveillance and privacy, nor of expanding roles of WSIS stakeholders and beyond. Processually, the MPP failed to reach consensus on several issues comfortably, and a compromise had to be brokered.

But perhaps a big change at the HLE was the positive attitude to multi-stakeholder models from many quarters, not least the ITU Secretary General Dr. Hamadoun Touré. His repeated calls for acceptance of multi-stakeholderism left many members of civil society surprised and tentatively pleased. Going forward, it will be interesting to track the ITU and the rest of UN’s (and of course, member states’) stances on multi-stakeholderism at the ITU Plenipot, the WSIS+10 Review and the UN General Assembly session, at the least.

For more details visit https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report

WSIS +10 High Level Event: Open Consultation Process Multistakeholder Preparatory Platform: Phase Six: Fifth Physical Meeting

jyoti — 2014-10-12T05:31:48Z

The fifth physical meeting of the Multistakeholder Preparatory Platform (MPP-WSIS+10), was held from 28-31 May 2014 in Geneva as part as part of the sixth phase of the WSIS +10 High Level Event Open Consultation process. The meeting was aimed at developing draft agreed texts for the WSIS+10 Statement on Implementation on WSIS Outcomes and the Vision Beyond 2015.

Stakeholders including governments, private sector, civil society and international organizations participated in the meeting, which was chaired by Prof. Dr. V.Minkin (Russian Federation), Chairman of the Council Working Group on WSIS and the Vice Chairs of the meeting were Egypt, Switzerland and Saudi Arabia.

ITU Deputy Secretary General, Mr Houlin Zhao highlighted that WSIS+10 High Level Event as a joint effort of the UN family and re-emphasized on the commitment and hard work from all UN Agencies and the Secretariat that has processed up to 500 contributions till date. He further reiterated that this preparatory process builds upon several inputs including deliberations at WSIS Forums (2012 and 2013), WSIS+10 Visioning Challenge Initiative, 2013 WSIS+10 Multistakeholder Meeting in Paris, as well as outcomes of ITU Regional Development Forums held in six regions and led by BDT. Almost 500 multistakeholder contributions were processed by secretariat up to now.

Mr. C.Wachholz representing UNESCO and Ms. M. Kultamaa representing the CSTD Secretariat underlined the importance of the process being an important effort leading towards the Overall Review of the implementation of the WSIS outcomes by 2015. Ms. Kultamaa informed the meeting on the status of the discussions taking place at the UN General Assembly regarding the modalities of the Overall Review. She underlined that for the time being there is no consensus and discussions on this subject will continue.It is important to note that all UN organizations serve as secretariat to the preparatory process which is being coordinated by the ITU. All the Action Line Facilitators including, ITU, UNESCO, UNCTAD, UNDP, UNDESA, WMO, UNEP, WHO, UPU, ITC, ILO, FAO, and UN Regional Commissions,as well as WIPO, UN Women contributed towards the development of the Action line documents in the Vision, within their respective mandates. The meeting concluded with final agreed drafts for the WSIS+10 Statement and final agreed draft for WSIS+10 Vision Chapter A and B, with some pending issues in C.

Jyoti Panday representing CIS, participated in the meeting and intervened in the negotiations over the final agreed text. CIS made interventions on text related to increasing women's participation, freedom of expression, media rights, data privacy, network security and human rights. CIS also endorsed text on action line 'Media' which reaffirmed commitment to freedom of expression, data privacy and media rights offline and online including protection of sources, publishers and journalists.

WSIS+10 Statement on the Implementation of WSIS Outcomes

Ø Preamble, Chapter A (Agreed)

Ø Overview of the implementation of Action Lines, Chapter B (Agreed)

Ø Challenges-during implementation of Action Lines and new challenges that have emerged, Chapter C (Agreed)

WSIS+10 Vision for WSIS beyond 2015

Ø Preamble, Chapter A (Agreed)

Ø Priority areas to be addressed in the implementation of WSIS Beyond 2015, Chapter B (Agreed)

Ø Action Lines, Chapter C

С1. The role of public governance authorities and all stakeholders in the promotion of ICTs for development (Agreed)

С2. Information and communication infrastructure (Agreed)

C3. Access to information and knowledge (Agreed)

C4. Capacity building (Agreed)

C5. Building confidence and security in the use of ICTs (pending para g)

g) Continue to promote greater cooperation [among the governments and all other stakeholders,] at the United Nations and~~with all stakeholders at~~ all other appropriate ~~fora~~fora, respectively at ~~the~~ national, regional and international levels to enhance user confidence, build trust,and protect both data and network integrity as well as consider existing and potential threats to ICTs ; and address other information security and network security issues.]

Alt 1 : [ Continue to promote cooperation [among the governments [at the United Nations ]and with all other stakeholders at the United Nations and other appropriate ~~fora~~for a] to enhance user confidence, build trust, ~~and~~ protect ~~both~~ data, ~~and~~ network integrity and critical infrastructures; consider existing and potential threats to ICTs; security in the use of ICTs and address other information security and network security issues, while stressing the need to address [cybercrime and]cybersecurity issues. ~~at appropriate forums, together with all stakeholdersncluding cybersecurity, [and cybercrime]~~]

Alt 2 : [Continue to promote cooperation among the governments at the United Nations and other international organizations and with all other stakeholders at all appropriate fora to enhance user confidence, build trust, protect data, network integrity and critical infrastructures; consider existing and potential threats to ICTs; security in the use of ICTs [and address other information security ]and network security issues, while stressing the need to address cybersecurity issues. ]

Alt 3: [Continue to promote cooperation among the[ governments ~~[at the United Nations]]~~ and ~~with~~ all other stakeholders at ~~other~~ the United Nations and other appropriate fora to enhance user confidence, build trust, and protect both data and network integrity and critical infrastructure; consider existing and potential threats to ICTs; security in the use of ICTs and address other [information security] and network security issues, while stressing the need to address ~~cybercrime and~~ cybersecurity issues. ~~[at appropriate forums, together with all stakeholders], including cybersecurity, [and cybercrime]~~]

[including cybercrime] [including cybercrime and cybersecurity .][ including ICT aspects of cybercrime and cybersecurity]

[Cybercrime [and cybersecurity] should continue to be dealt with,[at the United Nations and other appropriate fora] [in appropriate forums , ]

C6. Enabling environment (Agreed)

C7. ICT Applications: (Agreed)

E-government

E-business

E-learning

E-health

E-employment

E-environment

E-agriculture

E-science

C8. Cultural diversity and identity, linguistic diversity and local content (agreed but pending para f)

f) [Reinforce [and [enhance] implement at the national level] the recommendations concerning the promotion and use of multilingualism [and universal access to cyberspace]].

C9. Media (meeting has developed three proposals that were requested to be reflected in the documents in a table format)

Discussion at the MPP Plenary meeting:	UK proposal, discussed with and supported by: Sweden, Australia, Spain, Germany, UNESCO, European Broadcasting Union, Switzerland, APIG, Centre for Internet and Society (India), Austria, Tunisia, IDEA, Cisco Systems, Mexico, United States, Japan, Canada, ICC BASIS, Intel, Internet Society, Health and Environment Program (HEP), Netherlands, and Microsoft. It was later supported by The Center for Democracy & Technology, Hungary, Czech Republic. International Federation of Library Associations, Portugal, Association for Progressive Communications, auDA (the ccTLD manager for Australia), Finland, Internet Democracy Project (India)	Proposal: Rwanda and Russia
Media will benefit from the broader and expanded role of ICTs that can enhance media’s contribution to the development goals of the post-2015 Sustainable Development Agenda. [The principles of freedom of expression and the free flow of information, ideas and knowledge are essential for the information and knowledge societies and beneficial to development with recognizing that the same rights that people have offline must also be protected online, including the right to privacy.]	Media will benefit from the broader and expanded role of ICTs that can enhance media's contribution to the development goals of the post-2015 Sustainable Development Agenda. The right to freedom of expression and the free flow of information, ideas and knowledge, and the protection of privacy, are essential for the information and knowledge societies and beneficial to development. The same rights that people have offline must also be protected online.	We reaffirm the continued relevance of all issues highlighted under action line C9 on Media (Geneva 2003) and the need for continued implementation of this action line.
1. 1. [Develop and update national ICT-Media legislation that guarantees the independence, objectivity, social responsibility, neutrality and plurality of the media according to international standards as well as the domestic needs.]	1. Develop and update national ICT-Media legislation that guarantees the independence, diversity and plurality of the media according to international standards.
2. [Continue to take appropriate measures — consistent with [international law][freedom of expression]— to combat illegal [content and to protect vulnerable groups , in particular children, from harmful content in media content] and harmful media content.]	2. Continue to take appropriate measures, consistent with international human rights law, to combat illegal media content.
3. Ensure that women and men equally access, participate and contribute to the media sector, including to decision-making processes. Alt: Work towards ensuring that women and men equally access, participate and contribute to the media sector, including to decision-making processes. Alt: Encourage that women and men access, participate and contribute on equal basis to the media sector, including to decision-making processes. [Alt: [Encourage][Ensure] [Strive] [ to leverage the potential of ICTs] to provide full and effective [equal ]opportunities to women and men to access, participate and contribute to the media sector, [including to decision-making processes]]	3. Encourage equal opportunities and the active participation of women in the media sector.
4. [Continue to encourage [independent] tradition [neutral, objective, responsible] nal media to bridge the knowledge divide and to facilitate [the freedom of expression] the flow of cultural content, particularly in rural and remote areas.]	4. Continue to encourage traditional media to bridge the knowledge divide and to facilitate the flow of cultural content, particularly in rural areas.
	5. Encourage online and offline mass media to play a more substantial role in capacity building for the information society.
5. Ensure the [safety[ and responsibility] of all journalists and media workers [and their accountability], [taking into account the provisions of article 19 of the International Convention on Civil and Political Rights (ICCPR)]. ,[ including [bloggers] social media producers, and their sources and facilitate the implementation of the UN Plan of action on the safety of journalists and the issue of impunity.] [To ensure the safety of journalists and address the issue of impunity in accordance to UNGA Resolution (A/RES/68/163)]	6. Ensure the safety of all journalists and media workers, including social media producers and bloggers, and their sources and facilitate the implementation of the UN Plan of Action on the safety of journalists and address the issue of impunity
6. We reaffirm our commitment to the principles of freedom of the press and freedom of information, as well as those of the independence, pluralism and diversity of media, which are essential to the Information Society. Freedom to seek, receive, impart and use information for the creation, accumulation and dissemination of knowledge is important to the Information Society. We call for the responsible use and treatment of information by the media in accordance with the highest ethical and professional standards. Traditional media in all their forms have an important role in the Information Society and ICTs should play a supportive role in this regard. Diversity of media ownership should be encouraged, in conformity with national law, and taking into account relevant international conventions. We reaffirm the necessity of reducing international imbalances affecting the media, particularly as regards infrastructure, technical resources and the development of human skills.

C10. Ethical dimensions of the Information Society (Agreed)

C11. International and regional cooperation (Agreed)

The Chapter C, Part III: The paras highlighted in yellow below did not receive consensus.

III [Action Lines beyond 2015: Looking to the Future

[We reaffirm that effective cooperation among governments, private sector, civil society and the United Nations and other international organizations, according to their different roles and responsibilities and leveraging on their expertise, is essential, taking into account the multifaceted nature of building the Information Society.]

[We emphasize great importance of continuation of the multistakeholder implementation at the international level, following the themes and action lines in the Geneva Plan of Action, and moderated/facilitated by UN agencies. The coordination of multistakeholder implementation activities would help to avoid duplication of activities. This should include, inter alia, information exchange, creation of knowledge, sharing of best practices, and assistance in developing multi-stakeholder and public-private partnerships.]

[We reaffirm importance of the United Nations Group on the Information Society (UNGIS) created by the UN-Chief Executives Board (CEB) upon guidance by Tunis Agenda (Para 103), as an efficient and effective inter-agency mechanism with the main objective to coordinate substantive and policy issues facing the United Nations’ implementation of the outcomes of the World Summit on the Information Society (WSIS).](HEP – delete)

We welcome holding of the annual WSIS Forum, which has become a key forum for multi-stakeholder debate on pertinent issues related to the Geneva Plan of Action and note that the Forum’s inclusiveness, openness, and thematic focus have strengthened responsiveness to stakeholders and contributed to increased physical and remote participation. [agreed]

We encourage all stakeholders to contribute to and closely collaborate with the Partnership on Measuring ICT for Development as an international, multi-stakeholder initiative to improve the availability and quality of ICT data and indicators, particularly in developing countries. [agreed]

[We emphasize/ recognize that the commitments to advance gender equality perspectives and undertake the necessary actions throughout the WSIS outcomes, as called for in Para 3 of Preamble under this document, should also be implemented, reviewed and monitored, consistent with other Action Lines, by UN Women in cooperation with other Action Line Facilitators.](HEP – delete)

We encourage all WSIS stakeholders to continue to contribute information on their activities to the public WSIS stocktaking database maintained by ITU. In this regard, we invite all countries to gather information at the national level with the involvement of all stakeholders, to contribute to the stocktaking. [agreed]

We also welcome continuation of the WSIS Project Prizes initiative that has been launched by ITU with involvement of all Action line facilitators as a competition that recognizes excellence in the implementation of projects and initiatives which further the WSIS goals of improving connectivity to ICTs), particularly within underserved communities, and provide a high-profile, international platform for recognizing and showcasing success stories and models that could be easily replicated. In this regard, the WSIS Stocktaking Database is of utmost importance in sharing best practices amongst WSIS Stakeholders. [agreed]

We emphasize on the importance of 17 May as World Information Society Day to help to raise awareness, on an annual basis, of the importance of this global facility, on the issues dealt with in the WSIS especially the possibilities that the use of ICTs can bring for societies and economies, as well as of ways to bridge the digital divide. [agreed]]

Vision Beyond 2015 Document

1. During the meeting, the participants agreed to replace Chapter E with the following three paragraphs and include them in Chapter B of the Vision:

34. Developing agreed goals and time-based measurable targets data and indicators along with enhanced monitoring and reporting. [agreed]

35. Encourage the ongoing assessment of progress towards the information society, as envisaged in the WSIS Outcomes, including through efforts such as the Partnership on Measuring ICT for Development which has been essential for evaluating the implementation of WSIS Action Lines. [agreed]

36. In this respect, it is necessary to continue to develop appropriate ways and means to make such measurements. [agreed]

2. A long discussion was held on the way forward. Some of the delegates expressed views that if text on WSIS Action Line C9 is not agreed, all Chapter C should not be considered as agreed, and refused to consider other items without reaching agreement on WSIS Action Line C9, while others were open to discuss further with the understanding that Chapter C is essential for the outcomes of the WSIS+10 High Level Event.

3. Some of the delegates requested for reflecting their statements in the Chairman’s Report (See Annex).

4. In conclusion the Chairman informed the meeting that the full text with all brackets will be reflected on the website and possibly forwarded to the consideration of the WSIS+10 High Level Event. He offered his availability on 9^th June 2014 for the meeting, if needed, with the aim of finalization of the text. He encouraged all stakeholders to conduct consultations to reach consensus for pending items prior to the Event.

Link to Documentation:

· Results of the pre-agreed Chapters during the Fifth Physical meeting: http://www.itu.int/wsis/review/mpp/pages/consolidated-texts.html

Background Documents: http://www.itu.int/wsis/review/mpp/#background

Annex

Statement by the Association for Proper Internet Governance
Regarding the 28-31 May Multistakeholder Preparatory Platform meeting
3 June 2014

The Association for Proper Internet Governance (APIG)[1] requests that this statement be annexed to the Chairman’s report of the Multistakeholder Preparatory Platform (MPP).

Introduction

APIG has attended all of the preparatory meetings and made numerous written and verbal submissions. Its representative has actively made constructive suggestions in order to help achieve consensus and APIG has withdrawn various proposals that it considered important when they were challenged by other participants, and this in order to find consensus. Some examples of such compromises made by APIG are presented below.

APIG is pleased that full consensus was reached regarding the Statement and parts A and B of the Vision, and that consensus was reached regarding most of part C of the Vision. However, APIG is disappointed that the rigid positions taken by some participants prevented full consensus from being reached regarding Action Lines C5 (Building confidence and security in the use of ICTs) and C9 (Media) in part C.

It must be recalled that the purpose of the discussions regarding part C was to identify action line items that would supplement the agreed action line items of the 2003 Geneva Plan of Action. The world has changed since 2003 and indeed the action lines need to be revisited and supplemented.

Agreement was reached on many supplements to the action lines. Action line C9 is related to the media, which has undergone dramatic changes since 2003. Many supplements to this action line are surely needed, but, given the complexity of the discussions, in particular regarding freedom of speech, it was not possible to reach consensus. Some participants took the view that, absent consensus on C9, none of the other supplements to the action lines could be considered to have been approved by consensus.

This is correct from a procedural point of view: nothing is agreed until everything is agreed. However, APIG is of the view that the supplements to all action lines except C9 and one item in C5 are acceptable as agreed and can be considered independently of C9 and the unresolved item in C5, while recognizing that important issues regarding C5 and C9 remain open and must continue to be discussed.

We present here the following:

1. Considerations on the multi-stakeholder process used during these preparatory meeting

2. Compromises made by APIG

3. Proposals for C5 and C9

3. Considerations on the multi-stakeholder process used during MPP meetings

The Multistakeholder Preparatory Platform (MPP) meetings were conducted on the basis of equal rights for all stakeholder and no restrictions on participation (except for registration). This allowed a wide variety of views to be heard and resulted in many valuable and diverse proposals being presented for consideration.

The leadership team (chairman and vice-chairmen) was very experienced and skilled, as was the secretariat.

Given the volume and diversity of the submitted inputs, it was APIG’s view that the leadership team should have been requested, already after the first MPP meeting, to propose compromise text. APIG regrets that many participants objected to this, and that the leadership team was tasked with proposing compromise text only at a very late state. This is particularly to be regretted because all participants agreed that the compromise text that was presented by the leadership at the end was excellent and formed an appropriate basis for further discussion and refinement. It is likely that progress would have been more rapid, and that full consensus might have been achieved, if the compromise proposals prepared by the leaderhsip had been presented at the earlier meetings of the MPP.

The meeting was conducted on the basis of unanimity. That is, no text was considered to have achieved consensus unless no participant objected to it. While this appears appealing at first sight, it can result in a small minority blocking progress towards a compromise text. And indeed this happened for some portions of the text of part C of the Vision.

If meetings are fully open, and all stakeholders have equal decision-making rights, then any stakeholder can block any proposal that, in its view, threatens its interests. Thus it will be difficult or impossible to reach consensus on delicate issues at such meetings, and this is indeed what happened at the MPP. Allowing private companies (which are stakeholders) to have the same power as other stakeholders with respect to public policy issues is problematic, see the Preamble of our submission[2] to the open consultation conducted by the ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet). It is also problematic to allow a small number of participants, even if they are governments, to block progress.

Thus, it should be recognized that multi-stakeholder meetings in which public policy decisions are made by unanimity are not appropriate if the goal is to reach consensus on difficult issues.

An alternative would be to apply “rough consensus” rather than unanimity. But this gives a great deal of power to the leadership team, and thus makes the selection of the leadership team a very delicate matter. Such “rough consensus” cannot be held to be democratic.

APIG is of the view that multi-stakeholder process must be democratic, again, see the Preamble of our cited submission to CWG-Internet.

2. Compromises made by APIG

3. APIG would have preferred that paragaph 2 of the Preambles of both the Statement and the Vision read as follows in order to recognize recent UN Resolutions that highlight the relevance of specific human rights in the context of the evolution of ICTs since 2005, recognizing the well-known legal principle that offline rights apply equally online (our additions are shown as revision marks):

We reaffirm the human rights and fundamental freedoms enshrined in the Universal Declaration of Human Rights and relevant international human rights treaties, including the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights; and we also reaffirm paragraphs 3, 4, 5 and 18 of the Geneva Declaration ; and we reaffirm the human rights mentioned in relevant UN Resolutions, including, but not limited to:

A/RES/68/147 . Rights of the child
A/RES/68/163. The safety of journalists and the issue of impunity
A/RES/68/167. The right to privacy in the digital age
A/RES/68/227 . Women in development
A/HRC/20/8. The promotion, protection and enjoyment of human rights on the Internet
A/HRC/RES/21/24. Human rights and indigenous People
A/HRC/RES/22/6 . Protecting human rights defenders
A/HRC/RES/ 23/2 . The role of freedom of opinion and expression in women’s empowerment
A/HRC/RES/23/3. Enhancement of international cooperation in the field of human rights
A/HRC/RES /23/10. Cultural rights and cultural diversity
A/HRC/RES/24/5 . The rights to freedom of peaceful assembly and of association
A/HRC/RES/25/11. Question of the realization in all countries of economic, social and cultural rights

APIG is disappointed that one participant (representing business) objected to inclusion in Action Line C2 (Information and Communication Infrastructure) of the following item, which is based on text agreed at the G20 St. Petersburg meeting[3]:

e) There is a need to identify the main difficulties that the digital economy poses for the application of existing international tax rules and develop detailed options to address these difficulties.

APIG would have preferred that the WSIS+10 recognize the dysfunctional nature of the current copyright regime for what concerns online issues and that an explicit call be included to reform that unworkable regime[4]. In particular, APIG would have preferred that item (f) of action line C6 (Enabling Environment) read as follows (changes with respect to the agreed version are shown as revision marks):

f) Foster an intellectual property rights framework that balances the interests of creators, implementers and users , by drastically reducing the length of copyright, by legalizing non-commercial downloads of copyright material, and by restricting what can be patented .

APIG would have preferred that the WSIS+10 explicitly call for the globalization of the IANA fundtion, by adding the following:

In section B (Priority areas) of the Vision, adding 37:

37) Accelerating the globalization of ICANN and IANA functions.

In action line C1 of the Vision, adding (f):

(f) Agree a formal framework that provides for all governments to participate, on an equal footing, in the governance and supervision of the ICANN and IANA functions, and that provides for effective supervision and accountability of these functions in accordance with paragraphs 29, 35, 36, 61 and 69 of the Tunis Agenda.

APIG would have preferred that (b) and (d) of C10 (Ethical Dimensions of the Information Society) read as follows (changes with respect to the agreed version are shown as revision marks):

(b) Promote respect of the fundamental ethical values in the use of ICTs and prevent their abusive usage , and in particular prevent mass surveillance.

(d) Continue to enhance the protection of privacy and personal data. Recognize that, i n the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy. Any violations of privacy and any restrictions on the protection of personal data must be held to be necessary and proportionate by an independent and impartial judge.

See 11 of our submission[5] to the open consultation conducted by the ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet) and recall that, as stated by the President of Brazil, DilmaRousseff, in her speech at the UN General Assembly on 24 September 2013:

“In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy.”

3. Proposals for C5 and C9

APIG would prefer the following texts for (a) of C5 and for C9.

С5. Building confidence and security in the use of ICTs

a) Continue to promote cooperation among governments at the United Nations and other appropriate intergovernmental forums, and with all stakeholders at other appropriate forums, to enhance user confidence, build trust, and protect both data and network integrity; consider existing and potential threats to ICTs, in particular threats created by weakening or compromising encryption standards; and address other information security (this being understood as defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction) and network security issues, in particular mass surveillance.

a^bis) Address cybersecurity and cybercrime in appropriate forums.

In the interests of compromise, APIG could accept deletion of the parts highlighted in yellow above. It should be noted that the text in parenthesis after “information security” was not present in the 2003 version of this text, found in 12(a) of the Geneva Plan of Action. It has been added in order to make it clear that the term “information security” is used in its ordinary sense[6], and not in other senses.

C9. Media

Media will benefit from the broader and expanded role of ICTs that can enhance media’s contribution to the development goals of the post-2015 Sustainable Development Agenda.

The principles of freedom of expression and the free flow of information, ideas and knowledge, and the protection of privacy, are essential for the information and knowledge societies and beneficial to development, recognizing that the same rights that people have offline must also be protected online.

1. Develop and update national ICT-Media legislation that guarantees the independence, and plurality of the media according to international standards as well as the domestic needs.

2. Continue to take appropriate measures — consistent with freedom of expression— to combat media content that is both illegal and harmful. Any such measures must be held to be necessary and proportionate by an independent and impartial judge.

3. Continue to encourage traditional media to bridge the knowledge divide and to facilitate the flow of cultural content, particularly in rural areas.

4. Ensure the safety of all journalists and media workers, including social media producers and bloggers, and their sources (in particular whistle-blowers) and facilitate the implementation of the UN Plan of action on the safety of journalists and the issue of impunity.

5. Ensure the privacy of all media and the secrecy all communications, including E-Mail. Any violations of privacy or secrecy shall take place only if they are held to be necessary and proportionate by an independent and impartial judge. The privacy of all media and the secrecy of all communications shall be respected in accordance with the national laws of all concerned parties.

In the interests of compromise, APIG could accept deletion of the parts highlighted in yellow above. The first part, “recognizing that the same rights that people have offline must also be protected online”, is not necessary, since it affirms a well-known legal principle and since human rights are individible.

It should be noted that the text proposed for 2 clarifies the text of 24 (c)) of the Geneva Plan of Action. That text could be misunderstood to imply that one could combat content that is harmful but not illegal. But such is not the case, since content can only be restricted if it is illegal, pursuant to article 29(2) of the Universal Declaration of Human Rights and article 19(3) of the International Covenant on Civil and Political Rights. That is, the Geneva Plan of Action already enshrined the principle that there should be fewer restrictions on online freedom of speech than on offline freedom of speech, because the online content can be restricted only if it is “illegal and harmful”. In this respect, see 7.1 of our submission [7] to the open consultation conducted by the ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet).

Regarding 4 above, whistle-blowers are sources for journalists, so they are already included and their explicit mention can be omitted.

Regarding 5 above, see 11 of our cited submission to CWG-Internet.

We have omitted an action line regarding gender equality in media because we believe that a strong statement regarding gender equality should apply to all action lines and thus should appear as a chapeau before action line C1. We propose the following for this chapeau (the language is that proposed by UN Women for a potential new action line, slightly modified since it is not proposed here as an action line):

We commit to promote progress in implementing gender commitments enshrined in the WSIS outcome documents and forward-looking recommendations by pursuing practical and joint measures to advance women’s empowerment within the Information Society. The goal is to realize women’s meaningful access to ICTs and full integration of women’s needs and perspectives, and their equal participation as active agents, innovators and decision-makers. Also critical are connecting and heightening understanding of online and offline realities and addressing underlying factors that hinder women’s engagement in the Information society. Finally, we seek to develop more coherent approaches, as well as increase investments, attention and accountability measures.

1. Gender Analysis: Promote the use of “gender analysis” and associated tools and methodologies in the development of national, regional and related global frameworks, strategies and policies and their implementation, as well as better connect with women’s empowerment communities and frameworks.

2. Holistic Approaches and Structural Issues: Address underlying women’s empowerment issues in the information society, such as gender stereotypes, specific or pronounced threats to women, such as online violence, as well as provide analysis and actionable recommendations on gender issues that cut across action lines.

3. Support to Action Lines and Stakeholders: Work with and across Action Lines and specific stakeholder groups (e.g. private sector) to accelerate integration of gender equality within their remits through identification of overarching issues, programmatic opportunities, requisite investments, policy interventions, case studies and learning, and promote participation of women and gender equality stakeholders.

4. Data and Monitoring Progress: Prepare scorecards on Action Line and National level reporting on women’s empowerment. Support and promote the work of the Partnership on the Measurement of the Information Society Working Group on Gender.

[1] http://www.apig.ch

[2] http://www.itu.int/en/Lists/CWGContributionmar2014/Attachments/25//CWG-March.pdf

[3] G20 Leaders, “Tax Annex to the St. Petersburg Declaration”, G20 (6 September 2013), Annex, Action 1 http://www.g20.org/news/20130906/782776427.html

[4] In this context, see 7.3 of http://www.itu.int/en/Lists/CWGContributionmar2014/Attachments/25//CWG-March.pdf and its references.

[5] http://www.itu.int/en/Lists/CWGContributionmar2014/Attachments/25//CWG-March.pdf

[6] http://en.wikipedia.org/wiki/Information_security

[7] http://www.itu.int/en/Lists/CWGContributionmar2014/Attachments/25//CWG-March.pdf

For more details visit https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-open-consultation-process-multistakeholder-preparatory-platform-phase-six

Would it be a unique identity crisis ?

praskrishna — 2011-04-01T17:10:30Z

The UID project will centralise a humongous amount of data but the fear is that it might fall into the wrong hands.

The Unique Identification (UID) project is already up and running. It’s touted as a watershed in inclusive politics, of bringing people, who by virtue of physical remoteness, their station in society or other liabilities were excluded from the system, back into it. UID Chairman Nandan Nilekani recently said that the aadhaar number will not replace the passport, driving license or the voter identity card and that by 2014, 60 per cent of the country’s population will have the 12-digit UID number. The idea, though it has not been made explicit, is that Aadhaar will eventually become the key document for the common man to navigate the system, whether it is opening a bank account or making a rent agreement to booking a train ticket or applying for a job.

In fact, there is the implicit danger that sooner than later the original idea of inclusiveness could be turned on its head by denying benefits to people who don’t have the Aadhaar! “There is nothing to ensure that you will continue to receive the same benefits like those who have the UID number. The claim that it is not mandatory is legally correct. But in practice it would not be,” said Prof Sridhar Krishnaswamy of W B University for Juridical Sciences.

It is a fundamental premise that data subjects ought to have “inalienable moral rights” about the “integrity” of the data collected about them. But even as UID is one of the best things that could have happened to deepen the democratic process in our society, the often un-remarked fact is that the project has also become the biggest industrial collector of personal information. Considering the size and heterogeneity of the Indian population, it becomes as big as Google, and the implications of this are quite frightening. The UID draft bill, which has to be cleared by Parliament for it to become law, has only perfunctorily looked at the dangers posed by such huge and centralized collection of data. It glosses over the issue, content with making conservative noises about “the interlinking of databases”. This only shows how casual our policy makers, even the most enlightened of them, are towards the whole issue of safeguarding privacy.

The Bangalore-based Centre for Internet and Society (CIS) has analyzed the draft UID bill in considerable depth. They have identified three main areas where the bill needs to be drastically reworked: (i) plugging all loopholes which would enable corporate organizations from accessing information from the Aadhar database for their own commercial or R & D purposes; (ii) stipulating a maximum period for the data to be stored; (iii) to be transparent about the methods it uses to collect, store and disseminate data.

Prof Krishnaswamy agreed that the UID bill has not taken the corporate threat seriously enough. He contends that the UID authorities should take small, concrete steps that would act as effective safeguards. “In the mobile phone segment, user information is stored only for six months. Now, the government is proposing a similar time cap for ISP too. But when it comes to UID there is no such time limit. It means personal information could be held perpetually,” he explained. All that UID Assistant Director A K Pandey had to say to this was, “if that is it, then we have to live with it.”

Another worrying aspect of the proposed bill, according to Usha Ramanathan, an activist and expert on identity and digital issues, is its failure to fix accountability on the main players including enrollers, outsourcing companies, and the UDAI authority itself. “The data collector and data controller should be equally held responsible for the protection of data,” she said. However, UID authorities themselves are of the view that the apprehensions are being overplayed. Pandey maintained that there was nothing in the UID that would compromise the privacy of individuals. “You go to a bank or the LIC office and you give whatever information they ask you. But when it comes to UID alone you say the information you give could be dangerous. We don’t quite understand this,” he retorted. He played down the fears that in the central data storage vital information could go corrupt. “We have taken adequate measures to protect it. We will have a backup,” he said.

The issue of transparency of data collection and storage remains. The CIS analysts feel that the UID should put out a synopsis of the algorithms it will use in collating and protecting data so that the public at large can be reassured of the firewalls that are in place. Then there is also the issue of not having concrete provisions in the UID bill to deal with special cases like whistleblowers and victims of abuse whose identities need to be protected even more carefully.

The UID authority also bypasses the question of whether it is confusing data protection with the larger issue of protection of privacy. A person’s identity is more than her date of birth, surname, religion, fingerprint or even the sum of these. Such information is basically data and allows governments or corporate bodies to provide a person a nominal identity, one that is indispensable if she is to be part of a socio-political system. The state and corporate entities conveniently deny a person her self, thereby reducing her to a subject instead of seeing each individual as a thinking, acting agency.

Be that as it may, right now the concern of civil society is to make at least protection of data as foolproof as possible. Aadhaar is just one of the projects that pose a threat to the privacy of individual citizens. There is the broader problem of how the Internet and mobile phones, the popularity of social networking sites such as Facebook and Twitter, and the widespread use of credit and debit cards has led to blatant misuse of personal information gathered online, sharing of consumer data without consent and the state’s own Big Brother surveillance. The need for an effective privacy law in India is imperative.

Read the original in Bangalore Mirror

For more details visit https://cis-india.org/news/unique-identity-crisis

World Wide Rule

nishant — 2013-07-01T10:26:24Z

Nishant Shah's review of Schmidt and Cohen's book was published in the Indian Express on June 14, 2013.

Click to read the original published in the Indian Express here

Book: The New Digital Age
Author: Eric Schmidt & Jared Cohen
Publisher: Hachette
Price: Rs 650
Pages: 315

When I first heard that Eric Schmidt the chairman of Google and Jared Cohen, the director of the techno-political think-tank Google Ideas, are co-authoring a book about our future and how it is going to be re-shaped with the emergence of digital technologies, I must confess I was sceptical. When people who do things that you like start writing about those things, it is not always a pretty picture. Or an easy read. However, like all sceptics, I am only a romantic waiting to be validated. So, when I picked up The New Digital Age I was hoping to be entertained, informed and shaken out of my socks as the gurus of the interwebz spin science fiction futures for our times. Sadly, I have been taught my lesson and have slid back into hardened scepticism.

Here is the short version of the book: Technology is good. Technology is going to be exciting. There are loads of people who haven't had it yet. There are not enough people who have figured out how things work. Everybody needs to go online because no matter what, technologies are here to stay and they are going to be the biggest corpus of power. They write, "There is a canyon dividing people who understand technology and people charged with addressing the world's toughest geopolitical issues, and no one has built a bridge…As global connectivity continues its unprecedented advance, many old institutions and hierarchies will have to adapt or risk becoming obsolete, irrelevant to modern society." So the handful who hold the reigns of the digital (states, corporates, artificial intelligence clusters) are either going to rule the world, or, well, write books about it.

The long version is slightly more nuanced, even though it fails to give us what we have grown to expect of all things Google — the bleeding edge of back and beyond. For a lay person, observations that Schmidt and Cohen make about the future of the digital age might be mildly interesting in the way title credits to your favourite movie can be. Once they have convinced us, many, many times, that the internet is fast and fluid and that it makes things fast and fluid and hence the future we imagine is going to be fast and fluid, the authors tell us that the internet is spawning a new "caste system" of haves, have-nots, and wants-but-does-not-haves.

Citing the internet as "the largest experiment involving anarchy in history" they look at the new negotiations of power around the digital. Virulent viruses from the "Middle East" make their appearance. Predictably wars of censorship and free information in China get due attention. Telcos get a big hand for building the infrastructure which can sell Google phones to people in Somalia. The book offers a straightforward (read military) reading of drones and less-than-expected biased views on cyberterrorism, which at least escapes the jingoism that the USA has been passing off in the service of a surveillance state. And more than anything else, the book shows politicos and governments around the world, that the future is messy, anarchy is at hand, but as long as they put their trust in Big Internet Brothers, the world will be a manageable place.

So while you can clearly see where my review for the book is heading, I must give it its due credit.

There are three things about this book that make it interesting. The first is how Schmidt and Cohen seem to be in a seesaw dialogue with themselves. They realise that five billion people are going to get connected online. They gush a little about what this net-universality is going to mean. And then immediately, they also realise that we have to prepare ourselves for a "Brave New World," which is going to be infinitely more messy and scary. They recognise that the days of anonymity on the Web are gone, with real life identities becoming our primary digital avatars. However, they also hint at a potential future of pseudonymity that propels free speech in countries with authoritarian regimes. This oscillation between the good, the bad, the plain and the incredible, keeps their writing grounded without erring too much either on the side of techno-euphoria or dystopic visions of the future.

Second, and perhaps justly so, the book doles out a lot of useful information not just for the techno-neophytes but also the amateur savant. There are stories about "Currygate" in Singapore, or of what Vodaphone did in Egypt after the Arab Spring, or of the "Human Flesh Search Engine" in China, which offer a comprehensive, if not critical, view of the way things are. Schmidt and Cohen have been everywhere on the ether and they have cyberjockeyed for decades to tell us stories that might be familiar but are still worth the effort of writing.

Third, it is a readable book. It doesn't require you to Telnet your way into obscure meaning sets in the history of computing. It is written for people who are still mystified not only about the past of the Net but also its future, and treads a surprisingly balanced ground in both directions. It is a book you can give to your grandmother, and she might be inspired to get herself a Facebook (or maybe a Google +) account.

But all said and done, I expected more. It is almost as if Schmidt and Cohen are sitting on a minefield of ideas which they want to hint at but don't yet want to share because they might be able to turn it into a new app for the Nexus instead. It is a book that could have been. It wasn't. It is ironic how silent the book is about the role that big corporations play in shaping our techno-futures, and the fact that it is printed on dead-tree books with closed licensing so I couldn't get a free copy online. For people claiming to build new and political futures, the fact that this wisdom could not come out in more accessible forms and formats, speaks a lot about how seriously we can take their views of the future.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-june-14-2013-nishant-shah-world-wide-rule

World Trends in Freedom of Expression and Media Development

pranesh — 2016-02-17T16:41:28Z

For more details visit https://cis-india.org/internet-governance/blog/world-trends-in-freedom-of-expression-and-media-development

Workshop Report - UIDAI and Welfare Services: Exclusion and Countermeasures

vanya — 2019-03-16T04:34:11Z

This report presents summarised notes from a workshop organised by the Centre for Internet and Society (CIS) on Saturday, August 27, 2016, to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services.

Introduction

The Centre for Internet and Society organised a workshop on "UIDAI and Welfare Services: Exclusion and Countermeasures" at the Institution of Agricultural on Technologists on August 27 in Bangalore to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services [1]. This was a follow-up to the workshop held in Delhi on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26th and 27th 2016 [2]. In this report we summarise the key concerns raised and the case studies presented by the participants at the workshop held on August 27, 2016.

Implementation of the UID Project

Question of Consent: The Aadhaar Act [3] states that the consent of the individual must be taken at the time of enrollment and authentication and it must be informed to him/her the purpose for which the data would be used. However, the Act does not provide for an opt-out mechanism and an individual is compelled to give consent to continue with the enrollment process or to complete an authentication.

Lack of Adherence to Court Orders: Despite of several orders by Supreme Court stating that use of Aadhaar cannot be made mandatory for the purpose of availing benefits and services, multiple state governments and departments have made it mandatory for a wide range of purposes like booking railway tickets [4], linking below the poverty line ration cards with Aadhaar [5], school examinations [6], food security, pension and scholarship [7], to name a few.

Misleading Advertisements: A concern was raised that individuals are being mislead in the necessity and purpose for enrollment into the project. For example, people have been asked to enrol by telling them that they might get excluded from the system and cannot get services like passports, banks, NREGA, salaries for government employees, denial of vaccinations, etc. Furthermore, the Supreme Court has ordered Aadhaar not be mandatory, yet people are being told that documentation or record keeping cannot be done without UID number.

Hybrid Governance: The participants pointed out that with the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 (hereinafter referred to as Aadhaar Act, 2016 ) being partially enforced, multiple examples of exclusion as reported in the news are demonstrating how the Aadhaar project is creating a case of hybrid governance i.e private corporations playing a significant role in Governance. This can be seen in case of Aadhaar where we see many entities from private sector being involved in its implementation, as well as many software and hardware companies.

Lack of Transparency around Sharing of Biometric Data: The fact how and why the Government is relying on biometrics for welfare schemes is unclear and not known. Also, there is no information on how biometric data that is collected through the project is being used and its ability as an authenticating device. Along with that, there is very little information on companies that have been enlisted to hold and manage data and perform authentication.

Possibility of Surveillance: Multiple petitions and ongoing cases have raised concerns regarding the possibility of surveillance, tracking, profiling, convergence of data, and the opaque involvement of private companies involved in the project.

Denial of Information: In an RTI filed by one of the participant requesting to share the key contract for the project, it was refused on the grounds under section 8(1) (d) of the RTI Act, 2005. However, it was claimed that the provision would not be applicable since the contract was already awarded and any information disclosed to the Parliament should be disclosed to the citizens. The Central Information Commission issued a letter stating that the contractual obligation is over and a copy of the said agreement can be duly shared. However, it was discovered by the said participant that certain pages of the same were missing , which contained confidential information. When this issue went before appeal before the Information Commissioner, the IC gave an order to the IC in Delhi to comply with the previous order. However, it was communicated that limited financial information may be given, but not missing pages. Also, it was revealed that the UIDAI was supposed to share biometric data with NPR (by way of a MoU), but it has refused to give information since the intention was to discontinue NPR and wanted only UIDAI to collect data.

Concerns Arising from the Report of the Comptroller and Auditor General of India (CAG) on Implementation of PAHAL (DBTL) Scheme

A presentation on the CAG compliance audit report of PAHAL on LPG [8] revealed how the society was made to believe that UID will help deal with the issue of duplication and collection as well as use of biometric data will help. The report also revealed that multiple LPG connections have the same Aadhaar number or same bank account number in the consumer database maintained by the OMCs, the bank account number of consumers were also not accurately recorded, scrutiny of the database revealed improper capture of Aadhaar numbers, and there was incorrect seeding of IFSC codes in consumer database. The participants felt that this was an example of how schemes that are being introduced for social welfare do not necessarily benefit the society, and on the contrary, has led to exclusion by design. For example, in the year 2011, by was of the The Liquefied Petroleum Gas (Regulation of Supply and Distribution) Amendment Order, 2011 [9], the Ministry of Petroleum and Natural Gas made the Unique Identification Number (UID) under the Aadhaar project a must for availing LPG refills. This received a lot of public pushback, which led to non-implementation of the order. In October 2012, despite the UIDAI stating that the number was voluntary, a number of services began requiring the provision of an Aadhaar number for accessing benefits. In September 2013, when the first order on Aadhaar was passed by court [10], oil marketing companies and UIDAI approached the Supreme Court to change the same and allow them to make it mandatory, which was refused by the Court. Later in the year 2014, use of Aadhaar for subsidies was made mandatory. The participants further criticised the CAG report for revealing the manner in which linking Aadhaar with welfare schemes has allowed duplication and led to ghost beneficiaries where there is no information about who these people are who are receiving the benefits of the subsidies. For example, in Rajasthan, people are being denied their pension as they are being declared dead due to absence of information from the Aadhaar database.

It was said that the statistics of duplication mentioned in the report show how UIDAI (as it claims to ensure de-duplication of beneficiaries) is not required for this purpose and can be done without Aadhaar as well. Also, due to incorrect seeding of Aadhaar number many are being denied subsidy where there is no information regarding the number of people who have been denied the subsidy because of this. Considering these important facts from the audit report, the discussants concluded how the statistics reflect inflated claims by UIDAI and how the problems which are said to be addressed by using Aadhaar can be dealt without it. In this context, it is important to understand how the data in the aadhaar database maybe wrong and in case of e-governance the citizens suffer. Also, the fact that loss of subsidy-not in cash, but in use of LPG cylinder - only for cooking, is ignored. In addition to that, there is no data or way to check if the cylinder is being used for commercial purposes or not as RTI from oil companies says that no ghost identities have been detected.

UID-linked Welfare Delivery in Rajasthan

One speaker presented findings on people's experiences with UID-linked welfare services in Rajasthan, collected through a 100 days trip organised to speak to people across the state on problems related to welfare governance. This visit revealed that people who need the benefits and access to subsidies most are often excluded from actual services. It was highlighted that the paperless system is proving to be highly dangerous. Some of the cases discussed included that of a disabled labourer, who was asked to get an aadhaar card, but during enrollment asked the person standing next to him to put all his 5 fingers for biometric data collection. Due to this incorrect data, he is devoid of all subsidies since the authentication fails every time he goes to avail it. He stopped receiving his entitlements. Though problems were anticipated, the misery of the people revealed the extent of the problems arising from the project. In another case, an elderly woman living alone, since she could not go for Aadhaar authentication, had not been receiving the ration she is entitled to receive for the past 8 months. When the ration shop was approached to represent her case, the dealers said that they cannot provide her ration since they would require her thumb print for authentication. Later, they found out that on persuading the dealer to provide her with ration since Aadhaar is not mandatory, they found out that in their records they had actually mentioned that she was being given the ration, which was not the case. So the lack of awareness and the fact that people are entitled to receive the benefits irrespective of Aadhaar is something that is being misused by dealers. This shows how this system has become a barrier for the people, where they are also unaware about the grievance redressal mechanism.

Aadhaar and e-KYC

In this session, the use of Aadhaar for e-KYC verification was discussed The UID strategy document describes how the idea is to link UIDAI with money enabled Direct Benefit Transfer (DBT) to the beneficiaries without any reason or justification for the same. It was highlighted by one of the participants how the Reserve Bank of India (RBI) believed that making Aadhaar compulsory for e-KYC and several other banking services was a violation of the Money Laundering Act as well as its own rules and standards, however, later relaxed the rules to link Aadhaar with bank accounts and accepted its for e-KyC with great reluctance as the Department of Revenue thought otherwise. It was mentioned how allowing opening of bank accounts remotely using Aadhaar, without physically being present, was touted as a dangerous idea. However, the restrictions placed by RBI were suddenly done away with and opening bank accounts remotely was enabled via e-KYC.

A speaker emphasised that with emerging FinTech services in India being tied with Aadhaar via India Stack, the following concerns are becoming critical:

With RBI enabling creation of bank accounts remotely, it becomes difficult to to track who did e-KYC and which bank did it and hold the same accountable.
The Aadhaar Act 2016 states that UIDAI will not track the queries made and will only keep a record of Yes/No for authentication. For example, the e-KYC to open a bank account can now be done with the help of an Aadhaar number and biometric authentication. However, this request does not get recorded and at the time of authentication, an individual is simply told whether the request has been matched or not by way of a Yes/No [11]. Though UIDAI will maintain the authentication record, this may act as an obstacle since in case the information from the aadhaar database does not match, the person would not be able to open a bank account and would only receive a yes/no as a response to the request.
Further, there is a concern that the Aadhaar Enabled Payment System being implemented by the National Payment Corporation of India (NCPI) would allow effectively hiding of source and destination of money flow, leading to money laundering and cases of bribery. This possible as NCPI maintains a mapper where each bank account is linked (only the latest one). However, Aadhaar number can be linked with multiple bank accounts of an individual. So when a transaction is made, the mapper records the transaction only from that 1 account. But if another transaction takes place with another bank account, that record is not maintained by the mapper at NCPI since it records only transactions of the latest account seeded in that. This makes money laundering easy as the money moves from aadhaar number to aadhaar number now rather than bank account to bank account.

Endnotes

[1] See: http://cis-india.org/internet-governance/events/uidai-and-welfare-services-exclusion-and-countermeasures-aug-27.

[2] See: http://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges.

[3] See: https://uidai.gov.in/beta/images/the_aadhaar_act_2016.pdf.

[4] See: http://scroll.in/latest/816343/aadhaar-numbers-may-soon-be-compulsory-to-book-railway-tickets.

[5] See: http://www.thehindu.com/news/national/karnataka/linking-bpl-ration-card-with-aadhaar-made-mandatory/article9094935.ece.

[6] See: http://timesofindia.indiatimes.com/india/After-scam-Bihar-to-link-exams-to-Aadhaar/articleshow/54000108.cms.

[7] See: http://www.dailypioneer.com/state-editions/cs-calls-for-early-steps-to-link-aadhaar-to-ac.html.

[8] See: http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf.

[9] See: http://petroleum.nic.in/docs/lpg/LPG%20Control%20Order%20GSR%20718%20dated%2026.09.2011.pdf.

[10] See: http://judis.nic.in/temp/494201232392013p.txt.

[11] Section 8(4) of the Aadhaar Act, 2016 states that "The Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information."

For more details visit https://cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016

Workshop on Cybersecurity Illustrations

Admin — 2018-11-13T14:34:17Z

For more details visit https://cis-india.org/internet-governance/files/workshop-on-cybersecurity-illustrations.pdf

Workshop on Cyber Security Illustrations

pranav — 2018-12-10T06:08:59Z

For more details visit https://cis-india.org/internet-governance/workshop-on-cyber-security-illustrations