Centre for Internet and Society

Workshop on 'Urban Data, Inequality and Justice in the Global South'

Admin — 2019-07-06T01:30:16Z

Aayush Rathi and Ambika Tandon presented our research on video-based surveillance in New Delhi at a workshop on urban data, inequality, and justice in the global South at the University of Manchester on 14 June 2019.

The agenda for the workshop and the presentations made by CIS can be accessed here. The research was conducted as part of a grant from the University, as part of a project on justice in data systems within cities. It will bepublished as a working paper by the university in July-August.

For more details visit https://cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south

AI and Healthcare Report

pranav — 2019-06-11T14:23:51Z

For more details visit https://cis-india.org/internet-governance/ai-and-healthcare-report

Plugging into India’s broadband revolution

Navadha Pandey — 2019-06-05T14:02:48Z

After many false starts, the plan to wire India’s digital future may finally take off with Jio GigaFiber’s entry.

The article by Navadha Pandey was published in Livemint on June 4, 2019. Sunil Abraham was quoted.

All through 2018, 58-year-old Ashok Kumar Rai’s Lucknow-based small architecture firm used to spend a princely sum of ₹11,800 each month for the privilege of a good broadband internet connection. “We used to send building walk-through files to clients every day and the size of each file could go up to 1GB (gigabytes)," he says. Doling out cash for reliable internet was a necessity. All that changed when a new player, Atria Convergence Technologies Ltd (ACT), came to Rai’s upmarket Gomti Nagar neighbourhood in Lucknow. In the summer of 2019, Rai’s internet access speed has shot up from 4 to 150 Mbps (megabits per second). And the monthly bill has come crashing down to about ₹1,000.

For far too long, India’s internet action lay centered in its metros, leaving out even relatively big cities like Lucknow. The fledgling online access push into smaller cities and rural India happened primarily via mobile data transmitted over wireless spectrum. Home broadband was nowhere in the picture. But all that seems set for some dramatic change. If the country’s richest man, Mukesh Ambani, has his way, high-speed broadband will become a reality in at least 1,600 cities.

In the process, he aims to also leapfrog India from its current rank—134—in fixed-line broadband penetration to the top five with the help of Jio GigaFiber.

The dream of a broadband revolution, however, has its fair share of detractors. Bhaskar Ramamurthi, for example, who helms the Centre of Excellence in Wireless Technology (CWEiT at Indian Institute of Technology Madras (IIT Madras), says: “Fiber penetration will take a long time in India."

The logic is simple: unlike mobile towers, fiber needs to reach each home physically. China’s broadband boom happened because it has rebuilt nearly its entire housing stock in the last 15 years, fuelled by a construction-led growth bubble. “In India, initially only all the upcoming new buildings may get connected to fiber-based (fast) internet," says Ramamurthi.

But India’s untapped millions are about to set off a race. And this journey, which will clearly not be a cakewalk, has huge rewards in store. Sample this: India has 1.16 billion mobile subscribers but just 18.42 million wired broadband subscribers. And many of them, like Rai, are data hungry. There is an existing playbook: what happened to mobile broadband after 2014.

In 2014, the cost of one GB of mobile data was ₹270. Now, it is ₹10 per GB. As a result, mobile data consumption has soared. In late-2014, an average user on Airtel’s network (India’s largest telecom operator back then) used 622 megabytes (MB) of data in a month. By late-2018, the number of users had tripled, but, despite a broader base, average data usage stood at 10GB a month.

First-mover advantage

The expansion in wired broadband access may have far-reaching implications beyond a mere spike in data usage. When Mukesh Ambani, chairman and managing director of Reliance Industry Ltd which owns Reliance Jio Infocomm Ltd, declared optical fibre based fixed-line broadband as “the future" last July, the real play was not on the infrastructure itself, but the services that would ride on top—from smart home experiences to new forms of e-commerce. The revenue and the first-mover advantage lie in who gets to tap into the “ecosystem"—of how a household connects to the wider world to buy, watch, and exchange.

Essentially, new businesses could emerge to feed the “ecosystem". And some existing small and medium-scale businesses may finally become viable enough to expand and go big. Netflix, for example, emerged as one of the world’s largest video streaming platform, riding on top of the US broadband boom. But India already has a crowded pack of 34 web video streaming entertainment platforms, most of which have cropped up to sustain the attention of mobile data guzzling Indians. With wired broadband following mobile usage expansion, unlike in most other countries, India’s new-age internet businesses are likely to be unique and different.

Home-based surveillance and security systems could be one space that could gain significant traction, says Sunil Abraham, executive director of the Bengaluru-based think-tank Centre for Internet and Society. “If there are 40 families (in a high-rise apartment) who have babies and need surveillance facilities, each apartment going for an individual connection from a telecom service provider would involve a huge amount of money. But a fibre-based intranet or peer network could connect all 40 flats for a much smaller price," he says.

There could also be unintended consequences for the country’s digital gender divide. Only 29% of India’s current internet users are women, according to a recent Unicef report. If the cost of wired broadband begins to crash—thereby increasing the number of homes which have access—women who will never get access to a phone (due to the cost of device and patriarchy) will finally be able to see things on the internet, says Nandini Chami, a researcher at IT for Change, a non-governmental organization. “How this negotiation will happen inside the house, we will have to wait and watch," she says. Household-level access would also confuse corporate entities trying to “hyper-profile" users since multiple people will be accessing the internet through shared devices at home, she adds.

But as internet access improves, making the digital economy more vital, Chami says, governments would have an important role in ensuring women get to use the internet “on terms that are empowering". “We can think of innovative models when fixed broadband becomes cheap. The household is not the space for this. It can be libraries which have special times for young girls or digital labs for women. We need to rethink the missed opportunity of the BharatNet and the national optic fibre network. Internet access should not stop at just the panchayat office. We must think of different points of access, particularly for women," Chami adds.

The possibility of many of these radical changes in both the social and business realms will, of course, entirely rely on the pace at which India goes broadband. Despite the rapid expansion in mobile internet, data originating from mobile devices still account for only 20% of India’s data consumption. That is why what happens in the wired broadband space will matter increasingly. And that is also why Jio is betting big on expanding the existing wired user base (18 million) to 50 million.

The Jio gameplan

Jio is currently running beta trials for GigaFiber in New Delhi and Mumbai, providing 100GB of data at 100 Mbps for free, except for the ₹4,500 one-time deposit for a router. While the landline will come with unlimited calling facility, television channels will be delivered over the internet (Internet Protocol Television, or IPTV). The packaged trio of fast Internet, landline telephony, and television access will remain free for a while—similar to what had happened in the mobile phone services segment in 2016. After commercial launch, the per month cost is expected to be ₹600, roughly half of what similar services cost currently.

Jio’s rival Bharti Airtel Ltd has decided that it is not interested in the entire pie but just the creamy top layer. It will focus on premium customers and expand its broadband services across India’s top 100 cities, instead of copying Reliance Jio’s ambitious plan to create a fibre-optic network across the country. To achieve this, Airtel, which already has 2.36 million fibre customers, will stay focussed on high-rise buildings rather than horizontal deployment, as this business model is more economical and logical.

The dark horse in this race is, of course, ACT with its existing 1.42 million customers. Its presence is much smaller with just 18 cities, largely in the south India and the newly expanded zones of Delhi, Jaipur and Lucknow. On the ACT fibre network, average data consumption per user is already at 130GB a month.

“We have seen a 150% increase in average consumption in the last 18 months," says Bala Malladi, chief executive officer, ACT. “People are now looking at higher speeds and the experience is taking precedence over cost. In fact, even in the hinterland, people want higher speeds and non-buffered experience," he adds.

But why hasn’t fibre penetration gone up if the demand is booming? Why did India miss the bus when other countries like the US have an 80% fibre penetration?

Policy paralysis

Firstly, fibre is expensive to lay, unlike a SIM card which can be given away for free. Moreover, India till a few years ago was mostly a voice calls market and not a data market. Secondly, municipalities in India have complicated right-of-way (RoW) procedures which act as a big hurdle for digging and laying fibre. This is one of the reasons why even government (such as the Delhi government) plans to set up citywide surveillance and Wi-Fi hotspots have failed.

“The centre has finally issued a very good RoW model, but now every state has to come up with its own policy modelled on the central guidelines. They are taking their own sweet time," says Rajan Mathews, director general, Cellular Operators Association of India (COAI).

The lack of forward movement on these fixable policy issues assumes significance given the government’s focus on fibre in its National Digital Communications Policy-2018, which has a target of attracting $100 billion worth of investments in digital communications.

The policy’s goals include universal broadband for all, creating four million jobs in digital communications, and raising the share of digital communications in India’s gross domestic product (GDP) to 8% (from less than 6% in 2017). Deployment of five million public Wi-Fi hotspots by 2020 through a National Broadband Mission is also on the agenda. The key goal, however, is to provide 1 Gbps (gigabit per second) connectivity to all gram panchayats by 2020 and 10 Gbps by 2022.

The sad reality is that the last five years were an absolute failure in laying fibre in the country. BharatNet, the flagship mission to connect 250,000 gram panchayats with broadband, which was being implemented by Bharat Broadband Network Ltd (BBNL), a special purpose vehicle set up under the department of telecommunications (DoT) in February 2012, has been a disappointment, to say the least.

The government has completed laying optical fibre cables across more than 100,000 gram panchayats in the first phase and had aimed to complete connecting the remaining 150,000 councils by March 2019. The second phase has seen “zero progress", according to government officials close to the matter. Pained by poor utilization of digital infrastructure, the Telecom Regulatory Authority of India (Trai) suggested auctioning BharatNet infrastructure on an “as is where is" basis after a meeting held in December at the prime minister’s office to take stock of the mission.

To start with, the DoT plans to monetize fibre assets built by the government under its flagship mission BharatNet through outright sale to private players or by leasing these assets for a 20-year period after a bidding process. If successful, it could boost connectivity in Indian villages, which have so far been kept out of the digital dividend.

Bigger cities, however, will have a different consumption story. With intra-city fibre coverage leading to improved penetration, wired broadband would not just offer an enhanced content viewing experience, but also open doors for internet of things, or IoT. “Home security is going to become a big business going forward, riding on fibre. Even gaming will see a lot of traction as you can enjoy a 4K game in real-time, thanks to low latency and high speed of an optic network," Malladi of ACT says.

The looming question, however, is how much investment can operators put in given the current low tariff environment in the telecom sector. Big players are stressed for funds and are diluting their non-core assets to generate funds to keep networks afloat. “If you are looking at what will happen in the next three years... I believe that there is a business case to be made and tariffs should sustain it (the investment)," Mathews says.

Whether that happens or not could become an important footnote in India’s growth story. The far-reaching implications of fast internet access pushed billionaire tech entrepreneur Elon Musk, chief executive officer of Space Exploration Technologies Corp. (SpaceX), to launch 60 internet-beaming satellites last month. The grand scheme is a response to the practical constraint of laying fibre, a concern which is more pressing in India’s vast landmass.

Unlike Musk, the country’s broadband dreams, however, still remain rooted to the ground—in the simple tech of optic fibre. And the success or failure of those dreams will be written by how fast the fibre network expands.

For more details visit https://cis-india.org/telecom/news/livemint-navadha-pandey-june-4-2019-plugging-into-indias-broadband-revolution

SIF Concept Note

Admin — 2019-06-05T04:13:13Z

For more details visit https://cis-india.org/internet-governance/files/sif-concept-note

May 2019 Newsletter

praskrishna — 2019-06-26T01:40:33Z

The Centre for Internet & Society Newsletter for the month of May 2019

Highlights for May 2019

Omidyar Network is investing in in establishing a three-region research alliance co-led by the Institute for Technology & Society, Brazil , the Centre for Intellectual Property and Information Technology Law, Kenya, and the Centre for Internet & Society (CIS), India on appropriate use of Digital Identity. CIS will look at the policy objectives of digital identity projects, how technological policy choices can be thought through to meet the objectives, and how legitimate uses of a digital identity framework may be evaluated. The term Fintech is generally used to describe innovative technology and technological processes being used in the financial services sector. Vipul Kharbanda has presented a detailed analysis of RBI’s Draft Framework on Regulatory Sandbox for Fintech. Centre for Internet & Society's 'Access to Knowledge' wing (CIS-A2K) signed a MoU with PAH Solapur University, Maharashtra to promote content generation in Wikimedia projects among the institutions under University affiliation and develop a platform in the university for outreach programs on digital knowledge, language and technologies, FOSS, unicode, etc. Timely and affordable access to scientific research remains a problem in this digital day and age. Most countries including India, continue to struggle with implementing open access. The latest international initiative (created in Europe) to remedy this problem is Plan S. This has been positioned as a strategy to implement immediate open access to scientific publications from 2021 which India is considering adopting. Anubha Sinha in an article unpacks the disorderly growth of open access in India, and discusses the gap between the Plan's vision and current Indian scenario in some respects Shweta Mohandas was nominated to curate Genderlog's Twitter handle (@genderlogindia). She tweeted about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. Sumandro Chattapadhyay and Tim Davies co-authored a chapter titled Open Data and Land Ownership in State of Open Data book which was recently launched at World Bank. The authors have thrown light on how the lessons from the land ownership field highlight the political nature of data, and illustrate the importance of politically aware interventions when creating open data standards, infrastructure, and ecosystems. The Bodies of Evidence collection, edited by Bishakha Datta and Richa Kaul Padte, is a collaboration between Point of View and CIS as part of the Big Data for Development Network supported by International Development Research Centre, Canada. Can data ever know who we really are? This is an excerpt from an essay by Zara Rahman, written for and published as part of the Bodies of Evidence collection of Deep Dives.

CIS and the News

The following news pieces were authored by CIS and published on its website in May:

How privacy fares in the 2019 election manifestos | Opinion (Aayush Rathi and Ambika Tandon; May 1, 2019).
Democracy, Digital India and Networks (Shyam Ponappa; Business Standard; May 1, 2019).
Why the TikTok ban is worrying (Gurshabad Grover; Hindustan Times; May 2, 2019).
Digital Native: Narendra Modi’s interview by Akshay Kumar is a PR masterpiece (Nishant Shah; Indian Express; May 5, 2019).
Will the WTO Finally Tackle the ‘Trump’ Card of National Security? (Arindrajit Basu; The Wire; May 8, 2019).
Digital Native: Three things we need to realise about what TikTok is doing to us (Nishant Shah; Indian Express; May 19, 2019).
Open Data and Land Ownership (Sumandro Chattapadhyay; State of Open Data; May 22, 2019).
Can EVM vulnerabilities be used to game the Indian election? (Karan Saini; Kaarana Blog; May 22, 2019).
The Huawei bogey (Gurshabad Grover; Indian Express; May 30, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Cyber criminals hide in the ‘dark web’ to remain anonymous (Tushar Kaushik; Economic Times; May 2, 2019).
BJP outspends Congress, others in social media advertising (Vidhi Choudhary; Hindustan Times; May 3, 2019).
Three emerging market think tanks to collaborate on Good ID recommendations with Omidyar backing (Chris Burt; Biometric Update; May 8, 2019).
"Aadhaar Reduced Agency in Citizens and Empowered Those in Positions of Authority" (Martin Moore; News Click; May 20, 2019).
In Parts of India, Internet Shutdowns Are a Fact of Life (Megha Bahree; Top10VPN; May 21, 2019).
Artificial Intelligence: Consumer Experiences in New Technologies (Consumer International; May 28, 2019).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Copyright & Patent

Blog Entry

Should India adopt Plan S to realise Open Access to Public-funded Scientific Research? (Anubha Sinha; May 29, 2019).

Wikipdedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Wikipedia assignments workshop for Post Graduate students in PAH Solapur University (Subodh Kulkarni; May 3, 2019).
Wikisource Workshop at Vigyan Ashram, Pabal (Subodh Kulkarni; May 26, 2019)
MoU between PAH Solapur University & CIS-A2K (Subodh Kulkarni; May 31, 2019).

Jobs

CIS-A2K team is seeking applications for the following posts:

Events

Train-the-Trainer 2019 (Organized by CIS-A2K; Vishakhapatnam; May 31 - June 2, 2019).
Wikimedia Education SAARC conference (Organized by Christ University (Deemed to be University) with the association of CIS-A2K; Christ University; Bangalore; June 20 - June 22, 2019).

Media Coverage

Ahmedabad Wikisource Workshop (Vishwavihar; May 13, 2019).
Youths come forward to augment Assamese Wikisource project (NE Now News; May 17, 2019).
Wikipedia looks to ramp up its Indian language content (Tushar Kaushik; May 28, 2019).
Project Tiger: Wikipedia ropes in locals to contribute articles in Indian languages (Tushar Kaushik; May 29, 2019).

Openness

Publication

Open Data and Land Ownership (State of Open Data; Sumandro Chattapadhyay; May 22, 2019).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Digital Identity

Announcement

Announcement of a Three-Region Research Alliance on the Appropriate Use of Digital Identity (Amber Sinha; May 13, 2019).

Event Organized

Picking ‘Wholes’ - Thinking in Systems Workshop (Organized by CIS; New Delhi; May 27 - 28, 2019).

Gender

Blog Entry

Workshop on Feminist Information Infrastructure (Ambika Tandon; edited by Gurshabad Grover and designed by Saumyaa Naidu; May 9, 2019).

Free Speech

Participation in Events

Stockholm Internet Forum 2019 (Organized by Stockholm Internet Forum 2019; Stockholm; May 16 - 17, 2019). Gurshabad Grover was a panelist in the discussion on 'Influencing Internet Governance' co-organised by Article 19.
Consilience 2019 (Organized by the Law and Technology Society; National Law School of India University, Bangalore; May 25, 2019). Gurshabad Grover was a panelist on the discussion on 'Online Content Regulation: Global Perspectives and Solutions'.

Privacy

Research Paper

An Analysis of the RBI’s Draft Framework on Regulatory Sandbox for Fintech (Vipul Kharbanda; May 8, 2019).

Participation in Events

Data Empowerment And Protection Architecture (DEPA) Workshop (Organized by iSPIRT Foundation; May 18, 2019). Pranav Manjesh Bidare attended the workshop.
ABLI Privacy Workshop (Organized by Asian Business Law Institute; Singapore; May 21 - 22, 2019). Elonnai Hickok participated in the event.
HillHacks 2019 (Organized by HillHacks; Bir, Himachal Pradesh; May 24 - 26, 2019). Karan Saini was a speaker.

Artificial Intelligence

Participation in Events

Society 5.0 and Artificial Intelligence with a Human Face (Organized by Indian Council for Research on International Economic Relations; India Habitat Centre, New Delhi). Radhika Radhakrishnan attended a roundtable consultation.
AI for Good Workshop (Organized by Swissnex India and Wadhwani AI; Bangalore; May 22, 2019).
MWC19 Shanghai AI and Trust in APAC and China (Organized by Digital Asia Hub; MWC Shanghai; June 27, 2019). Sunil Abraham will be making a presentation at the summit on AI and Trust in APAC and China. Sunil has been invited as a speaker on panel ‘Framing AI for Digital Upstarts’.

Cyber Security

Participation in Event

Shining light into darkness: Encouraging greater transparency of government offensive practices in cyberspace (Organized by Rights Con; Tunis; June 12, 2019). Sunil Abraham will be attending a conversation on encouraging greater transparency of government offensive practices in cyberspace.

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions.

Article

Democracy, Digital India and Networks (Shyam Ponappa; Organizing India Blogspot; May 1, 2019).

Participation in Event

Live [Closed]: TRAI Open House Discussion on OTT Regulation - Delhi (Organized by TRAI; New Delhi; May 20, 2019). Anubha Sinha attended the event.

Researchers at Work (RAW)

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Essay

Can data ever know who we really are? (Zara Rahman; May 22, 2019).

Blog Entries

War Driving in Lhasa Vegas (Oxblood Ruffin; May 11, 2019).

#DotBharatAdoption (Dr. Amit Prakash, K.A. Dayanand, Dr. Srinivasan Ramani, Dr. V. Sridhar, and Vivek Pani; May 11, 2019).
#MaterialisingWriting (Dibyadyuti Roy, Indrani Roy, Padmini Ray Murray, and Puthiya Purayil Sneha; May 21, 2019).
The Shadow that Social Media Casts: The Doubled Offlines of Online Sociality (Karandeep Mehra; May 21, 2019).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/may-2019-newsletter

The Huawei bogey

gurshabad — 2019-06-05T03:38:19Z

India needs to prove company aids Chinese government, or risk playing into US hands.

The article by Gurshabad Grover was published in Indian Express on May 30, 2019.

The Trump administration has not only passed orders restricting the US government and its departments from procuring networking equipment from Chinese companies, but is exerting considerable pressure on other countries to follow suit. The fear that Huawei and ZTE will aid Chinese espionage and surveillance operations has become common even though there has been no compelling evidence to suggest that Huawei’s equipment is substantively different from its competitors.

These events have also sparked a larger debate about the security of India’s communications infrastructure, an industry powered by foreign imports. Commentators have not shied away from suggesting that India ban the import of network equipment. C Raja Mohan, in ‘The tech wars are here’ (IE, December 11, 2018), expressed these concerns and asked whether Chinese telecom equipment manufacturers should be allowed to operate in India. A larger point was made by D S Hooda in his piece, ‘At digital war’ (IE, October 25, 2018). He pointed out threats that arise from using untrusted software and hardware all over the stack: From Chinese networking middleboxes to American operating systems and media platforms. As a method to establish trust in ICT infrastructure, Hooda recommends “indigenis[ing] our cyber space”.

The path towards indigenised manufacturing of networking equipment is an expensive, elaborate process. Restricting certain foreign companies from operating in the country without evidence would be a knee-jerk reaction solely based on cues from US policy, and would undermine India’s strategic autonomy.

At the heart of threats from untrusted software or hardware, lies an information asymmetry between the buyer and seller. It is not always possible to audit the functioning of every product that you purchase. Open technical standards, developed by various standards development organisations (SDOs), govern the behaviour of networking software, and remove this information asymmetry: They allow buyers to glean or implicitly trust operational and security aspects of the equipment.

It is clear that various governments including India have repeatedly failed to advance privacy and security in the 5G standards, which are developed at the 3rd Generation Partnership Project (3GPP) — the organisation developing standards for telephony. Government and industry dominance at the 3GPP has ensured that telecom technologies include security vulnerabilities that are euphemistically termed as “lawful interception”. From an architectural perspective, 5G does not contain any significant vulnerabilities that were absent in older telecom standards. Unfortunately, these vulnerabilities are indifferent to those who exploit them: A security exception for law enforcement is tantamount to a security vulnerability for malicious actors. As the report from UK’s Huawei Cyber Security Evaluation Centre Oversight Board confirmed, there is perhaps no technical way to mitigate the security risks that 5G poses now. But there is still no evidence to suggest that Huawei is operating differently from say Ericsson or Nokia.

India needs to establish that Huawei is aiding the Chinese government through their products (5G or otherwise) before reacting. That Chinese companies are rarely insulated from Beijing’s influence is indisputable. However, the legal requirements placed on Chinese companies by Beijing are equivalent to de facto practices of countries like the US, which has a history of intercepting equipment from American companies to introduce vulnerabilities, or directly compelling them to aid intelligence operations. Such influence should be fought back by pushing for international norms that prevent states from acquiring data from companies en masse, and domestic data protection legislation.

In the long term, the Indian government and its defence wings would benefit from understanding the argument Lawrence Lessig has made since the 1990s: Decisions of technical architecture have far-reaching regulatory effects. A long-term strategy that focuses on advancing security at technical SDOs will prove more effective in ensuring the security of India’s critical infrastructure than the economically expensive push for indigenisation.

For more details visit https://cis-india.org/telecom/blog/indian-express-may-30-2019-gurshabad-grover-the-huawei-bogey

"Aadhaar Reduced Agency in Citizens and Empowered Those in Positions of Authority"

Martin Moore — 2019-05-21T15:33:01Z

In the space of one election cycle, authoritarian governments, moneyed elites and fringe hackers figured out how to game elections, bypass democratic processes, and turn social networks into battlefields. Facebook, Google and Twitter – where our politics now takes place – have lost control and are struggling to claw it back. As our lives migrate online, we are gradually moving into a world of datafied citizens and real-time surveillance. The entire political landscape has changed, with profound consequences for democracy.

The article by Martin Moore was published by NewsClick on May 20, 2019. Pranesh Prakash was quoted.

Written by Martin Moore, Democracy Hacked: Political Turmoil and Information Warfare in the Digital Age, is a compelling account of how democracy is being disrupted by the tech revolution, and what can be done to get us back on track. The following are excerpts from the chapter "Survellaince Democracy" of the book.

Tembhli, a remote rural village in northern Maharashtra, about 250 miles north of Mumbai, is rarely visited by high-powered politicians or prominent dignitaries. But on Wednesday, 29 September 2010, it found itself hosting not just the Indian prime minister, Manmohan Singh, but the president of Congress, Sonia Gandhi; the chief and deputy chief ministers and the governor of Maharashtra; and the head of the recently established Unique Identification Authority of India, Nandan Nilekani. It was this last figure, the least well known of the distinguished group, who was the reason behind the visit, and who would subsequently play the most important role in its aftermath. Nilekani and the politicians were there to give out the first ten ‘unique identifiers’ to residents of Tembhli. These ten people received their own twelve-digit number, a number that would, from that day forward, distinguish each of them from every other Indian citizen, and indeed – combined with their biometric data – from every other citizen in the world. “With this,” Sonia Gandhi said, “Tembhli has got a special importance in the map of India. People of Tembhli will lead the rest of the country. It is a historic step towards strengthening the people of our nation.”

Governments of all stripes are prone to exaggerated rhetoric, but in this instance, Gandhi was proved right when she proclaimed that “starting from this tiny hamlet, the scheme will reach more than a billion people of this country.” Despite the change of government in 2014, by April 2016 a billion Indians had been allocated their unique identifier. By 2018 the number had exceeded 1.1 billion, out of a total population of just over 1.3 billion. It was, in the words of a Harvard Business School report, a “hugely ambitious project”, “the largest-scale project of its kind in the world”. Aadhaar, as the project was called, was “unique in its scale and ambition”.3 Each Aadhaar identifier included not just a twelve-digit number, but all ten fingerprints, iris scans from both eyes, and a photograph of each person’s face (with the potential for facial recognition later). By combining the number with one element of biometric data, the government believed, it could ensure that every Indian citizen had a single, verifiable, machine-readable identity. With this verifiable identity a citizen could open a bank account, receive welfare or pension payments, pay tax, apply for a driving license, or receive healthcare, regardless of literacy. In a country known for its administrative torpor and tortuous bureaucracy, where – in 2013 – only forty per cent of children’s births were even registered, such a scheme had the potential to let India leapfrog other democratic countries into the digital era, and make government not just digitally enabled but digitally empowered.

Yet this, for critics of the scheme, was one of its many flaws. “Aadhaar marks a fundamental shift in citizen–state relations,” Pranesh Prakash from India’s Centre for the Internet and Society wrote in the Hindustan Times, “from ‘We the People’ to ‘We the Government’.” Civil society activists objected to the government’s enhanced power, and the relative unaccountability of the body running Aadhaar, headed by Nandan Nilekani until 2014. “In effect,” tech developer and activist Kiran Jonnalagadda wrote, “they are beyond the rule of law.” Others had practical objections.

Biometric identification often did not work. A database of this size and importance was bound to attract hackers. Leaks were inevitable. Indeed, the Tribune newspaper in January 2018 revealed that it had been able to buy a service, for 500 rupees (less than $10), that gave it access to any of up to one billion Aadhaar details. Yet such objections were written off as ‘scaremongering’ and Aadhaar critics as “activists of the upper crust, upper class, wine ’n cheese, Netflix-watching social media elite”. On top of which, despite an Indian Supreme Court judgment in August 2017 that affirmed the fundamental right of Indians to privacy, by early 2018 Aadhaar had achieved such momentum as to appear unstoppable. If the government was able to navigate the various legislative challenges to the scheme, then there was also a queue of other nations keen to adopt something similar.

[…]

As the government pushed Aadhaar towards every interaction the state had with the citizen, evidence mounted of failures in the system.

In the north-eastern state of Jharkhand, an eleven-year-old girl died of starvation after her family stopped receiving their government food ration. Their ration card, the Hindu Centre for Politics and Public Policy reported, “was not linked to Aadhaar”. The centre also reported on data, taken from the government’s websites, showing that in Rajasthan, where receiving rations was dependent on Aadhaar authentication, between a quarter and a third of people with ration cards did not receive rations between September 2016 and July 2017. In some ration shops, after having spent hours trying and failing to get their fingerprints read by the biometric machines, people lost their temper and smashed the machines on the ground.

Across India there were reports of machines not recognizing fingerprints, or only recognizing them after multiple attempts. Old people’s prints turned out to be more difficult to read, as were those of manual workers and fishermen. Since the system presumes guilt rather than innocence, the burden of proof lies with the citizen, not with the state. To claim a ration, apply for a scholarship or buy a train ticket, you have to prove who you are before receiving it. The obligation lies with the citizen to prove she is not a fraud. Even if she is not, and the failure is not with her but with the system, she pays for the system’s failure, not the government. To dispute a decision made by the machine means going to the nearest large town – often many miles away – and convincing an official that the problem is with the machine or the digital record, not with you. It is not surprising that some people wrecked Aadhaar machines in their rage.

While the system was found to reduce agency in citizens, it empowered those in positions of authority. Central government was able to make public services conditional on authentication by Aadhaar (despite repeated court rulings that Aadhaar be voluntary, not mandatory). This conditionality could then be extended to the level and type of public services available to individuals. In fact, it had to be for many services – distinguishing pensioners from non-pensioners, for example. Yet in this conditionality, there is plenty of scope for harm and abuse. In 2017 the independent media site Scroll.in reported a rising number of HIV-positive patients who were dropping out of treatment programmes because they were required to use their Aadhaar numbers and were fearful of their condition becoming public.

Equally, while Aadhaar itself did not provide any information about caste, ethnicity, religion or language, once it was linked to other databases, most notably the National Population Register, then it became possible to identify people by group. Formal group identification by the state has an ignominious history. During the apartheid era in South Africa, the penultimate number on the South African identity card indicated race. In the Rwandan genocide in 1994, anyone who had ‘Tutsi’ on their identification was liable to be killed. In Nazi Germany in 1938, every Jewish citizen had ‘J’ stamped on their ID cards and passports. In India, where political and religious divisions are closely intertwined, there is good reason to be anxious about new opportunities for group identification.

Thanks to Aadhaar, companies started to build services using unique identification. A series of ‘trust platforms’ emerged, built on top of Aadhaar, where employers – and others – could access and authenticate people’s identity. A company called TrustID advertised itself as “India’s first, unique and comprehensive online verification platform”. Through TrustID an employer could check whether a potential employee had any criminal or civil convictions, or whether that person had a good or bad reputation (based on a news search and social media profiling). The company even encouraged women to check up on potential husbands they had found via marriage websites. Other international companies integrated Aadhaar into existing services. This is similar to the way in which companies work with platforms like Facebook to profile, and target, individuals based on their personal information – except in this instance doing it via the government. All the same questions about trust, privacy, freedom and power arise, with even greater political potency. The state and private companies are in partnership to track citizens constantly and to gather as much data as they can on them – data that they can then use for commercial or political purposes. This opaque, asymmetrical knowledge of the citizen seems like the reverse of what was intended by democratic transparency, especially in the absence of strong privacy and data protection. “Totalitarian states often do this against the wishes of their citizens,” Pratap Bhanu Mehta, the president of the Centre for Policy Research, writes, yet “in our democracy, our consent is being mobilized to put an imprimatur over more control and arbitrariness.”

In August 2017, the Supreme Court of India came to a unanimous 9–0 decision that Article 21 of the Indian Constitution did guarantee a fundamental right to privacy. As such, it was not lawful for the government to make it mandatory for people to identify themselves using a unique identifier like Aadhaar, except in specific circumstances. To some this looked like a huge blow to the grand project. The Supreme Court decision “raises serious questions about Aadhaar”, lawyer Adarsh Ramanujan argued in India’s Financial Express, and appeared to send “a direction to the central government to create a regime to ensure that privacy rights are not trammelled by other private parties”. The judgment was about privacy broadly, and did not refer to specific cases like Aadhaar, but was seen as the basis from which future challenges to the scheme could be launched. The Modi government, however, appeared to carry on regardless. In October it linked Aadhaar to driving licence applications. By mid-December, the government had made Aadhaar mandatory if citizens wanted to access any of 140 government services.

Nandan Nilekani, who had stepped down as chair of Aadhaar in 2014 in order to become a candidate for the Congress party, railed against those who criticized the scheme. There was, he claimed, an “orchestrated campaign” to malign the system. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he told an Indian business news channel. Anyway, Nilekani argued, it was too late for the naysayers to stop it. Too many people were now enrolled. It was too integral to the provision of services. Others saw attacks on Aadhaar as political, arguing that Congress was using it for political gain prior to the 2019 election, and that this would backfire. “Aadhaar today is not just a number,” the editor of India’s Economic Timeswrote. “The Congress envisaged it as a means of identity but the Modi government has taken it to a different level. It has become a weapon in the hands of the poor and a powerful tool to fight entrenched black money interests. It is now a symbol of anti-corruption, anti-black money drives, a symbol of efficient allocation of welfare benefits.”

For more details visit https://cis-india.org/internet-governance/news/newsclick-martin-moore-may-20-2019-aadhaar-reduced-agency-in-citizens-and-empowered-those-in-positions-of-authority

Digital Native: Three things we need to realise about what TikTok is doing to us

nishant — 2019-06-09T05:27:52Z

Fifteen seconds is all that will take for TikTok to own you.

The article by Nishant Shah was published in Indian Express on May 19, 2019.

If there is one thing that has been building more suspense and drama than our politicians this election season, it is the microblogging site TikTok. From complete ignominy to viral popularity, and then the dramatic ban by a high court to its resurgence offering Rs 1,00,000 daily reward prizes, #ReturnofTikTok has been trending with great enthusiasm and being embraced by the populace, who obviously think that 15-second videos are the pinnacle of human cultural production and expression. But, my friends, followers, TikTokers, I come here not to bury TikTok, but to praise it.

At first glance, TikTok appears to be just a miniaturised version of the popular social media platforms we know — YouTube, Vine, Snapchat — and merely one more step in figuring out how granular we can make our appified attention. With each video post that can only last 15 seconds, TikTok is often heralded as naturalising the new unit of attention in an informationally saturated environment. Many have looked at it as competition to the grandfathers of social media apps, like Facebook and Instagram, and there is much speculation about how it will take these giants down.

However, the radical departure of TikTok is not in the smallness of its engagement — and thus the extremely low threshold for participation — or in the hashtag organisation of its social media, and the subsequent viral potentiality. What makes TikTok tick (and then, of course, tock), is its embrace of artificial intelligence and big data analytics to power the platform.

China-based ByteDance that owns TikTok, unlike any of its Big Tech competitors, is not a content production or curation company. It is invested in machine learning, and at its backend are extremely sophisticated algorithms that are using facial recognition, data correlation, and targeted customisation technologies to create the world of TikTok. Unlike Facebook and Twitter, the two templates of “user-generated-content” platforms, where what we see, what we do, and what we say require us to define our social circles and connections, TikTok’s algorithms do not need us to do any social definition.

From the minute you sign up for it, giving up your personal information and data to extreme mining which bears the same pitfalls of privacy and surveillance that all other big data apps do, TikTok starts presenting content to you. This is not content created by friends, or colleagues, or randos you connect with because you couldn’t be bothered to decline their invites. Instead, this is content created by people you don’t know at all, and brought to you by algorithms that know, even without you telling them what you might like. The more time you spend tapping across the vides, searching hashtags, and going through complex tutorials to make your own 15-second fun video, the more the machine learning algorithms learn you.

TikTok is such a threat to existing social media companies because they make no apologies of the fact that their human users are not influencers, friends, followers, or connections. They are merely users, who produce content and then their algorithms go around the world, connecting us through reasons and logic that are completely opaque. With TikTok, we see the future of automated technologies, where both the content and the logic of connectivity are no longer dependent on human action or desire, but on algorithmic curation and presentation. Geared towards maximum engagement, TikTok’s algorithms have one task — to completely make us lose all sense of time as we cycle through an almost endless stream of videos that have neither content nor style, but seduce us in their short-lived flash.

TikTok as a platform might turn out to be another fad. It is already being copied and mimicked by others. It might run out of its global steam. However, what it has opened up for us are three critical things that need more attention in our digital action. First, on TikTok, you don’t have friends because your friend is TikTok, and it tells you, in an easy, gossipy way, all the things that everybody else is doing. Second, TikTok does not pretend to respect individual choice and agency, instead it trains us to accept what is presented as content. In many ways, it is the reverse Spotify — your playlist does not represent your taste in music, but the music shapes you to become the kind of person who likes that music. And, lastly, TikTok infantilises its users, embedding them in a juvenilia, which has no meaning other than the moving images that keep us engaged but distant, responsive but irresponsible, as children of all ages, ready to escape from a world that increasingly seems too complex to live in.

Nishant Shah is a professor of new media and the co-founder of The Centre for Internet & Society, Bengaluru. This article appeared in print with the headline ‘Digital Native: Time’s Up’

For more details visit https://cis-india.org/raw/indian-express-may-19-2019-nishant-shah-digital-native-three-things-we-need-to-realise-about-what-tik-tok-is-doing-to-us

Curating Genderlog India's Twitter handle

Admin — 2019-05-14T14:40:08Z

Shweta Mohandas has been nominated to curate Genderlog's Twitter handle (@genderlogindia).

Shweta Mohandas will be tweeting about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. To view the tweets, click here

For more details visit https://cis-india.org/internet-governance/news/curating-genderlog-indias-twitter-handle

How privacy fares in the 2019 election manifestos | Opinion

Aayush Rathi and Ambika Tandon — 2019-05-02T01:49:39Z

We now have a rights-based language around privacy in the mainstream political discourse but that’s where it ends.

The article by Aayush Rathi and Ambika Tandon was published in the Hindustan Times on May 1, 2019.

In August 2017, the Supreme Court, in Puttaswamy vs Union of India, unanimously recognised privacy as a fundamental right guaranteed by the Constitution. Before the historic judgment, the right to privacy had remained contested and was determined on a case-by-case basis. By understanding privacy as the preservation of individual dignity and autonomy, the judgment laid the groundwork to accommodate subsequent landmark legislative moves — varying from decriminalising homosexuality to limiting the use of the Aadhaar by private actors.

Reflecting the importance gained by privacy within public imagination, the 2019 elections are the first time it finds mention across major party manifestos. In 2014, the Communist Party of India (Marxist) was the only political party to have made commitments to safeguarding privacy, albeit in a limited fashion. For the 2019 election, both the Congress and the CPI(M) promise to protect the right to privacy if elected to power. The Congress promises to “pass a law to protect the personal data of all persons and uphold the right to privacy”. However, it primarily focuses on informational privacy and its application to data protection, limited to the right of citizens to control access and use of information about themselves.

The CPI(M) focuses on privacy more broadly while promising to protect against “intrusion into the fundamental right to privacy of every Indian”. In a similar vein, both the Congress and the CPI(M) also commit to bringing about surveillance reform by incorporating layers of oversight. The CPI(M) manifesto further promises to support the curtailment of mass surveillance globally. It promises to enact a data privacy law to protect against “appropriation/misuse of private data for commercial use”, albeit without any reference to misuse by government agencies.

On the other hand, the Samajwadi Party manifesto proposes the reintroduction of the controversial NATGRID, an overarching surveillance tool proposed by the Congress in the aftermath of the 26/11 Mumbai attacks. In this backdrop, digital rights for individuals are conspicuous by their absence from the Bharatiya Janata Party’s manifesto. Data protection is only seen in a limited sense as being required in conjunction with increasing digital financialisation.

The favourable articulation of privacy in some of the manifestos should be read along with other commitments across parties around achieving development goals through the digital economy. Central to the operation of this is aggregating citizen data. Utilising this aggregated data for predictive abilities is key to initiatives being proposed in the manifestos —digitising health records, a focus on sunrise technologies, such as machine learning and big data, and readiness for “Industry 5.0” are some examples.

The right is then operationalised in a manner that leads data subjects to pick between their privacy and accessing services being provided by the data collector. Relinquishing privacy becomes the only option especially when access to welfare services is at stake.

The discourse around privacy in India has historically been used to restrict individual freedoms. In the Puttaswamy case, Justice DY Chandrachud, in his plurality opinion, acknowledges feminist scholarship to broaden the understanding of the right to privacy to one that protects bodily integrity and decisional privacy for marginalised communities. This implies protection against any manner of State interference with decisions regarding the self, and, more broadly, the right to create a private space to allow the personality to develop without interference. This includes protection from undue violations of bodily integrity such as protecting the freedom to use public spaces without fear of harassment, and criminalising marital rape.

While the articulation of privacy in the manifestos is a good start, it should be much more. Governance must implement the right to look beyond the individualised conception of privacy so as to allow it to support a whole range of freedoms, rather than limiting it to data protection. This could take the shape of modifying traditional legal codes. Family law, for instance, could be reshaped to allow for greater exercise of agency by women in marriage, guardianship, succession etc. Criminal law, too, could render inadmissible evidence obtained through unjustified privacy violations. The manifestos do mark the entry of a rights-based language around privacy and bodily integrity into mainstream political discourse. However, there appears to be a lack of imagination of the extent to which these protections can be used to further individual liberty collectively.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-may-1-2019-aayush-rathi-and-ambika-tandon-how-privacy-fares-in-the-2019-election-manifestos

April 2019 Newsletter

praskrishna — 2019-09-04T14:36:41Z

The Centre for Internet & Society (CIS) newsletter for April 2019.

Highlights for March 2019

The unprecedented growth of the fintech space in India has concomitantly come with regulatory challenges around inter alia privacy and security concerns. Aayush Rathi and Shweta Mohandas have co-authored a report which has analysed the privacy policies of 48 fintech companies operating in India to better understand some of these concerns.
In today’s increasingly digitized world where an increasing volume of information is being stored in the digital format, access to data generated by digital technologies and on digital platforms is important in solving crimes online and offline. One such mechanism for international cooperation is the Convention on Cybercrime adopted in Budapest (“Budapest Convention”). Vipul Kharbanda has provided a deeper analysis on this in his research paper.
CIS has responded to ICANN's proposed renewal of .org Registry. CIS has found severe issues with the proposed agreement. These centre around the removal of price caps and imposing obligations being currently deliberated in an ongoing Policy Development Process. Akriti Bopanna drafted the response.
The Department of Industrial Policy and Promotion released a draft e-commerce policy in February for which stakeholder comments were sought. CIS responded to the request for comments.
CIS Access to Knowledge team (CIS-A2K) has submitted its proposal form for the year 2019 - 2020 to the Wikimedia Foundation. CIS thanks all community members who gave valuable suggestions and inputs for drafting this proposal.
In 2017–2018, the Wikimedia Foundation (WMF) and Google collaborated to start a pilot project in India, working closely with the Centre for Internet and Society (CIS) and the Wikimedia Indiachapter (WMIN). This project, titled Project Tiger was aimed at encouraging Wikipedia communities to create locally relevant and high-quality content in Indian languages. CIS-A2K team submitted Project Tiger final report.
The r@w blog features works by researchers and practitioners working in India and elsewhere at the intersections of internet, digital media and society, and highlights and materials from ongoing research and events at the researchers@work programme at CIS. On the r@w blog we featured an essay titled 'The Internet in the Indian Judicial Imagination' by Divij Joshi, as part of a series on Studying Internet in India (2015); and audio recording of a session titled #ObjectsofDigitalGovernance by Khetrimayum Monish Singh, Rajiv K. Mishra, and Vidya Subramanian which was part of the Internet Researchers Conference, 2017.

Jobs

CIS is hiring:

CIS-A2K Finance Officer: Call for application (Only women candidates).
Internship - applications accepted throughout the year.

CIS and the News

The following news pieces were authored by CIS and published on its website in January:

Delayed Cash Flows and NPAs (Shyam Ponappa; Business Standard; April 3, 2019).
To preserve freedoms online, amend the IT Act (Gurshabad Grover; April 16, 2019).
Digital Native: Getting through an election made for the social media gaze (Nishant Shah; Indian Express; April 21, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Reddit, Telegram among websites blocked in India, say internet groups (Sai Sachin Ravikumar; Business Standard; April 3, 2019).
Data leaks could wreak havoc in India, so why aren’t they an issue this election? (Aria Thaker; Quartz India; April 4, 2019).
Cookies, not the monster you may think (Sweta Akundi; Hindu; April 8, 2019).
TikTok craze a ticking time bomb for city (Gulam Jeelani with inputs from Priyanka Sharma and Ajay Kumar; India Today; April 17, 2019).
Almost every social network has a porn problem—so why is India banning only TikTok? (Ananya Bhattacharya; Quartz India; April 19, 2019).
Child protection and cyber-grooming: Indian court rescinds its own Tiktok ban (Leon Kaiser; Netzpolitik.org; April 24, 2019).

Access to Knowledge

Wikipdedia

Project Proposal / Reports

Supporting Indian Language Wikipedias Program/Report (Gopala Krishna A; April 5, 2019).

CIS-A2K proposal to Wikimedia Foundation for 2019-2020 (Ananth Subray; April 15, 2019).

Blog Entries

Wikimedia projects orientation session at Tata Trust's Vikas Anvesh Foundation (Subodh Kulkarni; April 9, 2019).
Indic Wikisource Speak: Sushant Savla (Jayanta Nath; April 10, 2019).
SVG Translation Workshop at KBC North Maharashtra University (Subodh Kulkarni; April 10, 2019).
Content Donation Sessions with Authors (Subodh Kulkarni; April 10, 2019).
Indic Wikisource speak : Ajit Kumar Tiwari (Jayanta Nath; April 11, 2019).

Internet Governance

Cyber Security

Research Paper

International Cooperation in Cybercrime: The Budapest Convention (Vipul Kharbanda; April 29, 2019).

Privacy

Research Paper

FinTech in India: A Study of Privacy and Security Commitments (Aayush Rathi and Shweta Mohandas; April 30, 2019).

Submission

CIS Response to Call for Stakeholder Comments: Draft E-Commerce Policy (Arindrajit Basu, Vipul Kharbanda, Elonnai Hickok and Amber Sinha; April 10, 2019).

Participation in Events

IETF 104 Prague (Organized by IETF; Prague; March 23 - 29, 2019). Karan Saini and Gurshabad Grover participated in the event.
The Phantom Public: The Role of Social Media in Democracy (Organized by Ambedkar University; New Delhi; April 3, 2019).
(re) conference (Organized by CREA; New Delhi; April 10 - 12, 2019).
Data for Development: Mapping key considerations for policy and practice in India (Organized by Azim Premchand University; April 24, 2019). Arindrajit Basu delivered a talk.

Artificial Intelligence

Participation in Event

Policy Lab on Artificial Intelligence & Democracy (Organized by Tandem Research, in partnership with Microsoft Research and Friedrich-Ebert-Stiftung; Bangalore; April 2-3, 2019). Shweta Mohandas participated in the event.

Free Speech and Expression

Submission

CIS Response to ICANN's proposed renewal of .org Registry (Akriti Bopanna; April 28, 2019).

Event Organized

Internet Speech: Perspectives on Regulation and Policy ( Organized by CIS; India Habitat Centre, New Delhi; April 5, 2019).

Blog Entry

DIDP #33 On ICANN's 2012 gTLD round auction fund (Akriti Bopanna; April 4, 2019).

Researchers at Work (RAW)

Announcement

Call for Essays: Studying Internet in India (Sumandro Chattapadhyay; April 6, 2019).

Blog Entries

The Internet in the Indian Judicial Imagination (Divij Joshi; April 21, 2019).
#ObjectsOfDigitalGovernance (Khetrimayum Monish Singh, Rajiv K. Mishra, and Vidya Subramanian; April 21, 2019).

Telecom

Article

Delayed Cash Flows and NPAs (Shyam Ponappa; Business Standard; April 3, 2019 and Organizing India Blogspot; April 4, 2019).

Participation in Event

BIF conference on “Substitutability of OTT Services with Telecom Services & Regulation of OTT Services (Organized by Broadband India Forum; Taj Mahal Hotel, Mansingh Road, New Delhi; April 5, 2019). Anubha Sinha was a panellist at a BIF conference on “Substitutability of OTT Services with Telecom Services & Regulation of OTT Services”.

About CIS

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/april-2019-newsletter

International Cooperation in Cybercrime: The Budapest Convention

vipul — 2019-04-29T22:35:37Z

In today’s increasingly digitized world where an increasing volume of information is being stored in the digital format, access to data generated by digital technologies and on digital platforms is important in solving crimes online and offline.

Click to download the file here

However, the global nature of the internet challenges traditional methods of law enforcement by forcing states to cooperate with each other for a greater variety and number of cases than ever before in the past. The challenges associated with accessing data across borders in order to be able to fully investigate crimes which may otherwise have no international connection forces states to think of easier and more efficient ways of international cooperation in criminal investigations. One such mechanism for international cooperation is the Convention on Cybercrime adopted in Budapest (“Budapest Convention”). Drafted by the Council of Europe along with Canada, Japan, South Africa and the United States of America it is the first and one of the most important multilateral treaties addressing the issue of cybercrime and international cooperation.^{^[1]}

Extradition

Article 24 of the Budapest Convention deals with the issue of extradition of individuals for offences specified in Articles 2 to 11 of the Convention. Since the Convention allows Parties to prescribe different penalties for the contraventions contained in Articles 2-11, it specifies that extradition cannot be asked for unless the crime committed by the individual carries a maximum punishment of deprivation of liberty for atleast one year.^{^[2]} In order to not complicate issues for Parties which may already have extradition treaties in place, the Convention clearly mentions that in cases where such treaties exist, extradition will be subject to the conditions provided for in such extradition treaties.^{^[3]} Although extradition is also subject to the laws of the requested Party, if the laws provide for the existence of an extradition treaty, such a requirement shall be deemed to be satisfied by considering the Convention as the legal basis for the extradition.^{^[4]} The Convention also specifies that the offences mentioned in Articles 2 to 11 shall be deemed to be included in existing extradition treaties and Parties shall include them in future extradition treaties to be executed.^{^[5]}

The Convention also recognises the principle of "aut dedere aut judicare" (extradite or prosecute) and provides that if a Party refuses to extradite an offender solely on the basis that it shall not extradite their own citizens,^{^[6]} then, if so requested, such Party shall prosecute the offender for the offences alleged in the same manner as if the person had committed a similar offence in the requested Party itself.^{^[7]} The Convention also requires the Secretary General of the Council of Europe to maintain an updated register containing the authorities designated by each of the Parties for making or receiving requests for extradition or provisional arrest in the absence of a treaty.^{^[8]}

Mutual Assistance Requests

The Convention imposes an obligation upon the Parties to provide mutual assistance “to the widest extent possible” for investigations or proceedings of criminal offences related to computer systems and data.^{^[9]} Just as in the case of extradition, the mutual assistance to be provided is also subject to the conditions prescribed by the domestic law of the Parties as well as mutual assistance treaties between the Parties.^{^[10]} However, it is in cases where no mutual assistance treaties exist between the Parties that the Convention tries to fill the lacuna and provide for a mechanism for mutual assistance.

The Convention requires each Party to designate an authority for the purpose of sending and answering mutual assistance requests from other Parties as well as transmitting the same to the relevant authority in their home country. Similar to the case of authorities for extradition, the Secretary General is required to maintain an updated register of the central authorities designated by each Party.^{^[11]} Recognising the fact that admissibility of the evidence obtained through mutual assistance in the domestic courts of the requesting Party is a major concern, the Convention provides that the mutual assistance requests are to be executed in accordance with the procedures prescribed by the requesting Party unless such procedures are incompatible with the laws of the requested Party.^{^[12]}

Parties are allowed to refuse a request for mutual assistance on the grounds that (i) the domestic laws of the requested party do not allow it to carry out the request;^{^[13]} (ii) the request concerns an offence considered as a political offence by the requested Party;^{^[14]} or (iii) in the opinion of the requested Party such a request is likely to prejudice its sovereignty, security, ordre public or other essential interests.^{^[15]} The requested Party is also allowed to postpone any action on the request if it thinks that acting on the request would prejudice criminal investigations or proceedings by its own authorities.^{^[16]} In cases where assistance would be refused or postponed, the requested Party may consult with the other Party and consider whether partial or conditional assistance may be provided.^{^[17]}

In practice it has been found that though States refuse requests on a number of grounds,^{^[18]} some states even refuse cooperation in the event that the case is minor but requires an excessive burden on the requested state.^{^[19]} A case study of a true instance recounted below gives an idea of the effort and resources it may take for a requested state to carry out a mutual assistance request:

“In the beginning of 2005, a Norwegian citizen (let’s call him A.T.) attacked a bank in Oslo. He intended to steal money and he did so effectively. During his action, a police officer was killed. A.T. ran away and could not be found in Norway. Some days later, police found and searched his home and computer and discovered that A.T. was the owner of an email account from a provider in the United Kingdom. International co-operation was required from British authorities which asked the provider to put his email account under surveillance. One day, A.T. used his email account to send an email message. In the United Kingdom, police asked the ISP information about the IP address where the communication came from and it was found that it came from Spain.

British and Spanish authorities installed an alert system whose objective was to know, each time that A.T. used his email account, where he was. Thus, each time A.T. used his account, British police obtained the IP address of the computer in the origin of the communication and provided it immediately to Spanish police. Then, Spanish police asked the Spanish ISPs about the owner or user of the IP address. All the connexions were made from cybercafés in Madrid. Even proceeding to that area very quickly, during a long period of time it was not possible to arrive at those places before A.T. was gone.

Later, A.T. began to use his email account from a cybercafé in Malaga. This is a smaller town than Madrid and there it was possible to put all the cybercafés from a certain area permanently under physical surveillance. After some days of surveillance, British police announced that A.T. was online, using his email account, and provided the IP address. Very rapidly, the Spanish ISP informed Spanish police from the concrete location of the cybercafé what allowed the officers in the street to identify and arrest A.T. in place.

A.T. was extradited to Norway and prosecuted.”^{^[20]}

It is clear from the above that although the crime occurred in Norway, a lot of work was actually done by the authorities in the United Kingdom and Spain. In a serious case such as this where there was a bank robbery as well as a murder involved, the amount of effort expended by authorities from other states may be appropriate but it is unlikely that the authorities in Britain and Spain would have allocated such resources for a petty crime.

In sensitive cases where the requests have to be kept secret or confidential for any reason, the requesting Party has to specify that the request should be kept confidential except to the extent required to execute the request (such as disclosure in front of appropriate authorities to obtain the necessary permissions). In case confidentiality cannot be maintained the requested Party shall inform the requesting Party of this fact, which shall then take a decision regarding whether to withdraw the request or not.^{^[21]} On the other hand the requested Party may also make its supply of information conditional to it being kept confidential and that it not be used in proceedings or investigations other than those stated in the request.^{^[22]} If the requesting Party cannot comply with these conditions it shall inform the requested Party which will then decide whether to supply the information or not.^{^[23]}

In the normal course the Convention envisages requests being made and executed through the respective designated central authorities, however it also makes a provision, in urgent cases, for requests being made directly by the judicial authorities or even the Interpol.^{^[24]} Even in non urgent cases, if the authority of the requested Party is able to comply with the request without making use of coercive action, requests may be transmitted directly to the competent authority without the intervention of the central authority.^{^[25]}

The Convention clarifies that through these mutual assistance requests a Party may ask another to (i) either search, seize or disclose computer data within its territory,^{^[26]} (ii) provide real time collection of traffic data with specified communications in its territory;^{^[27]} and (iii) provide real time collection or recording of content data of specified communications.^{^[28]} The provision of mutual assistance specified above has to be in accordance with the domestic laws of the requested Party.

The procedure for sending mutual assistance requests under the Convention is usually the following:

Preparation of a request for mutual assistance by the prosecutor or enforcement agency which is responsible for an investigation.
Sending the request by the prosecutor or enforcement agency to the Central Authority for verification (and translation, if necessary).
The Central Authority then submits the request either, (i) to the foreign central authority, or (ii) directly to the requested judicial authority.

The following procedure is then followed in the corresponding receiving Party:

Receipt of the request by the Central Authority.
Central Authority then examines the request against formal and legal requirements (and translates it, if necessary).
Central Authority then transmits the request to the competent prosecutor or enforcement agency to obtain court order (if needed).
Issuance of a court order (if needed).
Prosecutor orders law enforcement (e.g. cybercrime unit) to obtain the requested data.
Data obtained is examined against the MLA request, which may entail translation or

using a specialist in the language.

The information is then transmitted to requesting State via MLA channels.^{^[29]}

In practice, the MLA process has generally been found to be inefficient and this inefficiency is even more pronounced with respect to electronic evidence. The general response times range from six months to two years and many requests (and consequently) investigations are often abandoned.^{^[30]} Further, the lack of awareness regarding procedure and applicable legislation of the requested State lead to formal requirements not being met. Requests are often incomplete or too broad; do not meet legal thresholds or the dual criminality requirement.^{^[31]}

Preservation Requests

The Budapest Convention recognises the fact that computer data is highly volatile and may be deleted, altered or moved, rendering it impossible to trace a crime to its perpetrator or destroying critical proof of guilt. The Convention therefore envisioned the concept of preservation orders which is a limited, provisional measure intended to take place much more rapidly than the execution of a traditional mutual assistance. Thus the Convention gives the Parties the legal ability to obtain the expeditious preservation of data stored in the territory of another (requested) Party, so that the data is not altered, removed or deleted during the time taken to prepare, transmit and execute a request for mutual assistance to obtain the data.

The Convention therefore provides that a Party may request another Party to obtain the expeditious preservation of specified computer data in respect of which such Party intends to submit a mutual assistance request. Once such a request is received the other Party has to take all appropriate measures to ensure compliance with such a request. The Convention also specifies that dual criminality is not a condition to comply with such requests for preservation of data since these are considered to be less intrusive than other measures such as seizure, etc.^{^[32]} However in cases where parties have a dual criminality requirement for providing mutual assistance they may refuse a preservation request on the ground that at the time of providing the data the dual criminality condition would not be met, although in regard to the offences covered under Articles 2 to 11 of the Convention, the requirement of dual criminality will be deemed to have been satisfied.^{^[33]} In addition to dual criminality a preservation request may also be refused on the grounds that (i) the offence alleged is a political offence; and (ii) execution of the request would likely to prejudice the sovereignty, security, ordre public or other essential interests of the requested Party.^{^[34]}

In case the requested Party feels that preservation will not ensure the future availability of the data or will otherwise prejudice the investigation, it shall promptly inform the requesting Party which shall then take a decision as to whether to ask for the preservation irrespective.^{^[35]} Preservation of the data pursuant to a request will be for a minimum period of 60 days and upon receipt of a mutual assistance request will continue to be preserved till a decision is taken on the mutual assistance request.^{^[36]} If the requested Party finds out in the course of executing the preservation request that the data has been transmitted through a third state or the requesting Party itself, it has a duty to inform the requesting Party of such facts as well as provide it with sufficient traffic data in order for it to be able to identify the service provider in the other state.^{^[37]}

Jurisdiction and Access to Stored Data

The problem of accessing data across international borders stems from the international law principle which provides that the authority to enforce (an action) on the territory of another State is permitted only if the latter provides consent for such behaviour. States that do not acquire such consent may therefore be acting contrary to the principle of non-intervention and may be in violation of the sovereignty of the other State.^{^[38]} The Convention specifies two situations in which a Party may access computer data stored in another Party’s jurisdiction; (i) when such data is publicly available; and (ii) when the Party has accessed such data located in another state through a computer system located in its own territory provided it has obtained the “lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system”.^{^[39]} These are two fairly obvious situations where a state should be allowed to use the computer data without asking another state, infact if a state was required to take the permission of the state in the territory of which the data was physically located even in these situations, then it would likely delay a large number of regular investigations where the data would otherwise be available but could not be legally used unless the other country provided it under the terms of the Convention or some other legal instrument. At the time of drafting the Convention it appears that Parties could not agree upon any other situations where it would be universally acceptable for a state to unilaterally access data located in another state, however it must be noted that other situations for unilaterally accessing data are neither authorized, nor precluded.^{^[40]}

Since the language of the Budapest Convention stopped shy of addressing other situations law enforcement agencies had been engaged in unilateral access to data stored in other jurisdictions on an uncertain legal basis risking the privacy rights of individuals raising concerns regarding national sovereignty.^{^[41]} It was to address this problem that the Cybercrime Committee established the “ad-hoc sub-group of the T-CY on jurisdiction and transborder access to data and data flows” (the “Transborder Group”) in November 2011 which came out with a Guidance Note clarigying the legal position under Article 32.

The Guidance Note # 3 on Article 32 by the Cybercrime Committee specifies that Article 32(b) would not cover situations where the data is not stored in another Party or where it is uncertain where the data is located. A Party is also not allowed to use Article 32(b) to obtain disclosure of data that is stored domestically. Since the Convention neither authorizes nor precludes other situations, therefore if it is unknown or uncertain that data is stored in another Party, Parties may need to evaluate themselves the legitimacy of a search or other type of access in the light of domestic law, relevant international law principles or considerations of international relations.^{^[42]} The Budapest Convention does not require notification to the other Party but parties are free to notify the other Party if they deem it appropriate.^{^[43]} The “voluntary and lawful consent” of the person means that the consent must be obtained without force or deception. Giving consent in order to avoid or reduce criminal charges would also constitute lawful and voluntary consent. If cooperation in a criminal investigation requires explicit consent in a Party, this requirement would not be fulfilled by agreeing to the general terms and conditions of an online service, even if the terms and conditions indicate that data would be shared with criminal justice authorities.^{^[44]}

The person who is lawfully authorized to give consent is unlikely to include service providers with respect to their users’ data. This is because normally service providers would only be holders of the data, they would not own or control the data and therefore cannot give valid consent to share the data.^{^[45]} The Guidance Note also specifies that with respect to the location of the person providing access or consent, while the standard assumption is that the person would be physically located in the requesting Party however there may be other situations, “It is conceivable that the physical or legal person is located in the territory of the requesting law enforcement authority when agreeing to disclose or actually providing access, or only when agreeing to disclose but not when providing access, or the person is located in the country where the data is stored when agreeing to disclose and/or providing access. The person may also be physically located in a third country when agreeing to cooperate or when actually providing access. If the person is a legal person (such as a private sector entity), this person may be represented in the territory of the requesting law enforcement authority, the territory hosting the data or even a third country at the same time.” Parties are also required to take into account the fact that third Parties may object (and some even consider it a criminal offence) if a person physically located in their territory is directly approached by a foreign law enforcement authority to seek his or her cooperation.^{^[46]}

Production Order

A similar problem arises in case of Article 18 of the Convention which requires Parties to put in place procedural provisions to compel a person in their territory to provide specified stored computer data, or a service provider offering services in their territory to submit subscriber information.^{^[47]} It must be noted here, that the data in question must be already stored or existing data, which implies that this provision does not cover data that has not yet come into existence such as traffic data or content data related to future communications.^{^[48]} Since the term used in this provision is that the data must be within the “possession or control” of the person or the service provider, therefore this provision is also capable of being used to access data stored in the territory of a third party as long as the data is within the possession and control of the person on whom the Production Order has been served. In this regard it must be noted that the Article makes a distinction between computer data and subscriber information and specifies that computer data can only be asked for from a person (including a service provider) located within the territory of the ordering Party even if the data is stored in the territory of a third Party.^{^[49]} However subscriber information^{^[50]} can be ordered only from a service provider even if the service provider is not located within the territory of the ordering Party as long as it is offering its services in the territory of that Party and the subscriber information relates to the service offered in the ordering Party’s territory.^{^[51]}

Since the power under Article 18 is a domestic power which potentially can be used to access subscriber data located in another State, the use of this Article may raise complicated jurisdictional issues. This combined with the growth of cloud computing and remote data storage also raises concerns regarding privacy and data protection, the jurisdictional basis pertaining to services offered without the service provider being established in that territory, as well as access to data stored in foreign jurisdictions or in unknown or multiple locations “within the cloud”.^{^[52]} Even though some of these issues require further discussions and a more nuanced treatment, the Cybercrime Committee felt the need to issue a Guidance Note to Article 18 in order to avoid some of the confusion regarding the implementation of this provision.

Article 18(1)(b) may include a situation where a service provider is located in one jurisdiction, but stores the data in another jurisdiction. Data may also be mirrored in several jurisdictions or move between jurisdictions without the knowledge or control of the subscriber. In this regard the Guidance Note points out that legal regimes increasingly recognize that, both in the criminal justice sphere and in the privacy and data protection sphere, the location of the data is not the determining factor for establishing jurisdiction.^{^[53]}

The Guidance Note further tries to clarify the term “offering services in its territory” by saying that Parties may consider that a service provider is offering services if: (i) the service provider enables people in the territory of the Party to subscribe to its services (and does not, for example, block access to such services); and (ii) the service provider has established a real and substantial connection that Party. Relevant factors to determine whether such a connection has been established include “the extent to which a service provider orients its activities toward such subscribers (for example, by providing local advertising or advertising in the language of the territory of the Party), makes use of the subscriber information (or associated traffic data) in the course of its activities, interacts with subscribers in the Party, and may otherwise be considered established in the territory of a Party”.^{^[54]} A service provider will not be presumed to be offering services within the territory of a Party just because it uses a domain name or email address connected to that country.^{^[55]} The Guidance Note provides a very elegant tabular illustration of its requirements to serve a valid Production Order on a service provider:^{^[56]}

PRODUCTION ORDER CAN BE SERVED
IF The criminal justice authority has jurisdiction over the offence
AND The service provider is in possession or control of the subscriber information
AND
The service provider is in the territory of the Party (Article 18(1)(a))	Or	A Party considers that a service provider is “offering its services in the territory of the Party” when, for example: - the service provider enables persons in the territory of the Party to subscribe to its services (and does not, for example, block access to such services); and - the service provider has established a real and substantial connection to a Party. Relevant factors include the extent to which a service provider orients its activities toward such subscribers (for example, by providing local advertising or advertising in the language of the territory of the Party), makes use of the subscriber information (or associated traffic data) in the course of its activities, interacts with subscribers in the Party, and may otherwise be considered established in the territory of a Party. (Article 18(1)(b))
AND
		the subscriber information to be submitted is relating to services of a provider offered in the territory of the Party.

The existing processes for accessing data across international borders, whether through MLATs or through the mechanism established under the Budapest Convention are clearly too slow to be a satisfactory long term solution. It is precisely for that reason that the Cybercrime Committee has suggested alternatives to the existing mechanism such as granting access to data without consent in certain specific emergency situations;^{^[57]} or access to data stored in another country through a computer in its own territory provided the credentials for such access are obtained through lawful investigative activities.^{^[58]} Another option suggested by the Cybercrime Committee is to look beyond the principle of territoriality, specially in light of the recent developments in cloud computing where the location of the data may not be certain or data may be located in multiple locations,^{^[59]} and look at a connecting legal factor as an alternative such as the “power of disposal”. This option implies that even if the location of the data cannot be determined it can be connected to the person having the power to “alter, delete, suppress or render unusable as well as the right to exclude other from access and any usage whatsoever”.^{^[60]}

Language of Requests

It was found from practice that the question of the language in which the mutual assistance requests were made was a big issue in most States since it created problems such as delays due to translations, costly translations, quality of translations, etc. The Cybercrime Committee therefore suggested that an additional protocol be added to the Budapest Convention to stipulate that requests sent by Parties should be accepted in English atleast in urgent cases since most States accepted a request in English.^{^[61]} Due to these problems associated with the language of assistance requests, the Cybercrime Convention Committee has already released a provisional draft Additional Protocol to address the issue of language of mutual assistance requests for public comments.^{^[62]}

24/7 Network

Parties are required to designate a point of contact available on a twenty-four hour, seven-day-a week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence, in electronic form, of a criminal offence. The point of contact for each Party is required to have the capacity to carry out communications with the points of contact for any other Party on an expedited basis. It is the duty of the Parties to ensure that trained and properly equipped personnel are available in order to facilitate the operation of the network.^{^[63]} The Parties recognized that establishment of this network is among the most important means provided by the Convention of ensuring that Parties can respond effectively to the law enforcement challenges posed by computer-or computer-related crimes.^{^[64]} In practice however it has been found that in a number of Parties there seems to be a disconnect between the 24/7 point of contact and the MLA request authorities leading to situations where the contact points may not be informed about whether preservation requests are followed up by MLA authorities or not.^{^[65]}

Drawbacks and Improvements

The Budapest Convention, whilst being the most comprehensive and widely accepted document on international cooperation in the field of cybercrime, has its own share of limitations and drawbacks. Some of the major limitations which can be gleaned from the discussion above (and potential recommendations for the same) are listed below:

Weakness and Delays in Mutual Assistance: In practice it has been found that though States refuse requests on a number of grounds,^{^[66]} some states even refuse cooperation in the event that the case is minor but requires an excessive burden on the requested state. Further, the delays associated with the mutual assistance process are another major hurdle, and are perhaps the reason by police-to-police cooperation for the sharing of data related to cybercrime and e-evidence is much more frequent than mutual legal assistance.^{^[67]} The lack of regulatory and legal awareness often leads to procedural lapses due to which requests do not meet legal thresholds. More training, more information on requirements to be met and standardised and multilingual templates for requests may be a useful tool to address this concern.

Access to data stored outside the territory: Access to data located in another country without consent of the authorities in that country poses another challenge. The age of cloud computing with processes of data duplication and delocalisation of data have added a new dimension to this problem.^{^[68]} It is precisely for that reason that the Cybercrime Committee has suggested alternatives to the existing mechanism such as granting access to data without consent in certain specific emergency situations;^{^[69]} or access to data stored in another country through a computer in its own territory provided the credentials for such access are obtained through lawful investigative activities.^{^[70]} Another option suggested by the Cybercrime Committee is to look beyond the principle of territoriality and look at a connecting legal factor as an alternative such as the “power of disposal”.

Language of requests: Language of requests create a number of problems such as delays due to translations, cost of translations, quality of translations, etc. Due to these problems, the Cybercrime Convention Committee has already released for public comment, a provisional draft Additional Protocol to address the issue.^{^[71]}

Bypassing of 24/7 points of contact: Although 24/7 points have been set up in most States, it has been found that there is often a disconnect between the 24/7 point of contact and the MLA request authorities leading to situations where the contact points may not be informed about whether preservation requests are followed up by MLA authorities or not.^{^[72]}

India and the Budapest Convention

Although countries outside the European Union have the option on signing the Budapest Convention and getting onboard the international cooperation mechanism envisaged therein, India has so far refrained from signing the Budapest Convention. The reasons for this refusal appear to be as follows:

India did not participate in the drafting of the treaty and therefore should not sign. This concern, while valid is not a consistent foreign policy stand that India has taken for all treaties, since India has signed other treaties, where it had no hand in the initial drafting and negotiations.^{^[73]}
Article 32(b) of the Budapest Convention involves tricky issues of national sovereignty since it allows for cross border access to data without the consent of the other party. Although, as discussed above, the Guidance Note on Article 32 clarified this issue to an extent, it appears that arguments have been raised in some quarters of the government that the options provided by Article 32 are too limited and additional means may be needed to deal with cross border data access.^{^[74]}
The mutual legal assistance framework under the Convention is not effective enough and the promise of cooperation is not firm enough since States can refuse to cooperate on a number of grounds.^{^[75]}
It is a criminal justice treaty and does not cover state actors; further the states from which most attacks affecting India are likely to emanate are not signatories to the Convention either.^{^[76]}
Instead of joining the Budapest Convention, India should work for and promote a treaty at the UN level.^{^[77]}

Although in January 2018 there were a number of news reports indicating that India is seriously considering signing the Budapest Convention and joining the international cooperation mechanism under it, there have been no updates on the status of this proposal.^{^[78]}

Conclusion

The Budapest Convention has faced a number of challenges over the years as far as provisions regarding international cooperation are concerned. These include delays in getting responses from other states, requests not being responded to due to various reasons (language, costs, etc.), requests being overridden by mutual agreements, etc. The only other alternative which is the MLAT system is no better due to delays in providing access to requested data.^{^[79]} This however does not mean that international cooperation through the Budapest Convention is always late and inefficient, as was evident from the example of the Norwegian bank robber-murderer given above. There is no doubt that the current mechanisms are woefully inadequate to deal with the challenges of cyber crime and even regular crimes (specially in the financial sector) which may involve examination of electronic evidence. However that does not mean the end of the road for the Budapest Convention, one has to recognize the fact that it is the pre-eminent document on international cooperation on electronic evidence with 62 State Parties as well as another 10 Observer States. Any mechanism which offers a solution to the thorny issues of international cooperation in the field of cyber crime would require most of the nations of the world to sign up to it; till such time that happens, expanding the scope of the Budapest Convention to address atleast some of the issues discussed above by leveraging the work already done by the Cybercrime Committee through various reports and Guidance Notes (some of which have been referenced in this paper itself) may be a good option as this could be an incentive for non signatories to become parties to a better and more efficient Budapest Convention providing a more robust international cooperation regime.

^{^[1]} Council of Europe, Explanatory Report to the Convention on Cybercrime, https://rm.coe.int/16800cce5b, para 304.

^{^[2]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 24(1)(a). Except in cases where a different minimum threshold has been provided by a mutual arrangement, in which case such other minimum threshold shall be applied.

^{^[3]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 24(5).

^{^[4]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 24(3).

^{^[5]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 24(2).

^{^[6]} Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, https://rm.coe.int/16800cce5b, para 251.

^{^[7]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 24(6).

^{^[8]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 24(7).

^{^[9]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 25(1).

^{^[10]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 25(4).

^{^[11]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(2).

^{^[12]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(3) read with para 267 of the Explanatory Note to the Budapest Convention.

^{^[13]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 25(4).

^{^[14]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(4)(a).

^{^[15]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(4)(b).

^{^[16]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(5).

^{^[17]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(6).

^{^[18]} Some of the grounds listed by Parties for refusal are: (i) grounds listed in Article 27 of the Convention, (ii) the request does not meet formal or other requirements, (iii) the request is motivated by race, religion, sexual orientation, political opinion or similar, (iv) the request concerns a political or military offence, (v) Cooperation may lead to torture or death penalty, (vi) Granting the request would prejudice sovereignty, security, public order or national interest or other essential interests, (vii) the person has already been punished or acquitted or pardoned for the same offence “Ne bis in idem”, (viii) the investigation would impose an excessive burden on the requested State or create practical difficulties, (ix) Granting the request would interfere in an ongoing investigation (in which case the execution of the request may be postponed). Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 34.

^{^[19]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 34.

^{^[20]} Pedro Verdelho, Discussion Paper: The effectiveness of international cooperation against cybercrime: examples of good practice, 2008, pg. 5, https://www.coe.int/t/dg1/legalcooperation/economiccrime/cybercrime/T-CY/DOC-567study4-Version7_en.PDF, accessed on March 28, 2019.

^{^[21]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(8).

^{^[22]} However, disclosure of the material to the defence and the judicial authorities is an implicit exception to this rule. Further the ability to use the material in a trial (which is generally a public proceeding) is also a recognised exception to the right to limit usage of the material. See para 278 of the the Explanatory Note to the Budapest Convention.

^{^[23]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 28.

^{^[24]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(9)(a) and (b).

^{^[25]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 27(9)(d) read with para 274 of the Explanatory Note to the Budapest Convention.

^{^[26]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 31.

^{^[27]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 33.

^{^[28]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 34.

^{^[29]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 37.

^{^[30]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 123.

^{^[31]} Ibid at 124.

^{^[32]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 29(3) read with para 285 of the Explanatory Note to the Budapest Convention.

^{^[33]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 29(4).

^{^[34]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 29(5).

^{^[35]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 29(6).

^{^[36]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 29(7).

^{^[37]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 30.

^{^[38]} Anna-Maria Osula, Accessing Extraterritorially Located Data: Options for States, http://ccdcoe.eu/uploads/2018/10/Accessing-extraterritorially-located-data-options-for-States_Anna-Maria_Osula.pdf, accessed on March 28, 2019.

^{^[39]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 32.

^{^[40]} Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, https://rm.coe.int/16800cce5b, para 293.

^{^[41]} Council of Europe, Cybercrime Convention Committee, Report of the Transborder Group, Transborder access and jurisdiction: What are the options?, December 2012, para 310.

^{^[42]} Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.2.

^{^[43]} Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.3.

^{^[44]} Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.4.

^{^[45]} Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.6.

^{^[46]} Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.8.

^{^[47]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 18.

^{^[48]} Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, https://rm.coe.int/16800cce5b, para 170.

^{^[49]} Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, https://rm.coe.int/16800cce5b, para 173.

^{^[50]} Defined in Article 18(3) as “any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:

a. the type of communication service used, the technical provisions taken thereto and the period of service;

b. the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement;

c. any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.

^{^[51]} Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, https://rm.coe.int/16800cce5b, para 173.

^{^[52]} Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), at pg.3.

^{^[53]} Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), para 3.5 at pg. 7.

^{^[54]} Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), para 3.6 at pg. 8.

^{^[55]} Id.

^{^[56]} Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), para 3.8 at pg. 9.

^{^[57]} Situations such as preventions of imminent danger, physical harm, the escape of a suspect or similar situations including risk of destruction of relevant evidence.

^{^[58]} Council of Europe, Cybercrime Convention Committee, Subgroup on Transborder Access, (Draft) Elements of an Additional Protocol to the Budapest Convention on Cybercrime Regarding Transborder Access to Data, April 2013, pg. 49.

^{^[59]} Council of Europe, Cybercrime Convention Committee Cloud Evidence Group, Criminal justice access to data in the cloud: challenges (Discussion paper), May 2015, pgs 10-14.

^{^[60]} Council of Europe, Cybercrime Convention Committee, Subgroup on Transborder Access, (Draft) Elements of an Additional Protocol to the Budapest Convention on Cybercrime Regarding Transborder Access to Data, April 9, 2013, pg. 50.

^{^[61]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 35.

^{^[62]} https://www.coe.int/en/web/cybercrime/-/towards-a-protocol-to-the-budapest-convention-further-consultatio-1

^{^[63]} Council of Europe, Convention on Cybercrime, 23 November 2001, Article 35.

^{^[64]} Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, https://rm.coe.int/16800cce5b, para 298.

^{^[65]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 86.

^{^[66]} Some of the grounds listed by Parties for refusal are: (i) grounds listed in Article 27 of the Convention, (ii) the request does not meet formal or other requirements, (iii) the request is motivated by race, religion, sexual orientation, political opinion or similar, (iv) the request concerns a political or military offence, (v) Cooperation may lead to torture or death penalty, (vi) Granting the request would prejudice sovereignty, security, public order or national interest or other essential interests, (vii) the person has already been punished or acquitted or pardoned for the same offence “Ne bis in idem”, (viii) the investigation would impose an excessive burden on the requested State or create practical difficulties, (ix) Granting the request would interfere in an ongoing investigation (in which case the execution of the request may be postponed). Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 34.

^{^[67]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 7.

^{^[68]} Giovanni Buttarelli, Fundamental Legal Principles for a Balanced Approach, Selected papers and contributions from the International Conference on “Cybercrime: Global Phenomenon and its Challenges”, Courmayeur Mont Blanc, Italy available at ispac.cnpds.org/download.php?fld=pub_files&f=ispacottobre2012bassa.pdf

^{^[69]} Situations such as preventions of imminent danger, physical harm, the escape of a suspect or similar situations including risk of destruction of relevant evidence.

^{^[70]} Council of Europe, Cybercrime Convention Committee, Subgroup on Transborder Access, (Draft) Elements of an Additional Protocol to the Budapest Convention on Cybercrime Regarding Transborder Access to Data, April 2013, pg. 49.

^{^[71]} https://www.coe.int/en/web/cybercrime/-/towards-a-protocol-to-the-budapest-convention-further-consultatio-1

^{^[72]} Council of Europe, Cybercrime Convention Committee assessment report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime, December 2014, pg. 86.

^{^[73]} Dr. Anja Kovaks, India and the Budapest Convention - To Sign or not? Considerations for Indian Stakeholders, available at https://internetdemocracy.in/reports/india-and-the-budapest-convention-to-sign-or-not-considerations-for-indian-stakeholders/

^{^[74]} Alexander Seger, India and the Budapest Convention: Why not?, Digital Debates: The CyFy Journal, Vol III, available at https://www.orfonline.org/expert-speak/india-and-the-budapest-convention-why-not/

^{^[75]} Id.

^{^[76]} Id.

^{^[77]} Id.

^{^[78]} https://indianexpress.com/article/india/home-ministry-pitches-for-budapest-convention-on-cyber-security-rajnath-singh-5029314/

^{^[79]} Elonnai Hickok and Vipul Kharbanda, Cross Border Cooperation on Criminal Matters - A perspective from India, available at https://cis-india.org/internet-governance/blog/cross-border-cooperation-on-criminal-matters

For more details visit https://cis-india.org/internet-governance/blog/vipul-kharbanda-april-29-2019-international-cooperation-in-cybercrime-the-budapest-convention

International Cooperation in Cybercrime

vipul — 2019-04-29T22:34:05Z

For more details visit https://cis-india.org/internet-governance/files/budapest-convention-paper.pdf

Now, police use apps to catch a criminal

Ketaki Desai — 2019-03-31T15:47:00Z

Recently, Punjab police detained three suspects on a tip-off. The cops clicked their photographs, uploaded them on an app called the Punjab Artificial Intelligence System or PAIS which uses facial recognition, and immediately got the lowdown on their criminal history, which involved a contract killing and looting. Four stolen vehicles and five weapons were recovered from them.

The article by Ketaki Desai with inputs from Sanjeev Verma in Chandigarh was published in the Times of India on March 31, 2019. Arindrajit Basu was quoted.

Police forces around the country are increasingly relying on artificial intelligence as both a crime-busting and prevention tool despite concerns about the inbuilt biases of algorithms, and the worry that policing may win over privacy.

Atul Rai, founder CEO of Gurgaon-based firm Staqu Technologies, which developed the app used by Punjab police, says they collect data from various state agencies and have built a database on criminals. “An NCRB (National Crime Records Bureau) report showed that 70% of crimes are committed by repeat criminals. Our facial recognition software works even on low-resolution photos and videos.” Police departments in UP, Uttarakhand and Rajasthan are armed with similar apps. And how likely is it that this facial recognition tech makes mistakes? It has 98% accuracy, claims Rai.

Other companies are also in the fray. Chennai’s FaceTagr has built a database of 75,000 photographs, and claims its app – currently being used in Tamil Nadu, Andhra Pradesh and Puducherry – is able to identify faces with an accuracy of 99.4%.

Facial recognition doesn’t just help catch the bad guys, it can also help trafficked kids reunite with their families. Vijay Gnanadesikan, CEO of FaceTagr, says they have begun to work with the Indian Railways to facilitate this. “Often, a child is not able to tell police officers where they are from. Now if a child is reported missing in Mumbai, and found in Bengaluru, the parents can be found if both police departments upload his or her photo.”

UP’s Trinetra app, developed by Staqu Tech, was launched in December, 2018. I-G (crime) S K Bhagat says, “We didn’t have any centralised criminal database in UP before this.” The app informs the cops of the status of each person in custody, and whether they are out on bail. This means that if a chain-snatching takes place in Lucknow, they can filter suspects and also show the victim their photos for identification. “Right now we’re in the first phase of using the app; beat officers still don’t yet have direct access but their SHO does.” To prevent misuse, a centralised monitoring system has been developed.

Staqu also offers predictive analytics— they collect data from news sites and blogs, aggregate information about crime patterns across the country, and create a ‘heat map’ for law enforcement agencies. Using this, they are able to make predictions about where, how and by whom a crime might be committed.

But predictive policing is problematic, points out Vidushi Marda of human rights organisation Article 19. “Data is often imperfect, and it’s easy for a deeply unequal, biased outlook of society to be embedded in data. This means that people who have always been arrested for no reason will continue to be arrested for no reason. And because it’s an algorithm, we can’t refute it,” she says.

Uncanny Vision, a Bengaluru-based company, makes smart CCTVs that are deployed in ATMs and number plate readers that are used on national highways in Kerala to curb speeding. Co-founder Navaneethan Sundaramoorthy says, “Our ATM CCTVs don’t use facial recognition, they just look at the actions. We take the video, convert it into information and toss away the video.” He thinks that privacy concerns are important. “Is it possible for the government to use it in any big-brother scenario? Yes, but that has always been the case. With this technology, we can control who has access to the information that comes from CCTVs, and there is a clear footprint about who has accessed the information,” he says.

Apar Gupta, executive director of the Internet Freedom Foundation, points out that there are no regulatory safeguards in place. “The first thing surveillance needs is a statutory framework—what is its purpose, how is it being carried out, and what limits they cannot go beyond. These surveillance systems are being made without adequate civil society engagement. There needs to be a third-party data protection authority to audit their activities.”

Arindrajit Basu, senior policy officer at the Centre for Internet and Society, says the advantages of AI in tracking crime have to be balanced with accountability. “The government can be taken to court for violation of a fundamental right, including the recently recognised right to privacy. But, most of this tech is being rolled out in collaboration with private actors. You can’t take a private company to court for this.” The solution might lie in private companies sharing liability with the government, he says. “That will ensure that they consider the ethical consequences of their products.”

For more details visit https://cis-india.org/internet-governance/news/times-of-india-march-31-2019-ketaki-desai-now-police-use-apps-to-catch-a-criminal

March 2019 Newsletter

praskrishna — 2019-07-18T02:14:11Z

The Centre for Internet & Society (CIS) newsletter for the month of March 2019.

Highlights for March 2019

The Indian Patent Office (IPO) on 1 March 2019, published a draft of the “Manual of Patent Office Practice and Procedure, Version 3.0”. CIS provided comments on patenting of computer related inventions.
The Centre for Internet and Society's Access to Knowledge (CIS-A2K) team has submitted its proposal for the year 2019-2020 to the Wikimedia Foundation. CIS-A2K has proposed to undertake content enrichment, skill development initiatives, cement partnership with existing partners and build relationships with new ones, and activities like Train-the-Trainer, Wikisource Conference, Wikimedia Summit India, Intensive Personal Wiki Training, supporting Indic Wikimedians through request page, etc.
Tarun Bharat Sangh (TBS), an organisation working on rejuvenation of rivers in India, has began documentation of rivers on Wiki, especially to draw attention to and mitigate the crisis of toxic deposits facing more than 40 rivers in India. The work was started by Jal Biradari, TBS’s Maharashtra based group, in Sangli district with the help of the Access to Knowledge (CIS-A2K) team of CIS. A report from the first pilot workshop conducted by CIS-A2K during 22-25 December 2018 at Tarun Bharat Sangh Ashram, in Alwar, Rajasthan has been published.
With the objective of connecting the open knowledge movement with design, the Access to Knowledge team at the Centre for Internet and Society co-organised the Wikigraphists Bootcamp India 2018 with the Wikimedia Foundation during September 28-30, 2018 in New Delhi. Saumyaa Naidu in a report has shared the learningsfrom the panel discussion aimed at exploring the potential collaborations between design and the open knowledge movement.
Karan Saini, Pranesh Prakash and Elonnai Hickok co-authored a policy brief titled Improving the Processes for Disclosing Security Vulnerabilities to Government Entities in India. The policy brief has recommended changes pertaining to current legislation, policy and practice to the Government of India regarding external vulnerability reporting and disclosure.
Arindrajit Basu, Elonnai Hickok and Aditya Singh Chawla co-authored a White Paper titled 'The Localisation Gambit'. The paper was edited by Pranav M.B., Vipul Kharbanda and Amber Sinha. Anjanaa Aravindan provided research assistance. Government of India has drafted multiple policy instruments which dictate that certain types of data must be stored in servers located physically within the territory of India. The White Paper serves as a resource for stakeholders attempting to intervene in this debate and arrive at a workable solution where the objectives of data localisation are met through measures that have the least negative impact on India’s economic, political, and legal interests.
The Technology Law Forum at the National Academy of Legal Studies and Research (NALSAR) has published the Report on Data Privacy and Citizen's Rights' Symposium.This report is a compilation of all the speakers' speeches during the panel discussion. Shweta Mohandas was one of the eight speakers at the panel and the excerpts from her presentation has also been covered in this report.
CIS in its r@w blog featured an essay titled 'Users and the Internet' by Purbasha Auddy, part of a series on Studying Internet in India (2015); and audio recording of a session titled #SelfiesFromtheField which was part of the Internet Researchers Conference, 2017.

Jobs

CIS is hiring:

CIS-A2K Finance Officer: Call for application (Only women candidates).
Internship - applications accepted throughout the year.

CIS and the News

The following news pieces were authored by CIS and published on its website in January:

Recapturing the Commons (Shyam Ponappa; Business Standard; March 7, 2019).
Digital Native: How an information overload affects what you forward (Nishant Shah; Indian Express; March 10, 2019).
Digital Native: Lessons from Facebook, Instagram and Whatsapp going down (Nishant Shah; Indian Express; March 24, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Why entrepreneurs are wary of the new draft e-commerce policy (Rahul Sachitanand; Economic Times; March 3, 2019).
'Website not found' pop-ups leave net activists fuming (Tushar Kaushik; Economic Times; March 6, 2019).
More urban Indian women are acting against offensive calls and text messages (Aria Thaker; Quartz India; March 8, 2019).
Unlike Facebook, Twitter is a ghost town for political ads in India so far (Aria Thaker; Quartz India; March 12, 2019).

Wie die chinesische Mega-App TikTok Indiens Wahlkampf beeinflussen könnte (Handelsblatt; March 13, 2019).
When laugh lines turn worry lines (K.V. Aditya Bharadwaj; Hindu; March 15, 2019).

Proposed Intermediary Liability Rules threat to privacy and free speech, global coalition tells MeitY (Zaheer Merchant; Medianama; March 18, 2019).
Now, police use apps to catch a criminal (Ketaki Desai with inputs from Sanjeev Verma; Times of India; March 31, 2019).

Access to Knowledge

Copyright and Patent

Access to Knowledge is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents and trademarks, which are an important part of the digital landscape. We prepared the India report for the Consumers International IP Watchlist, made submission to the HRD Ministry on WIPO Broadcast Treaty, questioned the demonisation of pirates, and advocated against laws (such as PUPFIP Bill) that privatize public funded knowledge.

Submission

Comments and Suggestions to the Draft Patent Manual March 2019 (Achal Prabhala, Feroz Ali, Ramya Sheshadri, Roshan John and Anubha Sinha; March 21, 2019).

Wikipdedia

Blog Entries

Train the Trainer program 2018 (Sailesh Patnaik; March 6, 2019).
The city of Bhubaneswar is going Open (Sailesh Patnaik; March 7, 2019).
Rejuvenating India’s Rivers the Wiki Way (Subodh Kulkarni; March 7, 2019).
ಕನ್ನಡ ವಿಕಿಪೀಡಿಯ ಶಿಕ್ಷಣ ಯೋಜನೆ ಸಮಾವೇಶ ಮತ್ತು ತರಬೇತಿಯ ವರದಿ (Ananth Subray; March 7, 2019).
Design and the Open Knowledge Movement (Saumyaa Naidu; March 31, 2019).

Event Organized

Wikimedia Summit India 2019 (Organized by CIS-A2K; New Delhi; March 16 - 17, 2019). CIS-A2K team organized a two-day Wikimedia Summit event for the participants taking part in the Wikimedia Summit in Berlin.

Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Event Organized

Talks by Richard Abisla and Kaliya Young (Organized by CIS; Bangalore; March 4, 2019).

Internet Governance

Cyber Security

Research Paper

Improving the Processes for Disclosing Security Vulnerabilities to Government Entities in India (Karan Saini, Pranesh Prakash and Elonnai Hickok; March 20, 2019). This is an update to our previously released paper titled "Leveraging the Coordinated Vulnerability Disclosure Process to Improve the State of Information Security in India". The full document can be accessed here.

Privacy

Research Paper

The Localisation Gambit: Unpacking policy moves for the sovereign control of data in India (Arindrajit Basu, Elonnai Hickok and Aditya Singh Chawla; March 19, 2019).

Participation in Events

Nullcon Security Conference (Organized by Nullcon; March 1 - 2, 2019; Goa). Karan Saini attended the event.
Seminar on “Evolution of communication: Social Media & Beyond” (Organized by TRAI; Hotel Radisson Blu GRT, Near Airport, Chennaii; March 15, 2019).
DSCI-Infosys Roundtable (Organized by Infosys; Bangalore; March 25, 2019). Sunil Abraham was a speaker.

Free Speech and Expression

Event

Internet Speech: Perspectives on Regulation and Policy (Organized by CIS; India Habitat Centre; New Delhi; April 5, 2019).

Participation in Event

Just Net Coalition Workshop on Equity and Social Justice in a Digital World (Organized by Just Net Coalition Workshop on Equity and Social Justice in a Digital World and its partners; Bangkok; March 25 - 27, 2019). Anubha Sinha participated in the event.

Artificial Intelligence, ICT and IoT

Participation in Events

RFCs We Love: Transport & Apps Edition (Organized by India Internet Engineering Society; March 2, 2019; Go-Jek; Domlur, Bangalore). Gurshabad Grover was a speaker at this event.
Consultation on Draft E-commerce Policy (Organized by Alternative Law Forum and IT for Change; March 14, 2019; Tony Hall, Ashirwad , Off St.Marks Road; Bangalore). Arindrajit Basu attended the event.
International Conference on Justice Education:Legal Implications of Artificial Intelligence (Organized by Nirma University; Ahmedabad; March 15 - 16, 2019). Arindrajit Basu attended the conference.
AI for India Summit (Organized by Facebook; Leela Palace, Bengaluru; March 26, 2019). Shweta Mohandas participated in the event.
Roundtable on Consumer Experiences with New Technologies in APAC (Singapore) (Organized by Consumers International; Google, Singapore; March 26, 2019). Arindrajit Basu participated in the event.

Researchers at Work (RAW)

Blog Entries

#CollectionAndIdentity (Ravi Shukla, Rajiv K. Mishra, and Mrutyunjay Mishra; March 2, 2019).
The Many Lives and Sites of Internet in Bhubaneswar (Sailen Routray; March 2, 2019).
Effective Activism: The Internet, Social Media, and Hierarchical Activism in New Delhi (Sarah McKeever; March 12, 2019).
#CampusCampaigns: User Perceptions in Pre-digital and Digital Eras (Arjun Ghosh; March 12, 2019).
Taking Open Science Offline (Shreyashi Ray; March 21, 2019).

Participation in Event

Presentation at Global Digital Humanities Symposium (Organized by Michigan State University; March 21 - 22, 2019). P.P. Sneha gave a virtual presentation of her work on digital cultural archives.

About CIS

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/march-2019-newsletter