Centre for Internet and Society

SIF Concept Note

Admin — 2019-06-05T04:13:13Z

For more details visit https://cis-india.org/internet-governance/files/sif-concept-note

Short note on IT Amendment Act, 2008

pranesh — 2011-06-01T14:45:34Z

Pranesh Prakash of the Centre for Internet and Society wrote a short note in February 2009 on the Information Technology (Amendment) Act, 2008. This is being posted as a precursor to a more exhaustive analysis of the Act and the rules sought to be promulgated under the Act. Thus, this does not cover the regulations that have been drafted under the Act.

The new amendments to the Information Technology Act, 2000 that got passed by the Lok Sabha last December deserve a careful reading. There are a number of positive developments, as well as many which dismay. Positively, they signal an attempt by the government to create a dynamic policy that is technology neutral. This is exemplified by its embracing the idea of electronic signatures as opposed to digital signatures. But more could have been done on this front (for instance, section 76 of the Act still talks of floppy disks). There have also been attempts to deal proactively with the many new challenges that the Internet poses.

Freedom of Expression

The first amongst these challenges is that of child pornography. It is heartening to see that the section on child pornography (s.67B) has been drafted with some degree of care. It talks only of sexualized representations of actual children, and does not include fantasy play-acting by adults, etc. From a plain reading of the section, it is unclear whether drawings depicting children will also be deemed an offence under the section. Unfortunately, the section covers everyone who performs the conducts outlined in the section, including minors. A slight awkwardness is created by the age of "children" being defined in the explanation to section 67B as older than the age of sexual consent. So a person who is capable of having sex legally may not record such activity (even for private purposes) until he or she turns eighteen.

Another problem is that the word "transmit" has only been defined for section 66E. The phrase "causes to be transmitted" is used in section 67, 67A, and 67B. That phrase, on the face of it, would include the recipient who initiates a transmission along with the person from whose server the data is sent. While in India, traditionally the person charged with obscenity is the person who produces and distributes the obscene material, and not the consumer of such material. This new amendment might prove to be a change in that position.

Section 66A which punishes persons for sending offensive messages is overly broad, and is patently in violation of Art. 19(1)(a) of our Constitution. The fact that some information is "grossly offensive" (s.66A(a)) or that it causes "annoyance" or "inconvenience" while being known to be false (s.66A(c)) cannot be a reasons for curbing the freedom of speech unless it is directly related to decency or morality, public order, or defamation (or any of the four other grounds listed in Art. 19(2)). It must be stated here that many argue that John Stuart Mill's harm principle provides a better framework for freedom of expression than Joel Feinberg's offence principle. The latter part of s.66A(c), which talks of deception, is sufficient to combat spam and phishing, and hence the first half, talking of annoyance or inconvenience is not required. Additionally, it would be beneficial if an explanation could be added to s.66A(c) to make clear what "origin" means in that section. Because depending on the construction of that word s.66A(c) can, for instance, unintentionally prevent organisations from using proxy servers, and may prevent a person from using a sender envelope different form the "from" address in an e-mail (a feature that many e-mail providers like Gmail implement to allow people to send mails from their work account while being logged in to their personal account). Furthermore, it may also prevent remailers, tunnelling, and other forms of ensuring anonymity online. This doesn't seem to be what is intended by the legislature, but the section might end up having that effect. This should hence be clarified.

Section 69A grants powers to the Central Government to "issue directions for blocking of public access to any information through any computer resource". In English, that would mean that it allows the government to block any website. While necessity or expediency in terms of certain restricted interests are specified, no guidelines have been specified. Those guidelines, per s.69A(2), "shall be such as may be prescribed". It has to be ensured that they are prescribed first, before any powers of censorship are granted to any body. In India, it is clear that any law that gives unguided discretion on an administrative authority to exercise censorship is unreasonable (In re Venugopal, AIR 1954 Mad 901).

Intermediary Liability

The amendment to the provision on intermediary liability (s.79) while a change in the positive direction, as is seeks to make only the actual violators of the law liable for the offences committed, still isn't wide enough. This exemption is required to be widely worded to encourage innovation and to allow for corporate and public initiatives for sharing of content, including via peer-to-peer technologies.

Firstly, the requirement of taking down content upon receiving "actual knowledge" is much too heavy a burden for intermediaries. Such a requirement forces the intermediary to make decisions rather than the appropriate authority (which often is the judiciary). The intermediary is no position to decide whether a Gauguin painting of Tahitian women is obscene or not, since that requires judicial application of mind. Secondly, that requirement is vitiates the principles of natural justice and freedom of expression because it allows a communication and news medium to be gagged without giving it, or the party communicating through it, any due hearing. It has been held by our courts that a restriction that does not provide the affected persons a right to be heard is procedurally unreasonable (Virendra v. State of Punjab, AIR 1957 SC 896).

The intermediary loses protection of the act if (a) it initiates the transmission; (b) selects the receiver of the transmission; and (c) selects or modifies the information. While the first two are required to be classified as true "intermediaries", the third requirement is a bit too widely worded. For instance, an intermediary might automatically inject advertisements in all transmissions, but that modification does not go to the heart of the transmission, or make it responsible for the transmission in any way. Similarly, the intermediary may have a code of conduct, and may regulate transmissions with regard to explicit language (which is easy to judge), but would not have the capability to make judgments regarding fair use of copyrighted materials. So that kind of "selection" should not render the intermediary liable, since misuse of copyright might well be against the intermediary's terms and conditions of use.

Privacy and Surveillance

While the threat of cyber-terrorism might be very real, blanket monitoring of traffic is not the way forward to get results, and is sure to prove counter-productive. It is much easy to find a needle in a small bale of hay rather than in a haystack. Thus, it must be ensured that until the procedures and safeguards mentioned in sub-sections 69(2) and 69B(2) are drafted before the powers granted by those sections are exercised. Small-scale and targetted monitoring of metadata (called "traffic data" in the Bill) is a much more suitable solution, that will actually lead to results, instead of getting information overload through unchannelled monitoring of large quantities of data. If such safeguards aren't in place, then the powers might be of suspect constitutionality because of lack of guided exercise of those powers.

Very importantly, the government must also follow up on these powers by being transparent about the kinds of monitoring that it does to ensure that the civil and human rights guaranteed by our Constitution are upheld at all times.

Encryption

The amending bill does not really bring about much of a change with respect to encryption, except for expanding the scope of the government's power to order decryption. While earlier, under section 69, the Controller had powers to order decryption for certain purposes and order 'subscribers' to aid in doing so (with a sentence of up to seven years upon non-compliance), now the government may even call upon intermediaries to help it with decryption (s.69(3)). Additionally, s.118 of the Indian Penal Code has been amended to recognize the use of encryption as a possible means of concealment of a 'design to commit [an] offence punishable with death or imprisonment for life'.

The government already controls the strength of permissible encryption by way of the Internet Service Provider licences, and now has explicitly been granted the power to do so by s.84A of the Act. However, the government may only prescribe the modes or methods of encryption "for secure use of the electronic medium and for promotion of e-governance and e-commerce". Thus, it is possible to read that as effectively rendering nugatory the government's efforts to restrict the strength of encryption to 40-bit keys (for symmetric encryption).

Other Penal Provisions

Section 66F(1)(B), defining "cyberterrorism" is much too wide, and includes unauthorised access to information on a computer with a belief that that information may be used to cause injury to decency or morality or defamation, even. While there is no one globally accepted definition of cyberterrorism, it is tough to conceive of slander as a terrorist activity.

Another overly broad provision is s.43, which talks of "diminish[ing] its value or utility" while referring information residing on a computer, is overly broad and is not guided by the statute. Diminishing of the value of information residing on a computer could be done by a number of different acts, even copying of unpublished data by a conscientious whistleblower might, for instance, fall under this clause. While the statutory interpretation principle of noscitur a socii (that the word must be understood by the company it keeps) might be sought to be applied, in this case that doesn't give much direction either.

While all offences carrying penalties above three years imprisonment have been made cognizable, they have also been made bailable and lesser offences have been made compoundable. This is a desirable amendment, especially given the very realistic possibility of incorrect imprisonments (Airtel case, for instance), and frivolous cases that are being registered (Orkut obscenity cases).

Cheating by personation is not defined, and it is not clear whether it refers to cheating as referred to under the Indian Penal Code as conducted by communication devices, or whether it is creating a new category of offence. In the latter case, it is not at all clear whether a restricted meaning will be given to those words by the court such that only cases of phishing are penalised, or whether other forms of anonymous communications or other kinds of disputes in virtual worlds (like Second Life) will be brought under the meaning of "personation" and "cheating".

While it must be remembered that more law is not always an answer to dealing with problems, whether online or otherwise, it is good to note that the government has sought to address the newer problems that have arisen due to newer technologies. But equally important is the requirement to train both the judiciary and the law enforcement personnel to minimize the possibility of innocent citizens being harassed.

For more details visit https://cis-india.org/internet-governance/publications/it-act/short-note-on-amendment-act-2008

Shopping on apps raise privacy and security concerns

praskrishna — 2017-03-21T14:56:26Z

The recently concluded online Diwali sales frequently offered consumers hefty discounts on merchandise if they shopped via store app, a move that experts say increases security risks for internet users.

The article by Vivek Ananth was published by the Softcopy, an IIJNM Web Publication on November 23, 2015. Sunil Abraham gave inputs.

“It makes the security much worse because of increased complexity from the user perspective,” said Sunil Abraham, executive director at Centre for Internet and Society.

“User will have to install multiple apps and then worry about the security implications arising from each app. From the e-commerce corporation perspective it might reduce effort but for users this is a nightmare.”

Do apps increase security risks?

The degree of risk depends on the specific app and can only be determined after a detailed security audit, Abraham said.

“Unfortunately there aren't many organisations doing such audits and making their results available to the public,” he added.

There are some users who say that privacy on the internet isn’t an option.

“Once you are online your privacy is kind of gone,” said Hasmit Trivedi of Mumbai. “I mean you are vulnerable.”

“That (browsing history being used to target advertisements) does concern me, but not to the extent that I'll stop using these websites,” said Sweta Rajan, a lawyer from Mumbai.

“Google has done this forever," said Dinoo Muthappa.“I don't even care if they use my search to place advertisements of what they think I need while browsing.”

Comfort and Convenience trumps privacy

“I don't really shop for things I'm not comfortable allowing the world to know. I'm ok with them using this (usage pattern and browsing information) for commercial reasons,” Rajan said.

“We live in a world where the cost of convenience is our privacy. Take my user preferences,” said Dinoo Muthappa, a lawyer from Delhi.“If it means you'll make money and somehow reflect as a discount to me later, that's fine,” she added.

“I frankly don't have a problem with it in principle,” said Akshara Kumar Chitoor, a lawyer from Bengaluru, about companies mining data to target advertisements at her. “I don't think it's very different from how certain TV channels carry certain advertisements because they know the audiences.I mean, you get Rin and Horlicks ads on Zee and Sony but not Romedy Now or Comedy Central.”

“The convenience of having it come home when I want and not having to face the guy who I know is ripping me off; these guys can use and sell my information,” Muthappa said.

“With my work timings I literally do not find time to go to a store and shop,”Rajan said. “I buy everything online. It's very convenient and time saving.”

“Personally, I think just browsing stuff to buy is much easier on your computer,” said Sreenath Unnikrishnan, a product developer from Singapore. “However, I do think apps are more convenient for payment. As in your card information is normally stored and can be accessed without having to log in and all. I can do that on a computer too, but it's less secure. At least that's what I think.”

Google and Facebook have their advertisement norms disclosed.

Twitter also follows a similar model using the email ids that their users have associated with their twitter handles.

“If the service is free - then as many have said before - you are the product, said Sunil Abraham executive director at Centre for Internet and Society. “Your personal information is being sold to marketers and advertisers. As Bruce Schneier puts it ‘surveillance is the business model of the Internet’".

The terms and conditions are sometimes very long and use difficult language.

“Transparency and Informed Consent are principles in most jurisdictions that have data protection law modelled on the EU Data Protection Directive,” Abraham said.“Part of the transparency principle is the accessibility of the language.”

The user though still has an option to opt out of the above process where their data is collected by these companies.
Privacy policies of internet companies are legal documents. These are required under data protection laws. This makes them complicated, said Abraham.

The users don’t care that their usage data is being mined by businesses till they have a bad experience, Abraham said.

For more details visit https://cis-india.org/internet-governance/news/the-soft-copy-vivek-ananth-november-23-2015-shopping-on-apps-raise-privacy-and-security-concerns

Sharad Sharma Apologises for Trolling Aadhaar Critics; Unmasking Ispirit's Controversial Trolling Program

praskrishna — 2017-05-26T01:08:09Z

Last weekend I was at Aditi Mittal’s standup comedy show in Mumbai where she made a cheeky remark that stayed with me – “Do you guys know what India’s soft power is today? It is trolling!”

The blog post by Shweta Modgil was published by Inc 42 on May 23, 2017.

While she was poking fun at the Snapchat-Snapdeal-Evan Spiegel controversy, in a bizarre coincidence those words came back to haunt me three days later. That was when one of biometric authentication system Aadhaar’s most vocal critics, Kiran Jonnalagadda, co-founder of Internet Freedom Foundation (IFF), an advocacy group, revealed in a series of tweets that @Confident_India, one of the anonymous accounts arguing in favour of Aadhaar and attacking its critics on Twitter, was being operated by none other than Sharad Sharma, the founder of software products think tank iSPIRT.

At the time, Sharad had completely denied that he was tweeting from an anonymous account. But today, on Twitter, Sharad apologised for the anonymous trolling on Twitter.

In a tweet, Sharad stated that “There was a lapse of judgement on my part. I condoned tweets with uncivil comments. So I’d like to unreservedly apologise to everybody who was hurt by them.”

He added that “Anonymity seemed easier than propriety, and tired as I was by personal events and attacks on iSPIRT’s reputation, I slipped.” Furthermore, he stated that he would not be part of anything like this again or allow such behaviour to continue. He also revealed that an iSPIRT Guidelines and Compliance Committee (IGCC) has been set up to investigate the matter and recommend corrective action.

On Catching a Troll

On 17 May, Kiran tweeted out a revelation, which shook a lot of people – “Have we caught an Aadhaar troll?” Kiran used Twitter’s account reset option on Confident_India with Sharad Sharma’s number to see if it is was accepted. And, as per a screenshot posted by him, it did.

This was further corroborated by many other Twitter users. Medianama’s Nikhil Pahwa (and co-founder of IFF) also confirmed the same, tweeting that the troll account does link to Sharad Sharma.

In a detailed Medium post, Kiran then revealed how he investigated the rise of anonymous Twitter accounts and trolls responding to critics of Aadhaar. But what he revealed next was the shocking part – that at the 27th Fellows meeting of the think tank, a plan was hatched to respond to critics of India Stack which involved the use of trolls. A group called Sudham, created earlier, divided people who were broadcasting different views on Aadhaar, into different categories and then underlined various proposals on dealing with them. One of the groups called “archers” was entrusted to carry out the mainstream debate, while another group of “swordsmen” was entrusted to challenge people who were categorised as informed yet “trolling.” Swordsmen would do this by coordinating on WhatsApp with quick responses and in numbers.

Kiran got a hold of the presentation and also shared how one controversial slide also showed a detractor matrix.

It is this slide which Kiran uses to illustrate the fact that: “ iSPIRT has an officially sanctioned trolling program where the trolls coordinate on WhatsApp and attack together on Twitter, exactly the behaviour seen in all the tweets above—and I’ve only covered the leader’s tweets. There are at least a dozen known troll accounts that attack in packs.”

First Denial

Back when the information was first revealed, Sharad Sharma responded by denying that he was tweeting from the @Confident_India Twitter account.

He further added that he was in for a family emergency in the US. And that he was clueless as to why his number was linked with that account.

But, interestingly, what roused the investigator’s suspicions was that Sharad shared the same denial from another troll account @indiaforward2 – which was captured by another Twitter user before it was deleted.

The denial from Sharad’s true account came half an hour later. But the damage had been done and all fingers pointed in the direction of Sharad Sharma engaging in trolling from those accounts. Kiran then wrote another damning post on Sharad’s dubious denial.

As can be guessed, all the tweets related to this matter from Sharad’s and Indiaforward’s accounts have been deleted. The last tweet from Confident India’s account on 17 May professed that he is not Sharad Sharma.

Meanwhile, iSPIRT finally responded to Kiran’s revelations on Medium –“We want to categorically state that the allegations against iSPIRT coordinating and/or promoting any troll campaign are false and the evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.”

The post further explained that in its Fellows meeting held in February and April 2017, it did address the issue of the chatter around India Stack. It says, “Our volunteer, Tanuj Bhojwani, led the discussion and we outlined our strategy for dealing with our detractors. The slide in question is clearly titled “Detractor Matrix.” The slide outlines how we classify those speaking against India Stack, and how we are engaging with them. We called one category of people “informed yet trolling (IYT),” a category of people deliberately misleading people, despite understanding the nuance behind the debate.”

The post admitted that the think tank encouraged volunteers to respond to these IYT Twitter handles directly from their own personal handles. However, at no point did it endorse or recommend anonymous trolling.

“We are aware that some volunteers and their friends have created an anonymous campaign to Support Aadhaar. This is not a troll campaign, but an informational one. It is also not an iSPIRT campaign.”

It concluded with: “Kiran’s motivated misrepresentation of the slides perhaps speaks to his biases against iSPIRT.” The post added that it plans to investigate the confusion around the alleged mobile number and account link and clarify all outstanding questions.

Meanwhile coming back to trolling from where we started. Though Sharad’s apology did not say directly whether he operated the two Twitter accounts — @Confident_ India and @Indiaforward2 — which he was suspected of using for trolling- he signs off by saying that he requests “those who I have disappointed to look at this as an exception.”

The Aadhaar Controversy

While the series of incidents raises many doubts over an esteemed organisation such as iSPIRT, the controversy over Aadhaar, India’s massive biometric identification programme, has been raging for many months now.

Over the last few months, it has come under fire for not addressing the privacy concerns of an individual and leaking individual data. Aadhaar critics have pointed out that it is more a mass surveillance tool, can lead to identity thefts, and linking basic services with it spells doom.

This month, a CIS (Centre for Internet and Society ) report revealed that Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals, due to lack of IT security practices. The report claimed that the absence of “proper controls” in populating the databases could have disastrous results as it may divulge sensitive information about individuals, including details about the address, photographs, and financial data. It also added that as many as 100 Mn bank account numbers could have been “leaked.”

However, on May 16, the CIS updated its report and clarified that although the term ‘leak’ was originally used 22 times in its report, it is at “best characterised as an illegal data disclosure or publication and not a breach or a leak.” It also claimed that some of its findings were “misunderstood or misinterpreted” by the media and that it never suggested that the biometric database had been breached.

Meanwhile, the Aadhaar-issuing authority UIDAI has asked CIS to explain its sensational claim that 13 crore Aadhaar numbers were “leaked” and provide details of servers where they are stored. The UIDAI also wants CIS to clarify what kind of “sensitive data” is still with the Centre or anyone else. The UIDAI has strongly denied any breach of its database and has asked CIS to provide details such as the servers where the downloaded “sensitive data” is stored.

While the security of the above-mentioned Aadhaar data is still being debated, the government’s push towards making it compulsory across industries has become a major topic of debate in India.

From linking bank accounts, to PAN numbers, to obtaining free gas connections under the Pradhan Mantri Ujjwala Yojana, to linking scholarships to linking Aadhaar numbers to social welfare schemes for electronically disbursing money to specific beneficiaries, or the Aadhaar-enabled Payment System (AEPS), the government has been pushing on with Aadhaar to make it a mandatory ID rather than the voluntary one it was envisaged to be originally. India still does not have a data protection and privacy law and making Aadhaar mandatory in such a country is not without risks.

Given the fact that the UIDAI cannot afford to carry out authentication-based rollouts across schemes in haste as the failure rate of AEPS can lead to denial of direct benefits, it makes more sense to retain Aadhaar as a voluntary authenticator, at least until the government solves on-ground issues around Aadhaar-based authentication. Because any failure can erode public faith in Aadhaar as the beneficiary would not get his rightful ration over authentication failure— and, to that extent, in the government itself. So, for beneficiaries who depend on public distribution systems (PDS) for rice, sugar, kerosene or oil, authentication failure is a serious problem.

It is to this effect that PILs (public interest litigation suits) have been filed in the Supreme Court stating that making Aadhaar compulsory is illegal and would virtually convert citizens into “slaves” as they would be under the government’s surveillance all the time. The Supreme Court had itself stated in August 2015 that Aadhaar cards will not be mandatory for availing benefits of government’s welfare schemes and had also barred authorities from sharing personal biometric data collected for enrollment under the scheme.

Last month too, it lambasted the Narendra Modi-led BJP government at the Centre for making Aadhaar card a mandatory prerequisite to avail government services. The court will examine all applications against Aadhaar on June 27 2017, while the government remains steadfast on not extending the deadline of June 30 by which various schemes such as the grant of scholarships, Sarva Shiksha Abhiyan and various other social welfare schemes were to seek mandatory Aadhaar number.

While the debate rages on, controversies keep on piling up. Recently, linking people living with HIV/ AIDS with Aadhaar cards has allegedly driven away patients from hospitals and antiretroviral therapy (ATR) centres in Madhya Pradesh. As per health department sources, the MP State AIDS Control Society made Aadhaar card number compulsory from February this year for those affected by the virus to get free medicines and treatment in accordance with the Central government’s policy making Aadhaar mandatory to avail benefits of any government scheme.

However, this led to negative fallout as many patients and suspected victims started avoiding ATR centres and district hospitals after the new rule came into effect. The patients feared that the compulsory submission of Aadhaar card to get free medicines and medical check-ups could lead to the disclosure of their identity, inviting social stigma.

While there is no denying the fact that, in a welfare state, technology can play a big role in enabling the state to hand out entitlements more efficiently and distribute public services at scale. But doing the same at the cost of an individual citizen’s privacy and resting it all on one mandatory number whose authentication is still not completely foolproof, is hardly the way a welfare state would like to operate.

For more details visit https://cis-india.org/internet-governance/news/inc42-may-23-2017-shweta-modgil-sharad-sharma-aplogises-for-trolling-aadhaar-critics

Sex, drugs and the dark web

Admin — 2018-01-02T16:13:14Z

Blend anonymity and bitcoins for a ‘guaranteed safe’ cocktail of terrifying potential.

The article was published in the Hindu on October 7, 2017.

It’s hardly a secret that marijuana’s quite easy to get nowadays. Cigarette shop owners, paanwaalas, and otherwise innocuous dealers of innocuous goods hide their stash just out of sight of the unaware. Rustom Juneja is just another marijuana-smoking adult in one of India’s biggest cities. He used to get his ‘stuff’ from local dealers. Till he “got bored of Indian produce,” as he says. So, in 2015, he decided to go to the dark web.

“I brought strains of marijuana from the U.S. and Canada, from a marketplace on the dark web,” Juneja says. The packages were shipped from their respective countries, they traversed borders, bypassed stringent security and checks, crossed continents, and landed at Juneja’s doorstep.

That is the dark web for you. Completely unpoliced, willing users can find anything, from the aforementioned marijuana, to “hard” drugs, to military grade-weaponry and even sex workers. All delivered to your doorstep just like books or designer watches from Amazon, Flipkart, or Snapdeal. And yes, some even offer cash-on-delivery. Returns might not be as simple, though.

Earlier this year, a group of students were arrested in Hyderabad on charges of purchasing LSD (also called ‘acid’) on the dark web. But they weren’t arrested because they had made the transaction on the dark web; they were arrested because the purchase and/ or use of LSD is illegal under Indian law (Narcotic Drugs and Psychotropic Substances Act, 1985).

In India, transactions on the dark web belong to a legal grey area. More importantly, the transactions here are mostly untraceable.

So, just what is the dark web?

Shadow world

The world wide web is a Brobdingnagian mass of data, parts of which are ‘indexed’ so that they may be found by users through search engines (Google, Bing, etc). The parts of the web that aren’t indexed, and therefore available for public access, are known as the ‘deep web’. This was the part initially known as the dark web, with the ‘dark’ being more an allusion to being kept away from the light of regular access than its now more nefarious association. While it’s near impossible to put a number to it, unofficial estimates mostly concur that the vast majority of the web is unindexed.

Then, in the early 2000s, programmers began developing techniques that would be able to offer anonymous access to these hidden bits of the web. In 2002, the U.S. Naval Laboratory released one of the earliest versions of The Onion Router (TOR), a software that would allow anonymous communication between American intelligence agents and operatives on foreign soil.

This didn’t go quite according to plan, though. Tor was soon appropriated by cyberpunks, who began using the protocol to give access to websites that would host, share, and trade illicit goods. Today, the dark web is a sub-section of the deep web, accessed using specialised software like Tor that ensures absolute anonymity.

The onion protocol

“If you want to track anything on the Internet, it can happen at three levels — the level of the person who sends a request, at the level of the person responding to this request, or it can happen in between these two ends,” says Udbhav Tiwari, Policy Officer at the Centre for Internet and Society.

“Because of this structure, it is easy to track actions and resources across the Internet, using the same terminology that makes it so easy to index and search. So, people began thinking this might become a problem.”

Most of us have heard of the Hyper Text Transfer Protocol Secure or HTTPS, a protocol that ensures that information is encrypted and secure the moment it leaves a computer till the time it reaches a destination computer. But this protocol only protects one of the three levels on which information might be tracked. The dark web is built to ensure that the remaining levels are also protected and kept anonymous.

“The reason it’s called the ‘onion’ protocol is because there are bits of information that are encrypted over and over again. So, when something leaves one computer, it is encrypted with a layer, then it hits another computer and is encrypted with another layer, and it hits another computer, where it is encrypted yet again. When this information returns, each layer is peeled off, so that you get the information you requested, with none of the encryption,” Tiwari says.

This kind of encryption makes it borderline impossible to figure out who is communicating with who and what they are talking about, unless the physical machines at either end are compromised, or a vulnerability on these machines is exploited by setting up a fake website on the Internet — a technique the FBI uses to track child pornography.

And what does it all mean? A level of guaranteed secrecy with terrifying potential. A 2015 study found that light drugs were the most traded commodity on the dark web, and that as much as 26% of its content could be classified as ‘child exploitation’.

A 2016 study found that almost 57% of live websites on the dark web hosted illicit material. The ease of access and the minimal chances of being caught has meant a steady rise in the use of the dark web and the murk it peddles.

It’s a market where both buyer and vendor are rated, like Uber. This establishes trust, and authenticates the veracity of a potential transaction. Thus, for instance, buyers are obviously more inclined to buy an assault rifle from a highly-rated seller. And you will be sold grenades only if your ratings assure the vendor you’ll fulfil your end of the transaction.

Once a transaction is finalised, the payment is held ‘in escrow’ — a third party arbitration system which ensures the buyer is paid only after they have met their end of the bargain. The third parties also arbitrate in the event of a dispute.

As easy as pie

Juneja bought marijuana three times, all from the same vendor, but only two shipments reached him. The third time, the parcel never landed, but the arbiters decided in favour of the vendor because he had a much better rating and Juneja lost his money.

With no proper method to find out whether the vendor has shipped a product or the buyer has received it, this adjudication is seen as the best stop-gap arrangement. For Juneja, as for many others, the loss was a deal breaker, and he didn’t go back to the dark web.

When the first two shipments did arrive though, they came with absolute swagger and nonchalance. “The product was sealed and flattened out, as if it were a magazine or postcard.” It does say something of international security that it can’t differentiate between a shipment of The New Yorker and marijuana.

Dark web transactions were initially carried out using legal state-issued currencies. However, the simplicity of tracking online transactions made with property monitored by the government led to the rise of cryptocurrencies — digital or virtual currency that uses cryptographic techniques for security and which would be beyond state control. Besides the need to go underground, there was a political angle.

“These people see money as a state incursion into private affairs,” says Jyotirmoy Bhattacharya, economics professor at Delhi’s Ambedkar University.

The first, and still most popular, cryptocurrency was released in 2009 — bitcoin. Created by an unknown person or group of people, going only by the pseudonym Satashi Nakamoto, bitcoin was intended as a ‘peer-to-peer electronic cash system’, which would be completely decentralised, with no central server or state authority. This meant that the value and proliferation of bitcoin would be determined by its creators and users.

The idea of a virtual currency has been around since before Nakamoto, but a large problem was in limiting creation and supply. Bitcoin was the first to solve this problem. “Bitcoin uses a technique known as the ‘proof-of-work’ (POW). So, to create a new set of this currency, you have to spend some amount of computational resources. This limits how much currency you can generate, thus ensuring that the currency has a value,” says Bhattacharya.

What is bitcoin?

“A bitcoin is simply a solution to a puzzle. If there are a set of puzzles that are a part of the bitcoin protocol, one bitcoin is simply one of the solved puzzles of that set, along with a digital signature of who solved the puzzle,” says Bhattacharya. A public ledger tracks the ownership of bitcoins, which ensures that the same one is not used again by the same person.

“Since there is no central authority, your transaction has to match the globally agreed ledger.” To ensure that ownership of bitcoin is legitimate, every transaction is published in the ledger, thus creating a ‘chain of transactions’ known as a blockchain.

Over the past few years, the value of bitcoin has skyrocketed, so much so that people have begun investing in it, as an asset. When bitcoin was first used as tender in early 2010, it was valued at around $0.003. For a brief while in August, one bitcoin was valued at $4,500, a record high.

In the everyday world of eggs and bread, though, bitcoin has limited use. It is still unrecognised by several nations, and deemed illegal in many others. It’s in the dark web that it finds its most votaries. While it would be flippant to suggest that bitcoin is used on the dark web solely for illicit uses, it is difficult to deny its origins for that purpose, and its continuing use there.

Bedavyasa Mohanty, an Associate Fellow at Observer Research Foundation Cyber Initiative, says that there are Indian users transacting on the dark web using bitcoin and claims that this number is only likely to increase as accessibility increases. “Bitcoin cannot be tracked,” says Mohanty. “With the ledger and the blockchain, you can trace the trail of a certain bitcoin, but it is anonymised. You can’t point out who owns that bitcoin.”

This, in effect, means an entirely anonymous transaction may be made on the dark web for any number of illegal goods or services using a currency that leaves a trail which goes nowhere and leaves no fingerprints. This, in a nutshell, is the danger when bitcoin combines with the dark web.

Several users I spoke to either claimed that fears about the dark web were mostly unfounded, or that the freedom it offered was an essential facet of the Internet. But it can’t be denied that the sheer possibility that somebody can deal in child porn or hard drugs or deadly weapons right under the nose of the law is a terrifying one.

From the perspective of Indian law enforcement, given the technical knowhow they have to track down owners and users of bitcoins, the chances of discovery are minimal, says Mohanty. The currency uses a system of public and private ‘keys’, ensuring that an intercepted bitcoin transmission is useless without those keys. To top it, India does not have any clear laws to regulate cryptocurrencies.

“For India to regulate cryptocurrencies, it would need to legally recognise their existence,” says Mohanty. “And if you do recognise them, what do you treat them as? As a security? Or as a currency that can be traded openly, and so on. That’s part of the reason why the Reserve Bank hasn’t formally recognised cryptocurrencies.”

Flagging illegal trades

Bitcoin exchanges in India insist that they follow strict guidelines and e-KYC (Know Your Customer) rules, ensuring that the identity of every customer on the exchange is verified. “If somebody tries to use a bitcoin from Zebpay or any other recognised exchange, they will definitely be tracked down,” says Saurabh Agrawal, co-founder of Zebpay, one of India’s largest bitcoin exchanges.

“We use strong software; if any of our users use bitcoins for illegal purposes, we close their accounts. We’ve done this in the past and will do so in future as well.” He claims their software maintains a list of web addresses deemed ‘red alert’ sites, and the moment a bitcoin is sent to such a site, the transaction is flagged.

Others are less positive. “While we can track whether a transaction is made through illegal routes, to some extent it’s true that we cannot track all transactions in real time as this takes a large amount of data,” says Sathvik Vishwanath, CEO, Unocoin.

“But if someone is trying to buy or sell from illegal marketplaces, we have a mechanism where we can — and do — stop it.” Given that customers are KYC-verified, “they don’t try to indulge in malicious activities,” he says.

Pan to Rustom Juneja. Juneja made three transactions in 2015, using bitcoins purchased entirely legally from an exchange. “You have to create an account on any of the markets online, and transfer your bitcoins to that account,” Juneja informs me. His account too was KYC-verified, and they had all his details — PAN number, Aadhar, and so on. He had no clue then that the exchanges had tracking methods. “Look, if these actually worked, there’s no way we wouldn’t have been caught,” he says.

Part of the problem, of course, is that Indian law does not recognise the dark web as a separate entity from the ‘surface’ web; there are no special laws for it. Yet, even if laws were put in place, there are few ways in which states can monitor or block the use of the dark web owing to a host of technical and legal reasons.

“A sense of urgency [regarding the dark web], especially relating to the use of bitcoin for illicit activities, hasn’t been instilled in the government yet,” says Mohanty. “What they are worried about is terrorism, and the use of anonymous technologies and chatrooms for radicalisation, terror planning, or buying and selling weapons.”

Juneja is one of a few thousand active Indian users on the dark web. Nothing stops them from buying a strain of marijuana from Canada. But nothing stops them from buying a Kalashnikov either.

Sunny side up

The dark web isn’t necessarily only a marketplace for all of the world’s nefarious practices. The very anonymity and shrouds that the dark web offers can be used for general practices by users looking merely for privacy.

Aritra Ghosh, a Ph.D student of Computational Astrophysics at Yale University says, “(The dark web is) possibly the only way to do something in “secret” away from any kind of surveillance. Onion routing still hasn’t been broken. So, it can play a substantial role in movements against companies, governments and so on.”

And this is a quality that many frequenters of the dark web swear by. Even the ability to use anonymous messenger service with a near-complete guarantee of not being ‘watched’ drives a lot of people here.

Akarsh Pandit, 24, says unrestricted access to many resources including books and documents is an area of huge potential. “Another significant pro is the avoidance of national firewalls that exist in some countries. Moreover, you gain access to unindexed search results,” he says.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-saurya-sengupta-sex-drugs-and-the-dark-web

Seventh Privacy Round-table

elonnai — 2013-11-20T09:58:39Z

On October 19, 2013, the Centre for Internet and Society (CIS) in collaboration with the Federation for Indian Chambers of Commerce and Industry, the Data Security Council of India, and Privacy International held a “Privacy Round-table” in New Delhi at the FICCI Federation House.

The Round-table was the last in a series of seven, beginning in April 2013, which were held across India.

Previous Privacy Round-tables were held in:

New Delhi: (April 13, 2013) with 45 participants;
Bangalore: (April 20, 2013) with 45 participants;
Chennai: (May 18, 2013) with 25 participants;
Mumbai, (June 15, 2013) with 20 participants;
Kolkata: (July 13, 2013) with 25 participants; and
New Delhi: (August 24, 2013) with 40 participants.

Chantal Bernier, Assistant Privacy Commissioner Canada, Jacob Kohnstamm, Dutch Data Protection Authority and Chairman of the Article 29 Working Party, and Christopher Graham, Information Commissioner UK were the featured speakers for this event.

The Privacy Round-tables were organised to ignite spark in public dialogues and gain feedback for a privacy framework for India. To achieve this, the Privacy Protection Bill, 2013, drafted by the Centre for Internet and Society, Strengthening Privacy through Co-regulation by the Data Security Council of India, and the Report of the Group of Experts on Privacy by the Justice A.P. Shah committee were used as background documents for the Round-tables. As a note, after each Round-table, CIS revised the text of the Privacy Protection Bill, 2013 based on feedback gathered from the general public.

The Seventh Privacy Round-table meeting began with an overview of the past round-tables and a description of the evolution of a privacy legislation in India till date, and an overview of the Indian interception regime. In 2011, the Department of Personnel and Training drafted a Privacy Bill that incorporated provisions regulating data protection, surveillance, interception of communications, and unsolicited messages. Since 2010, India has been seeking data secure status from the European Union, and in 2012 a report was issued noting that the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules found under section 43A of the Information Technology Act, were not sufficient to meet EU data secure adequacy. In 2012, the Report of the Group of Experts on Privacy was published recommending a privacy framework for India and was accepted by the government, and the Department of Personnel and Training is presently responsible for drafting of a privacy legislation for India.

Presentation: Jacob Kohnstamm, Dutch Data Protection Authority and Chairman of the Article 29 Working Group

Jacob Kohnstamm, made a presentation on the privacy framework in the European Union. In his presentation, Khonstamm shared how history, such as the Second World War, shaped the present understanding and legal framework for privacy in the European Union, where privacy is seen as a fundamental human right. Kohnstamm also explained how over the years technological developments have made data gold, and subsequently, companies who process this data and create services that allow for the generation of more data are becoming monopolies. This has created an unbalanced situation for the individual consumer, where his or her data is being routinely collected by companies, and once collected — the individual loses control over the data. Because of this asymmetric relationship, data protection regulations are critical to ensure that individual rights are safeguarded.

Kohnstamm recognized the tension between stringent data protection regulations and security for the government, and the provision of services for businesses was recognized. However, he argued that the use of technology without regulation — for commercial reason or security reasons, can lead to harm. Thus, it is key that any regulation incorporate proportionality as a cornerstone to the use of these technologies to ensure trust between the individual and the State, and the individual and the corporation. This will also ensure that individuals are given the right of equality, and the right to live free of discrimination. Kohnstamm went on to explain that any regulation needs to ensure that individuals are provided the necessary tools to control their data and that a robust supervisory authority is established with enough powers to enforce the provisions, and that checks and balances are put in place to safeguard against abuse.

In response to a question asked about how the EU addresses the tension of data protection and national security, Kohnstamm clarified that in the EU, national security is left as a matter for member states to address but the main principles found in the EU Data Protection Directive also apply to the handling of information for national security purposes. He emphasized the importance of the creation of checks and balances. As security agencies are given additional and broader powers, they must also be subjected to stronger safeguards.

Kohnstamm also discussed the history of the fair trade agreement with India, and India’s request for data secure status. It was noted that currently the fair trade agreement between India and the EU is stalled, as India has asked for data secure status. For the EU to grant this status, it must be satisfied that when European data is transferred and processed in India and that it is subject to the same level of protections as it would be if it were processed in the EU. Without a privacy legislation in place, India’s present regime does not reflect the same level of protections as the EU regime. To find a way out of this ‘dead lock’, the EU and India have agreed to set up an expert group — with experts from both the EU and India to find a way in which India’s regime can be modified to meet EU date secure adequacy. As of date, no experts from the Indian side have been nominated and communicated to the EU.

Key Points:

Europe’s history has influenced the understanding and formulation of the right to privacy as a fundamental right.
Any privacy regulation must have strong checks and balances in place and ensure that individuals are given the tools to control their data.
India’s current regime does not meet EU data secure adequacy. Currently, the EU is waiting for India to nominate experts to work with the EU to find a way of the ‘dead lock’.

Discussion: National Security, Surveillance and Privacy

Opening the discussion up to the floor, it was discussed how in India, there is a tension between data protection and national security, as national security is always a blanket exception to the right to privacy. This tension has been discussed and debated by both democratic institutions in India and commercial entities. It was pointed out that though data protection is a new debate, national security is a debate that has existed in India for many years. It was also pointed out that currently there are not sufficient checks and balances for the powers given to Indian security agencies. One missing safeguard that the Indian regime has been heavily criticized for is the power of the Secretary of the Home Ministry to authorize interception requests, as having the authorization power vested in the executive leaves little space between interested parties seeking approval of interception orders, and could result in abuse or conflict of interest. With regards to the Indian interception regime, it was explained that currently there are five ways in which messages can be intercepted in India. Previously, the Law Commission of India had asked that amendments be made to both the Indian Post Office Act and the Indian Telegraph Act.

Moving the discussion to the Privacy Protection Bill, 2013 by CIS, in Chapter V “Surveillance and Interception of Communications” clause 34, the authorization of interception and surveillance orders is left to a magistrate. Previously, the authorization of interception orders rested with the Privacy Commissioner, but this model was heavily critiqued in previous round-tables, and the authorizing authority has been subsequently changed to a magistrate. Participants pointed out that the Bill should specify the level of the magistrate that will be responsible for the authorization of surveillance orders, and also raised the concern that the lower judiciary in India is not adequately functioning as the courts are overwhelmed, thus creating the possibility for abuse. Participants also suggested that perhaps data protection and surveillance should be de-linked from each other and placed in separate bills. This echoes public feedback from previous roundtables.

While discussing needed safeguards in an interception and surveillance regime for India, it was called out that transparency of surveillance, by both the government and the service providers as key safeguards to ensuring the protection of privacy, as it would enable individuals to make educated decisions about the services they choose to use and the extent of governmental surveillance. The need to bring in a provision that incorporated the idea of "nexus of surveillance" was also highlighted. It was also pointed out that in Canada, entities wanting to deploy surveillance in the name of public safety, must take steps to prove nexus. For example, the organization must empirically prove that there is a need for a security requirement, demonstrate that only data that is absolutely necessary will be collected, show how the technology will be effective, prove that there is not a less invasive way to collect the information, demonstrate security measures in place to ensure against loss and misuse, and the organizations must have in place both internal and external oversight mechanisms. It was also shared that in Canada, security agencies are regulated by the Office of the Canadian Privacy Commissioner, as privacy and security are not seen as separate matters. In the Canadian regime, because security agencies have more powers, they are also subjected to greater oversight.

Key Points:

The Indian surveillance regime currently does not have strong enough safeguards.
The concept of ‘nexus’ should be incorporated into the Privacy Protection Bill, 2013.
A magistrate, through judicial oversight for interception and surveillance requests, might not be the most effective authority for this role in India.

Presentation: Chantal Bernier, Deputy Privacy Commissioner, Canada

In her presentation, Bernier made the note that in the Canadian model there are multiple legislative initiatives that are separate but connected, and all provide a legislative basis for the right to privacy. Furthermore, it was pointed out that there are two privacy legislations in Canada, one regulating the private sector and the other regulating the public sector. It has been structured this way as it is understood that the relationship between individuals and business is based on consent, while the relationship between individuals and the state is based on human rights. Furthermore, aspects of privacy, such as consent are different in the public sector and the private sector. In her presentation, Bernier pointed out that privacy is a global issue and because of this, it is critical that countries have privacy regimes that can speak to each other. This does not mean that the regimes must be identical, but they must at the least be inter-operable.

Bernier described three main characteristics of the Canadian privacy regime including:

It is comprehensive and applies to both the public and the private sectors.
The right to privacy in Canada is constitutionally based and is a fundamental right as it is attached to personal integrity. This means that privacy is above contractual fairness. That said, the right to privacy must be balanced collectively with other imperatives.
The Canadian privacy regime is principle based and not rule based. This flexible model allows for quick adaption to changing technologies and societal norms. Furthermore, Bernier explained how Canada places responsibility and accountability on companies to respect, protect, and secure privacy in the way in which the company believes it can meet. Bernier also noted that all companies are responsible and accountable for any data that they outsource for processing.

Furthermore, any company that substantially deals with Canadians must ensure that the forum for which complaints etc., are heard is Canada. Furthermore, under the Canadian privacy regime, accountability for data protection rests with the original data holder who must ensure — through contractual clauses — that any information processed through a third party meets the Canadian level of protection. This means any company that deals with a Canadian company will be required to meet the Canadian standards for data protection.

Speaking to the governance structure of the Office of the Privacy Commissioner in Canada, Bernier explained that the OPC is a completely independent office and reports directly to the Parliament. The OPC hears complaints from both individuals and organizations. The OPC does not have any enforcement powers, such as finding a company, but does have the ability to "name" companies who are not in compliance with Canadian regulations, if it is in the public interest to do so. The OPC can perform audits upon discretion with respect to the public sector, and can perform audits on the private sector if they have reasonable grounds to investigate.

Bernier concluded her presentation with lessons that have been learned from the Canadian experience including:

The importance of having strong regulators.
Privacy regulators must work and cooperate together.
Privacy has become a condition of trade.
In today’s age, issues around surveillance cannot be underestimated.
Companies that have strong privacy practices now have a competitive advantage in place in today’s global market.
Privacy frameworks must be clear and flexible.
Oversight must be powerful to ensure proper protection of citizens in a world of asymmetry between individuals, corporations, and governments.

Key Points:

The Right to Privacy is a fundamental right in Canada.
The Canadian privacy regime regulates the public sector and the private sector, but through two separate legislations.
The OPC does not have the power to levy fines, but does have the power to conduct audits and investigations and ‘name’ companies who are not in compliance with Canadian regulations if it is in the public interest.

Discussion: The Data Protection Authority

Participants also discussed the composition of the Data Protection Authority as described in chapter IV of the Privacy Protection Bill. It was called out that the in the Bill, the Data Protection Authority might need to be made more independent. It was suggested that to avoid having the office of the Data Protection Authority be filled with bureaucrats, the Bill should specify that the office must be staffed by individuals with IT experience, lawyers, judges, etc. On the other hand it was cautioned, that though this might be useful to some extent, it might not be helpful to be overly prescriptive, as there is no set profile of what composition of employees makes for a strong and effective Data Protection Authority. Instead the Bill should ensure that the office of the Data Protection Authority is independent, accountable, and chosen by an independent selection board.

When discussing possible models for the framework of the Data Protection Authority, it was pointed out that there are many models that could be adopted. Currently in India the commission model is not flexible, and many commissions that are set up, are not effective due to funding and internal bureaucracy. Taking that into account, in the Privacy Protection Bill, 2013, the Data Protection Authority, could be established as a small regulator with an appellate body to hear complaints.

Key Points:

The Data Protection Authority established in the Privacy Protection Bill must be adequately independent.
The composition of the Data Protection Authority be diverse and it should have the competence to address the dynamic nature of privacy.
The Data Protection Authority could be established as a small regulator with an appellate body attached.

Presentation: Christopher Graham, Information Commissioner, United Kingdom

Christopher Graham, the UK Information Commissioner, spoke about the privacy regime in the United Kingdom and his role as the UK Information Commissioner. As the UK Information Commissioner, his office is responsible for both the UK Data Protection Act and the Freedom of Information Act. In this way, the right to know is not in opposition to the right to privacy, but instead an integral part.

Graham said that his office also provides advice to data controllers on how to comply with the privacy principles found in the Data Protection Act, and his office has the power to fine up to half a million pounds on non-compliant data controllers. Despite having this power, it is rarely used, as a smaller fine is usually sufficient enough for the desired effect. Yet, at the end of the day, whatever penalty is levied, it must be proportionate and risk based i.e., selective to be effective. In this way the regulatory regime should not be heavy handed but instead should be subtle and effective. In fact, one of the strongest regulators is the reality of the market place where the price of not having strong standards is innovation and economic growth. To this extent, Graham also pointed out that self regulation and co-regulation are both workable models, if there is strong enforcement mechanisms. Graham emphasized the fact that any data protection must go beyond, and cannot be limited to, just security.

Graham also explained that he has found that currently there is a lack of confidence in Indian partners. This is problematic as the Indian industry tries to grow with European partners. For example, he has been told that customers are moving banks because their previous bank’s back offices were located in India. Citing other examples of cases of data breaches from Indian data controllers, such as a call center merging the accounts of two customers and another call centre selling customer information, he explained that the lack of confidence in the Indian regime has real economic implications. Graham further explained that one difficulty that the office of the UK ICO is faced with, is that India does not have the equivalent of the ICO. Thus, when a breach does happen, it is unclear who can be approached in India about the breach.

Touching upon the issue of data adequacy with the EU, Graham noted that if data adequacy is a goal of India, the privacy principles as defined in the Directive and reflected in the UK Data Protection Act, must be addressed in addition to security. In his presentation, Graham emphasized the importance of India amending their current regime, if they want data secure status and spoke about the economic benefits for both Europe and India, if India does in fact obtain data secure status. In response to a question about why it is so important that India amend its laws, if in effect the UK has the ability to enforce the provisions of UK Data Protection Act, Graham clarified that most important is the rule of law, and according to UK law and more broadly the EU Directive, companies cannot transfer information to jurisdictions that do not have recognized adequate levels of protection. Thus, if companies still wish to transfer information to India, this must be done through binding corporate rules.

Another question which was put forth was about how the right to privacy differs from other human rights, and why countries are requiring that other countries to uphold the right to privacy to the same level, when, for example this is not practiced for other human rights such as children’s rights. In response Graham explained that data belongs to the individual, and when it is transferred to another country — it still belongs to the individual. Although the UK would like all countries to uphold the rights of children to the standard that they do, the UK is not exporting UK citizen’s children to India. Thus, as the Information Commissioner he has a responsibility to protect his citizen’s data, even when it leaves the UK jurisdiction. Graham explained further that in the history of Europe, the misuse of data to do harm has been a common trend, which is why privacy is seen as a fundamental right, and why it is paramount that European data is subject to the same level of protection no matter what jurisdiction it is in. India needs to understand that privacy is a fundamental right and goes beyond security, and that when a company processes data it does not own the data, the individual owns the data and thus has rights attached to it to understand why Europe requires countries to be ‘data secure’ before transferring data to them.

Key Points:

The UK Information Commissioners Office regulates both the right to information and privacy, and thus the two rights are seen as integral to each other.
Penalties must be proportionate and scalable to the offense.
Co-regulation and self-regulation can both be viable models to for privacy, but enforcement is key to them being effective.

Discussion: Collection of Data with Consent and Collection of Data without Consent

Participants also discussed the collection of data with consent and the collection of data without consent found in Chapter III of the Bill. When asked opinions about the circumstances when informed consent should not be required, it was pointed out that in the Canadian model, the option to collect information without consent only applies to the public sector if it is necessary for the delivery of a service by the government. In the private sector all collection of information requires informed and meaningful consent. Yet, collection of data without consent in the commercial context is an area that Canada is wrestling with, as there are instances, such as online advertising, where it is unreasonable to expect consent all the time. It was also pointed out that in the European Directive, consent is only one of the seven grounds under which data can be collected. As part of the conversation on consent, it was pointed out that the Bill currently does not take explicitly take into account the consent for transfer of information, and it does not address changing terms of service and if companies must re-take consent, or if providing notice to the individual was sufficient. The question about consent and additional collection of data that is generated through use of that service was also raised. For example, if an individual signs up for a mobile connection and initially provides information that the service provider stores in accordance to the privacy principles, does the service provider have an obligation to treat all data generated by the user while using the service of the same? The exception of disclosure without consent was also raised and it was pointed out that companies are required to disclose information to law enforcement when required. For example, telecom service providers must now store location data of all subscribers for up to 6 months and share the same when requested by law enforcement.

Key Points:

There are instances where expecting companies to have informed consent for every collection of information is not reasonable. Alternative models, based on — for example transparency — must be explored to address these situations.
The Privacy Protection Bill should explicitly address transfer of information to other countries.
The Privacy Protection Bill should address consent in the context of changing terms of service.

Discussion: Penalties and Offences

The penalties and offenses prescribed in chapter VI of the Privacy Protection Bill were discussed by participants. While discussing the chapter, many different opinions were voiced. For example, some participants held the opinion that offences and penalties should not exist in the Privacy Protection Bill, because in reality they are more likely than not to be effective. For example, when litigating civil penalties, it takes a long time for the money to be realized. Others argued that in India, where enforcement of any law is often weak, strong, clear, and well defined criminal penalties are needed. Another comment raised the point that a distinction should be made between breaches of the law by data controllers and breaches by rogue individuals — as the type of violation. For example, a breach by a data controller is often a matter identifying the breach and putting in place strictures to ensure that it does not happen again by holding the company accountable through oversight. Where as a breach by a rogue agent entails identifying the breach and the rogue agent and creating a strong enough penalty to ensure that they will not repeat the violation. Adding to this discussion, it was pointed out that in the end, scalability is key in ensuring that penalties are proportional and effective. It was also noted that in the UK, any fine that is levied is appealable. This builds in a system of checks and balances, and ensures that companies and individuals are not subject to unfair or burdensome penalties.

The possibility of incentivizing compliance, through rewards and distinctions, was discussed by participants. Some felt that incentivizing compliance would be more effective as it would give companies distinct advantages to incorporating privacy protections, while others felt that incentives can be included but penalties cannot be excluded, otherwise the provisions of the Privacy Protection Bill 2013 will not be enforceable. It was also pointed out that in the context of India, ideally there should be a mechanism to address the ‘leakages’ that happen in the system i.e., corruption. Though this is difficult to achieve, regulations could take steps like specifically prohibiting the voluntary disclosure of information by companies to law enforcement. Taking a sectoral approach to penalties was also suggested as companies in different sectors face specific challenges and types of breaches. Another approach that could be implemented is the statement of a time limit for data controllers and commissioners to respond to complaints. This has worked for the implementation of the Right to Information Act in India, and it would be interesting to see how it plays out for the right to privacy. Throughout the discussion a number of different possible ways to structure offenses and penalties were suggested, but for all of them it was clear that it is important to be creative about the type of penalties and not rely only on financial penalty, as for many companies, a fine has less of an impact than perhaps having to publicly disclose what happened around a data breach.

Key Points:

Penalties and offenses by companies vs. rogue agents should be separately addressed in the Bill.
Instead of levying penalties, the Bill should include incentives to ensure compliance.
Penalties for companies should go beyond fines and include mechanisms such as requiring the company to disclose to the public information about the breach.

Discussion: Cultural Aspects of Privacy

The cultural realities of India, and the subsequent impact on the perception of privacy in India were discussed. It was pointed out that India has a history of colonization, multiple religions and languages, ethnic tensions, a communal based society, and a large population. All of these factors impact understandings, perceptions, practices, and the effectiveness of different frameworks around privacy in India. For example, the point was raised that given India’s cultural and political diversity, having a principle based model might be too difficult to enforce as every judge, authority, and regulator will have a different perspective and agenda. Other participants pointed out that there is a lack of awareness around privacy in India, and this will impact the effectiveness of the regulation. It was also highlighted that anecdotal claims that cultural privacy in India is different, such as the fact that in India on a train everyone will ask you personal questions, and thus Indian’s do not have a concept of privacy, cannot influence how a privacy law is framed for India.

Key Points:

India’s diverse culture will impact perceptions of privacy and the implementation of any privacy regulation.
Given India’s diversity, a principle based model might not be adequate.
Though culture is important to understand and incorporate into the framing of any privacy regulation in India, anecdotal stories and broad assumptions about India’s culture and societal norms around privacy cannot influence how a privacy law is framed for India.

Conclusion

The seventh privacy round-table concluded with a conversation on the NSA spying and the Snowden Revelations. It was asked if domestic servers could be an answer to protect Indian data. Participants agreed that domestic servers are just a band aid to the problem. With regards to the Privacy Protection Bill it was clarified that CIS is now in the process of collecting public statements to the Bill and will be submitting a revised version to the Department of Personnel and Training. Speaking to the privacy debate at large, it was emphasized that every stakeholder has an important voice and can impact the framing of a privacy law in India.

For more details visit https://cis-india.org/internet-governance/blog/report-of-sevent-privacy-round-table

Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush)

praskrishna — 2016-03-24T02:25:24Z

Critics say the Aadhaar Bill does not address concerns over privacy, even as government is rushing the Bill without adequate parliamentary scrutiny.

The blog post by Anumeha Yadav was published in Scroll.in on March 11, 2016. Pranesh Prakash was quoted.

Since it was launched by the United Progressive Alliance government in 2009, the Unique Identification project called Aadhaar has functioned without a legal framework. The project, which aims to assign a biometric-based number to every Indian resident, has been run under an executive order, which means Parliament has no oversight over it.

An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns.

For long, critics have expressed concerns over collecting and centralising citizens' biometric data ‒ such as fingerprints and retina scans ‒ on a mass scale in the absence of a privacy law. The Supreme Court in several orders in 2014 and 2015 affirmed that the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number. The Supreme Court is now set to form a constitution bench to examine the contours of the right to privacy flowing from the government's arguments in the Aadhaar case.

Before the bench begins its work, however, the Modi government has introduced a new Bill on Aadhaar, which could override the court's orders.

The Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill was introduced on March 3 in Lok Sabha. Finance minister Arun Jaitley said the new Bill addresses concerns over privacy and the security and confidentiality of information.

But a close examination of the Bill shows several questions remain.

1. Does the Bill make it mandatory for you to get an Aadhaar number?
Yes, you may have to compulsorily enrol under Aadhaar, despite the privacy concerns explained in the sections below.

Four-time member of the Lok Sabha, Bhartruhari Mahtab of the Biju Janata Dal, was on the parliamentary committee on finance that examined the previous Aadhaar Bill introduced in 2010. He said the new Aadhaar Bill does not specify that it will not be made mandatory.

“There is duplicity over this issue,” said Mahtab. “Nandan Nilekani [the former chairperson of the Unique Identification Authority of India] repeatedly told us in the parliamentary committee that Aadhaar is not mandatory. The Supreme Court also said, 'You cannot make it mandatory.'”

But if a service agent asks for Aadhaar mandatorily, then as a beneficiary, citizens have no option but to get an Aadhaar number, Mahtab explained. “The government, or a private company, cannot force me to get an Aadhaar number," he said. "The government should bring a law that clearly says Aadhaar is not mandatory.”

A committee of experts on privacy, chaired by Justice AP Shah, had recommended in 2012 that the Bill should specify that individuals have the choice to opt-in or out-of providing their Aadhaar number, and a service should not be denied to individuals who do not provide their number. The Unique Identification Authority of India had then stated to the committee that the enrolment in Aadhaar is voluntary.

But the new Aadhaar Bill does not incorporate a categorical clause on opt-in and opt-out. Instead, it broadens the scope of Aadhaar. Jaitley said the Bill will allow the government to ask a citizen to produce an Aadhaar number to avail of any government subsidy. But section 7 of the Bill is phrased more broadly, and refers to not just subsidies but any “subsidy, benefit or service” for which expense is incurred on the Consolidated Fund of India, or the government treasury.

7. The Central Government or, as the case may be, the State Government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment: Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service.

As noted above, the proviso in section 7 is premised on the phrase: “if an Aadhaar number is not assigned”. This, along with language preceding in the section, indicates that a citizen may be compulsorily required to apply for enrolment.

Section 8 permits a “requesting entity” to utilise identity information for authentication with the Central Identities Data Repository. A “requesting entity” is defined under Section 2(u), and will include private entities.

2. Does the Bill allow Aadhaar authorities to share your personal data?
Yes, in the "interest of national security", a term that remains undefined.

Both legal experts and members of Parliament have flagged the provisions in the Bill on the circumstances in which users' data, including core biometrics information, can be shared.

The debate centres over the interception provisions in section 33.

In a piece in The Indian Express, Nandan Nilekani, the former chairperson of the issuing authority, stated that the Aadhaar Bill provides that no core biometric information can be shared, a principle without exception. “...Clause 29(1) is not overridden by Clause 33(2),” he noted.

However, a closer reading of the Bill shows this is not the case. Clause 33(2), in fact, does provide an exception to clause 29(1)(b):

33(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government

where, Section 29(1)(b) states:

29. (1) No core biometric information, collected or created under this Act, shall be — (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

Pranesh Prakash, a lawyer and policy director of the Centre for Internet and Society said: “This implies that the core biometric information, collected or created under the Aadhaar Act, may be used for purposes other than the generation of Aadhaar numbers and authentication 'in the interest of national security.'"

Legal experts point out that the phrase “national security” is undefined in the present bill, as well as the General Clauses Act, and thus the circumstances in which an individual's information may be disclosed remains open to interpretation.

Section 33(1) permits the disclosure of an individual's demographic information (but not biometrics) following an order by a district judge. It says that no such order shall be made without giving an opportunity of hearing to the UIDAI , but not to the person whose data is being disclosed.

3. Does the Bill protect you from interception and surveillance?
No, the Bill does not provide for transparency concerning covert surveillance.

Section 33(2), which permits disclosure of demographic and biometric pursuant to directions of the joint secretary in interest of national security, says such disclosures will be for three months initially, and a fresh renewal can be granted for another three months, without a limitation on the number of such renewals.

This can lead to a user being under continuous surveillance, and without any notification to the user even after the surveillance ceases, violating one of necessary and proportionate principles on communications surveillance related to user notification and right to effective remedy. In some countries, this principle has been incorporated in law. For example, in Canada, the law limits the time of wiretapping surveillance, and imposes an obligation to notify the person under surveillance within 90 days of the end of the surveillance, extendable to a maximum of three years at a time.

“The interception provisions are severely problematic," said Apar Gupta, a technology lawyer. "They are not open to independent scrutiny and even derogate from the already deficient practices which relate to phone tapping (Rule 419-A of the Telegraph Rules) and interception of data (Interception Rules, 2011).”

Legal scholar Usha Ramanathan pointed out that the Bill lacks provisions on giving notice to a person in case of breach of information, in case of third party use of data, or change in purpose of use of data – which were among provisions recommended by the Justice Shah Committee on Privacy in 2012.

4. Does the Bill allow you to seek redress in case of breach of information?
Yes, but the provisions are weak.

Government officials overseeing the project said that the 2016 Bill is an improvement over the 2010 Bill as it safeguards the information of those enrolled as per sections of the Information Technology Act, 2000.

But technology law experts say the adjudicatory system for disclosure of sensitive personal data under the IT Act has structural flaws and is not functional.

“Initial complaints against the disclosure of sensitive personal data go to an adjudicating officer who is usually the IT Secretary of the state government and may not be trained in law,” said Gupta, the technology lawyer. “There is no court infrastructure and no permanent seat for such cases. The appellate body, the Cyber Appellate Tribunal, has not been made operational in the last three years. Hence, the civil remedies offered [in the Aadhaar Bill] are at best illusionary and unenforceable.”

5. Does the Bill give you the right to alter your information?
No, it leaves you to the mercy of the Unique Identification Authority of India.

Imagine a situation where a user simply wants to change their first or last name, or say, not use their caste name. Under Section 31 of the Bill, individuals can only request the UID authority, which may do so “if it is satisfied”. There is no penalty on the authority if it fails to respond. The Bill does not provide for a user to even be able to approach a court to ask for their information relating to Aadhaar to be corrected.

International norms for data protection give individuals the right to correct and alter information, if their demographic data changes. They provide for individuals to have a copy of their information, and to approach courts for an order to rectify, block, erase inaccurate information.

In an interview to Mint, Sunil Abraham, director of the Centre for Internet and Society, compared the rights of Aadhaar users to the rights we now take for granted as internet users. “Authentication factors [biometrics in the case of Aadhaar], commonly known as passwords, should always be revocable,” noted Abraham. “That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid.” In its current form, the Aadhaar Bill gives users no such rights.

6. Is the current Bill an improvement over the previous one?
Not really.

The Aadhaar Bill 2016 provides that the renewals of requests for disclosure of data will be reviewed by an oversight committee consisting of the cabinet secretary and the secretaries in the department of legal affairs and the department of electronics and information technology.

This is a watered down version of the provisions in the previous Unique Identification Authority of India 2010 Bill, said Chinmayi Arun, executive director, Centre for Communication Governance at the National Law University Delhi.

“The previous version or the 2010 Bill provided for a three-member review committee, consisting of the nominees of the prime minister, the leader of the opposition, and a third nominee of a union cabinet minister, with the restriction that these nominees could not be a member of parliament or a member of a political party,” Arun said. “This would be a more independent committee than the one proposed now, wherein there will be executive oversight for executive orders."

Regarding penalties, the previous 2010 Bill made copying, deleting, stealing, or altering information in the Central Identities Data Repository, punishable with a jail term of upto three years and a fine not less than Rs 1 crore.

Section 38 of the new Aadhaar Bill now makes the same offence punishable with a jail term of upto three years and reduces the upper limit of the fine to “not less than ten lakh rupees”.

7. Finally, does the Aadhaar Bill have enough parliamentary scrutiny?
The government has introduced the legislation on Aadhaar in the form of a Money Bill, which means the power of the Rajya Sabha to review and amend the Bill is curtailed ‒ if the Speaker Sumitra Mahajan certifies that this is a Money Bill.

The parliamentary committee on finance under Bharatiya Janata Party MP Yashwant Sinha had rejected the previous Bill in December 2011 citing legislative, security, and privacy concerns. Despite this, two successive Prime Ministers – Manmohan Singh and Narendra Modi – have pushed ahead with Aadhaar project.

A common refrain has been that the unique biometric identity will resolve the problem of the poor in India to prove identity and overcome "one of the biggest barriers preventing the poor from accessing benefits and subsidies." But last April, the UIDAI in response to an RTI application revealed that of 83.5 crore Aadhaar numbers issued till then, 99.97% were issued to people who already had at least two existing identification documents, only 0.21 million (0.03%) used the "introducer system" that provides an exception to those lacking identity proof.

More recently, there has been no public consultation by the government over the latest Bill.

For more details visit https://cis-india.org/internet-governance/news/scroll.in-anumeha-yadav-march-24-2016-seven-reasons-why-parliament-should-debate-the-aadhaar-bill-and-not-pass-it-in-a-rush

Session Briefs

Admin — 2019-10-20T07:31:59Z

For more details visit https://cis-india.org/internet-governance/files/session-briefs

Services like TwitterSeva aren’t the silver bullets they are made out to be

sunil — 2016-10-06T16:31:51Z

TwitterSeva is great, but it should not be considered a sufficient replacement for proper e-governance systems. This is because there are several serious shortcomings with the TwitterSeva approach, and it is no wonder that enthusiastic police officers and bureaucrats are somewhat upset with the slow deployment of e-governance applications. They are also right in being frustrated with the lack of usability and scalability of existing applications that hold out the promise of adopting private sector platforms to serve citizens better.

Sunil Abraham, executive director of the Centre for Internet and Society, wrote this in response to the FactorDaily story on TwitterSeva, a special feature developed by Twitter’s India team to help citizens connect better with government services. Sunil's article in FactorDaily can be read here.

Let’s take a look at why the TwitterSeva approach is not adequate:

1. Vendor and Technology Neutrality: Providing a level ground for competing technologies in e-governance has been a globally accepted best practice for about 15 years now. This is usually done by using open standards policies and interoperability frameworks.

India does have a national open standards policy, but the National Informatics Centre (NIC) has only published one chapter of the Interoperability Framework for e-Governance .

The thing is, while Twitter might be the preferred choice for urban elites and the middle class, it might not be the choice of millions of Indians coming online. By implicitly signaling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter. Ideally, all interactions that the state has with citizens should be such that citizens can choose which vendor and technology they would like to use. Ideally, the government should have its own work-flow so that it can harvest complaints, feedback and other communications from all social media platforms be it Twitter or Identica, Facebook or Diaspora, and publish responses back onto them.

By implicitly signalling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter

Apart from undermining the power of choice for citizens, lack of vendor and technology neutrality in government use of technology undermines the efficient functioning of a competitive free market, which is the bedrock of future innovation.

When it comes to micro-blogging, Twitter has established a near monopoly in India. There are no clear signs of harm and therefore it would not be wise to advocate that the Competition Commission of India investigate Twitter. However, if the government helps Twitter tighten its grip over the Indian market, it is preventing the next cycle of creative destruction and disruption. Therefore, e-governance applications should ideally only “loosely couple” with the APIs of private firms so that competition and innovation are protected.

2. Holistic Approach and Accountability: Ideally, as the Electronic Service Delivery Bill 2011 had envisaged, every agency within the government was supposed to (within 180 days of the enactment of the Act) do several things: publish a list of services that will be delivered electronically with a deadline for each service; commit to service-level agreements for each service and provide details of the manner of delivery; provide an agency-level grievance redressal mechanism for citizens unhappy with the delivery of these electronic services.

Notwithstanding the 180-day commitment, the Bill required that “all public services shall be delivered in electronic mode within five years” after the enactment of the Bill with a potential three-year extension if the original deadline was not met. The Bill also envisaged the constitution of a Central Electronic Service Delivery Commission with a team of commissioners who “monitor the implementation of this Bill on a regular basis” and publish an annual report which would include “the number of electronic service requests in response to which service was provided in accordance with the applicable service levels and an analysis of the remaining cases.”

The Electronic Service Delivery Bill 2011 had a much more comprehensive and accountable plan for e-governance adoption in the country

Citizens suffering from non-compliance with the provisions of the Bill and unsatisfied with the response from the agency level grievance redressal mechanism could appeal to the Commission. The state or central commissioners after giving the government officials an opportunity to be heard were empowered to impose a fine of Rs 5000.

Unlike the piecemeal approach of TwitterSeva, the Bill had a much more comprehensive and accountable plan for e-governance adoption in the country.

3. Right To Transparency: Some of the interactions that the government has with citizens and firms may have to be disclosed under the obligation emerging from the Right to Information Act for disclosure to the public or to the requesting party. Therefore it is important that the government take its own steps for the retention of all data and records — independent of the goodwill and lifecycles of private firms.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests? Even if the government is not keen on pushing for data portablity as a right for consumers (just like mobile number portability in telecom, so that consumers can seamlessly shift between competing service providers), it absolutely should insist on data portability for all government use.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests?

This will allow it to shift to a) support multiple services, b) shift to competing/emerging services c) incrementally build its own infrastructure and also comply with the requirements of the Right to Information Act.

4. Privacy: Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology.” There is an obsession with collecting as much data as possible from citizens, storing it in centralized databases and providing “dashboards” to bureaucrats and politicians. This is diametrically opposed to the view of the security community.

Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology”

For example, Bruce Schneier posted on his blog in March this year (in a piece titled ‘Data is a Toxic Asset‘) saying: “What all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous. This idea has always been part of the data protection law starting with the 2005 EU Data Protection Directive expressed as the principle of “Data Minimization” or “Collection Limitation”. More recently technologists and policy makers also use the phrase “Privacy by Design”. Introducing an unnecessary intermediary or gate-keeper between what is essentially transactions between citizens and the state is an egregious violation of a key privacy principle.”

5. Middle Class and Elite Capture: The use of Twitter amplifies the voices of the English-speaking, elite, and middle class citizens at the expense of the voices of the poor. While elites don’t exhibit fear when tagging police IDs and making public complaints from the comforts of their gated communities with private security guards shielding them the violence of the state, this might be a very intimidating option for the poor and disempowered.

While elites don’t fear tagging police IDs and making public complaints from the comforts of their gated communities, it’s intimidating for the disempowered

While the system may not be discriminatory in its design, it will have disparate impact on different sections of our society. In other words, the introduction of TwitterSeva will exacerbate power asymmetries in our society rather than ameliorating them.

The canonical scholarly reference for this is Kate Crawford’s analysis of City of Boston’s StreetBump smartphone, which resulted in an over-reporting of potholes in elite neighbourhoods and under-reporting from poor and elderly residents. This meant that efficiency in the allocation of the city’s resources was only a cover for increased discrimination against the powerless.

6. Security: The most important conclusion to draw from the Snowden disclosure is that the tin-foil conspiracy theorists who we used to dismiss as lunatics were correct. What has been established beyond doubt is that the United States of America is the world leader when it comes to conducting mass surveillance on netizens across the globe. It is still completely unclear how much access the NSA has to the databases of American social media giants. When the complete police force of a state starts to use Twitter for the delivery of services to the public, then it may be possible for foreign intelligence agencies to use this information to undermine our sovereignty and national security.

For more details visit https://cis-india.org/internet-governance/blog/factordaily-sunil-abraham-october-6-2016-services-like-twitterseva-are-not-the-silver-bullets-they-are-made-out-to-be

September 2019 Newsletter

praskrishna — 2019-12-06T04:53:12Z

The newsletter for the month of September 2019.

Highlights for September 2019
Centre for Internet & Society's application for membership of the Christchurch Call Advisory Network has been accepted! As a part of this network, we, along with other civil society groups based out of various jurisdictions, would be providing inputs on making the Call a robust, human rights-centred initiative. A book by Amber Sinha titled 'The Networked Public: How Social Media is Changing Democracy' was published by Rupa Publications. The book looks at how networks exert unchecked power in subverting political discourse and polarizing the public in India. Towards that, it investigates the history of misinformation and the biases that make the public susceptible to it, how digital platforms and their governance impacts the public’s behaviour in them, as well as the changing face of political targeting in a data-driven ecosystem. Akriti Bopanna and Gayatri Puthran co-authored a research paper which compares the Manila Principles to Draft of The Information Technology [Intermediary Guidelines(Amendment) Rules], 2018, introduced by the Ministry of Electronics and Information Technology (MeitY) in December, 2018. Gurshabad Grover and Torsha Sarkar along with Rajashri Seal and Neil Trivedi co-authored a paper that examines the constitutionality of the government prohibition on the broadcast of news against private and community FM channels. The authors also mapped chronologically the history of the development of community and private radio channels in India. Ambika Tandon and Aayush Rathi generated empirical evidence about the CCTV programme well underway in Delhi. The case study was published by Centre for Development Informatics, Global Development Institute, SEED, in the Development Informatics working paper series housed at the University of Manchester. Shruti Trikanand and Amber Sinha published a blog post titled Core Concepts and Processes by which the authors hope to arrive at a shared vocabulary to discuss and critically analyse digital identity systems, both within our team and in engagements with other stakeholders. Pooja Saxena and Akash Sheshadri contributed to the project. The Global Commission on the Stability of Cyberspace released a public consultation process that sought to solicit comments and obtain feedback on the definition of “Stability of Cyberspace”, as developed by the Global Commission on the Stability of Cyberspace (GCSC). CIS gave detailed commentary on the definitions and suggested a new definition of cyber stability. CIS is undertaking a study on digital mediation of domestic and care work in India, as part of and supported by the Feminist Internet Research Network led by the Association for Progressive Communications (APC), funded by the International Development Research Centre (IDRC). The study is exploring the ways in which structural inequalities, such as those of gender and class, are being reproduced or challenged by digital platforms. The project sites are Delhi and Bangalore, where we are conducting interviews with workers, companies, and unions. In Bangalore, we are collaborating with Stree Jagruti Samiti to collect qualitative data from different stakeholders. The outputs of the research will include a report, policy brief, and other communication materials in English, Hindi, and Kannada. This study is being led by Ambika Tandon and Aayush Rathi, along with Sumandro Chattapadhyay. CIS-A2K has put up a call for joining the Free Knowledge movement #Wikipedia #Wikimedia. Are you an individual or do you represent any organisation, institution, groups or enterprises? You can actually help the ‘Free Knowledge’ movement by donating photos, media, content or archives.

CIS and the News

The following articles and research papers were authored by CIS secretariat during the month:

Doing Standpoint Theory (Ambika Tandon and Aayush Rathi; Gender IT.org; September 1, 2019).
Traffic Rules, Mindset and On-Time Payments (Shyam Ponappa; Business Standard; September 4, 2019).
Kashmir’s digital blackout marks a period darker than the dark side of the moon (Nishant Shah; Indian Express; September 15, 2019).
The Networked Public: How Social Media Changed Democracy (Amber Sinha; Rupa Publications; September 19, 2019).
Capturing Gender and Class Inequities: The CCTVisation of Delhi (Aayush Rathi and Ambika Tandon; Centre for Development Informatics, Global Development Institute; September 27, 2019).

CIS in the News

CIS secretariat was consulted for the following articles published during the month in various publications:

Why having more CCTV cameras does not translate to crime prevention (Manasa Rao; The News Minute; September 3, 2019).
Android 10 out, big on ‘privacy’ (Roshan H. Nair; Deccan Herald; September 4, 2019).
Internet pour toutes (Isabelle Grégoire; L'Actualite; September 11, 2019).
Chennai residents rue fuzzy CCTV surveillance (Vivek Narayanan and R. Srinivasan; The Hindu; September 18, 2019).

Millions of kids in India access the Net on their parents’ devices, says study (Varun Aggarwal; Hindu Businessline; September 27, 2019).
SC directs govt to further regulate social media: Is it necessary? Experts weigh in (Geetika Mantri; The News Minute; September 28, 2019).

Access to Knowledge

Access to Knowledge is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents and trademarks, which are an important part of the digital landscape.

Wikipedia

Under a grant from Wikimedia Foundation we are doing a project for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

News

Bhuvana Meenakshi elected Mozilla Rep for July 2019 (Bhuvana Meenakshi was selected as a Rep of the Month (July 2019) by Mozilla for her active contributions).

Openness

Participation in Events

FOSSCON India 2019 (Organized by KLS Gogte Institute of Technology; Belgaum; August 29 - 31, 2019). Bhuvana Meenakshi gave a talk on "The revolution of WebXR".
DevFest'19 (Organized by Google Developers Groups; Coimbatore; September 14, 2019).
React India 2019 (Organized by React India; Goa; September 26 - 28, 2019). Bhuvana Meenakshi was a speaker.

Internet Governance

The Tunis Agenda of the second World Summit on the Information Society has defined internet governance as the development and application by governments, the private sector and civil society, in their respective roles of shared principles, norms, rules, decision making procedures and programmes that shape the evolution and use of the Internet. As part of internet governance work we work on policy issues relating to freedom of expression primarily focusing on the Information Technology Act and issues of liability of intermediaries for unlawful speech and simultaneously ensuring that the right to privacy is safeguarded as well.

Freedom of Speech & Expression

Under a grant from the MacArthur Foundation, CIS is doing research on the restrictions placed on freedom of expression online by the Indian government and contribute studies, reports and policy briefs to feed into the ongoing debates at the national as well as international level. As part of the project we bring you the following outputs:

Research Papers

Examining the Constitutionality of the Ban on Broadcast of News by Private FM and Community Radio Stations (Gurshabad Grover, Torsha Sarkar, Rajashri Seal and Neil Trivedi; September 27, 2019).
Comparison of the Manila Principles to Draft of The Information Technology [Intermediary Guidelines(Amendment) Rules], 2018 (Akriti Bopanna and Gayatri Puthran; September 30, 2019).

News

Turning off the internet: Chips with Everything podcast (Gurshabad Grover and Ambika Tandon recorded an episode with the Guardian's podcast on digital culture, called Chips with Everything).

Privacy

Under a grant from Privacy International and IDRC we are doing a project on surveillance. CIS is researching the history of privacy in India and how it shapes the contemporary debates around technology mediated identity projects like Aadhar. As part of our ongoing research, we bring you the following outputs:

Submission

Submission to Global Commission on Stability of Cyberspace on the definition of Cyber Stability (Arindrajit Basu and Elonnai Hickok; September 11, 2019).

Participation in Events

Policy Design Jam (Organized by Whatsapp and ISPP; Qutub Institutional Area, New Delhi; September 16, 2019). Pallavi Bedi, Akash Sheshadri and Anubha Sinha attended the event.
Conceptualising India's Digital Policy Vision (Organized by National University of Juridical Sciences; National University of Juridical Sciences; Kolkata; September 18, 2019).
All Partners Meeting (Organized by Partnership on AI; London; September 26 - 27, 2019). Elonnai Hickok reprsented CIS as the co-chair for the Labour and Economy Expert Group.

Digital Identity

Omidyar Network is investing in establishment of a three-region research alliance — to be co-led by the Institute for Technology & Society (ITS), Brazil, the Centre for Intellectual Property and Information Technology Law (CIPIT) , Kenya, and CIS. As part of this Alliance, CIS is examining the policy objectives of digital identity projects, how technological policy choices can be thought through to meet the objectives, and how legitimate uses of a digital identity framework may be evaluated.

Featured Research

Core Concepts and Processes (Shruti Trikanand and Amber Sinha; September 13, 2019). Research by Shruti Trikanad and Amber Sinha. Conceptualization by Pooja Saxena and Amber Sinha. Illustrations by Akash Sheshadri and Pooja Saxena.

Artificial Intelligence

With origins dating back to the 1950s Artificial Intelligence (AI) is not necessarily new. However, interest in AI has been rekindled over the recent years due to advancements of technology and its applications to real-world scenarios. We conduct research on the existing legal and regulatory parameters:

Participation in Events

AI in Healthcare (Organized by Center for Information Technology and Public Policy and International Institute of Information Technology; Bangalore). Radhika Radhakrishnan gave a talk.
Responsible AI Workshop (Organized by Facebook; September 17, 2019; New Delhi). Sunil Abraham participated in the meeting.
Constitutionalizing Artificial Intelligence (Organized by Constitutional Law Society; National University of Juridical Sciences; Kolkata). Arindrajit Basu delivered a lecture.

Researchers@Work

The researchers@work programme at CIS produces and supports pioneering and sustained trans-disciplinary research on key thematics at the intersections of internet and society; organise and incubate networks of and fora for researchers and practitioners studying and making internet in India; and contribute to development of critical digital pedagogy, research methodology, and creative practice.

Announcement

Digital mediation of domestic and care work in India: Project Announcement (Ambika Tandon and Aayush Rathi; October 1, 2019).

Essays on #List — Selected Abstracts

In response to a recent call for essays that social, economic, cultural, political, infrastructural, or aesthetic dimensions of the #List, we received 11 abstracts. Out of these, we have selected 4 pieces to be published as part of a series titled #List on the r@w blog.

Blog Entries

#HookingUp (Akhil Kang, Christina Thomas Dhanraj, Dhrubo Jyoti, and Gowthaman Ranganathan; August 1, 2019).
Call for Contributions and Reflections: Your experiences in Decolonizing the Internet’s Languages! (P.P. Sneha; August 7, 2019).
Simiran Lalvani - Workers’ fictive kinship relations in Mumbai app-based food delivery (Sumandro Chattapadhyay; August 16, 2019).

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum.

Monthly Blog

Traffic Rules, Mindset and On-Time Payments (Shyam Ponappa; September 4, 2019).

About CIS

CIS is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

Follow CIS on:

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

Support CIS:

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

Collaborate with CIS:

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/september-2019-newsletter

September 2018 Newsletter

praskrishna — 2018-10-16T06:28:42Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights

Wikisource is one of the trending Wikimedia projects. Many new editors and new books to Indic language Wikisource's get added over a period of time. However, new editors as well as existing editors face numerous problems while working with the content online. The Centre for Internet & Society's Access to Knowledge (CIS-A2K) team, to help the editors, has created a Wikisource Handbook for Indian communities. CIS invites feedback to the first draft of this Handbook.
Centre for Internet & Society (CIS) participated in the 5th Global Congress on IP and Public Interest held in Washington in a big way. CIS signed on as a supporting member to the Civil Society Proposal for a Treaty on Education and Research Activities.
Sunil Abraham, in an article in the Hindustan Times, explores what leads to fake news. He has revealed that transparency regulations is the need of the hour especially for election campaigns and political advertising.
Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu co-authored a blog post which examines cross-border data sharing. The authors have argued that conventional methods of compelling the presentation of evidence available for investigative agencies often fail when the evidence is not present within the territorial boundaries of the state.
Arindrajit Basu and Elonnai Hickok wrote a blog entry on usage of artificial intelligence in governance sector in India. As per research though artificial intelligence has the potential to ameliorate structural inefficiencies in governmental functions, the deployment of this technology across sub-sectors is still on the horizons.
Amber Sinha, Elonnai Hickok and Arindrajit Basu produced a research paper on the implications of artificial intelligence in India in various sectors such as health, banking, manufacturing, and governance sectors.
Artificial Intelligence in many ways is in direct conflict with traditional data protection principles and requirements including consent, purpose limitation, data minimization, retention and deletion, accountability, and transparency. Authors Elonnai Hickok and Amber Sinha have explained this in a blog entry.
The researchers@work programme has selected 10 essays, based on an open call announced in August, engaging with the thematic of "offline". The abstracts of the selected essays have been published, and the final essays will be published on the upcoming r@w blog.

Articles

India’s post-truth society (Swaraj Paul Barooah; Hindu Businessline; September 7, 2018).
Digital Native: #MemeToo (Nishant Shah; Indian Express; September 9, 2018).
The Right Words for Love (Nishant Shah; Indian Express; September 23, 2018).
A trust deficit between advertisers and publishers is leading to fake news (Sunil Abraham; Hindustan Times; September 30, 2018).
Digital Native: Hardly Friends Like That (Nishant Shah; Indian Express; September 30, 2018).

CIS in the News

Can this curb your addiction? (Surupasree Sarmmah; Deccan Herald; September 5, 2018).
'Why should we talk to Dunzo?' State regulators fume at liquor delivery (Aroon Deep; Medianama; September 7, 2018).
#NAMAprivacy: Data Protection Authority's regulatory and enforcement challenges (Rana; Medianama; September 9, 2018).
'What Security Breach?' The Unchanging Tone of UIDAI's Denials (Karan Saini; The Wire; September 12, 2018).
Haryana Cops Say Internet Shutdowns Hurt Police Operations (Gopal Sathe; Huffington Post; September 19, 2018).
Find ways to trace origin of messages: Government to WhatsApp (Surabhi Aggarwal; Economic Times; September 20, 2018).
Net nanny meets muscular law (Laxmi Murthy; Himal South Asian; September 26, 2018).
After Supreme Court Setback, Fintech Firms Await Clarity On Aadhaar (Nishant Sharma; Bloomberg Quint; September 27, 2018).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Copyright and Patent

Participation in Event

5th Global Congress on IP and the Public Interest (Organized by PublicCitizen, Washington College of Law, American University, O'Neill Institute and the American Assembly, Columbia University; Washington D.C.; September 24 - 29, 2018). Sunil Abraham, Anubha Sinha and Swaraj Paul Barooah were panelists at the event.

Wikipedia

Publication

Wikisource Handbook for Indian Communities (Bodhisattwa Mandal and Ananth Subray P. V.; September 19, 2018).

Blog Entry

Christ (DU) students enrolls for 3rd Wikipedia certificate course (Ananth Subray; September 23, 2018).

Events Organized

Copyright Workshop (CIS; New Delhi; September 1 - 2, 2018).
Meeting on Digitization and Content Donation (Bhandarkar Oriental Research Institute; Pune; September 6, 2018).
Orientation session on Sanskrit Wikipedia (Tilak Maharashtra Vidyapeeth; Pune; September 6, 2018).
Workshop on FOSS, Unicode & Wikimedia Projects for Publishers, Printers, Designers and Writers (Fergusson College; Pune; September 7, 2018).
Workshop in MKCL regarding Vanbodh Project with TRTI (Maharashtra Knowledge Corporation Limited; Mumbai; September 11, 2018).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Privacy

Research Papers

The Srikrishna Committee Data Protection Bill and Artificial Intelligence in India (Amber Sinha and Elonnai Hickok; September 3, 2018).
AI in India: A Policy Agenda (Amber Sinha, Elonnai Hickok and Arindrajit Basu; September 5, 2018).
Artificial Intelligence in the Governance Sector in India (Arindrajit Basu and Elonnai Hickok; edited by Amber Sinha, Pranav MB and Vishnu Ramachandran; ecosystem mapping by Shweta Mohandas and Anamika Kundu; September 14, 2018).
Cross-Border Data Sharing and India: A study in Processes, Content and Capacity (Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu; September 27, 2018).

Participation in Events

Online Cogitatum on AI and Ethics in India (Organized by Takshashila; Takshashila Institution; August 27, 2018). Elonnai Hickok participated in the event.
Conference on Data Protection (Organized by National Institute of Public Finance and Policy; New Delhi; September 4, 2018). Sunil Abraham and Amber Sinha were discussant in the session Disclosures in Privacy Policies: Does Consent Work?
Symposium on Data Privacy and Citizen's Rights (Organized by Tech Law Forum of NALSAR University of Law; Hyderabad; September 9, 2018).
Gender and Privacy: Countering the Patriarchal Gaze (Organized by Privacy International; United Kingdom; September 13 - 14, 2018).
Meeting of Information Systems Security and Biometrics Sectional Committee (Organized by Bureau of Indian Standards; New Delhi; September 14, 2018).
Forecasting the Implications of the CLOUD Act Around the World (Organized by Global Network Initiative; Russell Senate Office Building, Washington D.C.; September 18, 2018). Elonnai Hickok was a speaker.
Networked Economies and Gender Action Learning (Organized by IDRC and facilitated by Gender at Work; Ottawa; September 20 - 21, 2018). Elonnai Hickok, Sunil Abraham and Ambika Tandon participated in the meeting. Sunil Abraham, Swaraj Paul Barooah and Ambika Tandon also attended a workshop on Gender Action Learning on September 24 - 25, 2018, which discussed strategies to work on gender under a grant for Cyber Policy Centres.
Round Table Discussion on Personal Data Protection Bill (Organized by SFLC; Bengaluru; September 25, 2018). Shweta Mohandas participated in the event and moderated the first session on Data Protection Principles (Rights and Obligations).

Cyber Security

Event Organized

Symposium on India’s Cyber Strategy (India Habitat Centre, New Delhi; August 31, 2018).

Participation in Event

Cyber-Security in the Age of Smart Manufacturing (Organized by Federation of Indian Chamber of Commerce & industry (FICCI) in association with Karnataka Innovation and Technology Society, and Government of Karnataka; The Lalit Ashok, Bengaluru; September 26, 2018). Arindrajit Basu attended the event.

researchers@work

The researchers@Work (r@w) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa.

Blog Entry

Essays on 'Offline' - Selected Abstracts (P.P. Sneha; September 6, 2018).
Digital Native: #MemeToo (Nishant Shah; Indian Express; September 9, 2018).
The Right Words for Love (Nishant Shah; Indian Express; September 23, 2018).
Digital Native: Hardly Friends Like That (Nishant Shah; Indian Express; September 30, 2018).

Participation in Event

Plenary Talk at Jyothi Nivas College Research Symposium (Organized by Jyoti Nivas College; Bangalore; September 28, 2018). P.P. Sneha made a presentation on presentation on new reading and writing practices in the digital context.

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/september-2018-newsletter

September 2017 Newsletter

Admin — 2017-11-21T15:19:25Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS filed a request under the Right to Information Act in March 2016 as part of research for the paper: Patent Working Requirements and Complex Products: An Empirical Assessment of India's Form 27 Practice and Compliance (July 2017). Rohini Lakshané has captured the developments in a blog post. Last month’s judgment by the nine judge referral bench was an emphatic endorsement of the the constitutional right to privacy. Amber Sinha has dissected the various aspects of the right to privacy as put forth by the nine judge constitutional bench in the Puttaswamy matter. The papers on fundamental right to privacy can be accessed here. With offline as the theme of the third Internet Researchers' Conference (IRC18), CIS has invited teams of two or more members to submit sessions proposals by Sunday, October 22, 2017. The conference is expected to be held in Himachal Pradesh during February 22-24, 2018. The venue and dates will be confirmed soon. Anonymity-based internet apps like Sarahah may not be as vicious for those surrounded by the comfort of social status. If your experience of Sarahah has been positive, it might be good to reflect on your own cultural and social capital, wrote Nishant Shah in an article in the Indian Express, dated September 10, 2017.

CIS in the news:

Privacy is now a right in India. Here's what that means for the tech industry (Rishi Iyengar; CNN Tech; August 29, 2017).
Russian social network VKontakte temporarily blocked in India for Blue Whale threat (Kim Arora; The Times of India; September 12, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

RTI request to Indian Patents Office for Form 27 (Statement of Working of patents), March 2016 (Rohini Lakshané; September 9, 2017).
RTI request to Indian Patents Office for Form 27 (Statement of Working of patents), 2015 (Rohini Lakshané; September 9, 2017).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Participation in Event

Praja - Enhancing Democracy Through Access to Open Data: What Are the Roles of Government and Civil Society? (Organized by Praja; September 8, 2017; New Delhi). Sumandro Chattapadhyay was a speaker.

-----------------------------------

Internet Governance
-----------------------------------

►Privacy

Blog Entries

Rethinking National Privacy Principles: Evaluating Principles for India's Proposed Data Protection Law (Amber Sinha; September 11, 2017).
The Fundamental Right to Privacy: An Analysis (Amber Sinha; September 27, 2017).

►Big Data

Upcoming Event

Emerging Issues in the Internet of Things (CIS, Bangalore; October 23, 2017). Andrew Rens will give a talk on the research that he is doing at the Internet Governance Lab.

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Revamp Telecom Sector & Revive The Economy (Shyam Ponappa; Business Standard; September 7, 2017).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Article

Digital native: What’s in a name? Privilege (Indian Express, September 10, 2017).

Announcement

Internet Researchers' Conference 2018 (IRC18): Offline - Call for Session (P.P. Sneha; September 20, 2017). Teams of two or more members to submit sessions proposals by Sunday, October 22, 2017.

Blog Entry

The Digital Humanities from Father Busa to Edward Snowden (P.P. Sneha; September 4, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/september-2017-newsletter

September 2016 Newsletter

praskrishna — 2017-02-06T12:51:22Z

Welcome to the September 2016 newsletter of the Centre for Internet and Society (CIS).

Dear readers,

Thank you for reading the Centre for Internet and Society's September newsletter. The past month was notable for the media presence that various CIS members had. Dr. Nirmita Narasimhan continued our work looking at the inaccessibility of everyday electronics with a piece in the Huffington Post about mobile applications and their low usability for persons with disabilities.

Ting-Yi Chang continued her research into the gender gap in Wikipedia, with a series of blog posts looking at the various movements and discoveries she has made about the Indian and the global context.

We are also happy to announce that CIS, in partnership with the Centre for Information Technology and Public Policy, will organize the second Internet Researchers' Conference next year.

Previous issues of the newsletters can be accessed here.

Highlights
CIS in partnership with Centre for Information Technology and Public Policy will organize the second Internet Researchers' Conference (IRC17) from March 3 - 5, 2017 at the International Institute of Information Technology in Bengaluru. It is a free and open conference. Sessions must be proposed by teams of two or more members on or before Friday, October 21, 2016. All submitted session proposals will go though an open review process, followed by each team that has proposed a session being invited to select ten sessions of their choice to be included in the Conference agenda. Final sessions will be chosen through these votes, and be announced on January 2, 2017. In an article published in the Huffington Post, Nirmita Narasimhan threw light on the fact that mobile applications which today form an essential part of our lives such as booking cabs, ordering groceries, making payments online, or simply connecting to friends are still excluding millions of people in India particularly the visually impaired who want to use them. Rohini Lakshané has published a methodology to answer the research questions pertaining to working statements of mobile technology patents in India, also known as Form 27, using the granted patents from the landscape. In furtherance to the Wikimedia Foundation’s 2011 editor survey which revealed gender imbalance on online encyclopaedia, Ting-Yi Chang in a blog post series (of three parts) has summarized the movements and discoveries about Wikipedia gender gap on both local (India) and global scales. In an article published in the DNA, Subhashish Panigrahi has explained the concepts of FOSS, Free Software, Open Source, and FLOSS in light of the Software Freedom Day celebrated every year. Pranesh Prakash in a response note to Unique Identification Authority of India’s (UIDAI) reply to Hans Verghese Mathews' article titled “Flaws in the UIDAI Process” (EPW, March 12, 2016) has noted that UIDAI do not illustrate the extent to which the false positive identification rates is expected to grow—neither in their initial paper, nor in their rebuttal to Mathews—whereas Mathews provides a method of estimating the increase of false positive identification rates. The article by Pranesh was published in the Economic & Political Weekly. CIS made a submission to the Telecom Regulatory Authority of India (TRAI) on Proliferation of Broadband through Public WiFi Networks. Through comments prepared by Sunil Abraham, Sharath Chandra Ram, Vidushi Marda, and Thejaswi Melarkode, CIS pointed out that Wi-Fi, a radio transceiver must be deregulated further to bridge India's digital divide.

CIS in the news:

Talking Point: Futile Battle Against Torrents (Deccan Herald; September 1, 2016)
Despite SC order, thousands booked under scrapped Sec 66A of IT Act (Aloke Tikku; Hindustan Times; September 7, 2016).
The DigiLocker was supposed to cut down paperwork but less than 0.1% of Indians are using it (Mayank Jain; Scroll.in; September 12, 2016).
How does the government track all its legal cases? (Shreeja Sen; Livemint; September 13, 2016).
SpaceX Explosion Slows Facebook & Israeli Efforts To Control Online Content (Kit O' Connell; Mint Press News; September 13, 2016).
India's Aadhaar mandate for smartphone makers may rile global firms (Alnoor Peermohammed; Business Standard; September 14, 2016).
“Made in India” Innovation Policy (Prof. Collen Chien and Prof. Contreras; SpicyIP; September 19, 2016).
Is India Prepared for a Cyber Attack? Suckfly And Other Past Responses Say No (Sushil Kambampati; September 21, 2016).
To embed a tweet or not? (Vidhi Choudhary; Livemint; September 23, 2016).
WhatsApp ruling: Experts seek privacy law (Apurva Venkat and Moulishree Srivastava; Business Standard; September 24, 2016).
When the war’s on WhatsApp (Manju V.; The Times of India; September 25, 2016).

CIS members wrote the following articles

Internet Rights and Wrongs (Pranesh Prakash; India Today; September 1, 2016).
Digital India Needs These Policy Changes (Shyam Ponappa; Business Standard and Organizing India Blogspot; September 1, 2016).
Glaring Errors in UIDAI's Rebuttal (Pranesh Prakash; Economic & Political Weekly; Vol. 51, Issue No. 36; September 3, 2016).
Quarter Life Crisis: The World Wide Web turns 25 this year (Nishant Shah; Indian Express; September 3, 2016).
Indians Ask: Is Visiting a Torrent Site Really A Crime? (Subhashish Panigrahi; Global Voices; September 5, 2016).
Making Telugu Suitable for Internet (Rahmanuddin Shaik; Ammanudi; September 6, 2016).
Where is the Regional Comprehensive Economic Partnership Headed? (Anubha Sinha; Spicy IP; September 12, 2016).
Software Freedom Day: The Importance of Free and Open Source Software (Subhashish Panigrahi; DNA; September 17, 2016).
ଆମ ହାତେ ଆମ କୋଡ୍ ଲେଖିବା (Subhashish Panigrahi; Samaja; September 17, 2016).
It's September, and That Means It's Time for Software Freedom Day (Subhashish Panigrahi; Global Voices; September 17, 2016).
Who Owns Your Phone? (Nishant Shah; Indian Express; September 18, 2016).
Mobile Apps Are Excluding Millions Of Indians Who Want To Use Them (Nirmita Narasimhan; Huffington Post; September 22, 2016).
Delhi High Court’s Ruling Against Publishers is a Triumph For Knowledge (Anubha Sinha; September 23, 2016).

Jobs

CIS is presently seeking applications for the following positions

Policy Officer (Cyber Security)
Senior Policy Officer (Cyber Security)
Programme Officer (Communications)
Intern (Pervasive Technologies Project) - Application accepted throughout the year
Internship - Application accepted throughout the year
Survey Participants for Research on Musician Livelihood

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

Monthly Report

September 2016 Report (Suman Dogra; August 31, 2016).

►Copyright and Patent

Blog Entry

Methodology: Statements of Working (Form 27) of Indian Mobile Device Patents (Rohini Lakshané; September 14, 2016).

Participation in Events

Workshop on Innovation, Economic Development and IP in India and China (Organised by the Singapore Management University, O.P. Jindal Global University, and Renmin University of China; New Delhi; September 27 - 28, 2016). Anubha Sinha made a presentation on Investigating Limits to Innovation and Peer Production in India's Mobile Apps Economy. Rohini Lakshané made a presentation on Exploring Open Hardware in Mass Produced Mobile Phones.
Law and Economy Policy Conference 2016 (Organized by National Institute of Public Finance and Policy and Institute of New Economic Thinking; India Habitat Centre, New Delhi; September 28 - 30, 2016). Sunil Abraham served as a discussant on the "Towards a privacy framework for India" session of this conference.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Wikiwomen’s Meetup at St. Agnes College Explores Potentials and Plans of Women Editors in Mangalore, Karnataka (Ting-Yi Chang; September 1, 2016).
A workshop to improve Telugu Wikipedia articles on Nobel laureates (Pavan Santhosh; September 12, 2016).
Another 5 Years: What Have We Learned about the Wikipedia Gender Gap and What Has Been Done? (Part 1, Part 2 and Part 3; Ting-Yi Chang; September 18, 2016).
ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା ଦିବସ: ଆମ ହାତେ ଆମ କୋଡ଼ ଲେଖିବା (Subhashish Panigrahi; September 18, 2016). The blog post was mirrored in Your Story, Odisha Story and Aajira Odisha on September 17, 2016. The originally published piece can be accessed here.
Campaign for relicensing copyrighted books under Creative Commons licenses (Pavan Santhosh S. & Subhashish Panigrahi; September 20, 2016).

►Openness

Submission

Comments on the Telangana State Open Data Policy 2016 (Sumandro Chattapadhyay; September 1, 2016).

Participation in Event

Fuel Gilt Conference 2016 (Organized by Fuel Project; New Delhi; September 24 - 25, 2016). Subhashish Panigrahi participated and made a presentation.

-----------------------------------
Internet Governance
-----------------------------------

►Privacy

Participation in Events

The Future of Privacy in the Age of Big Data (Organized by Friedrich Naumann Foundation for Freedom; September 3 - 10, 2016; Berlin and Hamburg). Vanya Rakesh was one of the participants from South Asia.
LITD 17 Committee, Bureau of Indian Standards Meeting (Organized by Bureau of Indian Standards; September 23, 2016; Bengaluru). Vanya Rakesh attended the meeting.

►Big Data

Participation in Event

Young Scholars' Programme, CPRSouth 2016 (Organized by Communication Policy Research South; September 6 - 7, 2016; Zanzibar). Rohini Lakshané participated in this programme.

►Cyber Security

Participation in Event

CYFY 2016 - The India Conference on Cyber Security and Internet Governance (Organized by Observer Research Foundation; September 28 - 30, 2016; New Delhi). Sunil Abraham was a speaker.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Submission

TRAI Consultation on Proliferation of Broadband through Public WiFi Networks (Sunil Abraham, Sharath Chandra Ram, Vidushi Marda, and Thejaswi Melarkode; September 1, 2016). Shyam Ponappa and Arjun Venkatraman provided inputs.

Event Organized

7 Ways to Con/fuse the Internet with Analogy (Intergalactic Mix) - Talk by Surfatial (CIS, Bangalore; September 26, 2016). Surfatial, a trans-local collective that works with text and sound gave a talk about their essay.

Blog Entries

IIRC: Reflections on IRC16 (Sumandro Chattapadhyay; September 6, 2016)
Internet Researchers' Conference 2017 (IRC17) - Call for Sessions (Sumandro Chattapadhyay; September 23, 2016).
How Green is the Internet? The Good, the Bad, and the Ugly (Aishwarya Panicker; September 23, 2016).
Mobilizing Online Consensus: Net Neutrality and the India Subreddit (Sujeet George; September 27, 2016).

Participation in Event

Designathon 2016 (Organized by Sequoia India; Bangalore; September 10 - 11, 2016).
Workshop on Center for IT and Society (Organized by IIIT, Delhi; September 17, 2016). Sumandro Chattapadhyay participated in the event.

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/september-2016-newsletter

September 2015 Bulletin

praskrishna — 2015-11-25T01:55:25Z

We are happy to share with you the ninth issue of the Centre for Internet and Society (CIS) newsletter (September 2015). It has been a significant month for public debates on the digital future of governance, citizenship, and economy in India, led by conversations around the draft National Encryption Policy, the Aadhaar number as a basis for provision of welfare services, the investigation of Google for potential abuse of market dominance by the Competition Commission of India, and the Guidelines for Examination of Computer Related Inventions released by the Indian Patents Office. We were busy engaging with these issues, and more.

The past editions of the newsletter can be accessed at http://cis-india.org/about/newsletters.

Sumandro Chattapadhyay, Research Director

Internet Researchers' Conference (IRC) 2016 - Studying Internet in India
With great excitement, we are announcing the beginning of an annual conference series titled Internet Researchers' Conference (IRC), the first edition of which is to take place in Delhi during February 25-27, 2016 (yet to be confirmed). We invite you to propose sessions for the conference by Sunday, November 15, 2015.

Highlights

CIS sent an Open Letter to Prime Minister Narendra Modi during his US visit, requesting him to urge USA to ratify the Marrakesh Treaty. During the month, NVDA team organized training programmes for the visually impaired at Kullu, Bangalore and Ranchi. Nehaa Chaudhari in a blog post laid out a series of research questions, potentially seeking to apply actor-network theory as a research methodology. Recently, the Indian Patents Office released the Guidelines for Examination of Computer Related Inventions (“2015 Guidelines/ Guidelines”) in an attempt to clarify examination of software related patents in India. Anubha Sinha analysed the 2015 Guidelines. Read on to understand how the new guidelines will potentially lead to an increase in software patenting activity by expanding the scope of patentable subject matter – in negation of the legislative intent of section 3(k) of the Indian Patents Act, 1970. As a part of its content donation initiative, CIS has brought Nadustunna Charithra magazine under CC BY SA licence. CIS-A2K has received 74 issues as of now from the Telugu Jaati foundation. Sunil Abraham’s article titled Hits and Misses with the Draft Encryption Policy was published in The Wire on September 26, 2015. Vidushi Marda in a blog post titled Data Flow in the Unique Identification Scheme of India analysed the data flow within the UID scheme and highlighted the vulnerabilities at each stage. Vanya Rakesh in a blog post titled Human DNA Profiling Bill 2012 v/s 2015 Bill has analysed the Human DNA Profiling Bill introduced in 2012 with the provisions of the 2015 Bill. CIS sought information from ICANN on their revenue streams by sending them a second request under their Documentary Information Disclosure Policy. This request and their response have been described in a blog post by Aditya Garg. CIS has submitted a joint proposal with DataMeet and Oorvani for the Knight News Challenge 2015. We are proposing the development of "an application for users to search for locally-relevant data, discuss missing data, demand data, explore and respond to data demands by others, and start data crowd-sourcing exercises." CIS made its submission on CCWG-Accountability 2nd Draft Proposal on Work Stream 1 Recommendations to ICANN's CCWG-Accountability. Pranesh Prakash, on behalf of CIS, submitted comments to the Department of Telecom Panel’s report on net neutrality via MyGov. Prakash states that the report displays a far better understanding of the underlying issues than the TRAI consultation paper did, and is overall a good effort at balancing the different sides. Shyam Ponappa’s monthly column titled More on Those Dropped Calls was published by Business Standard.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing a project on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

NVDA and eSpeak

Monthly Updates

September 2015 Report (Suman Dogra; September 30, 2015).

Event Reports

Training in the use of eSpeak Hindi with NVDA (Organized by CIS and Lakshay for the Differently Abled; September 29 – 30, 2015; Ranchi). The event was conducted online by Dr. Homiyar over skype, with local support from Mritunjay Kumar and Zainab.
5 day TOT for Training in Use of eSpeak Kannada with NVDA (Organized by CIS, Mithra Jyoti, Enable India and NFB, Bangalore; September 21 – 25, 2015; Bangalore).
eSpeak Training in Hindi Language (Organized by CIS and National Association for the Blind; Kullu; September 3 – 4, 2015).
Training in eSpeak Marathi (Organized by CIS; Atmadepam Society; August 22 – 23, 2015). The report was published in the month of September.

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Pervasive Technologies

Blog Entries

Pervasive Technologies: Working Document Series - Research Questions and a Literature Review on the Actor-Network Theory (Nehaa Chaudhari; September 5, 2015).
FAQ: CIS Proposal for Compulsory Licensing of Critical Mobile Technologies (Rohini Lakshané; September 25, 2015).

Other (Copyright and Patent)

Submission

Comments on the Guidelines for Examination of Computer Related Inventions (CRIs) (Anubha Sinha; September 21, 2015).

Blog Entries

Open Letter to PM Modi on Intellectual Property Rights issues on His Visit to the United States of America in September 2015 (Pranesh Prakash and Nehaa Chaudhari; September 23, 2015).

Participation in Events

National Conference: WTO, FTAs and Investment Treaties: Implications for development policy space (Organized by Focus on the Global South, Institute for Studies in Industrial Development (ISID), Madhyam, MSF Access Campaign, National Working Group on Patent Laws and WTO (NWGPL), Public Services International (PSI) – South Asia, South Solidarity Initiative – ActionAid, Third Word Network (TWN), and Forum against FTAs; September 22 – 23, 2015; Institute for Studies in Industrial Development, New Delhi). Nehaa Chaudhari made a presentation on Copyright: Access to Knowledge in Free Trade Agreements?
IPEX 2015 (Organized by Confederation of Indian Industry, APTDC and TDPC; September 25 - 26, 2015; Chennai). Rohini Lakshané attended the event.

Media Coverage

Open letter from CIS to PM Modi on Intellectual Property Rights issues on his Visit to US (Apoorva Mandhani; LiveLaw; September 23, 2015).

Wikipedia

Blog Entries

CIS brings Nadustunna Charithra magazine under CC BY SA licence (Tanveer Hasan; September 2, 2015).
OCR and OER – update (Subhashish Panigrahi; Open Education Working Group; September 25, 2015).
As Odia Wikipedia turns 13, what happens next? (Subhashish Panigrahi; September 26, 2015). This was originally published on the Wikimedia Blog on August 21. The post was shared on Wikipedia's official Facebook page, and on Twitter handles [1 and 2].
Google's Optical Character Recognition Software Now Works with All South Asian Languages (Subhashish Panigrahi; September 26, 2015).
Wikimedia contributor shares his Linux story (Subhashish Panigrahi; September 27, 2015). This article is part of a series called My Linux Story. To participate and share your Linux story, contact us at: open@opensource.com. Read the original published by Opensource.com on September 3, 2015.

Events Co-organized

Annamaya Library edit-a-thon (Organized by CIS-A2K and Telugu Wikipedia Community; August 6, 2015; Andhra Loyola College; Vijaywada).
International Workshop on Digitization and Archiving (Organized by CIS-A2K and Wikipedia Community; August 19 – 21, 2015). Rahmanuddin Shaik was one of the trainers.

Media Coverage

CIS gave its inputs to the following:

Unable to read Odia on your android device? Don’t fret! (Ruby Nanda; Odisha Sun Times; September 28, 2015).

Openness

The advent of the Internet has radically redefined what it means to be open and collaborative. The Internet itself is built upon open standards and free/libre/open source software. Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Open Data

Submission

As one of the general stewards of the process, CIS was invited to take part in the final drafting meeting of the International Open Data Charter held before Con Datos 2015 in Santiago, Chile, but we could not take part in it. Apart from organising two public consultations on the draft Charter in Bengaluru and Delhi, we also submitted our detailed comments on the document. The final version of the Charter document has been launched at the United Nation General Assembly meeting, on September 27.

Free Software

Blog Entry

Software Freedom Pledge (Pranesh Prakash; September 25, 2015).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC)) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

Privacy

Article

Hits and Misses With the Draft Encryption Policy (Sunil Abraham; The Wire; September 26, 2015).

Blog Entries

Data Flow in the Unique Identification Scheme of India (Vidushi Marda; September 3, 2015).
Human DNA Profiling Bill 2012 v/s 2015 Bill (Vanya Rakesh; September 6, 2015).
Open Governance and Privacy in a Post-Snowden World: Webinar (Vanya Rakesh; September 26, 2015).

Participation in Event

The Changing Landscape of ICT Governance and Practice - Convergence and Big Data (Co-organized by Innovation Center for Big Data and Digital Convergence, Yuan Ze University, Taiwan; August 24 – 25, 2015). Sharat Chandra Ram was granted the Young Scholar Award 2015 to attend the Young Scholar Workshop followed by main CPRSouth2015 conference (Communication Policy Research South) conference.

Free Speech and Expression

Submission

CIS Submission on CCWG-Accountability 2nd Draft Proposal on Work Stream 1 Recommendations (Pranesh Prakash; September 13, 2015).

Blog Entries

DIDP Request #11: NETmundial Principles (Aditya Garg; September 14, 2015).
DIDP Request #12: Revenues (Aditya Garg; September 14, 2015).
Peering behind the veil of ICANN’s DIDP (Padmini Baruah; September 21, 2015).

Participation in Event

Asian Regional Consultation on the WSIS+10 Review (Organized by The Internet Democracy Project, Bytes for All, APNIC, the Association for Progressive Communications, ISOC, Global Partners Digital and ICT Watch; September 3 – 5, 2015). Jyoti Panday attended the event.

IGF

The tenth annual IGF meeting will be held in João Pessoa, Brazil, on November 10 - 13, 2015. IGF's MAG has decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development” as the overarching theme. Sunil Abraham will be a panelist for the following workshops:

Understanding and Mitigating Online Hate Speech and Youth Radicalisation (Organized by Council of Europe, Oxford University, OHCHR, Google and ISOC; November 2015).
Transnational Due Process: A Case Study in Multi-stakeholder Cooperation (Organized by the United Nations; November 2015).

Cyber Security

Event Organized

Bangalore Chapter Meet of DSCI (Co-organized by DSCI and CIS; September 26, 2015). Melissa Hathaway, Commissioner, Global Commission for Internet Governance and Sunil Abraham gave a talk at this event.

Miscellaneous

Sustainable Smart Cities India Conference 2015, Bangalore (Vanya Rakesh; September 21, 2015).

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Submission

Comments on the DoT Panel Report via MyGov (Pranesh Prakash; September 26, 2015).

Op-ed

More on those Dropped Calls (Shyam Ponappa; Business Standard; September 2, 2015 and Organizing India Blogspot; September 3, 2015).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Submission

Where's My Data? Submission for Knight News Challenge 2015 (Sumandro Chattapadhyay; September 30, 2015). The text of the proposal was prepared by Nisha Thompson of DataMeet, Meera K of Oorvani, and Sumandro Chattapadhyay.

Blog Entries

The Internet in the Indian Judicial Imagination (Divij Joshi; September 9, 2015).
The Many Lives and Sites of Internet in Bhubaneswar (Sailen Routray; September 21, 2015).

News & Media Coverage

CIS gave its inputs to the following media coverage:

Does this click with you? (Parshathy J. Nath; The Hindu; September 1, 2015).
Government may tieup with global police, Interpol to fight child pornography (Surabhi Agarwal; September 3, 2015).
Hiding behind rules on naming sites it banned, govt reveals fears (Harjeet Inder Singh Sahi; September 3, 2015).
Outrage before sharing (Nikhil Verma; The Hindu; September 9, 2015).
Faking a stand (Shweta T. Nanda; The Week; September 20, 2015).
Some Key Words Are Missing (Arindam Mukherjee; Outlook; September 21, 2015).
Open sesame (The Hindu; September 22, 2015).
India encryption policy draft faces backlash (Moulishree Srivastava; September 22, 2015)
Online outcry forces government to withdraw draft encryption policy (Naina Khedekar; First Post; September 23, 2015).
Encryption policy would have affected emails, operating systems, WiFi (Amrita Madhukalya; DNA; September 23, 2015).
Govt presses 'undo' button on draft encryption policy (Business Standard; September 23; 2015).
Huge outcry forces India to backtrack on social media data proposal (Today; September 24, 2015).
Facebook’s Free Internet Access Program in Developing Countries Provokes Backlash (Newley Purnell and Resty Woro Uniar; The Wall Street Journal; September 24, 2015).
Ahead of hosting Modi, Facebook rebrands internet.org as Free Basics (Business Standard; September 26, 2015).
‘By weakening our security, govt is putting us at risk of espionage’ (S. Raghotham and Mayukh Mukherjee; Asian Age; September 27, 2015).
ভারতে পাঁচশোরও বেশি স্টেশনে ফ্রি ওয়াই-ফাই চালু হবে (BBC; September 28, 2015).
Do you agree with our fee hike? Press 1 to answer Yes; or 2 for Yes (Kieren McCarthy; The Register; September 29, 2015).
Indian PM Narendra Modi’s digital dream gets bad reception (Amanda Hodge; September 29, 2015).
What Bengaluru Thinks of the Big Tech Announcements in Silicon Valley (Maya Sharma; NDTV; September 29, 2015).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the mediation and reconfiguration of social and cultural processes and structures by the internet and digital media technologies.

► Follow us elsewhere

CIS - Twitter: http://twitter.com/cis_india
Access to Knowledge - Twitter: https://twitter.com/CISA2K
Access to Knowledge - Facebook: https://www.facebook.com/cisa2k
Access to Knowledge - E-Mail: a2k@cis-india.org
Researchers at Work - E-Mail: raw@cis-india.org
Researchers at Work - Mailing List: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/september-2015-bulletin

September 2014 Bulletin

praskrishna — 2015-01-02T01:26:03Z

Welcome you to the ninth issue of the newsletter (September 2014).

We at the Centre for Internet & Society (CIS) welcome you to the ninth issue of the newsletter (September 2014). Archives of our newsletters can be accessed at: http://cis-india.org/about/newsletters

Highlights

Nishant Shah was part of a working group writing a white paper on big data and social change, over the last six months. This white paper produced by a group of activists, researchers and data experts was published by Oxford.
As part of the Pervasive Technologies project Maggie Huang interviewed Semiconductor Industry Professionals in Taiwan on the trends and changes in technology and understanding mobile chip manufacturing.

CIS entered into a memorandum of understanding with the Andhra Loyola College for a period of 5 years to enhance Telugu Wikipedia through increased contributions to Wikipedia and make it available under free license.
CIS-A2K signed a memorandum of understanding with Nirmala Institute of Education, Goa to enhance digital literacy in Konkani in the education sector across Goa.
Tejaswini Niranjana and Tanveer Hasan wrote a report on the workshop Developing Digital Open Knowledge Resources in Indian Languages for which CIS-A2K was one of the organizers.

CIS joined the Dynamic Coalition for Platform Responsibility towards creating due diligence recommendations for online platforms.
CIS organized a workshop on an evidence-based framework for intermediary liability at the IGF held in Istanbul on September 3, 2014. Jyoti Panday coordinated the workshop in collaboration with Stanford Centre for Internet & Society.
Elonnai Hickok contributed a thematic chapter on Intermediary Liability and Surveillance in the GISWatch Report.
The Supreme Court of India revised the law on electronic evidence in the case of Anvar v. P. K. Basheer. Bhairav Acharya has done an analysis on this. It was published by Law and Policy in India and subsequently mirrored on our website.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. CIS in partnership with CLPR (Centre for Law and Policy Research) compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). The updated draft is being reviewed by the Office of the Chief Commissioner for Persons with Disabilities. The draft chapters and the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

NVDA and eSpeak

Monthly Update

Work Report for September (Suman Dogra; August 31, 2014).

Blog Entry

Study on Budget Allocation and Expenditure by States on Schemes for Persons with Disabilities (Anandhi Viswanathan; September 29, 2014).

Access to Knowledge

Pervasive Technologies

Interviews with Semiconductor Industry Professionals in Taiwan: Trends and Changes in Technology (Maggie Huang; September 26, 2014).
Interviews with Semiconductor Industry Professionals in Taiwan: Understanding Mobile Chip Manufacturing (Maggie Huang; September 30, 2014).

Wikipedia

Event Report

Developing Digital Open Knowledge Resources in Indian Languages (Tejaswini Niranjana and Tanveer Hasan; September 30, 2014). The workshop was organized by Krantijyoti Savitribai Phule Women's Studies Centre, University of Pune (KSPWSC), Centre for Indian Languages in Higher Education (CILHE), Tata Institute of Social Sciences, Mumbai and CIS-A2K.

Blog Entries

NIE Steps in to Grow Konkani Wikipedia (T. Vishnu Vardhan; September 6, 2014).
Expanding the World of Telugu Wikipedia - CIS-A2K and ALC join hands (T. Vishnu Vardhan and Rahmanuddin Shaik; September 17, 2014).

The following were published in August and mirrored on our website in September:

OpenGLAM at Wikimania 2014 (Subhashish Panigrahi; OpenGLAM; August 27, 2014).
We are Wikipedia (By Subhashish Panigrahi; Wikimedia Deutschland; August 25, 2014). Wikimedia Deutchland has included a paragraph about WeAreWikipedia on their blog.

Event Organized

Kannada Wikipedia Workshop for Students (Tumkur University; Tumkur; September 27, 2014). Dr. U.B.Pavanaja conducted the workshop. Fifty people participated in the event.

Event Co-organized

Kannada Wikipedia Workshop (Organized by Basaveshwara Science College and CIS-A2K; September 20, 2014). Dr. U.B.Pavanaja conducted the workshop.

News and Media Coverage

CIS-A2K team gave its inputs to the following media coverage:

Implementation of IT in Kannada (Prajavani; September 21, 2014).
105 Kannada books released under Creative Commons (Shyam Prasad S; Bangalore Mirror; September 29, 2014).

Participation in Events

State Level Seminar on "Odia alphabet and order teaching in primary education" (Co-organized by Institute of Odia Studies and Research and Odia Bhasa Pratisthan, Bhubaneswar; September 14, 2014). Subhashish Panigrahi participated in the event and discussed about the applied aspects of Odia language in the context of primary education and need for reforms in the total number and order in the character-set citing problems with computer and internet.
Publishing Next (Organized by CinnamonTeal Publishing; Goa; September 19 - 20, 2014). T. Vishnu Vardhan was a panelist at the 5th edition of Publishing Next the annual conference on the future of publishing. He spoke on Open Access, Copyright and Copyleft.

Internet Governance

Privacy

As part of our Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project with Privacy International we are engaged in enhancing respect for the right to privacy in developing countries. We have produced the following outputs during the month:

Note: The White Paper below is not a part of the SAFEGUARD project .

White Paper

Big Data and Positive Social Change in the Developing World: A White Paper for Practitioners and Researchers (Nishant Shah; Oxford: Oxford Internet Institute; September 30, 2014). Nishant Shah was part of a group of activists, researchers and data experts in producing this white paper.

Analysis

Anvar v. Basheer and the New (Old) Law of Electronic Evidence (Bhairav Acharya; September 30, 2014).

Announcement

CIS joins the Dynamic Coalition for Platform Responsibility (Jyoti Panday; September 23, 2014).

Blog Entries

The Aadhaar Case (Vipul Kharbanda; September 5, 2014).
UID: A Data Subject's Registration Tale (Mukta Batra; September 11, 2014).
Biometrics: An 'Angootha Chaap' nation? (Mukta Batra; September 19, 2014).
UID and NPR: Towards Common Ground (September 19, 2014): This is an anonymous post.

CIS @ IGF

The ninth Internet Governance Forum ("IGF2014") was hosted by Turkey in Istanbul from September 2 to 5, 2014. A BestBits pre-event, which saw robust discussions on renewal of the IGF mandate, the NETmundial Initiative and other live Internet governance processes, flagged off a week of many meetings and sessions. CIS participated in multiple workshops and panels:

WS112: Implications of post-Snowden Internet localization proposals (Organized by Center for Democracy and Technology, Istanbul, September 2, 2014). Sunil Abraham was a speaker at this IGF workshop.
WS63: Preserving a universal Internet: Costs of fragmentation (Organized by OECD and Centre for International Governance Innovation; September 3, 2014). Sunil Abraham was a speaker at this IGF workshop.
WS2 Mobile, Trust and Privacy (Organized by GSM Association; September 4, 2014). Sunil Abraham was a speaker.
Transparency reporting as a tool for Internet governance (Organized by Global Network Initiative; September 3, 2014). Pranesh Prakash was a panelist.
WS149: Aligning ICANN policy with the privacy rights of users (Organized by Yale ISP; September 5, 2014). Pranesh Prakash was a moderator.

Other Participation

Launch of the GISWatch Report (Association for Progressive Communications and the Humanist Institute for Cooperation with Developing Countries (Hivos). Elonnai Hickok contributed a thematic chapter on Intermediary Liability and Surveillance to this report.

Participation in Events

Re-Wiring Women's Rights Debates in the Digital Age (Organized by IT for Change in partnership with Kutch Mahila Vikas Sangathan and ANANDI; September 13 - 14, 2014). Rohini Lakshane was a speaker.
Workshop on Enabling Information Systems for Local Governance (Organized by Jamia Milla Islamia, Tagore Hall; New Delhi; September 18, 2014). Sunil Abraham was a participant.
National Consultation on Media Law (Organized by Law Commission of India and the National University, Delhi; India Habitat Centre, New Delhi; September 27 - 28, 2014). Nehaa Chaudhari, Jyoti Panday and Anubha Sinha participated in the event.

Upcoming Event

CPDP 2015 : The eighth international conference on computers, privacy and data protection will be held in Brussels from January 21 to 23, 2015. CIS is a moral supporter of CPDP.

News & Media Coverage

CIS gave its inputs to the following media coverage:

Fighting battles online (Nikhil Varma; The Hindu; September 2, 2014).
Colonial yoke or bureaucratic insouciance? (Vidya Venkat with additional reporting by K.T. Sangameswaran in Chennai; The Hindu; September 7, 2014).
Social Media Aids Rescue Efforts in Flood-Hit Kashmir (Anjana Pasricha, September 10, 2014).
Google aims to win 40% of India with Android One (Varun Aggarwal; Economic Times; September 11, 2014).

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Event Organized

Consultation on New Figures of Learning in the Digital Context (CIS, Bangalore, September 22, 2014). P.P. Sneha wrote a report on the event.

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

Request for Collaboration
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, atsunil@cis-india.org or Nishant Shah, Director - Research, at nishant@cis-india.org. To discuss collaborations on Indic language Wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

For more details visit https://cis-india.org/about/newsletters/september-2014-bulletin